| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Desktop Security 2010 nach Entfernen mit Malwarebytes wieder da!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
04.05.2010, 13:17
| #1 |
| |  Desktop Security 2010 nach Entfernen mit Malwarebytes wieder da! Hallo, habe um Desktop Security 2010 zu löschen unter: Anleitungen, FAQs & Links: Desktop Security 2010 entfernen Windows 7 Hilfreiche Anleitungen, FAQs & Links zum Thema Sicherheit und mehr. Nur lesen, kein posten möglich! von "AdminBot" alle Angaben zum löschen von Desktop Security 2010 befolgt. Dennoch ist das Programm nach einem Neustart immer wieder da. Mit eXplorer.exe lässt sich das Programm zunächst wie beschrieben stoppen! Dann habe ich den CCleaner ausgeführt. Malwarebytes + random's systems ergeben folgende Logfiles: Malwarebytes' Anti-Malware 1.46 wxwxw.malwarebytes.org Datenbank Version: 4063 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 04.05.2010 13:56:40 mbam-log-2010-05-04 (13-56-40).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 127157 Laufzeit: 4 Minute(n), 42 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 2 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 2 Infizierte Dateien: 15 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\Software\Desktop Security 2010 (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Desktop Security 2010 (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\desktop security 2010 (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: C:\Dokumente und Einstellungen\XXX\Startmenü\Programme\Desktop Security 2010 (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Desktop Security 2010 (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully. Infizierte Dateien: C:\Dokumente und Einstellungen\XXX\Startmenü\Programme\Desktop Security 2010\Activate Desktop Security 2010.lnk (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\XXX\Startmenü\Programme\Desktop Security 2010\Desktop Security 2010.lnk (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\XXX\Startmenü\Programme\Desktop Security 2010\Help Desktop Security 2010.lnk (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\XXX\Startmenü\Programme\Desktop Security 2010\How to Activate Desktop Security 2010.lnk (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Desktop Security 2010\Desktop Security 2010.exe (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Desktop Security 2010\mfc71.dll (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Desktop Security 2010\MFC71ENU.DLL (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Desktop Security 2010\msvcp71.dll (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Desktop Security 2010\msvcr71.dll (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Desktop Security 2010\securitycenter.exe (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Desktop Security 2010\securityhelper.exe (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Desktop Security 2010\taskmgr.dll (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\XXX\Startmenü\Programme\Desktop Security 2010.LNK (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Desktop Security 2010.LNK (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\XXX\Desktop\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully. RSIT - Randoms System Information Tool Logfile ergibt: Logfile of random's system information tool 1.06 (written by random/random) Run by xxx at 2010-05-04 13:52:54 Microsoft Windows XP Professional Service Pack 3 System drive C: has 502 GB (83%) free of 607 GB Total RAM: 2046 MB (63% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:53:07, on 04.05.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\Avira\AntiVir Desktop\avshadow.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\AvidSDMService.exe C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\CreativeLicensing.exe C:\Programme\Digidesign\Drivers\MMERefresh.exe C:\Programme\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\stsystra.exe C:\Programme\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\Programme\Creative\SBAudigy\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\Rundll32.exe C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe C:\Programme\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe C:\DOKUME~1\xxx\LOKALE~1\Temp\clclean.0001 C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\Java\jre6\bin\jusched.exe C:\programme\gemeinsame dateien\microsoft shared\msorun\msorunoffice.exe C:\programme\installshield installation information\{beefc4f8-2909-48b3-afaa-55d3533fdedd}\installshieldsetup7.exe C:\Programme\Enigma Software Group\SpyHunter\SpyHunter4.exe C:\programme\nero\nero 9\nero burning rom\coveredctrl\coveredctrlmanifcovered.exe C:\programme\gemeinsame dateien\microsoft shared\msorun\msorunoffice.exe C:\programme\quicktime\qtsystem\quicktimeeffects.resources\sv.lproj\quicktimequicktimeresources.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\ScanWizard 5\ScannerFinder.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\explorer.exe C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\Malwarebytes' Anti-Malware\mbam.exe C:\Dokumente und Einstellungen\xxx\Desktop\RSIT.exe C:\Programme\trend micro\xxx.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=4061212 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.de/hws/sb/dell-row/de/side.html?channel=de R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.de/hws/sb/dell-row/de/side.html?channel=de R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://forum.videoediting.ru/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.de/hws/sb/dell-row/de/side.html?channel=de R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=4061212 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: TBSB03968 - {AA61DE26-FA67-4575-9033-918671094293} - C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Toolbars\Toolbar fuer eBay\ebay.dll (file missing) O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\BAE\BAE.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: kikin Plugin - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Programme\kikin\ie_kikin.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Toolbar fuer eBay - {000E148C-F7A7-445A-9044-93BF6CE09ECB} - C:\Dokumente und Einstellungen\BASTI\Anwendungsdaten\Toolbars\Toolbar fuer eBay\ebay.dll (file missing) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\Iaanotif.exe O4 - HKLM\..\Run: [CTSysVol] C:\Programme\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [MSKDetectorExe] C:\Programme\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [PDUiP6700DMon] C:\Programme\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Programme\Digidesign\Drivers\MMERefresh.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [IoIs] C:\DOKUME~1\xxx\LOKALE~1\Temp\IoIs.exe O4 - HKLM\..\Run: [MSORunMicrosoft] c:\programme\gemeinsame dateien\microsoft shared\msorun\msorunoffice.exe O4 - HKLM\..\Run: [InstallShieldsetup7] C:\programme\installshield installation information\{beefc4f8-2909-48b3-afaa-55d3533fdedd}\installshieldsetup7.exe O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Programme\Enigma Software Group\SpyHunter\SpyHunter4.exe O4 - HKLM\..\Run: [DesignerCoverEdCtrlmanif] c:\programme\nero\nero 9\nero burning rom\coveredctrl\coveredctrlmanifcovered.exe O4 - HKLM\..\Run: [MSORUNMSORun] C:\programme\gemeinsame dateien\microsoft shared\msorun\msorunoffice.exe O4 - HKLM\..\Run: [QuickTimeQuickTimeResources] C:\programme\quicktime\qtsystem\quicktimeeffects.resources\sv.lproj\quicktimequicktimeresources.exe O4 - HKLM\..\RunServices: [IoIs] C:\DOKUME~1\xxx\LOKALE~1\Temp\IoIs.exe O4 - HKLM\..\RunServices: [AvidAvid] c:\programme\avid\utilities\avid storage manager\avidtechnology.exe O4 - HKLM\..\RunServices: [HttpNero] c:\programme\nero\nero 9\nero vision\nero.httpmanager\httpnero6147.exe O4 - HKLM\..\RunServices: [QuickTimeResourcesQuickTimeResources] c:\programme\quicktime\qtsystem\quicktimeeffects.resources\sv.lproj\quicktimequicktimeresources.exe O4 - HKLM\..\RunServices: [setup7InstallShield9.01.429] c:\programme\installshield installation information\{beefc4f8-2909-48b3-afaa-55d3533fdedd}\installshieldsetup7.exe O4 - HKLM\..\RunServices: [CoverDesigner] c:\programme\nero\nero 9\nero burning rom\coveredctrl\coveredctrlmanifcovered.exe O4 - HKLM\..\RunServices: [InstallShieldsetup7] C:\programme\installshield installation information\{beefc4f8-2909-48b3-afaa-55d3533fdedd}\installshieldsetup7.exe O4 - HKLM\..