| |
| |||||||
Log-Analyse und Auswertung: Internet Explorer startet von selbstWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
20.07.2010, 23:47
| #1 | ||||
 |  Internet Explorer startet von selbst Hallo, ich habe mir heute irgendeinen Trojaner an Land gezogen und würde ihn gerne wieder loswerden. Der IE startet regelmäßig mit 2 neuen Fenstern von selbst. Durch den Research, den ich gemacht habe, kann ich feststellen, dass es immer Trojanerspezifisch ist und es keine allgemeine Lösung gibt. Habe die Schritte befolgt und nacheinander HijackThis, CCleaner, Malware und OTL laufen lassen. Folgende sind die Logfiles: Zitat:
Zitat:
Zitat:
Zitat:
|
|
21.07.2010, 18:42
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Internet Explorer startet von selbst Hallo und
__________________ Mach bitte mal einen Vollscan mit einem aktualisiertem Malwarebytes und poste das Log in code-tags
__________________ |
|
21.07.2010, 20:51
| #3 |
| | Internet Explorer startet von selbst Hallo Arne,
__________________vielen Dank für deine Hilfe. Ich habe jetzt einen Vollscan mit der aktuellsten Version durchgeführt, sowie OTL. Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4336
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
21.07.2010 21:31:37
mbam-log-2010-07-21 (21-31-37).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 265264
Laufzeit: 1 Stunde(n), 16 Minute(n), 16 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Dokumente und Einstellungen\hrvoje\Eigene Dateien\000CABA1.007 (Trojan.Spambot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CAF24D36-69A3-49CF-85E2-D06A0953F077}\RP337\A0088007.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CAF24D36-69A3-49CF-85E2-D06A0953F077}\RP337\A0088009.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CAF24D36-69A3-49CF-85E2-D06A0953F077}\RP337\A0088010.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
Code:
ATTFilter OTL logfile created on: 21.07.2010 21:35:42 - Run 3 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Dokumente und Einstellungen\****\Desktop\Virusreiniger Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 71,00% Memory free 5,00 Gb Paging File | 4,00 Gb Available in Paging File | 90,00% Paging File free Paging file location(s): C:\pagefile.sys 3019 3019 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 111,79 Gb Total Space | 55,90 Gb Free Space | 50,01% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: **** Current User Name: **** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\****\Desktop\Virusreiniger\OTL.exe (OldTimer Tools) PRC - C:\Programme\Uniblue\SpeedUpMyPC\sump.exe (Uniblue Systems Limited) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.) PRC - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) PRC - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\WinSplit Revolution\WinSplit.exe () PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) PRC - C:\Programme\Intel\WiFi\bin\WLKEEPER.exe (Intel(R) Corporation) PRC - C:\Programme\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation) PRC - C:\Programme\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation) PRC - C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) PRC - C:\Programme\Maxtor\OneTouch Status\MaxMenuMgr.exe (Maxtor Corporation) PRC - C:\Programme\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC) PRC - C:\Programme\Gemeinsame Dateien\AccSys\accvssvc.exe (AccSys GmbH) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) PRC - C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe (SigmaTel, Inc.) PRC - C:\Programme\Canon\IJPLM\ijplmsvc.exe () PRC - C:\Programme\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation) PRC - C:\Programme\DellTPad\hidfind.exe (Alps Electric Co., Ltd.) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\hrvoje\Desktop\Virusreiniger\OTL.exe (OldTimer Tools) MOD - C:\Programme\WinSplit Revolution\winsplithook.dll () MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH) SRV - (AntiVirMailService) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (ACDaemon) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (getPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (GoToAssist) -- C:\Programme\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.) SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (WLANKEEPER) Intel(R) -- C:\Programme\Intel\WiFi\bin\WLKEEPER.exe (Intel(R) Corporation) SRV - (S24EventMonitor) -- C:\Programme\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation) SRV - (RegSrvc) -- C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (Maxtor Sync Service) -- C:\Programme\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC) SRV - (accvssvc) -- C:\Programme\Gemeinsame Dateien\AccSys\accvssvc.exe (AccSys GmbH) SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) SRV - (STacSV) -- C:\Programme\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe (SigmaTel, Inc.) SRV - (IJPLMSVC) -- C:\Programme\Canon\IJPLM\ijplmsvc.exe () SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (OMCI) -- C:\WINDOWS\System32\DRIVERS\OMCI.SYS File not found DRV - (NETw4x32) Intel(R) -- C:\WINDOWS\System32\DRIVERS\NETw4x32.sys File not found DRV - (BTWUSB) -- C:\WINDOWS\System32\Drivers\btwusb.sys File not found DRV - (BTWDNDIS) -- C:\WINDOWS\System32\DRIVERS\btwdndis.sys File not found DRV - (BTKRNL) -- C:\WINDOWS\System32\DRIVERS\btkrnl.sys File not found DRV - (BTDriver) -- C:\WINDOWS\System32\DRIVERS\btport.sys File not found DRV - (btaudio) -- C:\WINDOWS\System32\drivers\btaudio.sys File not found DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (AVerAF15DMBTH) -- C:\WINDOWS\system32\drivers\AVerAF15DMBTH.sys (AVerMedia TECHNOLOGIES, Inc.) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (NETw5x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation) DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation) DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\Tosrfhid.sys (TOSHIBA Corporation.) DRV - (tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV - (CSRBC) -- C:\WINDOWS\system32\drivers\csrbcxp.sys (CSR, plc) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies) DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.) DRV - (MXOPSWD) -- C:\WINDOWS\system32\drivers\mxopswd.sys (Maxtor Corp.) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (e1express) Intel(R) -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation) DRV - (guardian2) -- C:\WINDOWS\system32\drivers\oz776.sys (O2Micro) DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.) DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation) DRV - (FWLANUSB) -- C:\WINDOWS\system32\drivers\fwlanusb.sys (AVM GmbH) DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc) DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.) DRV - (vncdrv) -- C:\WINDOWS\system32\drivers\vncdrv.sys (RDV Soft) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://n-tv.de/ IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "WEB.DE Suche" FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoft Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "GMX Suche" FF - prefs.js..browser.search.order.2: "1und1 Suche" FF - prefs.js..browser.search.order.3: "amazon.de" FF - prefs.js..browser.search.order.4: "WEB.DE Suche" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.n-tv.de/" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {95f24680-9e31-11da-a746-0800200c9a66}:0.1.5.5 FF - prefs.js..extensions.enabledItems: {79572733-0c58-4b94-ac7d-4519df0ff1f0}:3.0 FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..keyword.URL: "hxxp://go.web.de/suchbox/webdesuche?su=" FF - HKLM\software\mozilla\Firefox\Extensions\\RayVExtension@RayV.com: C:\Programme\RayV\RayV\RayVExtension@RayV.com [2008.09.09 09:57:24 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.06.28 09:06:06 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.07.06 10:00:19 | 000,000,000 | ---D | M] [2009.04.07 12:16:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\Mozilla\Extensions [2010.07.21 15:51:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\Mozilla\Firefox\Profiles\16gq99ui.default\extensions [2010.04.27 11:03:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\Mozilla\Firefox\Profiles\16gq99ui.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.03.23 11:28:55 | 000,000,000 | ---D | M] (Bibleserver.com Suchleiste) -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\Mozilla\Firefox\Profiles\16gq99ui.default\extensions\{79572733-0c58-4b94-ac7d-4519df0ff1f0} [2010.06.04 14:58:18 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\Mozilla\Firefox\Profiles\16gq99ui.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.06.04 16:22:46 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\Mozilla\Firefox\Profiles\16gq99ui.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} [2010.05.08 11:52:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\Mozilla\Firefox\Profiles\16gq99ui.default\extensions\personas@christopher.beard [2010.01.21 18:26:46 | 000,000,927 | ---- | M] () -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\Mozilla\Firefox\Profiles\16gq99ui.default\searchplugins\conduit.xml [2010.01.25 11:45:43 | 000,001,983 | ---- | M] () -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\Mozilla\Firefox\Profiles\16gq99ui.default\searchplugins\suche-in-wikipedia.xml [2010.07.21 15:51:14 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.01.25 11:38:42 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Programme\Mozilla Firefox\extensions\{95f24680-9e31-11da-a746-0800200c9a66} [2010.01.25 11:38:41 | 000,000,000 | ---D | M] (WEB.DE Firefox Addon) -- C:\Programme\Mozilla Firefox\extensions\{a82d0125-000a-4a57-abbc-5d4b0dbaab54} [2010.02.18 16:41:08 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.06.20 20:46:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.01.10 00:47:36 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.10 00:47:36 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.10 00:47:36 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.10 00:47:36 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.10 00:47:36 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.04 12:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.) O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.) O2 - BHO: (Online_Downloaden_Toolbar) - {f6e6051c-0d37-44e3-8855-2308b314f6c2} - C:\Programme\Online-Downloaden-Service Limited\Online-Downloaden-Toolbar\adxloader.dll () O3 - HKLM\..