![]() |
Plagegeister aller Art und deren Bekämpfung: Antivir Solution Pro entfernt - was muss noch entfernt werden?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() |
![]() | #1 |
![]() | ![]() Antivir Solution Pro entfernt - was muss noch entfernt werden? Ich hatte gestern Abend Antivir Solution Pro auf meinem PC und habe es nun heute nach den Anweisungen aus diesem Forum entfernt. Dazu habe ich rkill in iexplore.exe umbenannt und damit Antivir Solution Pro gestoppt. Danach habe ich die Internet Einstellungen korrigiert und Malwarebytes heruntergeladen und damit einen kompletten Scan durchgeführt. Während des Scans erkannte mein Avira Antivir 8 mal Malware, alles mit dem Namen "ADSPY/Agent.owh". Das habe ich alles in Quarantäne verschoben. Die Ergebnisse des Scans von Malwarebytes habe ich entfernt. Danach habe ich CCleaner, wie hier im Forum erklärt wird, benutzt auch für die Registry, bis es keine Fehler mehr fand. Jetzt funktioniert eigentlich alles wieder normal, jedoch weiss ich nicht, ob jetzt wirklich alles weg ist, deshalb wollte ich noch hier nachfragen, was ich noch tun sollte. die logs von rkill, Malwarebytes und RSIT habe ich angehängt. Hier nochmal der Report von Malwarebytes (weiss nicht ob der Anhang genügt): Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4340 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 23.07.2010 12:41:18 mbam-log-2010-07-23 (12-41-18).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|G:\|S:\|) Durchsuchte Objekte: 268284 Laufzeit: 1 Stunde(n), 7 Minute(n), 55 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 7 Infizierte Registrierungswerte: 6 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 6 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\WakeNet (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\AVSolution (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\AVSolution (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mcomltgb (Trojan.Dropper) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mcomltgb (Trojan.Dropper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\idln2 (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\netsearchsoft.com (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\www.netsearchsoft.com (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\registrymonitor1 (Trojan.Agent) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: D:\Dokumente und Einstellungen\Simon\Lokale Einstellungen\Anwendungsdaten\dhtqnwkid\rcoimsqtssd.exe (Trojan.Dropper) -> Quarantined and deleted successfully. D:\Dokumente und Einstellungen\Simon\Lokale Einstellungen\Temp\0.3675971474550829.exe (Trojan.Dropper) -> Quarantined and deleted successfully. D:\Dokumente und Einstellungen\Simon\Lokale Einstellungen\Temp\5414273.exe (Spyware.Wemon) -> Quarantined and deleted successfully. D:\System Volume Information\_restore{EA41FFEB-124E-41EF-B032-A3D994DD4BC5}\RP519\A0181874.exe (Spyware.Wemon) -> Quarantined and deleted successfully. D:\WINDOWS\system32\Userinitxx.exe (Trojan.Agent) -> Quarantined and deleted successfully. D:\Programme\ICQToolbar\toolbaru.dll (Trojan.BHO) -> Quarantined and deleted successfully. |
![]() | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Antivir Solution Pro entfernt - was muss noch entfernt werden? Hallo und
__________________![]() Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
![]() | #3 |
![]() | ![]() Antivir Solution Pro entfernt - was muss noch entfernt werden? Hallo und erstmal vielen Dank für die schnelle Hilfe.
__________________Hier die 2 Logfiles von OTL: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 23.07.2010 20:20:25 - Run 1 OTL by OldTimer - Version Folder = S:\Programme Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 62,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 83,00% Paging File free Paging file location(s): D:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Programme Drive C: | 128,97 Gb Total Space | 0,21 Gb Free Space | 0,16% Space Free | Partition Type: NTFS Drive D: | 24,41 Gb Total Space | 3,24 Gb Free Space | 13,26% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 7,36 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive G: | 25,39 Gb Total Space | 0,55 Gb Free Space | 2,17% Space Free | Partition Type: NTFS H: Drive not present or media not loaded I: Drive not present or media not loaded Drive S: | 207,49 Gb Total Space | 0,36 Gb Free Space | 0,17% Space Free | Partition Type: NTFS Computer Name: SIMON-KYZTKN13I Current User Name: Simon Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "D:\Programme\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "D:\Programme\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "19527:TCP" = 19527:TCP:*:Enabled:BitComet 19527 TCP "19527:UDP" = 19527:UDP:*:Enabled:BitComet 19527 UDP "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "D:\Programme\Windows Live\Messenger\wlcsdk.exe" = D:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "D:\Programme\Windows Live\Sync\WindowsLiveSync.exe" = D:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "D:\Programme\Xfire\xfire.exe" = D:\Programme\Xfire\xfire.exe:*:Enabled:Xfire -- (Xfire Inc.) "C:\Programme\mIRC\mirc.exe" = C:\Programme\mIRC\mirc.exe:*:Enabled:mIRC -- File not found "C:\Programme\eMule\emule.exe" = C:\Programme\eMule\emule.exe:*:Enabled:eMule -- (hxxp://emuleplus.info) "C:\Programme\HLSW\hlsw.exe" = C:\Programme\HLSW\hlsw.exe:*:Enabled:HLSW -- (Stripf Software) "D:\Programme\HLSW\hlsw.exe" = D:\Programme\HLSW\hlsw.exe:*:Enabled:HLSW -- (Stripf Software) "C:\Dokumente und Einstellungen\Simon\Desktop\mirc.exe" = C:\Dokumente und Einstellungen\Simon\Desktop\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.) "D:\Programme\BitTorrent\bittorrent.exe" = D:\Programme\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found "D:\Programme\BitTorrent_DNA\dna.exe" = D:\Programme\BitTorrent_DNA\dna.exe:*:Enabled:BitTorrent DNA -- () "D:\Programme\BitComet\BitComet.exe" = D:\Programme\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client -- File not found "C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "C:\Programme\Valve\Steam\steam.exe" = C:\Programme\Valve\Steam\steam.exe:*:Enabled:Steam -- (Valve Corporation) "C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, Inc.) "C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.) "D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonUS\NGM\NGM.exe" = D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon) "C:\Programme\KartRider\NMService.exe" = C:\Programme\KartRider\NMService.exe:*:Enabled:Nexon Messenger Core -- File not found "C:\Programme\Zattoo\zattood.exe" = C:\Programme\Zattoo\zattood.exe:*:Enabled:zattood -- () "C:\Programme\Zattoo\Zattoo2.exe" = C:\Programme\Zattoo\Zattoo2.exe:*:Enabled: -- () "S:\Programme\mIRC\mirc.exe" = S:\Programme\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.) "D:\Programme\Cyanide\GameCenter\GameCenter.exe" = D:\Programme\Cyanide\GameCenter\GameCenter.exe:*:Enabled:GameCenter -- File not found "S:\Programme\Cyanide\Pro Cycling Manager - Season 