\RunServices: [CoverEdDesigner26962] c:\programme\nero\nero 9\nero burning rom\coveredctrl\coveredctrlmanifcovered.exe O4 - HKLM\..\RunServices: [ASMExerTechnology] c:\programme\avid\utilities\avid storage manager\avidtechnology.exe O4 - HKLM\..\RunServices: [MicrosoftMSORUN] C:\programme\gemeinsame dateien\microsoft shared\msorun\msorunoffice.exe O4 - HKLM\..\RunServices: [QuickTimeQuickTimeResources] C:\programme\quicktime\qtsystem\quicktimeeffects.resources\sv.lproj\quicktimequicktimeresources.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe O4 - HKCU\..\Run: [ccleaner] "C:\Programme\CCleaner\CCleaner.exe" /AUTO O4 - HKCU\..\Run: [85wlsturewoh] C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Temp\m.2A7.tmp.exe O4 - HKCU\..\Run: [Desktop Security 2010] "C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Desktop Security 2010\Desktop Security 2010.exe" /STARTUP O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Scanner Finder.lnk = C:\Programme\ScanWizard 5\ScannerFinder.exe O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Programme\kikin\ie_kikin.dll O9 - Extra 'Tools' menuitem: My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Programme\kikin\ie_kikin.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Avid SDM Service (AvidSDMService) - Avid Technology, Inc. - C:\WINDOWS\system32\AvidSDMService.exe O23 - Service: Avid Startup (AvidStartup) - Unknown owner - C:\WINDOWS\system32\AvidStartup.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\CreativeLicensing.exe O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Programme\Digidesign\Drivers\MMERefresh.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Programme\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE -- End of file - 14504 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}] EWPBrowseObject Class - C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-04-18 34304] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA61DE26-FA67-4575-9033-918671094293}] TBSB03968 Class - C:\Dokumente und Einstellungen\BASTI\Anwendungsdaten\Toolbars\Toolbar fuer eBay\ebay.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}] CBrowserHelperObject Object - C:\Programme\BAE\BAE.dll [2006-11-17 98304] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}] kikin Plugin - C:\Programme\kikin\ie_kikin.dll [2010-02-10 750256] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Programme\Canon\Easy-WebPrint\Toolband.dll [2006-04-18 552960] {000E148C-F7A7-445A-9044-93BF6CE09ECB} - Toolbar fuer eBay - C:\Dokumente und Einstellungen\BASTI\Anwendungsdaten\Toolbars\Toolbar fuer eBay\ebay.dll [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-08 7630848] "SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-07-24 282624] "IAAnotif"=C:\Programme\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2006-07-06 151552] "CTSysVol"=C:\Programme\Creative\SBAudigy\Surround Mixer\CTSysVol.exe [2005-10-31 57344] "MBMon"=Rundll32 CTMBHA.DLL,MBMon [] "UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112] "ISUSPM Startup"=C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184] "ISUSScheduler"=C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe [2004-07-27 81920] "MSKDetectorExe"=C:\Programme\McAfee\SpamKiller\MSKDetct.exe [2005-07-12 1117184] "PDUiP6700DMon"=C:\Programme\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe [2006-03-16 61440] "Easy-PrintToolBox"=C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2004-01-14 409600] "DigidesignMMERefresh"=C:\Programme\Digidesign\Drivers\MMERefresh.exe [2006-02-15 61440] "avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792] "AppleSyncNotifier"=C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440] "QuickTime Task"=C:\Programme\QuickTime\QTTask.exe [2009-11-11 417792] "iTunesHelper"=C:\Programme\iTunes\iTunesHelper.exe [2009-11-12 141600] "Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272] "Adobe ARM"=C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768] "SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-10-11 149280] "IoIs"=C:\DOKUME~1\BASTI\LOKALE~1\Temp\IoIs.exe [2010-05-03 153600] "MSORunMicrosoft"=c:\programme\gemeinsame dateien\microsoft shared\msorun\msorunoffice.exe [2010-05-03 153600] "InstallShieldsetup7"=C:\programme\installshield installation information\{beefc4f8-2909-48b3-afaa-55d3533fdedd}\installshieldsetup7.exe [2010-05-03 153600] "SpyHunter Security Suite"=C:\Programme\Enigma Software Group\SpyHunter\SpyHunter4.exe [2010-04-08 3021208] "DesignerCoverEdCtrlmanif"=c:\programme\nero\nero 9\nero burning rom\coveredctrl\coveredctrlmanifcovered.exe [2010-05-03 153600] "TechnologyASMUpdater"=c:\programme\avid\utilities\avid storage manager\avidtechnology.exe [2010-05-03 153600] "MSORUNMSORun"=C:\programme\gemeinsame dateien\microsoft shared\msorun\msorunoffice.exe [2010-05-03 153600] "QuickTimeQuickTimeResources"=C:\programme\quicktime\qtsystem\quicktimeeffects.resources\sv.lproj\quicktimequicktimeresources.exe [2010-05-03 153600] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "SetDefaultMIDI"=C:\WINDOWS\MIDIDef.exe [2004-12-22 24576] "ccleaner"=C:\Programme\CCleaner\CCleaner.exe [2010-02-24 1771320] "AnyDVD"=C:\Programme\SlySoft\AnyDVD\AnyDVDtray.exe [2010-04-09 3378112] "85wlsturewoh"=C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Temp\m.2A7.tmp.exe [2010-05-03 2946048] "Desktop Security 2010"=C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Desktop Security 2010\Desktop Security 2010.exe [2010-05-03 1411072] C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart Scanner Finder.lnk - C:\Programme\ScanWizard 5\ScannerFinder.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "SpecifyDefaultButtons"=1 "Btn_Search"=2 "Btn_Folders"=2 "Btn_PrintPreview"=2 "Btn_Encoding"=2 "Btn_Paste"=2 "Btn_Copy"=2 "Btn_Cut"=2 "Btn_Discussions"=2 "Btn_Edit"=2 "Btn_Size"=2 "Btn_MailNews"=2 "Btn_Tools"=2 "Btn_Fullscreen"=2 "Btn_History"=2 "Btn_Media"=2 "Btn_Print"=2 "Btn_Favorites"=2 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programme\Dell Network Assistant\ezi_hnm2.exe"="C:\Programme\Dell Network Assistant\ezi_hnm2.exe:*:Enabled  ell Network Assistant""C:\Programme\Messenger\msmsgs.exe"="C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Programme\MSN Messenger\msncall.exe"="C:\Programme\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype" "C:\Programme\MSN Messenger\livecall.exe"="C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\Programme\Microsoft Games\Age of Empires II\EMPIRES2.EXE"="C:\Programme\Microsoft Games\Age of Empires II\EMPIRES2.EXE:* isabled:Age of Empires II""C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Programme\iTunes\iTunes.exe"="C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programme\MSN Messenger\msncall.exe"="C:\Programme\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Programme\MSN Messenger\livecall.exe"="C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29b71186-56ec-11dc-8ccc-b6b6e5ec0739}] shell\AutoRun\command - J:\pushinst.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9212d9c0-cc56-11de-8f72-0019d11b3f94}] shell\AutoRun\command - K:\.\Kassettenrecorder.exe ======List of files/folders created in the last 1 months====== 2010-05-04 13:52:55 ----D---- C:\Programme\trend micro 2010-05-04 13:52:54 ----D---- C:\rsit 2010-05-04 13:29:12 ----D---- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Desktop Security 2010 2010-05-04 12:23:46 ----D---- C:\sh4ldr 2010-05-04 12:23:46 ----D---- C:\Programme\Enigma Software Group 2010-05-04 12:23:33 ----D---- C:\WINDOWS\61D3AAE1D5214CD7939B37813DE8F955.TMP 2010-05-04 12:23:32 ----D---- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard 2010-05-04 12:14:14 ----D---- C:\Programme\Malwarebytes' Anti-Malware 2010-04-06 07:55:58 ----N---- C:\WINDOWS\system32\browserchoice.exe ======List of files/folders modified in the last 1 months====== 2010-05-04 13:52:55 ----RD---- C:\Programme 2010-05-04 13:52:54 ----D---- C:\WINDOWS\Prefetch 2010-05-04 13:39:42 ----D---- C:\WINDOWS\Temp 2010-05-04 13:32:14 ----D---- C:\Programme\Mozilla Firefox 2010-05-04 13:29:22 ----AD---- C:\WINDOWS 2010-05-04 13:28:59 ----D---- C:\WINDOWS\system32\CatRoot2 2010-05-04 13:28:50 ----A---- C:\WINDOWS\system32\AvidStartupLog.txt 2010-05-04 13:28:31 ----SHD---- C:\WINDOWS\Installer 2010-05-04 13:28:31 ----D---- C:\WINDOWS\system32\drivers 2010-05-04 13:28:01 ----N---- C:\WINDOWS\SchedLgU.Txt 