Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows acting up but neither MB nor ComboFix finds anything?


  • This topic is locked This topic is locked
2 replies to this topic

#1 DennisT33

DennisT33

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:36 PM

Posted 09 October 2010 - 01:51 PM

Since yesterday my Windows XP has been acting up. It mostly has to do with my cursor. Like when I just click once on right mouse it often acts like a double click (opening files, executing things etc). Or I would just highlight a file with right mouse click and then it acts like I want to drag the file somewhere. Or I dont get much reaction from my clicks at all, like I have to click on the X extra hard, three times or so until a window closes. Or the scrolling doesnt properly work, whether in a browser, explorer or task window. This is all driving me nuts!

I figure this could be my mouse driver being corrupt or something but Im also suspecting its a virus because ever since this behavior my full version MalwareBytes keeps blocking IP addresses, reporting "malicious IPs". On the other hand, my PeerGuardian wasn't blocking ANY IPs no more, the windows just kept being blank. But strangely enough when I do all types of scan with MB, plus a combofix run nothing is found! Yet I sit here restarting my computer over and over again just to be faced with the same odd problem. I also ran HijackThis log and couldnt find anything suspicious. CCleaner didn't improve anything either (though it removed quite a chunk). Ive cleaned all my temp files, browser cookies and histories but still, the problem persists. At least I dont seem to be getting those IP "attacks" anymore and PeerGuardian is working fine again too. Could it be just my mouse? crazy.gif

Here are my logs, please tell me if you can find anything that might be causing this. Thanks!

MB Log:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4785

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

09.10.2010 17:02:42
mbam-log-2010-10-09 (17-02-42).txt

Scan type: Full scan (D:\|)
Objects scanned: 201432
Time elapsed: 47 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


MB Protection Log:
15:51:45 Dennis IP-BLOCK 222.65.243.157
15:52:20 Dennis IP-BLOCK 218.9.97.145
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
16:04:48 Dennis MESSAGE IP Protection stopped
16:06:25 Dennis MESSAGE Database updated successfully
16:06:30 Dennis MESSAGE IP Protection started successfully
16:07:59 Dennis IP-BLOCK 218.7.195.139
16:10:57 Dennis IP-BLOCK 218.7.195.139
16:13:11 Dennis IP-BLOCK 121.13.127.182
16:13:55 Dennis IP-BLOCK 58.240.39.117
16:19:54 Dennis IP-BLOCK 218.7.195.139
16:23:00 Dennis IP-BLOCK 218.7.195.139
16:28:56 Dennis IP-BLOCK 218.7.195.139
16:31:51 Dennis IP-BLOCK 218.7.195.139
16:34:03 Dennis IP-BLOCK 222.69.5.139
16:34:56 Dennis IP-BLOCK 218.7.195.139
16:37:08 Dennis IP-BLOCK 222.69.14.199
16:37:14 Dennis IP-BLOCK 202.103.221.15
16:46:55 Dennis IP-BLOCK 222.69.214.231
16:46:58 Dennis IP-BLOCK 58.240.212.92
16:52:35 Dennis IP-BLOCK 121.8.235.67
17:02:43 Dennis IP-BLOCK 58.240.244.20
17:09:34 (null) IP-BLOCK 121.8.153.6
17:11:38 Dennis MESSAGE Protection started successfully
17:11:43 Dennis MESSAGE IP Protection started successfully
17:50:26 Dennis MESSAGE Protection started successfully
17:50:42 Dennis MESSAGE IP Protection started successfully
18:37:56 Dennis MESSAGE Protection started successfully
18:38:01 Dennis MESSAGE IP Protection started successfully
20:09:41 Dennis MESSAGE Protection started successfully
20:09:45 Dennis MESSAGE IP Protection started successfully