2008\PCM.exe" = S:\Programme\Cyanide\Pro Cycling Manager - Season 2008\PCM.exe:*:Enabled:Pro Cycling Manager - Season 2008 -- File not found "S:\Programme\Cyanide\Pro Cycling Manager - Season 2008\Autorun\Exe\Autorun.exe" = S:\Programme\Cyanide\Pro Cycling Manager - Season 2008\Autorun\Exe\Autorun.exe:*:Enabled:Pro Cycling Manager - Season 2008 - AutoRun -- File not found "C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) "C:\Programme\Zattoo\Zattoo.exe" = C:\Programme\Zattoo\Zattoo.exe:*:Enabled: -- () "S:\Programme\uTorrent.exe" = S:\Programme\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.) "C:\Programme\Valve\Steam\SteamApps\scad2001\counter-strike source\hl2.exe" = C:\Programme\Valve\Steam\SteamApps\scad2001\counter-strike source\hl2.exe:*:Enabled:hl2 -- () "S:\Programme\EA SPORTS\updater.exe" = S:\Programme\EA SPORTS\updater.exe:*:Enabled:Updater -- File not found "S:\Programme\NBA 2k10\Image\nba2k10.exe" = S:\Programme\NBA 2k10\Image\nba2k10.exe:*:Enabled:2K Sports NBA 2K10 -- (2K Sports) "D:\Programme\PFPortChecker\PFPortChecker.exe" = D:\Programme\PFPortChecker\PFPortChecker.exe:*:Enabled:PFPortchecker by portforward.com helps check if your ports are properly forwarded. -- (portforward.com) "D:\Programme\Windows Live\Messenger\wlcsdk.exe" = D:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "D:\Programme\Windows Live\Sync\WindowsLiveSync.exe" = D:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation) "D:\Dokumente und Einstellungen\Simon\Desktop\nba2k10U.exe" = D:\Dokumente und Einstellungen\Simon\Desktop\nba2k10U.exe:*:Enabled:2K Sports NBA 2K10 -- File not found "S:\Programme\NBA 2k10\NBA 2K10\Image\nba2k10U.exe" = S:\Programme\NBA 2k10\NBA 2K10\Image\nba2k10U.exe:*:Enabled:2K Sports NBA 2K10 -- File not found "S:\Programme\NBA 2k10\Image\nba2k10U.exe" = S:\Programme\NBA 2k10\Image\nba2k10U.exe:*:Enabled:2K Sports NBA 2K10 -- (2K Sports) "G:\Programme\pes2010.exe" = G:\Programme\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010 -- File not found "G:\Programme\Konami\Pro Evolution Soccer 2010\pes2010.exe" = G:\Programme\Konami\Pro Evolution Soccer 2010\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010 -- (Konami Digital Entertainment Co., Ltd.) "C:\Programme\Valve\Steam\SteamApps\garzelli\counter-strike source\hl2.exe" = C:\Programme\Valve\Steam\SteamApps\garzelli\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source -- () "" = :*:Enabled:ldrsoft ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{036AA4D4-6D32-11D4-9875-00105ACE7734}" = Logitech iTouch Software "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM) "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan "{1189284F-0556-47E5-8DCD-F8BF3176F4EA}" = WingMan Software "{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy "{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant "{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare "{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}" = Sound Blaster Audigy "{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F698102-5739-441E-96F0-74F4EA540F06}" = Attansic Ethernet Utility "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20 "{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1 "{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010 "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine "{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2 "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour "{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext "{3947442A-1409-45fc-A885-FB1CF937675D}" = 1400 "{3EBD3749-304E-4A4C-9575-C00E5F015217}" = Apple Mobile Device Support "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack "{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6 "{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects "{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery "{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update "{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan "{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6B2C675E-8040-431B-99C4-137DF4FBF75A}" = Thermal Analysis Tool "{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm "{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar "{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client "{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics "{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX "{7FF9CD9C-6E0C-4462-9670-F424DCB32DAF}" = iTunes "{8287E5A6-A0D1-4074-B149-F6157EE0DEEB}" = NEC DISPLAY SOLUTIONS NaViSet "{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent "{848DC0D8-9070-4300-A264-45AF9CB104DA}_is1" = NBA 2k10 "{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1 "{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware "{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc "{8D9AABA0-36DB-4559-8408-4E0B78E620F9}_is1" = NBA 2K10 Patch 1.1 "{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime "{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A07BAED2-DA9A-436A-83F1-80BA23FA9E4B}" = 1400_Help "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom "{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC4C38FD-A54C-4CA5-92EE-D983CD81293E}" = Microsoft Xbox 360 Accessories 1.2 "{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.3 - Deutsch "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX "{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director "{BD29EBAC-AD7D-4b27-B727-4CC6AC52D36B}" = MarketResearch "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg "{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2 "{DE66E6E1-BFBC-4586-A03C-686598F4CA3C}" = 1400Trb "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E31C348B-63A9-4CBF-8D7F-D932ABB63244}" = Ad-Aware 2007 "{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0 "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates "Ad-Aware" = Ad-Aware "Adjustment Pattern software utility" = Adjustment Pattern software utility "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player "AtcL1" = Attansic L1 Gigabit Ethernet Driver "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CCleaner" = CCleaner "CK's Biorhytmus 2000" = CK's Biorhytmus 2000 "Creative Software AutoUpdate" = Creative Software AutoUpdate "eMule Plus_is1" = eMule Plus 1.2d "FreePDF_XP" = FreePDF (Remove only) "GPL Ghostscript 8.71" = GPL Ghostscript 8.71 "Hamachi" = Hamachi "Hannes Converter" = Hannes Converter 2.0 "HLSW_is1" = HLSW v1.2.0 "HP Photo & Imaging" = HP Image Zone 4.7 "HPExtendedCapabilities" = HP Extended Capabilities 4.7 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "InstallShield_{8287E5A6-A0D1-4074-B149-F6157EE0DEEB}" = NEC DISPLAY SOLUTIONS NaViSet "KLiteCodecPack_is1" = K-Lite Codec Pack 3.4.0 Full "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "mIRC" = mIRC "Mozilla Firefox (3.6.7)" = Mozilla Firefox (3.6.7) "Mumble" = Mumble and Murmur "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NVIDIA Drivers" = NVIDIA Drivers "Pacific Poker" = Pacific Poker "PFPortChecker" = PFPortChecker 1.0.31 "PowerDVD" = ASUSDVD 