2010-05-04 12:59:13 ----D---- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\kikin 2010-05-04 12:55:47 ----D---- C:\WINDOWS\ie8updates 2010-05-04 12:55:47 ----D---- C:\WINDOWS\Debug 2010-05-04 12:49:03 ----D---- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Desktopicon 2010-05-04 12:24:06 ----D---- C:\Programme\kikin 2010-05-04 12:23:32 ----D---- C:\Programme\Gemeinsame Dateien 2010-05-04 12:21:58 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$ 2010-05-04 12:20:28 ----SD---- C:\WINDOWS\Tasks 2010-05-03 14:06:32 ----SHD---- C:\System Volume Information 2010-05-03 14:06:07 ----D---- C:\WINDOWS\system32\NtmsData 2010-05-03 13:28:15 ----A---- C:\WINDOWS\NeroDigital.ini 2010-05-03 12:46:51 ----D---- C:\WINDOWS\system32 2010-05-03 12:14:03 ----D---- C:\WINDOWS\Registration 2010-05-03 12:03:54 ----HD---- C:\WINDOWS\inf 2010-05-03 12:03:43 ----HD---- C:\WINDOWS\$hf_mig$ 2010-04-27 13:02:02 ----D---- C:\Programme\Mozilla Thunderbird ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [2006-09-24 25244] R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-03-01 124784] R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2010-01-01 26024] R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448] R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936] R2 AWISp50;AWISp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\AWISp50.sys [2006-03-15 17664] R2 hnmwrlspkt;HomeNet Manager Wireless Protocol; C:\WINDOWS\system32\DRIVERS\hnm_wrls_pkt.sys [2006-07-14 13824] R2 Packet;Auto Internet Protocol; C:\WINDOWS\system32\DRIVERS\packet.sys [2006-10-15 11136] R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys [] R2 SentEmul;SentEmul; \??\C:\WINDOWS\system32\DRIVERS\sentemul.sys [] R2 SVKP;SVKP; \??\C:\WINDOWS\system32\SVKP.sys [] R2 wsppkt;Wireless Security Protocol; C:\WINDOWS\system32\DRIVERS\wsp_pkt.sys [2006-07-14 13696] R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2010-04-07 104768] R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2005-01-10 138752] R3 CTUSFSYN;Creative SoundFont Synthesizer; C:\WINDOWS\system32\drivers\ctusfsyn.sys [2005-05-25 158464] R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-07-19 230400] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600] R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys [] R3 monfilt;monfilt; C:\WINDOWS\system32\drivers\monfilt.sys [2006-01-04 1389056] R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288] R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-08-08 3958272] R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2005-01-10 106496] R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-07-24 1156648] R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S3 61883;61883-Einheitsgerät; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128] S3 Avc;AVC-Gerät; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912] S3 catchme;catchme; \??\C:\DOKUME~1\xxx\LOKALE~1\Temp\catchme.sys [] S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 E100B;Intel(R) PRO-Adaptertreiber; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-18 117760] S3 FWLANUSB;AVM FRITZ!WLAN; C:\WINDOWS\system32\DRIVERS\fwlanusb.sys [2006-07-31 264704] S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 OVT511Plus;TEVION MD9308; C:\WINDOWS\System32\Drivers\omcamvid.sys [2000-01-26 117122] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448] S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 VVBETHERNET;ADSL Virtual Bus Ethernet driver; C:\WINDOWS\system32\DRIVERS\vvbEth.sys [2002-01-17 15285] S3 vvbususb;ADSL USB VvBus driver; C:\WINDOWS\system32\drivers\vvbususb.sys [2002-01-17 51111] S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 agp440;Intel AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368] S4 agpCPQ;Compaq AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928] S4 alim1541;ALI AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752] S4 amdagp;AMD AGP-Bus-Filtertreiber; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008] S4 atapi;Standard-IDE/ESDI-Festplattencontroller; C:\WINDOWS\system32\DRIVERS\atapi.sys [2008-04-13 96512] S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952] S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-14 5504] S4 sisagp;SIS AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960] S4 viaagp;VIA AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336] R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2010-04-19 267432] R2 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672] R2 AvidSDMService;Avid SDM Service; C:\WINDOWS\system32\AvidSDMService.exe [2006-09-24 49152] R2 Bonjour Service;Bonjour-Dienst; C:\Programme\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 Creative Labs Licensing Service;Creative Labs Licensing Service; C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\CreativeLicensing.exe [2006-12-12 69632] R2 DigiRefresh;Digidesign MME Refresh Service; C:\Programme\Digidesign\Drivers\MMERefresh.exe [2006-02-15 61440] R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Programme\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2006-07-06 90112] R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-10-11 153376] R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe [2008-09-30 935208] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-08-08 155715] R2 SpyHunter 4 Service;SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2010-03-24 323992] R3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2009-11-12 545568] S2 AvidStartup;Avid Startup; C:\WINDOWS\system32\AvidStartup.exe [2006-09-24 1536000] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800] S3 Adobe LM Service;Adobe LM Service; C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-03-24 72704] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- Bitte um Eure Hilfe. Hoffe ich habe soweit alle Forenregeln beachtet. Bin nicht besonders bewandert mit Computern. Vielen Dank im vorraus! |
|
04.05.2010, 15:36
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Desktop Security 2010 nach Entfernen mit Malwarebytes wieder da! Hallo und
__________________ bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
08.05.2010, 15:14
| #3 |
| | Desktop Security 2010 nach Entfernen mit Malwarebytes wieder da! hallo cosinus,
__________________zunächst vielen Dank für das Angebot deiner Hilfe! Hier das ergebnis von malwarebytes: Malwarebytes' Anti-Malware 1.46 wvwvw.malwarebytes.org Datenbank Version: 4063 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 08.05.2010 15:47:28 mbam-log-2010-05-08 (15-47-28).txt Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|D:\|E:\|G:\|H:\|I:\|J:\|) Durchsuchte Objekte: 219848 Laufzeit: 1 Stunde(n), 55 Minute(n), 40 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 2 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 2 Infizierte Dateien: 12 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\Software\Desktop Security 2010 (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Desktop Security 2010 (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\desktop security 2010 (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: C:\Dokumente und Einstellungen\xxx\Startmenü\Programme\Desktop Security 2010 (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Desktop Security 2010 (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully. Infizierte Dateien: C:\Dokumente und Einstellungen\xxx\Startmenü\Programme\Desktop Security 2010\Activate Desktop Security 2010.lnk (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\xxx\Startmenü\Programme\Desktop Security 2010\Desktop Security 2010.lnk (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\xxx\Startmenü\Programme\Desktop Security 2010\Help Desktop Security 2010.lnk (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\xxx\Startmenü\Programme\Desktop Security 2010\How to Activate Desktop Security 2010.lnk (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Desktop Security 2010\Desktop Security 2010.exe (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Desktop Security 2010\mfc71.dll (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Desktop Security 2010\MFC71ENU.DLL (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Desktop Security 2010\msvcp71.dll (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Desktop Security 2010\msvcr71.dll (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Desktop Security 2010\taskmgr.dll (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\xxx\Startmenü\Programme\Desktop Security 2010.LNK (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Desktop Security 2010.LNK (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully. Hier das Ergebnis von OTL (Logfile 1): OTL logfile created on: 08.05.2010 15:50:48 - Run 1 OTL by OldTimer - Version 3.2.4.1 Folder = C:\Dokumente und Einstellungen\xxx\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 63,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 83,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 593,11 Gb Total Space | 489,90 Gb Free Space | 82,60% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: xxx Current User Name: xxx Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\programme\quicktime\qtsystem\quicktimeeffects.resources\sv.lproj\quicktimequicktimeresources.exe File not found PRC - C:\programme\gemeinsame dateien\microsoft shared\msorun\msorunoffice.exe File not found PRC - C:\programme\installshield installation information\{beefc4f8-2909-48b3-afaa-55d3533fdedd}\installshieldsetup7.exe File not found PRC - C:\programme\nero\nero 9\nero burning rom\coveredctrl\coveredctrlmanifcovered.exe File not found PRC - C:\programme\avid\utilities\avid storage manager\avidtechnology.exe File not found PRC - C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Temp\clclean.0001 (Macrovision Europe Ltd.) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.) PRC - C:\Programme\Enigma Software Group\SpyHunter\SpyHunter4.exe (Enigma Software Group USA, LLC.) PRC - C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe (Nero AG) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\ScanWizard 5\ScannerFinder.exe () PRC - C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs) PRC - C:\WINDOWS\system32\AvidSDMService.exe (Avid Technology, Inc.) PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe (CANON INC.) PRC - C:\Programme\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.) PRC - C:\Programme\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd) PRC - C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Programme\SlySoft\AnyDVD\ADvdDiscHlp1.dll (SlySoft, Inc.) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (SpyHunter 4 Service) -- C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (Adobe LM Service) -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems) SRV - (Creative Labs Licensing Service) -- C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs) SRV - (AvidSDMService) -- C:\WINDOWS\system32\AvidSDMService.exe (Avid Technology, Inc.) SRV - (AvidStartup) -- C:\WINDOWS\system32\AvidStartup.exe () SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (DigiRefresh) -- C:\Programme\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (AnyDVD) -- C:\WINDOWS\system32\drivers\AnyDVD.sys (SlySoft, Inc.) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (ElbyCDIO) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (61883) -- C:\WINDOWS\system32\drivers\61883.sys (Microsoft Corporation) DRV - (Avc) -- C:\WINDOWS\system32\drivers\avc.sys (Microsoft Corporation) DRV - (MSDV) -- C:\WINDOWS\system32\drivers\msdv.sys (Microsoft Corporation) DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (SVKP) -- C:\WINDOWS\system32\SVKP.sys (AntiCracking) DRV - (Packet) -- C:\WINDOWS\system32\drivers\packet.sys (SingleClick Systems) DRV - (Serial) -- C:\WINDOWS\system32\drivers\AvidXPSerial.sys () DRV - (ASPI32) -- C:\WINDOWS\system32\drivers\aspi32.sys (Adaptec) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (FWLANUSB) -- C:\WINDOWS\system32\drivers\fwlanusb.sys (AVM GmbH) DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.) DRV - (e1express) Intel(R) -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation) DRV - (wsppkt) -- C:\WINDOWS\system32\drivers\wsp_pkt.sys (SingleClick Systems) DRV - (hnmwrlspkt) -- C:\WINDOWS\system32\drivers\hnm_wrls_pkt.sys (SingleClick Systems) DRV - (iastor) -- C:\WINDOWS\system32\drivers\iastor.sys (Intel Corporation) DRV - (SentEmul) -- C:\WINDOWS\system32\drivers\sentemul.sys () DRV - (AWISp50) -- C:\WINDOWS\system32\drivers\AWISp50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (monfilt) -- C:\WINDOWS\system32\drivers\monfilt.sys (Creative Technology Ltd.) DRV - (CTUSFSYN) -- C:\WINDOWS\system32\drivers\ctusfsyn.sys (Creative Technology Ltd.) DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV - (PfModNT) -- C:\WINDOWS\system32\drivers\PfModNT.sys (Creative Technology Ltd.) DRV - (vvbususb) -- C:\WINDOWS\system32\drivers\vvbususb.sys (Corporation) DRV - (VVBETHERNET) -- C:\WINDOWS\system32\drivers\vvbeth.sys (Corporation) DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (OVT511Plus) -- C:\WINDOWS\system32\drivers\omcamvid.sys (OmniVision Technologies, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = wxwxw.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=4061212 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://wxwxw.google.de/hws/sb/dell-row/de/side.html?channel=de IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = wxwxw.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=4061212 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = wxwxw.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=4061212 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://wxwxw.google.de/hws/sb/dell-row/de/side.html?channel=de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxtxtxp://fxorum.videoediting.ru/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://wxwxw.google.de/" FF - prefs.js..extensions.enabledItems: {4176DFF4-4698-11DE-BEEB-45DA55D89593}:0.7.4 FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.1 FF - prefs.js..extensions.enabledItems: fr-FR@dictionaries.addons.mozilla.org:3.5 FF - prefs.js..extensions.enabledItems: fr@dictionaries.addons.mozilla.org:3.5 FF - prefs.js..extensions.enabledItems: {9fb7d178-155a-4318-9173-1a8eaaea7fe4}:2.1.8 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {AA994882-F391-4d2e-806F-8908DA4814ED}:2.0 FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:4.0.0 FF - prefs.js..extensions.enabledItems: {25b3130e-8513-41b6-8ea8-43dbc9cc0f12}:1.0 FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.01.24 20:23:03 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.04.27 12:26:21 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.03.20 16:40:48 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2010.04.27 12:26:21 | 000,000,000 | ---D | M] [2009.04.08 20:01:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Extensions [2010.05.08 12:22:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\muf6io4p.default\extensions [2009.10.27 14:28:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\muf6io4p.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2007.01.20 15:30:55 | 000,000,000 | ---D | M] (Werder Bremen) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\muf6io4p.default\extensions\{25b3130e-8513-41b6-8ea8-43dbc9cc0f12} [2010.03.28 15:20:34 | 000,000,000 | ---D | M] (AniWeather) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\muf6io4p.default\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593} [2010.03.28 15:20:33 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\muf6io4p.default\extensions\{9fb7d178-155a-4318-9173-1a8eaaea7fe4} [2010.05.04 12:24:06 | 000,000,000 | ---D | M] (kikin plugin (AudioGrabber Edition)) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\muf6io4p.