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:30:01, on 09.10.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\svchost.exe
D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
D:\Programme\PeerGuardian2\pg2.exe
D:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
D:\Programme\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Programme\Winamp\winamp.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\system32\NOTEPAD.EXE
F:\Temp\TrendMicro\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - D:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - D:\Programme\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - D:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - D:\Programme\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "D:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [PeerGuardian] D:\Programme\PeerGuardian2\pg2.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Customize Menu - file://D:\Programme\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://D:\Programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: RoboForm Toolbar - file://D:\Programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://D:\Programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - D:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programme\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Programme\AVG\AVG8\avgpp.dll (file missing)
O20 - Winlogon Notify: !SASWinLogon - Invalid registry found
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\System32\browseui.dll
O23 - Service: MBAMService - Malwarebytes Corporation - D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5711 bytes







ComboFix 10-10-08.01 - Dennis 09.10.2010 17:34:52.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1023.535 [GMT 2:00]
ausgeführt von:: d:\dokumente und einstellungen\Dennis\Desktop\Yep.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.

((((((((((((((((((((((( Dateien erstellt von 2010-09-09 bis 2010-10-09 ))))))))))))))))))))))))))))))
.

2010-10-07 13:56 . 2010-10-07 13:56 -------- d-----w- d:\dokumente und einstellungen\Dennis\Anwendungsdaten\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-09 15:33 . 2010-01-23 01:36 -------- d-----w- d:\dokumente und einstellungen\Dennis\Anwendungsdaten\HPAppData
2010-10-09 15:19 . 2008-11-22 00:27 -------- d-----w- d:\programme\PeerGuardian2
2010-10-09 15:07 . 2003-04-02 12:00 70580 ----a-w- d:\windows\system32\perfc007.dat
2010-10-09 15:07 . 2003-04-02 12:00 405118 ----a-w- d:\windows\system32\perfh007.dat
2010-10-09 08:55 . 2008-10-04 17:00 -------- d-----w- d:\programme\eMule
2010-10-04 00:57 . 2009-01-23 17:53 -------- d-----w- d:\dokumente und einstellungen\Dennis\Anwendungsdaten\FileZilla
2010-10-03 10:26 . 2010-04-06 16:15 -------- d-----w- d:\dokumente und einstellungen\All Users\Anwendungsdaten\NOS
2010-09-17 18:45 . 2009-09-10 10:40 -------- d-----w- d:\programme\Firefox
2010-08-28 15:46 . 2008-10-04 21:44 -------- d-----w- d:\dokumente und einstellungen\Dennis\Anwendungsdaten\uTorrent
2010-08-19 22:31 . 2010-08-19 22:31 -------- d-----w- d:\programme\Malwarebytes' Anti-Malware
2010-08-18 02:47 . 2008-10-04 15:57 1324 ----a-w- d:\windows\system32\d3d9caps.dat
2009-09-29 19:38 . 2009-09-29 19:38 18879 ----a-w- d:\programme\Gemeinsame Dateien\ligy._dl
2010-03-30 15:20 . 2010-03-30 15:20 2 --shatr- d:\windows\winstart.bat
.