2000 "Prio" = Prio v1.9.5 "Real Shoes Patch for 2K9 2.02.0" = Real Shoes Patch for 2K9 2.0 "RealPlayer 6.0" = RealPlayer "Redirection Port Monitor" = RedMon - Redirection Port Monitor "Steam App 400" = Portal "SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009) "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "TeamSpeak 3 Client" = TeamSpeak 3 Client "VLC media player" = VLC media player 1.0.3 "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "Windows Media Format Runtime" = Windows Media Format Runtime "Windows Media Player" = Windows Media Player 10 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR archiver "Xfire" = Xfire (remove only) "XTTB00001.XTTB00001Toolbar" = ICQ Toolbar "Zattoo" = Zattoo 3.3.4 Beta "Zattoo4" = Zattoo4 4.0.4 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "BitTorrent DNA" = BitTorrent DNA "SupportLicenseNew" = CiD Help "uTorrent" = µTorrent "VOIPlay" = VOIPlay ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 07.07.2010 08:55:25 | Computer Name = SIMON-KYZTKN13I | Source = ESENT | ID = 490 Description = svchost (1136) Versuch, Datei "D:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien. Error - 09.07.2010 14:57:25 | Computer Name = SIMON-KYZTKN13I | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung firefox.exe, Version, Stillstandmodul hungapp, Version, Stillstandadresse 0x00000000. Error - 11.07.2010 04:40:42 | Computer Name = SIMON-KYZTKN13I | Source = crypt32 | ID = 131083 Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 11.07.2010 04:40:42 | Computer Name = SIMON-KYZTKN13I | Source = crypt32 | ID = 131083 Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 12.07.2010 14:22:11 | Computer Name = SIMON-KYZTKN13I | Source = crypt32 | ID = 131083 Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 12.07.2010 14:22:11 | Computer Name = SIMON-KYZTKN13I | Source = crypt32 | ID = 131083 Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 12.07.2010 14:22:12 | Computer Name = SIMON-KYZTKN13I | Source = crypt32 | ID = 131083 Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Die Daten sind unzulässig. . Error - 20.07.2010 07:23:51 | Computer Name = SIMON-KYZTKN13I | Source = crypt32 | ID = 131083 Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Die Daten sind unzulässig. . Error - 21.07.2010 17:29:22 | Computer Name = SIMON-KYZTKN13I | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung javaw.exe, Version, fehlgeschlagenes Modul java.dll, Version, Fehleradresse 0x00005875. Error - 23.07.2010 08:59:30 | Computer Name = SIMON-KYZTKN13I | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung firefox.exe, Version, fehlgeschlagenes Modul mozcrt19.dll, Version, Fehleradresse 0x000083e8. [ System Events ] Error - 22.07.2010 17:29:33 | Computer Name = SIMON-KYZTKN13I | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Lavasoft Ad-Aware Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 22.07.2010 17:30:34 | Computer Name = SIMON-KYZTKN13I | Source = Service Control Manager | ID = 7034 Description = Dienst "Pml Driver HPZ12" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 23.07.2010 05:24:27 | Computer Name = SIMON-KYZTKN13I | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease für die Netzwerkkarte mit der Netzwerkadresse 001BFC533BB2 wurde durch den DHCP-Server abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 23.07.2010 05:24:52 | Computer Name = SIMON-KYZTKN13I | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Lavasoft Ad-Aware Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 23.07.2010 06:43:25 | Computer Name = SIMON-KYZTKN13I | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Lavasoft Ad-Aware Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 23.07.2010 06:43:25 | Computer Name = SIMON-KYZTKN13I | Source = sr | ID = 1 Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume2" ist im Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung wurde angehalten. Error - 23.07.2010 07:01:58 | Computer Name = SIMON-KYZTKN13I | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Lavasoft Ad-Aware Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 23.07.2010 07:35:17 | Computer Name = SIMON-KYZTKN13I | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Lavasoft Ad-Aware Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 23.07.2010 08:17:19 | Computer Name = SIMON-KYZTKN13I | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Lavasoft Ad-Aware Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 23.07.2010 14:16:38 | Computer Name = SIMON-KYZTKN13I | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Lavasoft Ad-Aware Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 < End of report > OTL Logfile: Code:
ATTFilter OTL logfile created on: 23.07.2010 20:20:25 - Run 1 OTL by OldTimer - Version Folder = S:\Programme Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 62,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 83,00% Paging File free Paging file location(s): D:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Programme Drive C: | 128,97 Gb Total Space | 0,21 Gb Free Space | 0,16% Space Free | Partition Type: NTFS Drive D: | 24,41 Gb Total Space | 3,24 Gb Free Space | 13,26% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 7,36 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive G: | 25,39 Gb Total Space | 0,55 Gb Free Space | 2,17% Space Free | Partition Type: NTFS H: Drive not present or media not loaded I: Drive not present or media not loaded Drive S: | 207,49 Gb Total Space | 0,36 Gb Free Space | 0,17% Space Free | Partition Type: NTFS Computer Name: SIMON-KYZTKN13I Current User Name: Simon Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - S:\Programme\OTL.exe (OldTimer Tools) PRC - D:\Dokumente und Einstellungen\Simon\Lokale Einstellungen\Temp\svcnost.exe () PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - D:\Programme\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated) PRC - C:\Programme\Valve\Steam\steam.exe (Valve Corporation) PRC - D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - D:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - D:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - D:\Programme\Microsoft Xbox 360 Accessories\XBoxStat.exe (Microsoft Corporation) PRC - D:\Programme\FreePDF_XP\fpassist.exe (shbox.de) PRC - D:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - D:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) PRC - D:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.) PRC - D:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - D:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - D:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - D:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.) PRC - D:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft AB) PRC - D:\Programme\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd) PRC - C:\Programme\Gamma panel\gapa.exe (Tomasz Porosiński) ========== Modules (SafeList) ========== MOD - S:\Programme\OTL.exe (OldTimer Tools) MOD - D:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll (Microsoft Corporation) MOD - D:\Programme\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.) MOD - D:\Programme\Logitech\SetPoint\GameHook.dll (Logitech, Inc.) MOD - D:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) MOD - D:\WINDOWS\system32\prio.dll (O&K Software) ========== Win32 Services (SafeList) ========== SRV - (Lavasoft Ad-Aware Service) -- D:\Programme\Lavasoft\Ad-Aware\AAWService.exe File not found SRV - (HidServ) -- D:\WINDOWS\System32\hidserv.dll File not found SRV - (AppMgmt) -- D:\WINDOWS\System32\appmgmts.dll File not found SRV - (AntiVirService) -- D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (fsssvc) -- D:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (SeaPort) -- D:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (LBTServ) -- D:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (Apple Mobile Device) -- D:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.) SRV - (aawservice) -- D:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft AB) SRV - (IDriverT) -- D:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (Pml Driver HPZ12) -- D:\WINDOWS\system32\HPZipm12.exe (HP) ========== Driver Services (SafeList) ========== DRV - (NDSPCIIO) -- D:\WINDOWS\System32\DRIVERS\NDSPCIIO.SYS File not found DRV - (avipbb) -- D:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- D:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (DDCCI) -- D:\WINDOWS\system32\drivers\Moni2c.sys (Mitsubishi Electric , NEC-Mitsubishi Electric Visual Systems) DRV - (Lbd) -- D:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (xusb21) -- D:\WINDOWS\system32\drivers\xusb21.sys (Microsoft Corporation) DRV - (fssfltr) -- D:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation) DRV - (nv) -- D:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (ssmdrv) -- D:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- D:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (HDAudBus) -- D:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (LUsbFilt) -- D:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.) DRV - (LMouFilt) -- D:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- D:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (L8042Kbd) -- D:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.) DRV - (hamachi) -- D:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (AtcL001) -- D:\WINDOWS\system32\drivers\atl01_xp.sys (Attansic Technology corporation.) DRV - (P17) -- D:\WINDOWS\system32\drivers\P17.sys (Creative Technology Ltd.) DRV - (ossrv) -- D:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV - (ctsfm2k) -- D:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV - (MTsensor) -- D:\WINDOWS\system32\drivers\ASACPI.sys () DRV - (itchfltr) -- D:\WINDOWS\system32\drivers\itchfltr.sys (Logitech, Inc.) DRV - (LHidUsb) -- D:\WINDOWS\system32\drivers\LHidUsb.sys (Logitech, Inc.) DRV - (WmFilter) -- D:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.) DRV - (WmBEnum) -- D:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.) DRV - (WmXlCore) -- D:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.) DRV - (WmVirHid) -- D:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.) DRV - (Aspi32) -- D:\WINDOWS\System32\drivers\aspi32.sys (Adaptec) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http= ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.ch/" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.07.21 23:08:04 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.07.21 23:08:04 | 000,000,000 | ---D | M] [2008.08.26 23:45:10 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Extensions [2010.07.23 11:38:15 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\zr6i4l94.default\extensions [2010.04.27 16:23:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- D:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\zr6i4l94.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.07.10 23:35:55 | 000,000,000 | ---D | M] (Adblock Plus) -- D:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\zr6i4l94.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} O1 HOSTS File: ([2007.10.26 16:54:59 | 000,004,188 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: localhost O1 - Hosts: bin.errorprotector.com ## added by CiD O1 - Hosts: br.errorsafe.com ## added by CiD O1 - Hosts: br.winantivirus.com ## added by CiD O1 - Hosts: br.winfixer.com ## added by CiD O1 - Hosts: cdn.drivecleaner.com ## added by CiD O1 - Hosts: cdn.errorsafe.com ## added by CiD O1 - Hosts: cdn.winsoftware.com ## added by CiD O1 - Hosts: de.errorsafe.com ## added by CiD O1 - Hosts: de.winantivirus.com ## added by CiD O1 - Hosts: download.cdn.drivecleaner.com ## added by CiD O1 - Hosts: download.cdn.errorsafe.com ## added by CiD O1 - Hosts: download.cdn.winsoftware.com ## added by CiD O1 - Hosts: download.errorsafe.com ## added by CiD O1 - Hosts: download.systemdoctor.com ## added by CiD O1 - Hosts: download.winantispyware.com ## added by CiD O1 - Hosts: download.windrivecleaner.com ## added by CiD O1 - Hosts: download.winfixer.com ## added by CiD O1 - Hosts: drivecleaner.com ## added by CiD O1 - Hosts: dynamique.drivecleaner.com ## added by CiD O1 - Hosts: errorprotector.com ## added by CiD O1 - Hosts: errorsafe.com ## added by CiD O1 - Hosts: es.winantivirus.com ## added by CiD O1 - Hosts: fr.winantivirus.com ## added by CiD O1 - Hosts: fr.winfixer.com ## added by CiD O1 - Hosts: 46 more lines... O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - No CLSID value found. O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - D:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Programme\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - D:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - D:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - D:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - D:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - D:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [Adobe ARM] D:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] D:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CTSysVol] D:\Programme\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd) O4 - HKLM..\Run: [FreePDF Assistant] D:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] D:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [NeroCheck] D:\WINDOWS\System32\\NeroCheck.exe () O4 - HKLM..\Run: [NvCplDaemon] D:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] D:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] D:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [P17Helper] D:\WINDOWS\System32\P17.dll () O4 - HKLM..\Run: [RegistryMonitor1] D:\WINDOWS\System32\qtplugin.exe File not found O4 - HKLM..\Run: [SunJavaUpdateSched] D:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TkBellExe] D:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [UpdReg] D:\WINDOWS\Updreg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [XboxStat] D:\Programme\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation) O4 - HKLM..