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED} [2010.03.28 15:20:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\muf6io4p.default\extensions\de-DE@dictionaries.addons.mozilla.org [2010.03.28 15:20:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\muf6io4p.default\extensions\en-US@dictionaries.addons.mozilla.org [2010.03.28 15:20:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\muf6io4p.default\extensions\fr@dictionaries.addons.mozilla.org [2010.03.28 15:20:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\muf6io4p.default\extensions\fr-FR@dictionaries.addons.mozilla.org [2006.12.16 23:55:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Sunbird\extensions [2006.12.16 23:55:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Sunbird\Profiles\1p4or6ws.default\extensions [2006.12.16 23:55:07 | 000,000,000 | ---D | M] (Sunbird (default)) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Sunbird\Profiles\1p4or6ws.default\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2007.12.29 23:03:15 | 000,005,310 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\muf6io4p.default\searchplugins\footiefox.xml [2010.05.08 12:22:12 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2008.03.15 15:56:14 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2008.10.13 20:34:40 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2008.02.19 16:40:48 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2006.12.03 17:59:22 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2006.11.17 13:19:24 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.05.08 12:11:15 | 000,000,847 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 loc O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll () O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (TBSB03968 Class) - {AA61DE26-FA67-4575-9033-918671094293} - C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Toolbars\Toolbar fuer eBay\ebay.dll File not found O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\BAE\BAE.dll (Dell Inc.) O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Programme\kikin\ie_kikin.dll (kikin) O3 - HKLM\..\Toolbar: (Toolbar fuer eBay) - {000E148C-F7A7-445A-9044-93BF6CE09ECB} - C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Toolbars\Toolbar fuer eBay\ebay.dll File not found O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Toolbar fuer eBay) - {000E148C-F7A7-445A-9044-93BF6CE09ECB} - C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Toolbars\Toolbar fuer eBay\ebay.dll File not found O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CTSysVol] C:\Programme\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd) O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Programme\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.) O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MBMon] C:\WINDOWS\System32\CTMBHA.DLL () O4 - HKLM..\Run: [MSKDetectorExe] C:\Programme\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.) O4 - HKLM..\Run: [MSORUNMSORun] C:\programme\gemeinsame dateien\microsoft shared\msorun\msorunoffice.exe File not found O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [PDUiP6700DMon] C:\Programme\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe (CANON INC.) O4 - HKLM..\Run: [QuickTimeQuickTimeResources7.6.4] c:\programme\quicktime\qtsystem\quicktimeeffects.resources\sv.lproj\quicktimequicktimeresources.exe File not found O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [SpyHunter Security Suite] C:\Programme\Enigma Software Group\SpyHunter\SpyHunter4.exe (Enigma Software Group USA, LLC.) O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [XM2002] C:\Programme\IPPS\XM2002®\XM2002.exe File not found O4 - HKCU..\Run: [AnyDVD] C:\Programme\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.) O4 - HKCU..\Run: [ccleaner] C:\Programme\CCleaner\CCleaner.exe (Piriform Ltd) O4 - HKCU..\Run: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd) O4 - HKLM..\RunServices: [MicrosoftMSORUN] C:\programme\gemeinsame dateien\microsoft shared\msorun\msorunoffice.exe File not found O4 - HKLM..\RunServices: [QuickTimeResourcesQuickTimeResources] c:\programme\quicktime\qtsystem\quicktimeeffects.resources\sv.lproj\quicktimequicktimeresources.exe File not found O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Scanner Finder.lnk = C:\Programme\ScanWizard 5\ScannerFinder.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: SpecifyDefaultButtons = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Search = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Folders = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_PrintPreview = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Encoding = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Paste = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Copy = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Cut = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Discussions = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Edit = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Size = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_MailNews = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Tools = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Fullscreen = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_History = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Media = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Print = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Favorites = 2 O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Programme\kikin\ie_kikin.dll (kikin) O9 - Extra Button: XM2002® - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Programme\IPPS\XM2002®\XM2002.exe File not found O9 - Extra 'Tools' menuitem : &XM2002® - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Programme\IPPS\XM2002®\XM2002.exe File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\DIE DREI.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\DIE DREI.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004.08.13 14:54:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{29b71186-56ec-11dc-8ccc-b6b6e5ec0739}\Shell - "" = AutoRun O33 - MountPoints2\{29b71186-56ec-11dc-8ccc-b6b6e5ec0739}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{29b71186-56ec-11dc-8ccc-b6b6e5ec0739}\Shell\AutoRun\command - "" = J:\pushinst.exe -- File not found O33 - MountPoints2\{9212d9c0-cc56-11de-8f72-0019d11b3f94}\Shell\AutoRun\command - "" = K:\.\Kassettenrecorder.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.05.08 12:59:18 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe [2010.05.08 12:05:25 | 000,000,000 | ---D | C] -- C:\Avenger [2010.05.04 13:52:55 | 000,000,000 | ---D | C] -- C:\Programme\trend micro [2010.05.04 13:52:54 | 000,000,000 | ---D | C] -- C:\rsit [2010.05.04 13:01:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia [2010.05.04 12:23:46 | 000,000,000 | ---D | C] -- C:\sh4ldr [2010.05.04 12:23:46 | 000,000,000 | ---D | C] -- C:\Programme\Enigma Software Group [2010.05.04 12:23:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\61D3AAE1D5214CD7939B37813DE8F955.TMP [2010.05.04 12:23:32 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard [2010.05.04 12:21:14 | 000,490,392 | ---- | C] (Enigma Software Group USA, LLC.) -- C:\Dokumente und Einstellungen\xxx\Desktop\SpyHunter-Installer.exe [2010.05.04 12:14:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.05.04 12:14:14 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.05.04 12:14:14 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.05.04 12:12:19 | 006,153,648 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\xxx\Desktop\mbam-setup.exe [9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.05.08 15:50:19 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\coqof.sys [2010.05.08 13:27:37 | 008,126,464 | -H-- | M] () -- C:\Dokumente und Einstellungen\xxx\NTUSER.DAT [2010.05.08 12:59:18 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe [2010.05.08 12:57:52 | 000,000,172 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\default.rss [2010.05.08 12:56:38 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010.05.08 12:52:36 | 000,121,856 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.05.08 12:18:56 | 000,363,520 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\rkill.com [2010.05.08 12:18:28 | 000,024,576 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\Hallo und.doc [2010.05.08 12:11:25 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.05.08 12:11:08 | 000,080,671 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010.05.08 12:10:58 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.05.08 12:10:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.05.08 12:10:55 | 2145,304,576 | -HS- | M] () -- C:\hiberfil.sys [2010.05.04 13:52:34 | 000,781,909 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\RSIT.exe [2010.05.04 13:27:58 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\xxx\ntuser.ini [2010.05.04 12:23:48 | 000,001,959 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\SpyHunter.lnk [2010.05.04 12:21:15 | 000,490,392 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Dokumente und Einstellungen\xxx\Desktop\SpyHunter-Installer.exe [2010.05.04 12:20:54 | 000,170,496 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\This log file is located at C.doc [2010.05.04 12:14:18 | 000,000,682 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.05.04 12:12:26 