((((((((((((((((((((((((((((( SnapShot_2010-08-19_03.06.10 )))))))))))))))))))))))))))))))))))))))))
.
- 2003-04-02 12:00 . 2010-03-28 10:54 58596 d:\windows\system32\perfc009.dat
+ 2003-04-02 12:00 . 2010-10-09 15:07 58596 d:\windows\system32\perfc009.dat
- 2009-12-11 02:30 . 2010-04-29 13:39 38224 d:\windows\system32\drivers\mbamswissarmy.sys
+ 2010-08-19 22:31 . 2010-04-29 13:39 38224 d:\windows\system32\drivers\mbamswissarmy.sys
+ 2010-08-19 22:31 . 2010-04-29 13:39 20952 d:\windows\system32\drivers\mbam.sys
- 2009-12-11 02:30 . 2010-04-29 13:39 20952 d:\windows\system32\drivers\mbam.sys
- 2003-04-02 12:00 . 2010-03-28 10:54 392296 d:\windows\system32\perfh009.dat
+ 2003-04-02 12:00 . 2010-10-09 15:07 392296 d:\windows\system32\perfh009.dat
+ 2010-10-03 10:39 . 2010-10-03 10:39 232912 d:\windows\system32\Macromed\Flash\FlashUtil10k_Plugin.exe
+ 2010-01-27 01:07 . 2010-10-03 10:39 5969360 d:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2010-08-22 16:04 . 2010-08-22 16:04 12263936 d:\windows\Installer\e15740e.msp
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="d:\programme\PeerGuardian2\pg2.exe" [2005-09-18 1421824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2009-08-17 13877248]
"Malwarebytes' Anti-Malware"="d:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
"Adobe Reader Speed Launcher"="d:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\programme\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKLM\~\startupfolder\D:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader Speed Launch.lnk]
path=d:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader Speed Launch.lnk
backup=d:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\D:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Digital Imaging Monitor.lnk]
path=d:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\HP Digital Imaging Monitor.lnk
backup=d:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\D:^Dokumente und Einstellungen^Dennis^Startmenü^Programme^Autostart^MONSXW32.EXE.del]
path=d:\dokumente und einstellungen\Dennis\Startmenü\Programme\Autostart\MONSXW32.EXE.del
backup=d:\windows\pss\MONSXW32.EXE.delStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRISMSTA.EXE]
PRISMSTA.EXE START [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- d:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- d:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 05:52 15360 ------w- d:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 15:24 54840 ----a-w- d:\programme\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-03-18 16:50 4363504 ----a-w- d:\programme\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 05:52 1695232 --sh--w- d:\programme\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- d:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-08-17 01:03 13877248 ----a-w- d:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-08-17 01:03 86016 ----a-w- d:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2009-08-12 21:40 1657376 ----a-w- d:\programme\NVIDIA Corporation\nView\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Personal ID]
2009-01-15 19:58 1126912 ----a-w- d:\progra~1\COOLSP~1\PERSON~1\pid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
2010-03-28 13:24 160328 ----a-w- d:\programme\Siber Systems\AI RoboForm\robotaskbaricon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43 248040 ----a-w- d:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2009-09-10 08:29 1994480 ----a-w- d:\programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\system tool]
2009-03-18 16:50 4363504 ----a-w- d:\programme\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-08-03 23:02 36352 ----a-w- d:\programme\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SharedAccess"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Programme\\uTorrent\\uTorrent.exe"=
"d:\\WINDOWS\\system32\\winver.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"2479:TCP"= 2479:TCP:Services
"64517:TCP"= 64517:TCP:Services
"2084:TCP"= 2084:TCP:Services
"9708:TCP"= 9708:TCP:Services
"8364:TCP"= 8364:TCP:Services
"7880:TCP"= 7880:TCP:Services
"7817:TCP"= 7817:TCP:Services
"2818:TCP"= 2818:TCP:Services
"8848:TCP"= 8848:TCP:Services

R1 SASDIFSV;SASDIFSV;d:\programme\SUPERAntiSpyware\sasdifsv.sys [05.08.2009 16:06 9968]
R1 SASKUTIL;SASKUTIL;d:\programme\SUPERAntiSpyware\SASKUTIL.SYS [05.08.2009 16:06 74480]
R2 MBAMService;MBAMService;d:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [20.08.2010 00:31 304464]
R3 MBAMProtector;MBAMProtector;d:\windows\system32\drivers\mbam.sys [20.08.2010 00:31 20952]
R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;d:\windows\system32\drivers\PhTVTune.sys [04.10.2008 17:45 24704]
S3 PRISM_A00;PRISM 802.11g Driver;d:\windows\system32\drivers\PRISMA00.sys [04.10.2008 16:26 362688]
S3 SASENUM;SASENUM;d:\programme\SUPERAntiSpyware\SASENUM.SYS [05.08.2009 16:06 7408]