\Toolbar: (Online_Downloaden_Toolbar) - {40090c1a-85c9-419d-b493-6119f95d97a4} - C:\Programme\Online-Downloaden-Service Limited\Online-Downloaden-Toolbar\adxloader.dll () O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programme\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.) O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Dell QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.) O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [IntelZeroConfig] C:\Programme\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation) O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation) O4 - HKLM..\Run: [mxomssmenu] C:\Programme\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [H/PC Connection Agent] C:\Programme\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation) O4 - HKCU..\Run: [SpeedUpMyPC] C:\Programme\Uniblue\SpeedUpMyPC\launcher.exe (Uniblue Systems Limited) O4 - HKCU..\Run: [Winsplit] C:\Programme\WinSplit Revolution\WinSplit.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O15 - HKCU\..Trusted Domains: 123.250) ([samba%203.2.7-11.6-2057-suse-code11%20(192.168] file in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {59136DB4-6CA3-4B40-8F2F-BBF84B6F1E91} https://stream.web.de/mail/activex/mail_upload_11213.cab (Attachment Upload Control) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239790432921 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class) O16 - DPF: {D27CDB6E-AE6D-11CF-35B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Gemeinsame Dateien\fluxDVD\Lib\XEB\xebnavigation.ax () O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Gemeinsame Dateien\fluxDVD\Lib\XEB\xebnavigation.ax () O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\GoToAssist: DllName - C:\Programme\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Programme\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\hrvoje\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\hrvoje\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.05.08 13:32:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{3289dc62-5778-11de-a412-001f3b6d0a4f}\Shell - "" = AutoRun O33 - MountPoints2\{3289dc62-5778-11de-a412-001f3b6d0a4f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{801f2712-d9cd-11dd-a2e0-001f3b6d0a4f}\Shell - "" = AutoRun O33 - MountPoints2\{801f2712-d9cd-11dd-a2e0-001f3b6d0a4f}\Shell\AutoRun - "" = Auto&Play O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.07.21 15:23:09 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\hrvoje\Recent [2010.07.21 00:51:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\hrvoje\Desktop\Virusreiniger [2010.07.20 23:47:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\Malwarebytes [2010.07.20 23:47:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.07.20 23:47:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.07.20 23:47:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.07.20 23:47:47 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.07.20 23:24:49 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro [2010.07.20 15:10:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\PriceGong [2010.07.15 14:25:40 | 001,481,928 | ---- | C] (HTC) -- C:\task29.exe [2010.07.15 14:25:40 | 001,449,160 | ---- | C] (HTC) -- C:\RUUResource.dll [2010.07.15 14:25:40 | 000,175,304 | ---- | C] (HTC) -- C:\rapitool.exe [2010.07.15 14:25:40 | 000,008,904 | ---- | C] (HTC) -- C:\EnterBootloader.exe [2010.07.15 12:14:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\hrvoje\Desktop\Hd2 [2010.07.14 14:55:28 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe [2010.07.13 09:49:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Uniblue [2010.07.13 09:25:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\System Tweaker [2010.07.13 09:14:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\Uniblue [2010.07.13 09:14:21 | 000,000,000 | ---D | C] -- C:\Programme\Uniblue [2010.06.23 09:55:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\hrvoje\Desktop\Bilder hd2 [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.07.21 21:34:14 | 000,091,240 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001 [2010.07.21 21:34:10 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.07.21 21:34:07 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010.07.21 21:33:31 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.07.21 21:33:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.07.21 21:32:47 | 007,602,176 | -H-- | M] () -- C:\Dokumente und Einstellungen\hrvoje\NTUSER.DAT [2010.07.21 20:44:36 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010.07.20 23:15:08 | 000,001,035 | ---- | M] () -- C:\WINDOWS\win.ini [2010.07.20 23:15:08 | 000,000,327 | ---- | M] () -- C:\WINDOWS\system.ini [2010.07.20 23:15:08 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2010.07.20 23:14:43 | 000,091,240 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat [2010.07.20 20:35:08 | 001,050,654 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.07.20 20:35:08 | 000,452,554 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.07.20 20:35:08 | 000,435,594 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.07.20 20:35:08 | 000,081,316 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.07.20 20:35:08 | 000,068,490 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.07.20 20:29:40 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\hrvoje\ntuser.ini [2010.07.20 20:15:24 | 000,114,176 | ---- | M] () -- C:\Dokumente und Einstellungen\hrvoje\Desktop\Ja.doc [2010.07.13 20:31:31 | 000,034,304 | ---- | M] () -- C:\Dokumente und Einstellungen\hrvoje\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.07.07 15:45:34 | 000,031,744 | ---- | M] () -- C:\Dokumente und Einstellungen\hrvoje\Desktop\Der Sinn Christi.doc [2010.07.01 22:39:01 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010.06.29 15:14:07 | 000,000,540 | ---- | M] () -- C:\WINDOWS\tasks\Rescue Reminder for 2HAS9TSZ.job [2010.06.26 13:30:19 | 000,876,565 | ---- | M] () -- C:\Dokumente und Einstellungen\hrvoje\Desktop\Cover_SupernaturalPowerRenewedMind.pdf [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.07.20 20:15:22 | 000,114,176 | ---- | C] () -- C:\Dokumente und Einstellungen\hrvoje\Desktop\Ja.doc [2010.07.15 14:25:40 | 005,406,987 | ---- | C] () -- C:\RUU_signed.nbh [2010.07.15 14:25:40 | 000,213,864 | ---- | C] () -- C:\ModelID.fig [2010.07.15 14:25:40 | 000,141,368 | ---- | C] () -- C:\ErrorUSB.fig [2010.07.15 14:25:40 | 000,095,552 | ---- | C] () -- C:\ErrorBattery.fig [2010.07.15 14:25:40 | 000,013,512 | ---- | C] () -- C:\RUUGetInfo.exe [2010.07.15 14:25:40 | 000,000,013 | ---- | C] () -- C:\ROMUpdateUtility.cfg [2010.07.06 15:37:26 | 000,031,744 | ---- | C] () -- C:\Dokumente und Einstellungen\hrvoje\Desktop\Der Sinn Christi.doc [2010.06.26 13:30:19 | 000,876,565 | ---- | C] () -- C:\Dokumente und Einstellungen\hrvoje\Desktop\Cover_SupernaturalPowerRenewedMind.pdf [2010.06.21 10:55:13 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll [2009.11.29 16:01:14 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll [2009.06.16 12:27:30 | 000,006,027 | ---- | C] () -- C:\WINDOWS\Unwise32.ini [2009.06.01 20:25:13 | 000,000,098 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI [2009.04.15 11:06:12 | 000,000,474 | ---- | C] () -- C:\WINDOWS\WebAng32.INI [2009.03.03 15:25:34 | 000,000,736 | ---- | C] () -- C:\WINDOWS\SamsungMaster.INI [2008.12.18 13:26:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI [2008.12.03 14:17:09 | 000,000,404 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI [2008.06.02 13:18:35 | 000,000,063 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2008.05.29 15:21:03 | 000,000,099 | ---- | C] () -- C:\WINDOWS\KTEL.INI [2008.05.18 21:20:07 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2008.05.18 21:20:07 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2008.05.18 21:07:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI [2008.05.13 10:58:33 | 000,000,053 | ---- | C] () -- C:\WINDOWS\IMV.ini [2008.05.08 16:11:32 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS6d.DLL [2008.05.08 16:06:42 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS79.DLL [2008.05.08 15:55:31 | 000,001,084 | ---- | C] () -- C:\WINDOWS\DKAAP2DD.ini [2008.05.08 15:16:04 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2008.05.08 15:16:04 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2008.05.08 15:16:04 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2008.05.08 15:16:04 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2007.12.21 17:46:32 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll [2005.07.22 22:30:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll [2001.04.05 15:16:27 | 000,000,396 | RHS- | C] () -- C:\WINDOWS\System32\mswinsun.dll < End of report > |
|
21.07.2010, 21:02
| #4 |
| | Internet Explorer startet von selbst Hallo Arne, vielen Dank für die Hilfe. Ich habe nun ein Vollscan mit der aktuellsten Version durchgeführt, wie auch ein OTL. Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4336
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
21.07.2010 21:31:37
mbam-log-2010-07-21 (21-31-37).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 265264
Laufzeit: 1 Stunde(n), 16 Minute(n), 16 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Dokumente und Einstellungen\hrvoje\Eigene Dateien\000CABA1.007 (Trojan.Spambot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CAF24D36-69A3-49CF-85E2-D06A0953F077}\RP337\A0088007.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CAF24D36-69A3-49CF-85E2-D06A0953F077}\RP337\A0088009.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CAF24D36-69A3-49CF-85E2-D06A0953F077}\RP337\A0088010.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
Code:
ATTFilter OTL logfile created on: 21.07.2010 21:35:42 - Run 3 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Dokumente und Einstellungen\****\Desktop\Virusreiniger Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 71,00% Memory free 5,00 Gb Paging File | 4,00 Gb Available in Paging File | 90,00% Paging File free Paging file location(s): C:\pagefile.sys 3019 3019 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 111,79 Gb Total Space | 55,90 Gb Free Space | 50,01% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: **** Current User Name: **** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\****\Desktop\Virusreiniger\OTL.exe (OldTimer Tools) PRC - C:\Programme\Uniblue\SpeedUpMyPC\sump.exe (Uniblue Systems Limited) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.) PRC - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) PRC - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\WinSplit Revolution\WinSplit.exe () PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) PRC - C:\Programme\Intel\WiFi\bin\WLKEEPER.exe (Intel(R) Corporation) PRC - C:\Programme\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation) PRC - C:\Programme\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation) PRC - C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) PRC - C:\Programme\Maxtor\OneTouch Status\MaxMenuMgr.exe (Maxtor Corporation) PRC - C:\Programme\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC) PRC - C:\Programme\Gemeinsame Dateien\AccSys\accvssvc.exe (AccSys GmbH) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) PRC - C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe (SigmaTel, Inc.) PRC - C:\Programme\Canon\IJPLM\ijplmsvc.exe () PRC - C:\Programme\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation) PRC - C:\Programme\DellTPad\hidfind.exe (Alps Electric Co., Ltd.) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\hrvoje\Desktop\Virusreiniger\OTL.exe (OldTimer Tools) MOD - C:\Programme\WinSplit Revolution\winsplithook.dll () MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH) SRV - (AntiVirMailService) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (ACDaemon) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (getPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (GoToAssist) -- C:\Programme\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.) SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (WLANKEEPER) Intel(R) -- C:\Programme\Intel\WiFi\bin\WLKEEPER.exe (Intel(R) Corporation) SRV - (S24EventMonitor) -- C:\Programme\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation) SRV - (RegSrvc) -- C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (Maxtor Sync Service) -- C:\Programme\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC) SRV - (accvssvc) -- C:\Programme\Gemeinsame Dateien\AccSys\accvssvc.exe (AccSys GmbH) SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) SRV - (STacSV) -- C:\Programme\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe (SigmaTel, Inc.) SRV - (IJPLMSVC) -- C:\Programme\Canon\IJPLM\ijplmsvc.exe () SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (OMCI) -- C:\WINDOWS\System32\DRIVERS\OMCI.SYS File not found DRV - (NETw4x32) Intel(R) -- C:\WINDOWS\System32\DRIVERS\NETw4x32.sys File not found DRV - (BTWUSB) -- C:\WINDOWS\System32\Drivers\btwusb.sys File not found DRV - (BTWDNDIS) -- C:\WINDOWS\System32\DRIVERS\btwdndis.sys File not found DRV - (BTKRNL) -- C:\WINDOWS\System32\DRIVERS\btkrnl.sys File not found DRV - (BTDriver) -- C:\WINDOWS\System32\DRIVERS\btport.sys File not found DRV - (btaudio) -- C:\WINDOWS\System32\drivers\btaudio.sys File not found DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (AVerAF15DMBTH) -- C:\WINDOWS\system32\drivers\AVerAF15DMBTH.sys (AVerMedia TECHNOLOGIES, Inc.) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (NETw5x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation) DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation) DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\Tosrfhid.sys (TOSHIBA Corporation.) DRV - (tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV - (CSRBC) -- C:\WINDOWS\system32\drivers\csrbcxp.sys (CSR, plc) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies) DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.) DRV - (MXOPSWD) -- C:\WINDOWS\system32\drivers\mxopswd.sys (Maxtor Corp.) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (e1express) Intel(R) -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation) DRV - (guardian2) -- C:\WINDOWS\system32\drivers\oz776.sys (O2Micro) DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.) DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation) DRV - (FWLANUSB) -- C:\WINDOWS\system32\drivers\fwlanusb.sys (AVM GmbH) DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc) DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.) DRV - (vncdrv) -- C:\WINDOWS\system32\drivers\vncdrv.sys (RDV Soft) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://n-tv.de/ IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "WEB.DE Suche" FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoft Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "GMX Suche" FF - prefs.js..browser.search.order.2: "1und1 Suche" FF - prefs.js..browser.search.order.3: "amazon.de" FF - prefs.js..browser.search.order.4: "WEB.DE Suche" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.n-tv.de/" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {95f24680-9e31-11da-a746-0800200c9a66}:0.1.5.5 FF - prefs.js..extensions.enabledItems: {79572733-0c58-4b94-ac7d-4519df0ff1f0}:3.0 FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..keyword.URL: "hxxp://go.web.de/suchbox/webdesuche?su=" FF - HKLM\software\mozilla\Firefox\Extensions\\RayVExtension@RayV.com: C:\Programme\RayV\RayV\RayVExtension@RayV.com [2008.09.09 09:57:24 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.06.28 09:06:06 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.07.06 10:00:19 | 000,000,000 | ---D | M] [2009.04.07 12:16:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\Mozilla\Extensions [2010.07.21 15:51:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\Mozilla\Firefox\Profiles\16gq99ui.default\extensions [2010.04.27 11:03:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\Mozilla\Firefox\Profiles\16gq99ui.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.03.23 11:28:55 | 000,000,000 | ---D | M] (Bibleserver.com Suchleiste) -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\Mozilla\Firefox\Profiles\16gq99ui.default\extensions\{79572733-0c58-4b94-ac7d-4519df0ff1f0} [2010.06.04 14:58:18 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\Mozilla\Firefox\Profiles\16gq99ui.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.06.04 16:22:46 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\Mozilla\Firefox\Profiles\16gq99ui.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} [2010.05.08 11:52:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\Mozilla\Firefox\Profiles\16gq99ui.default\extensions\personas@christopher.beard [2010.01.21 18:26:46 | 000,000,927 | ---- | M] () -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\Mozilla\Firefox\Profiles\16gq99ui.default\searchplugins\conduit.xml [2010.01.25 11:45:43 | 000,001,983 | ---- | M] () -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\Mozilla\Firefox\Profiles\16gq99ui.default\searchplugins\suche-in-wikipedia.xml [2010.07.21 15:51:14 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.01.25 11:38:42 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Programme\Mozilla Firefox\extensions\{95f24680-9e31-11da-a746-0800200c9a66} [2010.01.25 11:38:41 | 000,000,000 | ---D | M] (WEB.DE Firefox Addon) -- C:\Programme\Mozilla Firefox\extensions\{a82d0125-000a-4a57-abbc-5d4b0dbaab54} [2010.02.18 16:41:08 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.06.20 20:46:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.01.10 00:47:36 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.10 00:47:36 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.10 00:47:36 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.10 00:47:36 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.10 00:47:36 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.04 12:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.) O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.) O2 - BHO: (Online_Downloaden_Toolbar) - {f6e6051c-0d37-44e3-8855-2308b314f6c2} - C:\Programme\Online-Downloaden-Service Limited\Online-Downloaden-Toolbar\adxloader.dll () O3 - HKLM\..\Toolbar: (Online_Downloaden_Toolbar) - {40090c1a-85c9-419d-b493-6119f95d97a4} - C:\Programme\Online-Downloaden-Service Limited\Online-Downloaden-Toolbar\adxloader.dll () O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programme\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.) O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Dell QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.) O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [IntelZeroConfig] C:\Programme\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation) O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation) O4 - HKLM..\Run: [mxomssmenu] C:\Programme\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [H/PC Connection Agent] C:\Programme\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation) O4 - HKCU..\Run: [SpeedUpMyPC] C:\Programme\Uniblue\SpeedUpMyPC\launcher.exe (Uniblue Systems Limited) O4 - HKCU..\Run: [Winsplit] C:\Programme\WinSplit Revolution\WinSplit.