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\xxx\Desktop\mbam-setup.exe [2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.04.27 17:43:01 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010.04.27 10:41:48 | 000,000,173 | -HS- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib [9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.05.08 15:50:19 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\coqof.sys [2010.05.08 12:18:54 | 000,363,520 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\rkill.com [2010.05.08 12:18:28 | 000,024,576 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\Hallo und.doc [2010.05.04 13:52:34 | 000,781,909 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\RSIT.exe [2010.05.04 12:23:48 | 000,001,959 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\SpyHunter.lnk [2010.05.04 12:17:01 | 000,170,496 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\This log file is located at C.doc [2010.05.04 12:14:18 | 000,000,682 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009.04.30 12:43:31 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2008.11.19 13:42:40 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008.11.18 17:59:45 | 000,004,767 | ---- | C] () -- C:\WINDOWS\Irremote.ini [2008.11.04 14:08:28 | 000,000,225 | ---- | C] () -- C:\WINDOWS\QTW.INI [2008.06.12 21:40:51 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\PtSSE2.dll [2008.06.12 21:40:49 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\AvidXPSerial.sys [2008.06.12 21:40:49 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll [2008.06.12 21:34:56 | 001,728,606 | ---- | C] () -- C:\WINDOWS\System32\libmmdd.dll [2008.06.12 21:34:56 | 001,658,973 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll [2007.12.25 19:50:48 | 000,000,070 | ---- | C] () -- C:\WINDOWS\Ulead32.INI [2007.12.25 19:49:14 | 000,000,038 | ---- | C] () -- C:\WINDOWS\System32\mscandc.ini [2007.12.25 19:35:09 | 000,044,491 | ---- | C] () -- C:\WINDOWS\System32\MiiIniFile13.ini [2007.12.25 19:35:06 | 000,285,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\Onsio.sys [2007.12.25 19:35:06 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\drivers\Onsreged.sys [2007.01.29 20:02:05 | 000,000,336 | ---- | C] () -- C:\WINDOWS\System32\MSSYSWIN.INI [2007.01.29 20:01:02 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\prospeed_bmp2jpg.dll [2007.01.20 16:16:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI [2007.01.20 16:00:03 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006.12.19 02:03:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Aiga-Screensaver.INI [2006.12.19 02:03:22 | 000,000,688 | ---- | C] () -- C:\WINDOWS\ssaver.ini [2006.12.17 19:47:21 | 000,003,764 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2006.12.17 19:47:21 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\35A336C207.sys [2006.12.17 19:29:07 | 000,000,059 | ---- | C] () -- C:\WINDOWS\RUNAWAY.INI [2006.12.12 21:11:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006.12.12 21:05:42 | 000,000,443 | ---- | C] () -- C:\WINDOWS\wininit.ini [2006.12.12 21:05:38 | 000,000,855 | ---- | C] () -- C:\WINDOWS\{0240BDFB-2995-4A3F-8C96-18D41282B716}_WiseFW.ini [2006.12.12 21:03:43 | 000,010,820 | ---- | C] () -- C:\WINDOWS\System32\CTSBMB.INI [2006.12.12 21:03:32 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\mes2046.dll [2006.12.12 21:03:19 | 000,022,629 | ---- | C] () -- C:\WINDOWS\System32\CiFilter.ini [2006.12.12 20:46:22 | 001,355,042 | ---- | C] () -- C:\WINDOWS\System32\CTMBHA.DLL [2006.12.12 20:46:05 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2006.12.12 20:45:14 | 000,000,487 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2006.05.14 00:49:50 | 000,012,484 | ---- | C] () -- C:\WINDOWS\System32\drivers\sentemul.sys [2004.08.13 15:04:30 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini [2004.08.13 14:51:43 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [1997.06.14 13:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 24 bytes -> C:\WINDOWS:8720917B4504ECFC @Alternate Data Stream - 117 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:BEB71B81 @Alternate Data Stream - 109 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:9AB338B9 < End of report > Hier das Ergebnis von OTL (Logfile2): OTL Extras logfile created on: 08.05.2010 15:50:48 - Run 1 OTL by OldTimer - Version 3.2.4.1 Folder = C:\Dokumente und Einstellungen\xxx\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 63,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 83,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 593,11 Gb Total Space | 489,90 Gb Free Space | 82,60% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: xxx Current User Name: xxx Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "10421:UDP" = 10421:UDP:*:Enabled:SingleClick Discovery Protocol "10426:UDP" = 10426:UDP:*:Enabled:SingleClick ICC "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Programme\MSN Messenger\msncall.exe" = C:\Programme\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found "C:\Programme\MSN Messenger\livecall.exe" = C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found "C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\Dell Network Assistant\ezi_hnm2.exe" = C:\Programme\Dell Network Assistant\ezi_hnm2.exe:*:Enabled ell Network Assistant -- (SingleClick Systems)"C:\Programme\IPPS\XM2002®\XM2002.exe" = C:\Programme\IPPS\XM2002®\XM2002.exe:*:Enabled:XM2002 -- File not found "C:\Programme\MSN Messenger\msncall.exe" = C:\Programme\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found "C:\Programme\MSN Messenger\livecall.exe" = C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found "C:\Programme\Microsoft Games\Age of Empires II\EMPIRES2.EXE" = C:\Programme\Microsoft Games\Age of Empires II\EMPIRES2.EXE:* isabled:Age of Empires II -- (Microsoft Corporation)"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0240BDFB-2995-4A3F-8C96-18D41282B716}" = Dell Network Assistant "{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero BurningROM "{0A0873E1-D9BA-4994-B85D-A0A331EF1F0C}" = Intel(R) PRO Network Connections "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime "{1c00c7c5-e615-4139-b817-7f4003de68c0}" = Nero PhotoSnap Help "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help "{236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2 "{24B559F6-262E-4607-BA98-24CFF4E7C2CA}" = Avid MetaSync "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17 "{270CF75C-CE46-4672-9DEC-AA53DEDF5306}" = Avid MediaLog "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10 "{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11 "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1 "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2 "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5 "{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed "{345C90FB-FA10-11D5-9C2A-0080C85A0C2D}" = ABBYY FineReader OCR Engine für ScanWizard "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode "{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent "{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel "{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}" = Skype Plugin Manager "{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth "{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision "{46C73DE4-E96D-4F7C-8371-F28052183B12}" = Advanced Decoder Patch "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool "{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress "{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision "{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module "{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision "{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{60c731fb-c951-41ce-ad41-8e54c8594609}" = Nero Disc Copy Gadget Help "{61D3AAE1-D521-4CD7-939B-37813DE8F955}" = SpyHunter "{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2 "{6C333906-3CA5-4FC7-8D67-1BEB77464FEE}" = Avid EDL Manager "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart "{77e33d87-255e-413e-9c8d-eed2a7f9bebf}" = Nero Live Help "{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights "{7ECBC5C3-B540-4A8F-BFB1-E86EE98D4D20}" = Avid DIO Runtime "{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express "{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed "{8b8fe06c-a3cb-41be-a391-06bcd3188f41}" = Nero 9 "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{98a67610-a3b5-4098-a423-3708040026d3}" = "Nero SoundTrax Help "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap "{9F1D8E17-2AE6-4608-901D-42146D7D9C68}" = Digidesign Audio Drivers 7.1 "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A637B96A-6C65-4750-8E7A-F065DAAEC1F0}" = Avid FilmScribe "{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{AABFEB47-1662-4256-B137-94A568073C60}" = Avid Log Exchange "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support "{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{ad6bc5cc-2ef0-49c4-b33d-cdc8b2c4dc80}" = Nero Recode Help "{B08D262E-D902-11D5-9C28-0080C85A0C2D}" = ScanWizard 5 "{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles "{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}" = Canon PhotoRecord "{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help "{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM "{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU "{D312E40B-1C59-4823-AB48-6798D85ABBE4}" = DiMAGE Master Lite "{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime "{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live "{E15DB50A-1DF9-4AF6-8DB0-1D6D5FFC17E1}" = Avid Media Composer "{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit "{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}" = kikin Plugin (AudioGrabber Edition) 2.0 "{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari "{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{e8631efb-6b9a-426c-b1ce-e7173ca26bf8}" = Nero WaveEditor Help "{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget "{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter "{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm "{FABC839A-8445-4830-9CE1-860584F32648}" = Avid Codecs PE "{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2 "Adobe SVG Viewer" = Adobe SVG Viewer "Age of Empires 2.0" = Microsoft Age of Empires II "Any Video Converter_is1" = Any Video Converter 3.0.3 "AnyDVD" = AnyDVD "Audiograbber" = Audiograbber 1.83 SE "Audiograbber-Lame" = Audiograbber Lame-MP3-Plugin "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CCleaner" = CCleaner "CloneDVD2" = CloneDVD2 "CloneDVDmobile" = CloneDVDmobile "Creative Audio Pack" = Creative Audiopaket "Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint "Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox "Easy-WebPrint" = Easy-WebPrint "Fotobuch-Designer_is1" = Fotobuch-Designer 2.3 "HijackThis" = HijackThis 2.0.2 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "IrfanView" = IrfanView (remove only) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "MCU PDUiP6700DMon.exe" = Canon iP6700D Memory Card Utility "MediaNavigation.CDLabelPrint" = CD-LabelPrint "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.0.8)" = Mozilla Firefox (3.0.8) "Mozilla Sunbird_is1" = Mozilla Sunbird 0.3a1 "Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MSNINST" = MSN "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NVIDIA Drivers" = NVIDIA Drivers "SAMB_ADVMB_FILTER_DRV" = Sound Blaster ADVANCED MB Drivers "sentemul" = Sentinel Virtual Dongle v1.01 "ShockwaveFlash" = Adobe Flash Player 9 ActiveX "Skype_is1" = Skype 3.0 "Sound Blaster Audigy ADVANCED MB Product Registration" = Sound Blaster Audigy ADVANCED MB Produktregistrierung "TBSB03968.TBSB03968Toolbar" = Toolbar fuer eBay "uDESIGHT_is1" = uDESIGHT 1.0 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 04.05.2010 07:29:19 | Computer Name = xxx | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung desktop security 2010.exe, Version 4.0.14.1, fehlgeschlagenes Modul desktop security 2010.exe, Version 4.0.14.1, Fehleradresse 0x013b3fea. Error - 08.05.2010 06:07:45 | Computer Name = xxx | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung desktop security 2010.exe, Version 4.0.14.1, fehlgeschlagenes Modul desktop security 2010.exe, Version 4.0.14.1, Fehleradresse 0x013b3fea. Error - 08.05.2010 06:11:16 | Computer Name = xxx | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung desktop security 2010.exe, Version 4.0.14.1, fehlgeschlagenes Modul desktop security 2010.exe, Version 4.0.14.1, Fehleradresse 0x013b3fea. Error - 08.05.2010 06:13:18 | Computer Name = xxx | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung desktop security 2010.exe, Version 4.0.14.1, fehlgeschlagenes Modul desktop security 2010.exe, Version 4.0.14.1, Fehleradresse 0x013b3fea. Error - 08.05.2010 06:15:08 | Computer Name = xxx | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung desktop security 2010.exe, Version 4.0.14.1, fehlgeschlagenes Modul desktop security 2010.exe, Version 4.0.14.1, Fehleradresse 0x013b3fea. Error - 08.05.2010 06:15:49 | Computer Name = xxx | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung desktop security 2010.exe, Version 4.0.14.1, fehlgeschlagenes Modul desktop security 2010.exe, Version 4.0.14.1, Fehleradresse 0x013b3fea. Error - 08.05.2010 06:16:34 | Computer Name = xxx | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung desktop security 2010.exe, Version 4.0.14.1, fehlgeschlagenes Modul desktop security 2010.exe, Version 4.0.14.1, Fehleradresse 0x013b3fea. Error - 08.05.2010 06:17:50 | Computer Name = xxx | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung desktop security 2010.exe, Version 4.0.14.1, fehlgeschlagenes Modul desktop security 2010.exe, Version 4.0.14.1, Fehleradresse 0x013b3fea. Error - 08.05.2010 06:18:09 | Computer Name = xxx | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung desktop security 2010.exe, Version 4.0.14.1, fehlgeschlagenes Modul desktop security 2010.exe, Version 4.0.14.1, Fehleradresse 0x013b3fea. Error - 08.05.2010 07:06:17 | Computer Name = xxx | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung OTL.exe, Version 3.2.4.1, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. [ System Events ] Error - 04.05.2010 06:23:55 | Computer Name = xxx | Source = Service Control Manager | ID = 7034 Description = Dienst "Avid Startup" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 04.05.2010 06:33:23 | Computer Name = xxx | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "wuauserv" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {E60687F7-01A1-40AA-86AC-DB1CBF673334} Error - 04.05.2010 06:57:35 | Computer Name = xxx | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "wuauserv" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {E60687F7-01A1-40AA-86AC-DB1CBF673334} Error - 04.05.2010 06:57:43 | Computer Name = xxx | Source = Service Control Manager | ID = 7034 Description = Dienst "Avid Startup" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 04.05.2010 07:24:43 | Computer Name = xxx | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "wuauserv" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {E60687F7-01A1-40AA-86AC-DB1CBF673334} Error - 04.05.2010 07:30:28 | Computer Name = xxx | Source = Service Control Manager | ID = 7034 Description = Dienst "Avid Startup" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 08.05.2010 06:08:26 | Computer Name = xxx | Source = Service Control Manager | ID = 7034 Description = Dienst "Avid Startup" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 08.05.2010 06:12:41 | Computer Name = xxx | Source = Service Control Manager | ID = 7034 Description = Dienst "Avid Startup" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 08.05.2010 06:15:06 | Computer Name = xxx | Source = VolSnap | ID = 393228 Description = Die Schattenkopie von Volume "C:" verfügte nicht über ausreichend Vergleichsbereichsspeicherplatz, bevor es richtig installiert wurde. Error - 08.05.2010 06:15:41 | Computer Name = xxx | Source = VolSnap | ID = 393241 Description = Die Schattenkopie von Volume "C:" wurde abgebrochen, weil die Bereichsvergleichsdatei nicht rechtzeitig vergrößert wurde. Verringern Sie die E/A-Last auf diesem System, um dieses Problem zukünftig zu verhindern. < End of report > MfG Silverjew |
|
09.05.2010, 13:18
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Desktop Security 2010 nach Entfernen mit Malwarebytes wieder da! Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
PRC - C:\programme\quicktime\qtsystem\quicktimeeffects.resources\sv.lproj\quicktimequicktimeresources.exe File not found
PRC - C:\programme\gemeinsame dateien\microsoft shared\msorun\msorunoffice.exe File not found
PRC - C:\programme\installshield installation information\{beefc4f8-2909-48b3-afaa-55d3533fdedd}\installshieldsetup7.exe File not found