--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - pgfilter

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://google.com/
IE: Customize Menu - file://d:\programme\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://d:\programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Nach Microsoft &Excel exportieren - d:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: RoboForm Toolbar - file://d:\programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://d:\programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html
FF - ProfilePath - d:\dokumente und einstellungen\Dennis\Anwendungsdaten\Mozilla\Firefox\Profiles\q9w830qj.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: d:\programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: d:\programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: d:\programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: d:\programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: d:\programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: d:\programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: d:\programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: d:\programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: d:\programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: d:\programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: d:\programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: d:\programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - component: d:\programme\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - plugin: d:\programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: d:\programme\Opera\program\plugins\nppl3260.dll
FF - plugin: d:\programme\Opera\program\plugins\nppl3260.dll
FF - plugin: d:\programme\Opera\program\plugins\nprpjplug.dll
FF - plugin: d:\programme\Opera\program\plugins\nprpjplug.dll

---- FIREFOX Richtlinien ----
d:\programme\Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
d:\programme\Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
d:\programme\Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

MSConfigStartUp-WordWeb - d:\programme\WordWeb\wweb32.exe
AddRemove-WordFlood 1.2 - d:\programme\WordFlood 1.2\Uninstall.exe


.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-1645522239-1547161642-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1645522239-1547161642-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{33F87792-B1F5-3AE6-0EE6-CE658B478259}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1645522239-1547161642-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{47D9FB2A-2B30-85E1-F322-DEAF4E40E071}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abooppijfmedgddomodkallkhbndphhbpi"=hex:70,61,61,70,62,61,66,65,64,6e,6a,61,
66,63,69,65,62,65,6c,6a,68,65,63,6a,61,65,62,66,6d,66,6c,6c,00,40
"malokpgjibdfgokbndmipojdla"=hex:6f,61,6f,6d,62,6c,62,6c,62,6f,64,68,70,65,65,
69,69,6e,61,67,6c,61,67,6b,66,6b,69,6e,61,62,00,6c

[HKEY_USERS\S-1-5-21-1645522239-1547161642-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{50F48DBB-21EA-CEFD-F978-1E43976C7B96}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1645522239-1547161642-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{78A5CA21-B976-E898-A01C-AC4E7DEC27A6}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iambacjnfdocjkmdcg"=hex:6a,61,6a,6d,65,70,6a,6a,67,6d,63,68,63,6d,6b,64,6c,65,
64,63,00,00
"hagbkdnkidolclnj"=hex:6a,61,6a,6d,65,70,6a,6a,67,6d,63,68,63,6d,6b,64,6c,65,
64,63,00,1f

[HKEY_USERS\S-1-5-21-1645522239-1547161642-839522115-1004\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-1645522239-1547161642-839522115-1004)
@Allowed: (Read) (S-1-5-21-1645522239-1547161642-839522115-1004)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@DACL=(02 0000)
@="Microsoft-Datenträgerkontingent"
"NoMachinePolicy"=dword:00000000
"NoUserPolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"RequiresSuccessfulRegistry"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000000
"DllName"=expand:"dskquota.dll"
"ProcessGroupPolicy"="ProcessGroupPolicy"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
@DACL=(02 0000)
@="Internet Explorer-Zonenzuordnung"
"DllName"=expand:"iedkcs32.dll"
"ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap"
"NoGPOListChanges"=dword:00000001
"RequiresSucessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessSecurityPolicyGPO"
"GenerateGroupPolicy"="SceGenerateGroupPolicy"
"ExtensionRsopPlanningDebugLevel"=dword:00000001
"ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx"
"ExtensionDebugLevel"=dword:00000001
"DllName"=expand:"scecli.dll"
@="Security"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
"MaxNoGPOListChangesInterval"=dword:000003c0