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O15 - HKCU\..Trusted Domains: 123.250) ([samba%203.2.7-11.6-2057-suse-code11%20(192.168] file in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {59136DB4-6CA3-4B40-8F2F-BBF84B6F1E91} https://stream.web.de/mail/activex/mail_upload_11213.cab (Attachment Upload Control) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239790432921 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class) O16 - DPF: {D27CDB6E-AE6D-11CF-35B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Gemeinsame Dateien\fluxDVD\Lib\XEB\xebnavigation.ax () O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Gemeinsame Dateien\fluxDVD\Lib\XEB\xebnavigation.ax () O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\GoToAssist: DllName - C:\Programme\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Programme\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\hrvoje\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\hrvoje\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.05.08 13:32:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{3289dc62-5778-11de-a412-001f3b6d0a4f}\Shell - "" = AutoRun O33 - MountPoints2\{3289dc62-5778-11de-a412-001f3b6d0a4f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{801f2712-d9cd-11dd-a2e0-001f3b6d0a4f}\Shell - "" = AutoRun O33 - MountPoints2\{801f2712-d9cd-11dd-a2e0-001f3b6d0a4f}\Shell\AutoRun - "" = Auto&Play O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.07.21 15:23:09 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\hrvoje\Recent [2010.07.21 00:51:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\hrvoje\Desktop\Virusreiniger [2010.07.20 23:47:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\Malwarebytes [2010.07.20 23:47:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.07.20 23:47:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.07.20 23:47:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.07.20 23:47:47 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.07.20 23:24:49 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro [2010.07.20 15:10:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\PriceGong [2010.07.15 14:25:40 | 001,481,928 | ---- | C] (HTC) -- C:\task29.exe [2010.07.15 14:25:40 | 001,449,160 | ---- | C] (HTC) -- C:\RUUResource.dll [2010.07.15 14:25:40 | 000,175,304 | ---- | C] (HTC) -- C:\rapitool.exe [2010.07.15 14:25:40 | 000,008,904 | ---- | C] (HTC) -- C:\EnterBootloader.exe [2010.07.15 12:14:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\hrvoje\Desktop\Hd2 [2010.07.14 14:55:28 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe [2010.07.13 09:49:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Uniblue [2010.07.13 09:25:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\System Tweaker [2010.07.13 09:14:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\Uniblue [2010.07.13 09:14:21 | 000,000,000 | ---D | C] -- C:\Programme\Uniblue [2010.06.23 09:55:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\hrvoje\Desktop\Bilder hd2 [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.07.21 21:34:14 | 000,091,240 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001 [2010.07.21 21:34:10 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.07.21 21:34:07 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010.07.21 21:33:31 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.07.21 21:33:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.07.21 21:32:47 | 007,602,176 | -H-- | M] () -- C:\Dokumente und Einstellungen\hrvoje\NTUSER.DAT [2010.07.21 20:44:36 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010.07.20 23:15:08 | 000,001,035 | ---- | M] () -- C:\WINDOWS\win.ini [2010.07.20 23:15:08 | 000,000,327 | ---- | M] () -- C:\WINDOWS\system.ini [2010.07.20 23:15:08 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2010.07.20 23:14:43 | 000,091,240 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat [2010.07.20 20:35:08 | 001,050,654 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.07.20 20:35:08 | 000,452,554 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.07.20 20:35:08 | 000,435,594 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.07.20 20:35:08 | 000,081,316 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.07.20 20:35:08 | 000,068,490 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.07.20 20:29:40 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\hrvoje\ntuser.ini [2010.07.20 20:15:24 | 000,114,176 | ---- | M] () -- C:\Dokumente und Einstellungen\hrvoje\Desktop\Ja.doc [2010.07.13 20:31:31 | 000,034,304 | ---- | M] () -- C:\Dokumente und Einstellungen\hrvoje\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.07.07 15:45:34 | 000,031,744 | ---- | M] () -- C:\Dokumente und Einstellungen\hrvoje\Desktop\Der Sinn Christi.doc [2010.07.01 22:39:01 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010.06.29 15:14:07 | 000,000,540 | ---- | M] () -- C:\WINDOWS\tasks\Rescue Reminder for 2HAS9TSZ.job [2010.06.26 13:30:19 | 000,876,565 | ---- | M] () -- C:\Dokumente und Einstellungen\hrvoje\Desktop\Cover_SupernaturalPowerRenewedMind.pdf [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.07.20 20:15:22 | 000,114,176 | ---- | C] () -- C:\Dokumente und Einstellungen\hrvoje\Desktop\Ja.doc [2010.07.15 14:25:40 | 005,406,987 | ---- | C] () -- C:\RUU_signed.nbh [2010.07.15 14:25:40 | 000,213,864 | ---- | C] () -- C:\ModelID.fig [2010.07.15 14:25:40 | 000,141,368 | ---- | C] () -- C:\ErrorUSB.fig [2010.07.15 14:25:40 | 000,095,552 | ---- | C] () -- C:\ErrorBattery.fig [2010.07.15 14:25:40 | 000,013,512 | ---- | C] () -- C:\RUUGetInfo.exe [2010.07.15 14:25:40 | 000,000,013 | ---- | C] () -- C:\ROMUpdateUtility.cfg [2010.07.06 15:37:26 | 000,031,744 | ---- | C] () -- C:\Dokumente und Einstellungen\hrvoje\Desktop\Der Sinn Christi.doc [2010.06.26 13:30:19 | 000,876,565 | ---- | C] () -- C:\Dokumente und Einstellungen\hrvoje\Desktop\Cover_SupernaturalPowerRenewedMind.pdf [2010.06.21 10:55:13 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll [2009.11.29 16:01:14 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll [2009.06.16 12:27:30 | 000,006,027 | ---- | C] () -- C:\WINDOWS\Unwise32.ini [2009.06.01 20:25:13 | 000,000,098 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI [2009.04.15 11:06:12 | 000,000,474 | ---- | C] () -- C:\WINDOWS\WebAng32.INI [2009.03.03 15:25:34 | 000,000,736 | ---- | C] () -- C:\WINDOWS\SamsungMaster.INI [2008.12.18 13:26:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI [2008.12.03 14:17:09 | 000,000,404 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI [2008.06.02 13:18:35 | 000,000,063 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2008.05.29 15:21:03 | 000,000,099 | ---- | C] () -- C:\WINDOWS\KTEL.INI [2008.05.18 21:20:07 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2008.05.18 21:20:07 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2008.05.18 21:07:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI [2008.05.13 10:58:33 | 000,000,053 | ---- | C] () -- C:\WINDOWS\IMV.ini [2008.05.08 16:11:32 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS6d.DLL [2008.05.08 16:06:42 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS79.DLL [2008.05.08 15:55:31 | 000,001,084 | ---- | C] () -- C:\WINDOWS\DKAAP2DD.ini [2008.05.08 15:16:04 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2008.05.08 15:16:04 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2008.05.08 15:16:04 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2008.05.08 15:16:04 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2007.12.21 17:46:32 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll [2005.07.22 22:30:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll [2001.04.05 15:16:27 | 000,000,396 | RHS- | C] () -- C:\WINDOWS\System32\mswinsun.dll < End of report > |
|
22.07.2010, 14:01
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Internet Explorer startet von selbst Ist rel. unauffällig. Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O33 - MountPoints2\{3289dc62-5778-11de-a412-001f3b6d0a4f}\Shell - "" = AutoRun
O33 - MountPoints2\{3289dc62-5778-11de-a412-001f3b6d0a4f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{801f2712-d9cd-11dd-a2e0-001f3b6d0a4f}\Shell - "" = AutoRun
O33 - MountPoints2\{801f2712-d9cd-11dd-a2e0-001f3b6d0a4f}\Shell\AutoRun - "" = Auto&Play
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
22.07.2010, 14:16
| #6 |
| | Internet Explorer startet von selbst Hallo, also, ich habe das OTL geöffnet und auch deinen Text hineinkopiert. Ich verstehe nicht ganz, was du damit meinst: (das ":OTL" muss mitkopiert werden!!!) |
|
22.07.2010, 14:24
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Internet Explorer startet von selbst Du sollst einfach nur alles in der Codebox kopieren... Ich weise extra darauf hin, dass das :OTL mitkopiert werden muss, weil manche das einfach mal weggelassen hatten 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.07.2010, 14:57
| #8 |
| | Internet Explorer startet von selbst Alles klar, habe das OTL direkt unter deinen Text in die Codebox kopiert. Folgendes ist herausgekommen: Code:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3289dc62-5778-11de-a412-001f3b6d0a4f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3289dc62-5778-11de-a412-001f3b6d0a4f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3289dc62-5778-11de-a412-001f3b6d0a4f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3289dc62-5778-11de-a412-001f3b6d0a4f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{801f2712-d9cd-11dd-a2e0-001f3b6d0a4f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{801f2712-d9cd-11dd-a2e0-001f3b6d0a4f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{801f2712-d9cd-11dd-a2e0-001f3b6d0a4f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{801f2712-d9cd-11dd-a2e0-001f3b6d0a4f}\ not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: Admin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Administrator.GASPERSLOUIS-AG
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: ADMINI~1~GAS
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: hrvoje
->Temp folder emptied: 3092 bytes
->Temporary Internet Files folder emptied: 66314 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 7500869 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 405 bytes
User: hrvoje.GASPERSLOUIS-AG
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: sirovina
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16955 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 7,00 mb
Error: Unable to interpret <OTL Logfile:
Seit ich diese Prozesse gestern laufen lassen habe, startet der IE auch nicht mehr von selbst. Vielen Dank noch einmal! |
|
22.07.2010, 15:28
| #9 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Internet Explorer startet von selbstZitat:
Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.07.2010, 15:46
| #10 |
| | Internet Explorer startet von selbst Wie schalte ich mein Antivir ab? |
|
22.07.2010, 15:47
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Internet Explorer startet von selbst Regenschirm schließen. Notfalls, wenn das nicht geht, AntiVir deinstallieren!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.07.2010, 16:11
| #12 |
| | Internet Explorer startet von selbst so hier ist das log file: Code:
ATTFilter ComboFix 10-07-21.02 - hrvoje 22.07.2010 16:56:51.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.2014.1429 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\hrvoje\Desktop\cofi.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\st325602.dll
c:\windows\system32\Thumbs.db
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Legacy_SSHNAS
-------\Service_NPF
((((((((((((((((((((((( Dateien erstellt von 2010-06-22 bis 2010-07-22 ))))))))))))))))))))))))))))))
.