\Run: [zBrowser Launcher] D:\Programme\Logitech\iTouch\iTouch.exe (Logitech Inc.) O4 - HKCU..\Run: [Steam] c:\programme\valve\steam\steam.exe (Valve Corporation) O4 - HKCU..\Run: [swg] D:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - Startup: D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\HP Image Zone Schnellstart.lnk = D:\Programme\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.) O4 - Startup: D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech) O4 - Startup: D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = D:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) O4 - Startup: D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = D:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O4 - Startup: D:\Dokumente und Einstellungen\Simon\Startmenü\Programme\Autostart\Verknüpfung mit gapa.lnk = C:\Programme\Gamma panel\gapa.exe (Tomasz Porosiński) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Google Sidewiki... - D:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - Reg Error: Key error. File not found O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.) O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} hxxp://www.streamplug.com/StreamPlug/beta/SP.cab (StreamPlug Class) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx (Get_ActiveX Control) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - D:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - AppInit_DLLs: (prio.dll) - D:\WINDOWS\System32\prio.dll (O&K Software) O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (D:\WINDOWS\system32\userinit.exe) - D:\WINDOWS\system32\userinit.exe () O20 - Winlogon\Notify\LBTWlgn: DllName - d:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll - d:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: D:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: D:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.09.11 12:29:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009.09.04 08:10:22 | 000,214,408 | R--- | M] (Konami Digital Entertainment Co., Ltd.) - F:\autorun.exe -- [ UDF ] O32 - AutoRun File - [2009.09.04 08:10:22 | 000,000,047 | R--- | M] () - F:\Autorun.inf -- [ UDF ] O33 - MountPoints2\{13ea0f53-5751-11dd-a572-001bfc533bb2}\Shell\AutoRun\command - "" = H:\System\Security\DriveGuard.exe -- File not found O33 - MountPoints2\{13ea0f53-5751-11dd-a572-001bfc533bb2}\Shell\Explore\Command - "" = H:\System\Security\DriveGuard.exe -- File not found O33 - MountPoints2\{13ea0f53-5751-11dd-a572-001bfc533bb2}\Shell\Open\Command - "" = H:\System\Security\DriveGuard.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - D:\WINDOWS\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.07.23 13:40:13 | 000,000,000 | ---D | C] -- D:\Programme\trend micro [2010.07.23 13:40:13 | 000,000,000 | ---D | C] -- D:\rsit [2010.07.23 12:54:53 | 000,000,000 | RH-D | C] -- D:\Dokumente und Einstellungen\Simon\Recent [2010.07.23 12:51:33 | 000,000,000 | ---D | C] -- D:\Programme\CCleaner [2010.07.23 11:31:36 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Malwarebytes [2010.07.23 11:31:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.07.23 11:31:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbam.sys [2010.07.23 11:31:27 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.07.23 11:31:26 | 000,000,000 | ---D | C] -- D:\Programme\Malwarebytes' Anti-Malware [2010.07.22 22:09:51 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\NtmsData [2010.07.22 22:08:50 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\Simon\Lokale Einstellungen\Anwendungsdaten\dhtqnwkid [2010.07.14 11:16:55 | 000,744,448 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\helpsvc.exe [2010.07.11 17:11:08 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Avira [2002.04.11 03:41:06 | 000,065,536 | R--- | C] ( ) -- D:\WINDOWS\System32\A3d.dll [4 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ] [1 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.07.23 20:17:08 | 000,001,088 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010.07.23 20:16:56 | 000,054,156 | -H-- | M] () -- D:\WINDOWS\QTFont.qfn [2010.07.23 20:16:53 | 000,235,289 | ---- | M] () -- D:\WINDOWS\System32\NvApps.xml [2010.07.23 20:16:18 | 000,001,084 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010.07.23 20:16:11 | 000,000,006 | -H-- | M] () -- D:\WINDOWS\tasks\SA.DAT [2010.07.23 20:16:10 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat [2010.07.23 16:56:51 | 029,097,984 | -H-- | M] () -- D:\Dokumente und Einstellungen\Simon\NTUSER.DAT [2010.07.23 16:56:51 | 000,000,190 | -HS- | M] () -- D:\Dokumente und Einstellungen\Simon\ntuser.ini [2010.07.23 16:31:50 | 000,097,792 | ---- | M] () -- D:\Dokumente und Einstellungen\Simon\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.07.23 14:57:58 | 000,033,290 | ---- | M] () -- D:\WINDOWS\System32\userinit.exe [2010.07.23 13:01:37 | 000,002,422 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl [2010.07.23 12:51:34 | 000,000,656 | ---- | M] () -- D:\Dokumente und Einstellungen\Simon\Desktop\CCleaner.lnk [2010.07.23 11:31:30 | 000,000,678 | ---- | M] () -- D:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.23 11:14:38 | 000,363,520 | ---- | M] () -- D:\Dokumente und Einstellungen\Simon\Desktop\rkill.com [2010.07.22 22:37:02 | 000,002,047 | ---- | M] () -- D:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [2010.07.13 20:38:54 | 000,019,456 | ---- | M] () -- D:\Dokumente und Einstellungen\Simon\Eigene Dateien\ts ip.doc [2010.07.13 20:38:41 | 000,002,477 | ---- | M] () -- D:\Dokumente und Einstellungen\Simon\Desktop\Microsoft Word.lnk [2010.07.13 16:01:34 | 001,579,986 | -H-- | M] () -- D:\Dokumente und Einstellungen\Simon\Lokale Einstellungen\Anwendungsdaten\IconCache.db [2010.06.29 22:01:41 | 000,017,408 | ---- | M] () -- D:\Dokumente und Einstellungen\Simon\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db [4 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ] [1 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.07.23 12:51:34 | 000,000,656 | ---- | C] () -- D:\Dokumente und Einstellungen\Simon\Desktop\CCleaner.lnk [2010.07.23 11:31:30 | 000,000,678 | ---- | C] () -- D:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.23 11:27:11 | 000,363,520 | ---- | C] () -- D:\Dokumente und Einstellungen\Simon\Desktop\rkill.com [2010.07.13 20:38:53 | 000,019,456 | ---- | C] () -- D:\Dokumente und Einstellungen\Simon\Eigene Dateien\ts ip.doc [2010.03.28 20:18:12 | 000,116,224 | ---- | C] () -- D:\WINDOWS\System32\redmonnt.dll [2010.03.05 02:11:22 | 000,041,872 | ---- | C] () -- D:\WINDOWS\System32\xfcodec.dll [2009.08.23 22:19:12 | 000,027,648 | ---- | C] () -- D:\WINDOWS\System32\AVSredirect.dll [2009.06.10 08:29:34 | 001,724,416 | ---- | C] () -- D:\WINDOWS\System32\nvwdmcpl.dll [2009.06.10 08:29:34 | 001,101,824 | ---- | C] () -- D:\WINDOWS\System32\nvwimg.dll [2009.06.10 08:29:34 | 000,466,944 | ---- | C] () -- D:\WINDOWS\System32\nvshell.dll [2009.06.10 08:29:32 | 001,507,328 | ---- | C] () -- D:\WINDOWS\System32\nview.dll [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- D:\WINDOWS\System32\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelFrench.dll [2008.09.13 11:35:10 | 000,354,816 | ---- | C] () -- D:\WINDOWS\System32\psisdecd.dll [2008.01.27 15:43:10 | 000,006,400 | ---- | C] () -- D:\WINDOWS\System32\JOXW0EB.DLL [2007.10.27 01:09:08 | 000,001,028 | ---- | C] () -- D:\WINDOWS\ARCHPR.INI [2007.10.26 15:35:10 | 000,000,063 | ---- | C] () -- D:\WINDOWS\mdm.ini [2007.10.26 15:34:40 | 000,000,403 | ---- | C] () -- D:\WINDOWS\ODBC.INI [2007.09.17 17:47:43 | 000,163,840 | ---- | C] () -- D:\WINDOWS\System32\unrar.dll [2007.09.17 17:47:41 | 001,559,040 | ---- | C] () -- D:\WINDOWS\System32\xvidcore.dll [2007.09.17 17:47:41 | 000,282,624 | ---- | C] () -- D:\WINDOWS\System32\xvidvfw.dll [2007.09.17 17:47:40 | 003,596,288 | ---- | C] () -- D:\WINDOWS\System32\qt-dx331.dll [2007.09.17 17:47:40 | 000,007,680 | ---- | C] () -- D:\WINDOWS\System32\ff_vfw.dll [2007.09.17 17:47:40 | 000,000,547 | ---- | C] () -- D:\WINDOWS\System32\ff_vfw.dll.manifest [2007.09.15 14:19:58 | 000,010,240 | ---- | C] () -- D:\WINDOWS\System32\vidx16.dll [2007.09.11 17:55:54 | 000,022,328 | ---- | C] () -- D:\WINDOWS\System32\drivers\PnkBstrK.sys [2007.09.11 17:55:33 | 000,000,313 | ---- | C] () -- D:\WINDOWS\game.ini [2007.09.11 14:23:23 | 000,000,878 | ---- | C] () -- D:\WINDOWS\prio.ini [2007.09.11 13:17:51 | 000,000,135 | ---- | C] () -- D:\WINDOWS\System32\prio.ini [2007.09.11 13:06:59 | 000,005,810 | R--- | C] () -- D:\WINDOWS\System32\drivers\ASACPI.sys [2007.09.11 13:06:58 | 000,015,611 | ---- | C] () -- D:\WINDOWS\Ascd_tmp.ini [2007.09.11 13:06:46 | 000,010,288 | ---- | C] () -- D:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2007.09.11 13:02:46 | 000,005,627 | R--- | C] () -- D:\WINDOWS\System32\Ludap17.ini [2007.09.11 13:02:46 | 000,000,039 | R--- | C] () -- D:\WINDOWS\System32\ctzapxx.ini [2006.12.08 14:02:30 | 000,230,424 | ---- | C] () -- D:\WINDOWS\ptm_nt.dll [2005.05.03 13:38:42 | 000,064,512 | R--- | C] () -- D:\WINDOWS\System32\P17.dll [2003.10.02 12:48:18 | 000,053,248 | R--- | C] () -- D:\WINDOWS\System32\P17CPI.dll [1999.01.22 19:46:58 | 000,065,536 | ---- | C] () -- D:\WINDOWS\System32\MSRTEDIT.DLL < End of report > |
![]() | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Antivir Solution Pro entfernt - was muss noch entfernt werden? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten ![]() |
![]() | #5 |
![]() | ![]() Antivir Solution Pro entfernt - was muss noch entfernt werden? Als Combofix etwas gefunden hat, wurde mein Pc neugestartet, danach hat sich Steam automatisch gestartet, als in dem Fenster noch stand, ich solle kein anderes Program starten. Ich hoffe das ist kein Problem. Hier also das log von Combofix: Combofix Logfile: Code:
ATTFilter ComboFix 10-07-22.06 - Simon 23.07.2010 21:19:32.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.2047.1438 [GMT 2:00] ausgeführt von:: d:\dokumente und einstellungen\Simon\Desktop\cofi.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . d:\dokumente und einstellungen\Simon\Favoriten\Videos.url d:\windows\settings.reg d:\windows\system32\_000111_.tmp.dll d:\windows\system32\Data d:\windows\system32\userinitxx.exe Infizierte Kopie von d:\windows\system32\userinit.exe wurde gefunden und desinfiziert Kopie von - d:\windows\system32\dllcache\userinit.exe wurde wiederhergestellt . ((((((((((((((((((((((( Dateien erstellt von 2010-06-23 bis 2010-07-23 )))))))))))))))))))))))))))))) . 2010-07-23 11:40 . 2010-07-23 11:40 -------- d-----w- D:\rsit 2010-07-23 11:40 . 2010-07-23 11:40 -------- d-----w- d:\programme\trend micro 2010-07-23 10:51 . 2010-07-23 10:51 -------- d-----w- d:\programme\CCleaner 2010-07-23 09:31 . 2010-07-23 09:31 -------- d-----w- d:\dokumente und einstellungen\Simon\Anwendungsdaten\Malwarebytes 2010-07-23 09:31 . 2010-04-29 10:19 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys 2010-07-23 09:31 . 2010-07-23 09:31 -------- d-----w- d:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes 2010-07-23 09:31 . 2010-04-29 10:19 20952 ----a-w- d:\windows\system32\drivers\mbam.sys 2010-07-23 09:31 . 2010-07-23 11:51 -------- d-----w- d:\programme\Malwarebytes' Anti-Malware 2010-07-22 20:09 . 2010-07-23 13:00 -------- d-----w- d:\windows\system32\NtmsData 2010-07-22 20:08 . 2010-07-23 10:41 -------- d-----w- d:\dokumente und einstellungen\Simon\Lokale Einstellungen\Anwendungsdaten\dhtqnwkid 2010-07-17 20:19 . 2010-07-17 20:19 452104 ----a-w- d:\dokumente und einstellungen\Simon\Anwendungsdaten\Real\Update\setup3.12\setup.exe 2010-07-14 09:16 . 2010-06-14 14:31 744448 -c----w- d:\windows\system32\dllcache\helpsvc.exe 2010-07-11 15:11 . 2010-07-11 15:11 -------- d-----w- d:\dokumente und einstellungen\Simon\Anwendungsdaten\Avira . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-22 20:29 . 2009-01-13 20:03 -------- d-----w- d:\dokumente und einstellungen\Simon\Anwendungsdaten\uTorrent 2010-07-20 14:34 . 2009-11-03 14:53 -------- d-----w- d:\dokumente und einstellungen\Simon\Anwendungsdaten\vlc 2010-07-16 19:20 . 2009-01-22 19:23 -------- d-----w- d:\dokumente und einstellungen\Simon\Anwendungsdaten\Mumble 2010-07-01 21:03 . 2007-09-11 11:18 -------- d-----w- d:\dokumente und einstellungen\Simon\Anwendungsdaten\Xfire 2010-06-30 20:20 . 2010-04-20 13:18 439816 ----a-w- d:\dokumente und einstellungen\Simon\Anwendungsdaten\Real\Update\setup3.10\setup.exe 2010-06-23 09:04 . 2001-08-18 12:00 84864 ----a-w- d:\windows\system32\perfc007.dat 2010-06-23 09:04 . 2001-08-18 12:00 459138 ----a-w- d:\windows\system32\perfh007.dat 2010-06-14 14:31 . 2007-09-11 10:28 744448 ----a-w- d:\windows\PCHEALTH\HELPCTR\Binaries\helpsvc.exe 2010-06-09 19:15 . 2010-04-26 13:48 -------- d-----w- d:\programme\TeamSpeak 3 Client 2010-06-04 12:31 . 2010-02-15 23:12 -------- d-----w- d:\programme\Microsoft Silverlight 2010-06-03 12:25 . 2010-06-03 12:25 503808 ----a-w- d:\dokumente und einstellungen\Simon\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5bf6e300-n\msvcp71.dll 2010-06-03 12:25 . 2010-06-03 12:25 499712 ----a-w- d:\dokumente und einstellungen\Simon\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5bf6e300-n\jmc.dll 2010-06-03 12:25 . 2010-06-03 12:25 348160 ----a-w- d:\dokumente und einstellungen\Simon\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5bf6e300-n\msvcr71.dll 2010-06-03 12:25 . 2010-06-03 12:25 61440 ----a-w- d:\dokumente und einstellungen\Simon\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-467c64ad-n\decora-sse.dll 2010-06-03 12:25 . 2010-06-03 12:25 12800 ----a-w- d:\dokumente und einstellungen\Simon\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-467c64ad-n\decora-d3d.dll 2010-05-04 17:14 . 2001-08-18 12:00 832512 ----a-w- d:\windows\system32\wininet.dll 2010-05-04 17:14 . 2007-09-11 10:43 78336 ----a-w- d:\windows\system32\ieencode.dll 2010-05-04 17:14 . 2001-08-18 12:00 17408 ------w- d:\windows\system32\corpol.dll 2010-05-02 08:05 . 2001-08-18 12:00 1851392 ----a-w- d:\windows\system32\win32k.sys 2006-05-03 09:06 . 2009-08-23 20:18 163328 --sh--r- d:\windows\system32\flvDX.dll 2007-02-21 10:47 . 