PRC - C:\programme\nero\nero 9\nero burning rom\coveredctrl\coveredctrlmanifcovered.exe File not found
PRC - C:\programme\avid\utilities\avid storage manager\avidtechnology.exe File not found
FF - prefs.js..browser.startup.homepage: "http://wxwxw.google.de/"
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: SpecifyDefaultButtons = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Search = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Folders = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_PrintPreview = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Encoding = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Paste = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Copy = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Cut = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Discussions = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Edit = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Size = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_MailNews = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Tools = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Fullscreen = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_History = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Media = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Print = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Favorites = 2
O33 - MountPoints2\{29b71186-56ec-11dc-8ccc-b6b6e5ec0739}\Shell\AutoRun\command - "" = J:\pushinst.exe -- File not found
O33 - MountPoints2\{9212d9c0-cc56-11de-8f72-0019d11b3f94}\Shell\AutoRun\command - "" = K:\.\Kassettenrecorder.exe -- File not found
[2010.05.04 12:23:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\61D3AAE1D5214CD7939B37813DE8F955.TMP
[2010.05.08 15:50:19 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\coqof.sys
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
13.05.2010, 09:45
| #5 |
| | Desktop Security 2010 nach Entfernen mit Malwarebytes wieder da! Wenn ich den Scan Fix in OTL durchführe, hängt sich der Rechner direkt bei der ersten Bearbeitung in der Liste: PRC - C:\programme\quicktime\qtsystem\quicktimeeffects.resources\sv.lproj\quicktimequicktimeresources.exe File not found auf. Ich habe es bereits mehrmals versucht. Allerdings installiert sich die Desktop Security nicht mehr wenn ich den Rechner starte. Dafür schon mal einen riesiges Danke Schön!!! Mfg Silverjew |
|
13.05.2010, 15:39
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Desktop Security 2010 nach Entfernen mit Malwarebytes wieder da! Dann lass die eine Zeile weg also nimm diesen Text für den OTL Fix: Code:
ATTFilter :OTL
PRC - C:\programme\quicktime\qtsystem\quicktimeeffects.resources\sv.lproj\quicktimequicktimeresources.exe File not found
PRC - C:\programme\gemeinsame dateien\microsoft shared\msorun\msorunoffice.exe File not found
PRC - C:\programme\installshield installation information\{beefc4f8-2909-48b3-afaa-55d3533fdedd}\installshieldsetup7.exe File not found
PRC - C:\programme\nero\nero 9\nero burning rom\coveredctrl\coveredctrlmanifcovered.exe File not found
PRC - C:\programme\avid\utilities\avid storage manager\avidtechnology.exe File not found
FF - prefs.js..browser.startup.homepage: "http://wxwxw.google.de/"
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: SpecifyDefaultButtons = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Search = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Folders = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_PrintPreview = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Encoding = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Paste = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Copy = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Cut = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Discussions = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Edit = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Size = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_MailNews = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Tools = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Fullscreen = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_History = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Media = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Print = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Favorites = 2
O33 - MountPoints2\{29b71186-56ec-11dc-8ccc-b6b6e5ec0739}\Shell\AutoRun\command - "" = J:\pushinst.exe -- File not found
O33 - MountPoints2\{9212d9c0-cc56-11de-8f72-0019d11b3f94}\Shell\AutoRun\command - "" = K:\.\Kassettenrecorder.exe -- File not found
[2010.05.04 12:23:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\61D3AAE1D5214CD7939B37813DE8F955.TMP
[2010.05.08 15:50:19 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\coqof.sys
:Commands
[purity]
[resethosts]
[emptytemp]
__________________ --> Desktop Security 2010 nach Entfernen mit Malwarebytes wieder da! |
|
15.05.2010, 11:32
| #7 |
| | Desktop Security 2010 nach Entfernen mit Malwarebytes wieder da! nach weglassen der ersten 5 Zeilen lief der scan. hier das logfile: All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\SpecifyDefaultButtons deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\Btn_Search deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\Btn_Folders deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\Btn_PrintPreview deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\Btn_Encoding deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\Btn_Paste deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\Btn_Copy deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\Btn_Cut deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\Btn_Discussions deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\Btn_Edit deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\Btn_Size deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\Btn_MailNews deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\Btn_Tools deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\Btn_Fullscreen deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\Btn_History deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\Btn_Media deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\Btn_Print deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\Btn_Favorites deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{29b71186-56ec-11dc-8ccc-b6b6e5ec0739}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29b71186-56ec-11dc-8ccc-b6b6e5ec0739}\ not found. File J:\pushinst.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9212d9c0-cc56-11de-8f72-0019d11b3f94}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9212d9c0-cc56-11de-8f72-0019d11b3f94}\ not found. File K:\.\Kassettenrecorder.exe not found. C:\WINDOWS\61D3AAE1D5214CD7939B37813DE8F955.TMP folder moved successfully. File C:\WINDOWS\System32\drivers\coqof.sys not found. ========== COMMANDS ========== C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: Administrator ->Temp folder emptied: 59964 bytes ->Temporary Internet Files folder emptied: 32768 bytes User: All Users User: xxx ->Temp folder emptied: 3239256 bytes ->Temporary Internet Files folder emptied: 181246 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 29756201 bytes ->Apple Safari cache emptied: 108336 bytes ->Flash cache emptied: 3317 bytes User: Default User ->Temp folder emptied: 59964 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 1370464 bytes ->Flash cache emptied: 1301 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 19593 bytes %systemroot%\System32 .tmp files removed: 4986759 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 505 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 38,00 mb OTL by OldTimer - Version 3.2.4.1 log created on 05152010_122707 Files\Folders moved on Reboot... C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Temp\clclean.0001.dir.0002\~df394b.tmp moved successfully. C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Temp\clclean.0001.dir.0002\~efe2.tmp moved successfully. Registry entries deleted on Reboot... MfG Silverjew |
|
16.05.2010, 18:26
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Desktop Security 2010 nach Entfernen mit Malwarebytes wieder da! Ok, dann mach mal bitte jetzt nen Durchgang mit CF: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
Linear-Darstellung