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
@DACL=(02 0000)
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"=expand:"iedkcs32.dll"
@="Internet Explorer-Branding"
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000001
"NoMachinePolicy"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessEFSRecoveryGPO"
"DllName"=expand:"scecli.dll"
@="EFS recovery"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
@DACL=(02 0000)
@="802.3 Group Policy"
"DisplayName"=expand:"@dot3gpclnt.dll,-100"
"ProcessGroupPolicyEx"="ProcessLANPolicyEx"
"GenerateGroupPolicy"="GenerateLANPolicy"
"DllName"=expand:"dot3gpclnt.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
@DACL=(02 0000)
@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\\System32\\cscui.dll"
"EnableAsynchronousProcessing"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000000
"NoMachinePolicy"=dword:00000000
"NoSlowLink"=dword:00000000
"NoUserPolicy"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"ProcessGroupPolicy"="ProcessGroupPolicy"
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@DACL=(02 0000)
@="Softwareinstallation"
"DllName"=expand:"appmgmts.dll"
"ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"NoBackgroundPolicy"=dword:00000000
"RequiresSucessfulRegistry"=dword:00000000
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"EventSources"=multi:"(Application Management,Application)\00(MsiInstaller,Application)\00\00"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
@DACL=(02 0000)
"DllName"="d:\\Programme\\SUPERAntiSpyware\\SASWINLO.dll"
"Logon"="SABWINLOLogon"
"Logoff"="SABWINLOLogoff"
"Startup"="SABWINLOStartup"
"Shutdown"="SABWINLOShutdown"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=expand:"crypt32.dll"
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=expand:"cryptnet.dll"
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
@DACL=(02 0000)
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
@DACL=(02 0000)
"Asynchronous"=dword:00000001
"DllName"=expand:"%SystemRoot%\\System32\\dimsntfy.dll"
"Startup"="WlDimsStartup"
"Shutdown"="WlDimsShutdown"
"Logon"="WlDimsLogon"
"Logoff"="WlDimsLogoff"
"StartShell"="WlDimsStartShell"
"Lock"="WlDimsLock"
"Unlock"="WlDimsUnlock"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
@DACL=(02 0000)
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"DllName"=expand:"wlnotify.dll"
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
@DACL=(02 0000)
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=expand:"sclgntfy.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
@DACL=(02 0000)
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"DllName"=expand:"wlnotify.dll"
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
@DACL=(02 0000)
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]
@DACL=(02 0000)
"Hilfeassistent"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"HelpAssistant"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
.
Zeit der Fertigstellung: 2010-10-09 17:41:24
ComboFix-quarantined-files.txt 2010-10-09 15:41
ComboFix2.txt 2010-08-19 10:48
ComboFix3.txt 2010-08-19 03:08
ComboFix4.txt 2009-12-10 23:35
ComboFix5.txt 2010-10-09 15:32

Vor Suchlauf: 998.498.304 Bytes frei
Nach Suchlauf: 1.104.912.384 Bytes frei

- - End Of File - - DECCD48AB76DDE0E51BA69E87DED2195

Btw, I'm using a wired mouse. And it acts up like this even when I disconnect from the internet. The only thing that I find as "weird" is when I run FreeFixer. It reports errors on winlogon. But I believe I had this in previous scans too. Can anyone explain? Here's the log:

FreeFixer v0.54 log
http://www.freefixer.com/
Operating system: Windows XP Service Pack 3
Log dated 2010-10-09 21:05


Winlogon Notify
!SASWinLogon - (no file specified)
Error when opening a registry key, access is denied. Key: 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon'.

System error message: Überlappender E/A-Vorgang wird verarbeitet. Error code: 997.
crypt32chain - (no file specified)
Error when opening a registry key, access is denied. Key: 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain'.

System error message: Überlappender E/A-Vorgang wird verarbeitet. Error code: 997.
cryptnet - (no file specified)
Error when opening a registry key, access is denied. Key: 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet'.

System error message: Überlappender E/A-Vorgang wird verarbeitet. Error code: 997.
cscdll - (no file specified)
Error when opening a registry key, access is denied. Key: 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll'.

System error message: Überlappender E/A-Vorgang wird verarbeitet. Error code: 997.
dimsntfy - (no file specified)
Error when opening a registry key, access is denied. Key: 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy'.

System error message: Überlappender E/A-Vorgang wird verarbeitet. Error code: 997.
ScCertProp - (no file specified)
Error when opening a registry key, access is denied. Key: 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp'.