2010-07-22 14:36 . 2010-07-22 14:36 -------- d-----w- c:\dokumente und einstellungen\hrvoje\Lokale Einstellungen\Anwendungsdaten\PCHealth
2010-07-22 13:33 . 2010-07-22 13:33 -------- d-----w- c:\dokumente und einstellungen\hrvoje\Lokale Einstellungen\Anwendungsdaten\RayV
2010-07-22 13:33 . 2010-07-22 13:33 -------- d-----w- c:\dokumente und einstellungen\hrvoje\Anwendungsdaten\RayV
2010-07-22 13:24 . 2010-07-22 13:24 -------- d-----w- C:\_OTL
2010-07-20 21:47 . 2010-07-20 21:47 -------- d-----w- c:\dokumente und einstellungen\hrvoje\Anwendungsdaten\Malwarebytes
2010-07-20 21:47 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-20 21:47 . 2010-07-20 21:47 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-07-20 21:47 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-20 21:47 . 2010-07-21 18:01 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2010-07-20 21:24 . 2010-07-20 21:24 -------- d-----w- c:\programme\Trend Micro
2010-07-20 13:10 . 2010-07-20 21:52 -------- d-----w- c:\dokumente und einstellungen\hrvoje\Anwendungsdaten\PriceGong
2010-07-15 12:25 . 2010-03-10 16:54 1481928 ----a-w- C:\task29.exe
2010-07-15 12:25 . 2010-03-10 16:51 8904 ----a-w- C:\EnterBootloader.exe
2010-07-15 12:25 . 2010-03-10 16:51 175304 ----a-w- C:\rapitool.exe
2010-07-15 12:25 . 2010-03-10 16:51 1449160 ----a-w- C:\RUUResource.dll
2010-07-15 12:25 . 2010-03-10 16:51 13512 ----a-w- C:\RUUGetInfo.exe
2010-07-14 12:55 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-13 07:49 . 2010-07-13 07:49 -------- d-----w- c:\dokumente und einstellungen\All Users\Uniblue
2010-07-13 07:25 . 2010-07-13 07:25 -------- d-----w- c:\dokumente und einstellungen\hrvoje\Anwendungsdaten\System Tweaker
2010-07-13 07:14 . 2010-07-13 07:49 -------- d-----w- c:\dokumente und einstellungen\hrvoje\Anwendungsdaten\Uniblue
2010-07-13 07:14 . 2010-07-13 07:40 -------- d-----w- c:\programme\Uniblue
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-22 14:35 . 2008-05-08 13:30 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft Help
2010-07-22 13:50 . 2004-08-04 10:00 81316 ----a-w- c:\windows\system32\perfc007.dat
2010-07-22 13:50 . 2004-08-04 10:00 452554 ----a-w- c:\windows\system32\perfh007.dat
2010-07-20 21:37 . 2008-12-10 12:57 -------- d-----w- c:\programme\CCleaner
2010-07-20 21:24 . 2010-07-20 21:24 388096 ----a-r- c:\dokumente und einstellungen\hrvoje\Anwendungsdaten\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-20 21:14 . 2008-05-08 13:16 91240 ----a-w- c:\windows\system32\nvModes.dat
2010-07-20 13:19 . 2010-06-04 14:22 -------- d-----w- c:\programme\DVDVideoSoftTB
2010-07-14 12:35 . 2008-05-08 16:27 -------- d-----w- c:\programme\OpenOffice.org 2.4
2010-07-14 12:34 . 2008-11-21 08:01 -------- d-----w- c:\dokumente und einstellungen\hrvoje\Anwendungsdaten\OpenOffice.org2
2010-07-13 19:50 . 2009-11-18 20:04 -------- d-----w- c:\dokumente und einstellungen\hrvoje\Anwendungsdaten\vlc
2010-07-13 18:34 . 2010-03-17 18:54 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX
2010-06-21 11:04 . 2008-06-26 15:57 91416 ----a-w- c:\dokumente und einstellungen\hrvoje\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2010-06-21 08:51 . 2008-05-08 11:49 -------- d--h--w- c:\programme\InstallShield Installation Information
2010-06-20 18:46 . 2009-11-26 13:49 -------- d-----w- c:\programme\Java
2010-06-19 10:54 . 2010-02-06 10:08 -------- d-----w- c:\programme\DVDVideoSoft
2010-06-19 10:14 . 2010-05-01 18:45 57344 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-06-19 10:08 . 2010-06-19 10:08 56997 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\WebPlayer\Uninstaller.exe
2010-06-19 10:08 . 2010-06-19 10:08 56765 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-06-19 10:08 . 2009-08-06 09:40 -------- d-----w- c:\programme\DivX
2010-06-19 10:08 . 2010-06-19 10:08 53600 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\Update\Uninstaller.exe
2010-06-19 10:08 . 2010-06-19 10:08 57715 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\Player\Uninstaller.exe
2010-06-19 10:07 . 2010-06-19 10:07 54153 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\DFXPlugin\Uninstaller.exe
2010-06-19 10:07 . 2010-06-19 10:07 54128 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\Converter\Uninstaller.exe
2010-06-19 10:07 . 2010-06-19 10:07 54644 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\TranscodeEngine\Uninstaller.exe
2010-06-19 10:07 . 2010-06-19 10:07 54101 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-19 10:04 . 2010-05-01 18:45 1062184 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\Setup\Resource.dll
2010-06-19 10:04 . 2010-03-17 18:58 895256 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\Setup\DivXSetup.exe
2010-06-15 13:59 . 2010-06-15 13:59 8854 ----a-r- c:\dokumente und einstellungen\hrvoje\Anwendungsdaten\Microsoft\Installer\{24DD7C58-EAC5-41BA-AC05-1EF58525CE44}\ARPPRODUCTICON.exe
2010-06-14 14:31 . 2008-05-08 11:29 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-04 20:58 . 2008-05-08 15:28 -------- d-----w- c:\programme\Microsoft Silverlight
2010-06-04 12:58 . 2010-06-04 12:58 -------- d-----w- c:\dokumente und einstellungen\hrvoje\Anwendungsdaten\DVDVideoSoftIEHelpers
2010-06-04 12:58 . 2010-02-06 10:08 -------- d-----w- c:\programme\Gemeinsame Dateien\DVDVideoSoft
2010-06-02 19:51 . 2008-07-13 11:54 -------- d-----w- c:\dokumente und einstellungen\hrvoje\Anwendungsdaten\dvdcss
2010-05-29 17:48 . 2010-04-02 07:21 443912 ----a-w- c:\dokumente und einstellungen\hrvoje\Anwendungsdaten\Real\Update\setup3.10\setup.exe
2010-05-29 09:45 . 2010-01-27 19:25 -------- d-----w- c:\dokumente und einstellungen\hrvoje\Anwendungsdaten\Winsplit Revolution
2010-05-28 13:19 . 2010-05-28 13:19 -------- d-----w- c:\programme\WinSplit Revolution
2010-05-28 10:37 . 2010-05-28 10:37 503808 ----a-w- c:\dokumente und einstellungen\hrvoje\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6b1bbc66-n\msvcp71.dll
2010-05-28 10:37 . 2010-05-28 10:37 499712 ----a-w- c:\dokumente und einstellungen\hrvoje\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6b1bbc66-n\jmc.dll
2010-05-28 10:37 . 2010-05-28 10:37 348160 ----a-w- c:\dokumente und einstellungen\hrvoje\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6b1bbc66-n\msvcr71.dll
2010-05-28 10:37 . 2010-05-28 10:37 61440 ----a-w- c:\dokumente und einstellungen\hrvoje\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-10ad5ac4-n\decora-sse.dll
2010-05-28 10:37 . 2010-05-28 10:37 12800 ----a-w- c:\dokumente und einstellungen\hrvoje\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-10ad5ac4-n\decora-d3d.dll
2010-05-27 13:38 . 2010-05-27 13:38 -------- d-----w- c:\dokumente und einstellungen\hrvoje\Anwendungsdaten\elsterformular
2010-05-27 13:38 . 2008-06-12 10:24 -------- d-----w- c:\programme\ElsterFormular
2010-05-27 13:38 . 2010-05-27 13:38 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\elsterformular
2010-05-06 10:31 . 2006-03-04 03:34 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 18:28 . 2010-05-04 18:28 84040 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\TransferWizard\Uninstaller.exe
2010-05-04 18:28 . 2010-05-04 18:28 54166 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\DSAVCDecoder\Uninstaller.exe
2010-05-04 18:28 . 2010-05-04 18:28 57532 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\DSASPDecoder\Uninstaller.exe
2010-05-04 18:28 . 2010-05-04 18:28 57409 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\ControlPanel\Uninstaller.exe
2010-05-02 08:05 . 2004-08-04 10:00 1851392 ----a-w- c:\windows\system32\win32k.sys
2010-05-01 18:44 . 2010-05-01 18:44 57054 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\DSDesktopComponents\Uninstaller.exe
2010-05-01 18:44 . 2010-05-01 18:44 56458 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-05-01 18:44 . 2010-05-01 18:44 54174 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\DSAACDecoder\Uninstaller.exe
2010-05-01 18:44 . 2010-05-01 18:44 52963 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-05-01 18:44 . 2010-05-01 18:44 54073 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\Qt4.5\Uninstaller.exe