System error message: Überlappender E/A-Vorgang wird verarbeitet. Error code: 997.
Schedule - (no file specified)
Error when opening a registry key, access is denied. Key: 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule'.

System error message: Überlappender E/A-Vorgang wird verarbeitet. Error code: 997.
sclgntfy - (no file specified)
Error when opening a registry key, access is denied. Key: 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy'.

System error message: Überlappender E/A-Vorgang wird verarbeitet. Error code: 997.
SensLogn - (no file specified)
Error when opening a registry key, access is denied. Key: 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn'.

System error message: Überlappender E/A-Vorgang wird verarbeitet. Error code: 997.
termsrv - (no file specified)
Error when opening a registry key, access is denied. Key: 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv'.

System error message: Überlappender E/A-Vorgang wird verarbeitet. Error code: 997.
wlballoon - (no file specified)
Error when opening a registry key, access is denied. Key: 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon'.

System error message: Überlappender E/A-Vorgang wird verarbeitet. Error code: 997.

Browser Helper Objects (4 whitelisted)
{724d43a9-0d85-11d4-9908-00400523e39a}, , D:\Programme\Siber Systems\AI RoboForm\roboform.dll

Internet Explorer toolbars (2 whitelisted)
HKLM\..\Toolbar\{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - D:\Programme\Siber Systems\AI RoboForm\roboform.dll

Basic Internet Explorer settings
HKCU\..\Main, Start Page = http://google.com/
HKCU\..\Desktop\General, Wallpaper = D:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

Registry Startups (1 whitelisted)
HKLM\..\Run, NvCplDaemon = RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
HKCU\..\Run, PeerGuardian = D:\Programme\PeerGuardian2\pg2.exe

Processes (26 whitelisted)
D:\WINDOWS\system32\nvsvc32.exe
D:\Programme\PeerGuardian2\pg2.exe
D:\Programme\Winamp\winamp.exe
F:\Temp\FreeFixer\freefixer.exe

Services (39 whitelisted)
nvsvc, NVIDIA Display Driver Service, d:\windows\system32\nvsvc32.exe

Svchost.exe Modules (214 whitelisted)
d:\programme\hp\digital imaging\bin\hpqddsvc.dll
d:\programme\hp\digital imaging\bin\hpqddcmn.dll
d:\programme\hp\digital imaging\bin\hpqcxs08.dll
d:\windows\system32\hpzinw12.dll
d:\windows\system32\hpzipm12.dll

Explorer.exe Modules (109 whitelisted)
D:\Programme\SUPERAntiSpyware\SASSEH.DLL
D:\Programme\WinRAR\rarext.dll
D:\Programme\FileZilla FTP Client\fzshellext.dll
D:\WINDOWS\system32\l3codeca.acm
D:\Programme\SUPERAntiSpyware\SASCTXMN.DLL
D:\Programme\Siber Systems\AI RoboForm\roboform.dll

Drivers (28 whitelisted)
CDRPDACC, CD-ROM Productions Device Access, d:\programme\cd-rom productions\shared\cdrpdacc.sys
SASDIFSV, SASDIFSV, d:\programme\superantispyware\sasdifsv.sys
SASKUTIL, SASKUTIL, d:\programme\superantispyware\saskutil.sys

Firefox Extensions
NoDoFollow, D:\Dokumente und Einstellungen\Dennis\Anwendungsdaten\Mozilla\Firefox\Profiles\tvi5s7jd.default\extensions\{c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294}\install.rdf
SearchStatus, D:\Dokumente und Einstellungen\Dennis\Anwendungsdaten\Mozilla\Firefox\Profiles\tvi5s7jd.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}\install.rdf
Adobe DLM (powered by getPlus®), D:\Dokumente und Einstellungen\Dennis\Anwendungsdaten\Mozilla\Firefox\Profiles\tvi5s7jd.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\install.rdf
Java Console, D:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\install.rdf