2010-05-01 18:44 . 2010-05-01 18:44 56969 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\ASPEncoder\Uninstaller.exe
2009-04-07 10:16 . 2009-04-07 10:15 7353544 ----a-w- c:\programme\Firefox_Setup_3.0.8.exe
2009-04-03 14:08 . 2009-04-03 14:08 17010016 ----a-w- c:\programme\IE8-WindowsXP-x86-DEU.exe
2009-03-31 07:07 . 2009-03-31 07:07 2647336 ----a-w- c:\programme\e-sword elberfelder.exe
2009-03-26 11:28 . 2009-03-26 11:28 304295 ----a-w- c:\programme\kfz.zip
2009-02-23 10:37 . 2009-02-23 10:37 310273 ----a-w- c:\programme\MusicBridge2.0.1.zip
2009-02-12 15:57 . 2009-02-12 15:57 22772888 ----a-w- c:\programme\antivir_workstation_winu_de_hp.exe
2009-02-02 13:41 . 2009-02-02 13:41 1039016 ----a-w- c:\programme\Google_Earth.exe
2009-01-14 16:06 . 2009-01-14 16:06 12990311 ----a-w- c:\programme\Soti1507962_112616_PCPro601Setup.exe
2009-01-13 11:31 . 2009-01-13 11:31 12990311 ----a-w- c:\programme\Soti Pocket Controller1507962_112616_PCPro601Setup.exe
2008-05-30 12:37 . 2008-05-30 12:37 148847 ----a-w- c:\programme\DEC2006_XACT_x86.cab
2008-05-30 12:36 . 2008-05-30 12:36 13267416 ----a-w- c:\programme\dxnt.cab
2008-05-30 12:36 . 2008-05-30 12:36 4165878 ----a-w- c:\programme\Apr2006_MDX1_x86_Archive.cab
2008-05-30 12:36 . 2008-05-30 12:36 1805306 ----a-w- c:\programme\Nov2007_d3dx9_36_x64.cab
2008-05-30 12:36 . 2008-05-30 12:36 1803408 ----a-w- c:\programme\AUG2007_d3dx9_35_x64.cab
2008-05-30 12:34 . 2008-05-30 12:34 528392 ----a-w- c:\programme\DXSETUP.exe
2002-05-06 14:07 . 2001-04-05 13:16 396 --sh--r- c:\windows\system32\mswinsun.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\programme\DVDVideoSoft\tbDVD1.dll" [2010-06-19 2736736]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\programme\DVDVideoSoftTB\tbDVD1.dll" [2010-07-20 2736736]
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-07-20 13:19 2736736 ----a-w- c:\programme\DVDVideoSoftTB\tbDVD1.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
2010-06-19 10:54 2736736 ----a-w- c:\programme\DVDVideoSoft\tbDVD1.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f6e6051c-0d37-44e3-8855-2308b314f6c2}]
2009-07-13 14:18 462848 ----a-w- c:\programme\Online-Downloaden-Service Limited\Online-Downloaden-Toolbar\adxloader.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{40090c1a-85c9-419d-b493-6119f95d97a4}"= "c:\programme\Online-Downloaden-Service Limited\Online-Downloaden-Toolbar\adxloader.dll" [2009-07-13 462848]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\programme\DVDVideoSoft\tbDVD1.dll" [2010-06-19 2736736]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\programme\DVDVideoSoftTB\tbDVD1.dll" [2010-07-20 2736736]
[HKEY_CLASSES_ROOT\clsid\{40090c1a-85c9-419d-b493-6119f95d97a4}]
[HKEY_CLASSES_ROOT\Online_Downloaden_Toolbar.Online_Downloaden_Toolbar]
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"= "c:\programme\DVDVideoSoft\tbDVD1.dll" [2010-06-19 2736736]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\programme\DVDVideoSoftTB\tbDVD1.dll" [2010-07-20 2736736]
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Winsplit"="c:\programme\WinSplit Revolution\WinSplit.exe" [2009-02-27 3958784]
"SpeedUpMyPC"="c:\programme\Uniblue\SpeedUpMyPC\launcher.exe" [2010-06-25 67960]
"WMPNSCFG"="c:\programme\Windows Media Player\WMPNSCFG.exe" [2006-10-24 204288]
"RayV"="c:\programme\RayV\RayV\RayV.exe" [2008-08-31 3708200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-28 8429568]
"IntelZeroConfig"="c:\programme\Intel\WiFi\bin\ZCfgSvc.exe" [2008-08-20 1368064]
"Dell QuickSet"="c:\programme\Dell\QuickSet\quickset.exe" [2008-02-22 1245184]
"Apoint"="c:\programme\Apoint\Apoint.exe" [2007-01-25 159744]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-28 81920]
"mxomssmenu"="c:\programme\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]
"ArcSoft Connection Service"="c:\programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-02-18 248040]
"nwiz"="nwiz.exe" [2007-04-28 1626112]
"DivXUpdate"="c:\programme\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"SSBkgdUpdate"="c:\programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"SigmatelSysTrayApp"="c:\programme\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"RemoteControl"="c:\programme\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2009-05-26 413696]
"OpwareSE4"="c:\programme\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"NVHotkey"="nvHotkey.dll" [2007-04-28 67584]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"ITSecMng"="c:\programme\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"IntelWireless"="c:\programme\Gemeinsame Dateien\Intel\WirelessCommon\iFrmewrk.exe" [2008-08-20 1191936]
"Easy-PrintToolBox"="c:\programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"CanonSolutionMenu"="c:\programme\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\programme\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"AVMWlanClient"="c:\programme\avmwlanstick\FRITZWLANMini.exe" [2006-06-23 343552]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Bluetooth Manager.lnk - c:\programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-2-22 2938184]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-12-10 12:08 10536 ----a-w- c:\programme\Citrix\GoToAssist\514\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programme\\SOTI\\Pocket Controller-Pro\\PocketController.exe"=
"c:\\Programme\\RayV\\RayV\\RayV.exe"=
"c:\\Programme\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\programme\Microsoft ActiveSync\rapimgr.exe"= c:\programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programme\Microsoft ActiveSync\wcescomm.exe"= c:\programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programme\Microsoft ActiveSync\WCESMgr.exe"= c:\programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Programme\\TmNationsForever\\TmForever.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\M2Office32\\m2_verw.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Acer\\ProjectorGateway\\AcerProjectorGateway.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\SopCast\\SopCast.exe"=
"c:\\Programme\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programme\\Real\\RealPlayer\\realplay.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R2 accvssvc;AccSys WLAN Control Service;c:\programme\Gemeinsame Dateien\AccSys\accvssvc.exe [09.10.2008 23:02 131072]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\programme\Avira\AntiVir Desktop\avmailc.exe [18.03.2009 17:57 337064]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [18.03.2009 17:57 135336]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\programme\Avira\AntiVir Desktop\avwebgrd.exe [18.03.2009 17:57 405672]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [06.01.2010 19:24 135664]
S3 AVerAF15DMBTH;AVerMedia A850 USB;c:\windows\system32\drivers\AVerAF15DMBTH.sys [21.06.2010 10:51 554368]
S3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\drivers\fwlanusb.sys [23.06.2008 19:22 264704]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Inhalt des "geplante Tasks" Ordners
2010-07-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-01-06 17:24]
2010-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-01-06 17:24]
2010-06-29 c:\windows\Tasks\Rescue Reminder for 2HAS9TSZ.job
- c:\programme\Maxtor\ManagerApp\MaxUtilities.exe [2008-07-21 14:52]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://n-tv.de/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://go.web.de/suchbox/webdesuche?su=%s
IE: Free YouTube to Mp3 Converter - c:\dokumente und einstellungen\hrvoje\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\programme\Avira\AntiVir Desktop\avsda.dll
TCP: {681F9171-3D92-4436-81BB-3ABD41644196} = 217.237.151.115,217.237.148.102
TCP: {6D806538-48B5-454E-B1DC-B8B23A07AC12} = 217.237.151.115,217.237.148.102
Handler: fluxhttp - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - c:\programme\Gemeinsame Dateien\fluxDVD\Lib\XEB\xebnavigation.ax
Handler: fluxhttp\0x00000007 - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - c:\programme\Gemeinsame Dateien\fluxDVD\Lib\XEB\xebnavigation.ax
DPF: {59136DB4-6CA3-4B40-8F2F-BBF84B6F1E91} - hxxps://stream.web.de/mail/activex/mail_upload_11213.cab
FF - ProfilePath - c:\dokumente und einstellungen\hrvoje\Anwendungsdaten\Mozilla\Firefox\Profiles\16gq99ui.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.n-tv.de/
FF - prefs.js: keyword.URL - hxxp://go.web.de/suchbox/webdesuche?su=
FF - component: c:\dokumente und einstellungen\hrvoje\Anwendungsdaten\Mozilla\Firefox\Profiles\16gq99ui.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll
FF - component: c:\dokumente und einstellungen\hrvoje\Anwendungsdaten\Mozilla\Firefox\Profiles\16gq99ui.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\RadioWMPCore.dll
FF - component: c:\programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: c:\programme\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\dokumente und einstellungen\hrvoje\Anwendungsdaten\Move Networks\plugins\071802000001\npqmp071802000001.dll
FF - plugin: c:\programme\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\programme\Gemeinsame Dateien\mpDRM\NPMPDRM.dll
FF - plugin: c:\programme\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programme\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\programme\Videoload Manager\NPWMDRMWrapper.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("general.useragent.extra.cck", "(WEB.DE)");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-07-22 17:02
Windows 5.1.2600 Service Pack 3 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'winlogon.exe'(1168)
c:\programme\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\windows\system32\netprovcredman.dll
- - - - - - - > 'lsass.exe'(1224)
c:\programme\Avira\AntiVir Desktop\avsda.dll
- - - - - - - > 'explorer.exe'(5280)
c:\programme\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Intel\WiFi\bin\S24EvMon.exe
c:\windows\System32\SCardSvr.exe
c:\programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\programme\Intel\WiFi\bin\EvtEng.exe
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\programme\Canon\IJPLM\IJPLMSVC.EXE
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\Maxtor\Sync\SyncServices.exe
c:\windows\system32\nvsvc32.exe
c:\programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe
c:\programme\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
c:\programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\programme\Intel\WiFi\bin\WLKeeper.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\wbem\unsecapp.exe
c:\programme\DellTPad\ApMsgFwd.exe
c:\programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\programme\DellTPad\HidFind.exe
c:\programme\DellTPad\Apntex.exe
c:\windows\system32\rundll32.exe
c:\programme\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MICROS~4\rapimgr.exe
c:\programme\Uniblue\SpeedUpMyPC\sump.exe
c:\programme\iPod\bin\iPodService.exe
c:\programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\programme\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\programme\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
c:\programme\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
c:\programme\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-07-22 17:08:52 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-07-22 15:08
Vor Suchlauf: 16 Verzeichnis(se), 60.617.084.928 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 60.643.856.384 Bytes frei
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - C572B6EA50EB433E11633069168762A0
|
|
22.07.2010, 16:17
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Internet Explorer startet von selbst Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus. Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen. Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.07.2010, 19:31
| #15 |
| | Internet Explorer startet von selbst Osam log.file Code:
ATTFilter Report of OSAM: Autorun Manager vError get version hxxp://www.online-solutions.ru/en/ Saved at 20:28:57 on 22.07.2010 OS: Windows XP Professional Service Pack 3 (Build 2600) Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "Rescue Reminder for 2HAS9TSZ.job" - "Seagate Technology LLC" - C:\Programme\Maxtor\ManagerApp\MaxUtilities.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\WINDOWS\system32\DivXControlPanelApplet.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "LocalCOM.cpl" - "TOSHIBA CORPORATION" - C:\WINDOWS\system32\LocalCOM.cpl "nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl "nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Avira AntiVir Personal – Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl "Avira AntiVir Premium " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL "QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "APPDRV" (APPDRV) - "Dell Inc" - C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS "AVerMedia A850 USB" (AVerAF15DMBTH) - "AVerMedia TECHNOLOGIES, Inc." - C:\WINDOWS\System32\Drivers\AVerAF15DMBTH.sys "avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "Bluetooth-Audiogerät" (btaudio) - ? - C:\WINDOWS\System32\drivers\btaudio.sys (File not found) "Bluetooth-Bus-Enumerator" (BTKRNL) - ? - C:\WINDOWS\System32\DRIVERS\btkrnl.sys (File not found) "Bluetooth-LAN-Zugangsserver" (BTWDNDIS) - ? - C:\WINDOWS\System32\DRIVERS\btwdndis.sys (File not found) "catchme" (catchme) - ? - C:\cofi\catchme.sys (File not found) "cercsr6" (cercsr6) - "Adaptec, Inc." - C:\WINDOWS\system32\drivers\cercsr6.sys "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "CSRBC.Sys CSR test driver" (CSRBC) - "CSR, plc" - C:\WINDOWS\System32\Drivers\csrbcxp.sys "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "Intel(R) Wireless WiFi Link Adaptertreiber für Windows XP 32 Bit" (NETw4x32) - ? - C:\WINDOWS\System32\DRIVERS\NETw4x32.sys (File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "OMCI" (OMCI) - ? - C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (File not found) "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PPdus ASPI Shell" (Afc) - "Arcsoft, Inc." - C:\WINDOWS\System32\drivers\Afc.sys "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "Virtueller Bluetooth-Kommunikationstreiber" (BTDriver) - ? - C:\WINDOWS\System32\DRIVERS\btport.sys (File not found) "vncdrv" (vncdrv) - "RDV Soft" - C:\WINDOWS\System32\DRIVERS\vncdrv.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) "WIDCOMM USB Bluetooth Driver" (BTWUSB) - ? - C:\WINDOWS\System32\Drivers\btwusb.sys (File not found) [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL {8E2D00A0-82C6-4821-90BC-07F290841BB6} "XEB Navigation Filter" - ? - C:\Programme\Gemeinsame Dateien\fluxDVD\Lib\XEB\xebnavigation.ax -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {45C6AFA5-2C13-402f-BC5D-45CC8172EF6B} "Bluetooth-Informationsaustausch" - "TOSHIBA" - C:\WINDOWS\system32\TosBtExt.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {3FCEF010-09A4-11D4-8D3B-D12F9D3D8B02} "FileTimeShlExt Class" - "Uniblue Systems Ltd." - C:\Programme\Uniblue\PixelPerfect\UBImageProp.dll {C9CF278C-460E-4917-BC43-3F75E6E47D3D} "fluxDVD Shell Information Extractor" - "ACE GmbH" - C:\PROGRA~1\GEMEIN~1\fluxDVD\Lib\XEB\XEBShell.dll {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {BC476F4C-D9D7-4100-8D4E-E043F6DEC409} "Microsoft Browser Architecture" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {49BF5420-FA7F-11cf-8011-00A0C90A8F78} "Mobiles Gerät" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Wcesview.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Programme\Real\RealPlayer\rpshell.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "DVDVideoSoft Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoft\tbDVD1.dll <binary data> "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoftTB\tbDVD1.