Recently created/modified files (3 whitelisted)
40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\winamp.lng
40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\vis_nsfs.lng
40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\vis_milk2.lng
40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\vis_avs.lng
40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\tagz.lng
40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\pmp_usb.lng
40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\pmp_p4s.lng
40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\pmp_njb.lng
40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\pmp_ipod.lng
40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\pmp_activesync.lng
40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\playlist.lng
40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\out_wave.lng
40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\out_ds.lng
40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\out_disk.lng
40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\ml_wire.lng
40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\ml_transcode.lng
40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\ml_rg.lng
40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\ml_pmp.lng
40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\ml_plg.lng
40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\ml_playlists.lng
40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\ml_orb.lng
40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\ml_online.lng
40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\ml_nowplaying.lng
40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\ml_local.lng
40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\ml_impex.lng
40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\ml_history.lng
40 minutes, d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZ8A31.tmp\ml_disc.lng

History
-D:\Dokumente und Einstellungen\Dennis\Startmenü\Programme\Autostart\syspck32.exe (on reboot)
-D:\Dokumente und Einstellungen\Dennis\Startmenü\Programme\Autostart\syspck32.exe (on reboot)
-D:\WINDOWS\system32\msedyu32.exe
+HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Userinit = D:\WINDOWS\system32\userinit.exe,
-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}
-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
-HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
-HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser, {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
-HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser, {EF99BD32-C1FB-11D2-892F-0090271D4F88}
-d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZB89E.tmp\winamp.lng (on reboot)
-d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZB89E.tmp\vis_nsfs.lng (on reboot)
-d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZB89E.tmp\vis_milk2.lng (on reboot)
-d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZB89E.tmp\vis_avs.lng (on reboot)
-d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZB89E.tmp\tagz.lng (on reboot)
-d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZB89E.tmp\pmp_usb.lng (on reboot)
-d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZB89E.tmp\pmp_p4s.lng (on reboot)
-d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZB89E.tmp\pmp_njb.lng (on reboot)
-d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZB89E.tmp\pmp_ipod.lng (on reboot)
-d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZB89E.tmp\pmp_activesync.lng (on reboot)
-d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZB89E.tmp\playlist.lng (on reboot)
-d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZB89E.tmp\out_wave.lng (on reboot)
-d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZB89E.tmp\out_ds.lng (on reboot)
-d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZB89E.tmp\out_disk.lng (on reboot)
-d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZB89E.tmp\ml_wire.lng (on reboot)
-d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZB89E.tmp\ml_transcode.lng (on reboot)
-d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZB89E.tmp\ml_rg.lng (on reboot)
-d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZB89E.tmp\ml_pmp.lng (on reboot)
-d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZB89E.tmp\ml_plg.lng (on reboot)
-d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZB89E.tmp\ml_playlists.lng (on reboot)
-d:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\temp\WLZB89E.tmp\ml_orb.lng (on reboot)

The following errors occurred during the scan:
Problems opening folder 'c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\SRTSP\Quarantine' to enumerate files. FindFirstFile failed. System error message: Zugriff verweigert Error code: 5.
Problems opening folder 'c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\SRTSP\SrtETmp' to enumerate files. FindFirstFile failed. System error message: Zugriff verweigert Error code: 5.

End of FreeFixer log

EDIT: Posts merged ~BP

Edited by Budapest, 09 October 2010 - 04:31 PM.


BC AdBot (Login to Remove)

 


#2 DennisT33

DennisT33
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:36 PM

Posted 13 October 2010 - 05:39 PM

Turns out it really was just my mouse. I replaced the ps/2 mouse with a USB laser optical mouse and - works like a charm. smile.gif Thanks anyway.

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 22,928 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:36 AM

Posted 14 October 2010 - 04:30 PM

As this issue appears to be resolved I am closing the topic. Please send me (or any other Moderator) a Personal Message (PM) if you would like the topic re-opened.

Edited by Budapest, 14 October 2010 - 04:31 PM.

The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users