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} "DVDVideoSoft Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoft\tbDVD1.dll {872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoftTB\tbDVD1.dll {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Programme\softonic-de3\tbsoft.dll -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {59136DB4-6CA3-4B40-8F2F-BBF84B6F1E91} "Attachment Upload Control" - "WEB.DE GmbH" - C:\WINDOWS\DOWNLO~1\MAIL_U~1.OCX / https://stream.web.de/mail/activex/mail_upload_11213.cab {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} "get_atlcom Class" - "NOS Microsystems Ltd." - C:\WINDOWS\Downloaded Program Files\gp.ocx / hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab {CAC677B6-4963-4305-9066-0BD135CD9233} "IPSUploader4 Control" - "IP Labs GmbH - Germany" - C:\WINDOWS\Downloaded Program Files\IPSUploader4.ocx / https://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10c.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab {17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\WINDOWS\system32\legitcheckcontrol.dll / hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab {D27CDB6E-AE6D-11CF-35B8-444553540000} "{D27CDB6E-AE6D-11CF-35B8-444553540000}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\INetRepl.dll {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "Create Mobile Favorite" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\INetRepl.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} "DVDVideoSoft Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoft\tbDVD1.dll {872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoftTB\tbDVD1.dll {40090c1a-85c9-419d-b493-6119f95d97a4} "Online_Downloaden_Toolbar" - ? - C:\Programme\Online-Downloaden-Service Limited\Online-Downloaden-Toolbar\adxloader.dll {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Programme\softonic-de3\tbsoft.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} "DVDVideoSoft Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoft\tbDVD1.dll {872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoftTB\tbDVD1.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {f6e6051c-0d37-44e3-8855-2308b314f6c2} "Online_Downloaden_Toolbar" - ? - C:\Programme\Online-Downloaden-Service Limited\Online-Downloaden-Toolbar\adxloader.dll {3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Programme\softonic-de3\tbsoft.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "Bluetooth Manager.lnk" - "TOSHIBA CORPORATION." - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini "Sonic CinePlayer Quick Launch.lnk" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Sonic CinePlayer Quick Launch.lnk (Shortcut exists | File not found) -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\hrvoje\Startmenü\Programme\Autostart\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "H/PC Connection Agent" - "Microsoft Corporation" - "C:\Programme\Microsoft ActiveSync\wcescomm.exe" "RayV" - "RayV" - C:\Programme\RayV\RayV\RayV.exe /background "SpeedUpMyPC" - "Uniblue Systems Limited" - "C:\Programme\Uniblue\SpeedUpMyPC\launcher.exe" delay 20000 "Winsplit" - ? - C:\Programme\WinSplit Revolution\WinSplit.exe -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" "Apoint" - "Alps Electric Co., Ltd." - C:\Programme\Apoint\Apoint.exe "ArcSoft Connection Service" - "ArcSoft Inc." - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe "AVMWlanClient" - "AVM Berlin GmbH" - C:\Programme\avmwlanstick\FRITZWLANMini.exe "CanonMyPrinter" - "CANON INC." - C:\Programme\Canon\MyPrinter\BJMyPrt.exe /logon "CanonSolutionMenu" - "CANON INC." - C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe /logon "Dell QuickSet" - "Dell Inc." - C:\Programme\Dell\QuickSet\quickset.exe "DivXUpdate" - ? - "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW "Easy-PrintToolBox" - "CANON INC." - C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon "IntelWireless" - "Intel(R) Corporation" - "C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray "IntelZeroConfig" - "Intel(R) Corporation" - "C:\Programme\Intel\WiFi\bin\ZCfgSvc.exe" "ITSecMng" - " TOSHIBA CORPORATION" - %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START "iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe" "mxomssmenu" - "Maxtor Corporation" - "C:\Programme\Maxtor\OneTouch Status\maxmenumgr.exe" "NVHotkey" - "NVIDIA Corporation" - rundll32.exe nvHotkey.dll,Start "nwiz" - "NVIDIA Corporation" - nwiz.exe /installquiet "OpwareSE4" - "Nuance Communications, Inc." - "C:\Programme\ScanSoft\OmniPageSE4\OpwareSE4.exe" "QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime "RemoteControl" - "Cyberlink Corp." - C:\Programme\CyberLink\PowerDVD\PDVDServ.exe "SSBkgdUpdate" - "Nuance Communications, Inc." - "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [Network Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )----- "IntelNetProvCredMan" - "Intel(R) Corporation" - C:\WINDOWS\system32\netprovcredman.dll [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Bullzip PDF Print Monitor" - "Bullzip" - C:\WINDOWS\system32\bzpdf.dll "Canon BJ Language Monitor iP5200" - "CANON INC." - C:\WINDOWS\system32\CNMLM79.DLL "Canon BJ Language Monitor PIXMA iP5000" - "CANON INC." - C:\WINDOWS\system32\CNMLM6d.DLL "Toshiba Bluetooth Monitor" - "TOSHIBA CORPORATION." - C:\WINDOWS\system32\tbtmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "AccSys WLAN Control Service" (accvssvc) - "AccSys GmbH" - C:\Programme\Gemeinsame Dateien\AccSys\AccVSSvc.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe "ArcSoft Connect Daemon" (ACDaemon) - "ArcSoft Inc." - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir MailGuard" (AntiVirMailService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avmailc.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe "Avira AntiVir WebGuard" (AntiVirWebService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE "Bonjour-Dienst" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe "getPlus(R) Helper" (getPlusHelper) - "NOS Microsystems Ltd." - C:\Programme\NOS\bin\getPlus_Helper.dll "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "GoToAssist" (GoToAssist) - "Citrix Online, a division of Citrix Systems, Inc." - C:\Programme\Citrix\GoToAssist\514\g2aservice.exe "HID Input Service" (HidServ) - ? - C:\WINDOWS\System32\hidserv.dll (File not found) "Intel(R) PROSet/Wireless SSO Service" (WLANKEEPER) - "Intel(R) Corporation" - C:\Programme\Intel\WiFi\bin\WLKeeper.exe "Intel® PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Programme\Intel\WiFi\bin\EvtEng.exe "Intel® PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe "Intel® PROSet/Wireless WiFi Service" (S24EventMonitor) - "Intel(R) Corporation" - C:\Programme\Intel\WiFi\bin\S24EvMon.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "Maxtor Service" (Maxtor Sync Service) - "Seagate Technology LLC" - C:\Programme\Maxtor\Sync\SyncServices.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE "PIXMA Extended Survey Program" (IJPLMSVC) - ? - C:\Programme\Canon\IJPLM\IJPLMSVC.EXE "TOSHIBA Bluetooth Service" (TOSHIBA Bluetooth Service) - "TOSHIBA CORPORATION" - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "GoToAssist" - "Citrix Online, a division of Citrix Systems, Inc." - C:\Programme\Citrix\GoToAssist\514\G2AWinLogon.dll "WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )----- "AVSDA" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avsda.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
|
| Themen zu Internet Explorer startet von selbst |
| 0x00000001, antivir, antivir guard, avgntflt.sys, avira, behebung, benutzerregistrierung, bho, bonjour, canon, components, conduit, converter, desktop, error, firefox, firefox addon, flash player, google, hijack, hijackthis, hkus\s-1-5-18, internet explorer, intranet, location, malware, microsoft office word, mozilla, mp3, nicht vorhanden, object, office 2007, oldtimer, otl logfile, otl.exe, plug-in, registry, saver, searchplugins, security, security update, shell32.dll, software, speedupmypc, super, system, trojaner, vlc media player, von selbst, windows, windows internet, windows internet explorer, windows xp |
isabled:Pocket Controller Professional -- (SOTI Inc.)
Linear-Darstellung