2009-08-23 20:18 31232 --sh--r- d:\windows\system32\msfDX.dll 2008-03-16 12:30 . 2009-08-23 20:18 216064 --sh--r- d:\windows\system32\nbDX.dll . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="d:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-12 68856] "Steam"="c:\programme\valve\steam\steam.exe" [2010-05-07 1238352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "zBrowser Launcher"="d:\programme\Logitech\iTouch\iTouch.exe" [2003-12-01 892928] "CTSysVol"="d:\programme\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344] "P17Helper"="P17.dll" [2005-05-03 64512] "UpdReg"="d:\windows\UpdReg.EXE" [2000-05-10 90112] "QuickTime Task"="d:\programme\QuickTime\qttask.exe" [2007-06-29 286720] "iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2007-09-14 267064] "HP Software Update"="d:\programme\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304] "NeroCheck"="d:\windows\system32\\NeroCheck.exe" [2001-07-09 155648] "TkBellExe"="d:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2007-11-17 185896] "NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2009-06-10 13758464] "nwiz"="nwiz.exe" [2009-06-10 1657376] "NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2009-06-10 86016] "avgnt"="d:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792] "SunJavaUpdateSched"="d:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-02-18 248040] "FreePDF Assistant"="d:\programme\FreePDF_XP\fpassist.exe" [2009-09-05 385024] "Adobe Reader Speed Launcher"="d:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368] "Adobe ARM"="d:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "XboxStat"="d:\programme\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 718688] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="d:\windows\System32\CTFMON.EXE" [2008-04-14 15360] d:\dokumente und einstellungen\Simon\Startmen\Programme\Autostart\ Verknpfung mit gapa.lnk - c:\programme\Gamma panel\gapa.exe [2007-10-6 116224] d:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\ HP Digital Imaging Monitor.lnk - d:\programme\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048] HP Image Zone Schnellstart.lnk - d:\programme\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248] Logitech Desktop Messenger.lnk - c:\programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-4-14 169472] Logitech SetPoint.lnk - d:\programme\Logitech\SetPoint\SetPoint.exe [2008-7-18 805392] Microsoft Office.lnk - d:\programme\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 00:42 72208 ----a-w- d:\programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=d:\windows\system32\prio.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "d:\\Programme\\Xfire\\xfire.exe"= "c:\\Programme\\eMule\\emule.exe"= "c:\\Programme\\HLSW\\hlsw.exe"= "d:\\WINDOWS\\system32\\PnkBstrA.exe"= "d:\\WINDOWS\\system32\\PnkBstrB.exe"= "d:\\Programme\\HLSW\\hlsw.exe"= "c:\\Dokumente und Einstellungen\\Simon\\Desktop\\mirc.exe"= "d:\\Programme\\BitTorrent_DNA\\dna.exe"= "c:\\Programme\\iTunes\\iTunes.exe"= "c:\\Programme\\Valve\\Steam\\steam.exe"= "c:\\Programme\\ICQ6\\ICQ.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "d:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\NexonUS\\NGM\\NGM.exe"= "c:\\Programme\\Zattoo\\zattood.exe"= "c:\\Programme\\Zattoo\\Zattoo2.exe"= "s:\\Programme\\mIRC\\mirc.exe"= "c:\\Programme\\Mozilla Firefox\\firefox.exe"= "c:\\Programme\\Zattoo\\Zattoo.exe"= "s:\\Programme\\uTorrent.exe"= "c:\\Programme\\Valve\\Steam\\SteamApps\\scad2001\\counter-strike source\\hl2.exe"= "s:\\Programme\\NBA 2k10\\Image\\nba2k10.exe"= "d:\\Programme\\PFPortChecker\\PFPortChecker.exe"= "d:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"= "d:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"= "d:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe"= "s:\\Programme\\NBA 2k10\\Image\\nba2k10U.exe"= "g:\\Programme\\Konami\\Pro Evolution Soccer 2010\\pes2010.exe"= "c:\\Programme\\Valve\\Steam\\SteamApps\\garzelli\\counter-strike source\\hl2.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "19527:TCP"= 19527:TCP:BitComet 19527 TCP "19527:UDP"= 19527:UDP:BitComet 19527 UDP R0 Lbd;Lbd;d:\windows\system32\drivers\Lbd.sys [18.01.2010 16:07 64288] R2 AntiVirSchedulerService;Avira AntiVir Planer;d:\programme\Avira\AntiVir Desktop\sched.exe [01.09.2009 14:31 135336] R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;d:\windows\system32\drivers\atl01_xp.sys [11.09.2007 13:07 38656] R3 DDCCI;DDC/CI monitor;d:\windows\system32\drivers\Moni2c.sys [21.01.2010 12:59 6494] S2 gupdate;Google Update Service (gupdate);d:\programme\Google\Update\GoogleUpdate.exe [17.02.2010 17:01 135664] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"d:\programme\Lavasoft\Ad-Aware\AAWService.exe" --> d:\programme\Lavasoft\Ad-Aware\AAWService.exe [?] S3 NDSPCIIO;NDSPCIIO;\??\d:\windows\system32\DRIVERS\NDSPCIIO.SYS --> d:\windows\system32\DRIVERS\NDSPCIIO.SYS [?] . Inhalt des "geplante Tasks" Ordners 2010-07-23 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job - d:\programme\Google\Update\GoogleUpdate.exe [2010-02-17 15:01] 2010-07-23 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job - d:\programme\Google\Update\GoogleUpdate.exe [2010-02-17 15:01] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.ch/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = <local> uInternet Settings,ProxyServer = http= uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Google Sidewiki... - d:\programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html FF - ProfilePath - d:\dokumente und einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\zr6i4l94.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.ch/ FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll FF - plugin: c:\programme\iTunes\Mozilla Plugins\npitunes.dll FF - plugin: c:\programme\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: d:\programme\Google\Update\\npGoogleOneClick8.dll FF - plugin: d:\programme\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX Richtlinien ---- c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\programme\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\programme\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\programme\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - Entfernte verwaiste Registrierungseinträge - - - - AddRemove-SupportLicenseNew - d:\dokume~1\LOCALS~1\ANWEND~1\BALLBA~1\Mpeg gram.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2010-07-23 21:25 Windows 5.1.2600 Service Pack 3 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_USERS\S-1-5-21-1844237615-2077806209-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:c3,a9,98,02,16,2c,dc,a5,c7,f7,45,ce,0e,9a,dd,12,5b,e0,cd,e3,0e,1e,07, 43,a3,e9,7a,eb,fc,00,30,eb,ca,f8,5b,ac,b3,b6,9e,c3,92,12,08,37,5f,98,9a,a0,\ "??"=hex:f7,77,4b,00,bf,9a,b1,a3,9d,ef,22,40,32,27,dd,2d [HKEY_USERS\S-1-5-21-1844237615-2077806209-839522115-1004\Software\SecuROM\License information*] "datasecu"=hex:28,7b,35,05,c1,04,40,dd,17,ab,9f,8b,59,68,3a,80,f6,77,40,0f,b3, af,d4,8a,96,7e,8a,c4,a2,70,c6,dc,89,92,a5,be,c9,57,74,18,40,55,6d,61,43,1f,\ "rkeysecu"=hex:e0,43,b5,39,10,95,58,c8,3d,be,0e,54,d7,7d,6d,a6 . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'winlogon.exe'(696) d:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll d:\programme\gemeinsame dateien\logishrd\bluetooth\LBTServ.dll - - - - - - - > 'explorer.exe'(2976) d:\programme\Logitech\SetPoint\GameHook.dll d:\programme\Logitech\SetPoint\lgscroll.dll d:\programme\Logitech\iTouch\iTchHk.dll d:\progra~1\WINDOW~3\wmpband.dll d:\programme\Gemeinsame Dateien\Logitech\Scrolling\LgMsgHk.dll . ------------------------ Weitere laufende Prozesse ------------------------ . d:\windows\system32\nvsvc32.exe d:\programme\Lavasoft\Ad-Aware 2007\aawservice.exe d:\programme\Avira\AntiVir Desktop\avguard.exe d:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe d:\programme\Java\jre6\bin\jqs.exe d:\programme\Avira\AntiVir Desktop\avshadow.exe d:\windows\system32\PnkBstrA.exe d:\programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe d:\windows\system32\Rundll32.exe d:\windows\system32\RUNDLL32.EXE d:\windows\System32\wdfmgr.exe d:\programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE d:\programme\HP\Digital Imaging\bin\hpqgalry.exe d:\programme\iPod\bin\iPodService.exe d:\windows\System32\wbem\wmiapsrv.exe . ************************************************************************** . Zeit der Fertigstellung: 2010-07-23 21:29:22 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2010-07-23 19:29 Vor Suchlauf: 3.421.065.216 Bytes frei Nach Suchlauf: 3.653.459.968 Bytes frei WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptOut - - End Of File - - F3F9ABA4C70204AEABD9F163F4F45FE9 |
![]() | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Antivir Solution Pro entfernt - was muss noch entfernt werden? Ah ok, dann mach bitte nun neue OTL-Logs. Die Extras.txt brauch ich nicht nochmal.
__________________ --> Antivir Solution Pro entfernt - was muss noch entfernt werden? |
![]() | #7 |
![]() | ![]() Antivir Solution Pro entfernt - was muss noch entfernt werden? Hier die OTL log: OTL Logfile: Code:
ATTFilter OTL logfile created on: 23.07.2010 22:06:58 - Run 3 OTL by OldTimer - Version Folder = D:\Dokumente und Einstellungen\Simon\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 67,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 85,00% Paging File free Paging file location(s): D:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Programme Drive C: | 128,97 Gb Total Space | 1,50 Gb Free Space | 1,16% Space Free | Partition Type: NTFS Drive D: | 24,41 Gb Total Space | 3,42 Gb Free Space | 14,01% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 7,36 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive G: | 25,39 Gb Total Space | 0,55 Gb Free Space | 2,17% Space Free | Partition Type: NTFS H: Drive not present or media not loaded I: Drive not present or media not loaded Drive S: | 207,49 Gb Total Space | 0,36 Gb Free Space | 0,17% Space Free | Partition Type: NTFS Computer Name: SIMON-KYZTKN13I Current User Name: Simon Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - D:\Dokumente und Einstellungen\Simon\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - D:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - D:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - D:\Programme\Microsoft Xbox 360 Accessories\XBoxStat.exe (Microsoft Corporation) PRC - D:\Programme\FreePDF_XP\fpassist.exe (shbox.de) PRC - D:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - D:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) PRC - D:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.) PRC - D:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - D:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - D:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - D:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.) PRC - D:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft AB) PRC - D:\Programme\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd) PRC - D:\Programme\Logitech\iTouch\iTouch.exe (Logitech Inc.) PRC - C:\Programme\Gamma panel\gapa.exe (Tomasz Porosiński) ========== Modules (SafeList) ========== MOD - D:\Dokumente und Einstellungen\Simon\Desktop\OTL.exe (OldTimer Tools) MOD - D:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll (Microsoft Corporation) MOD - D:\Programme\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.) MOD - D:\Programme\Logitech\SetPoint\GameHook.dll (Logitech, Inc.) MOD - D:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) MOD - D:\WINDOWS\system32\prio.dll (O&K Software) MOD - D:\Programme\Logitech\iTouch\itchhk.dll (Logitech Inc.) MOD - D:\Programme\Gemeinsame Dateien\Logitech\Scrolling\LGMSGHK.DLL (Logitech Inc.) ========== Win32 Services (SafeList) ========== SRV - (wuauserv) -- C:\WINDOWS\system32\wuauserv.dll File not found SRV - (Lavasoft Ad-Aware Service) -- D:\Programme\Lavasoft\Ad-Aware\AAWService.exe File not found SRV - (HidServ) -- D:\WINDOWS\System32\hidserv.dll File not found SRV - (AppMgmt) -- D:\WINDOWS\System32\appmgmts.dll File not found SRV - (AntiVirService) -- D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (fsssvc) -- D:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (SeaPort) -- D:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (LBTServ) -- D:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (Apple Mobile Device) -- D:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.) SRV - (aawservice) -- D:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft AB) SRV - (IDriverT) -- D:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (Pml Driver HPZ12) -- D:\WINDOWS\system32\HPZipm12.exe (HP) ========== Driver Services (SafeList) ========== DRV - (NDSPCIIO) -- D:\WINDOWS\System32\DRIVERS\NDSPCIIO.SYS File not found DRV - (catchme) -- D:\cofi\catchme.sys File not found DRV - (avipbb) -- D:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- D:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (DDCCI) -- D:\WINDOWS\system32\drivers\Moni2c.sys (Mitsubishi Electric , NEC-Mitsubishi Electric Visual Systems) DRV - (Lbd) -- D:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (xusb21) -- D:\WINDOWS\system32\drivers\xusb21.sys (Microsoft Corporation) DRV - (fssfltr) -- D:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation) DRV - (nv) -- D:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (ssmdrv) -- D:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- D:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (HDAudBus) -- D:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (LUsbFilt) -- D:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.) DRV - (LMouFilt) -- D:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- D:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (L8042Kbd) -- D:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.) DRV - (hamachi) -- D:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (AtcL001) -- D:\WINDOWS\system32\drivers\atl01_xp.sys (Attansic Technology corporation.) DRV - (P17) -- D:\WINDOWS\system32\drivers\P17.sys (Creative Technology Ltd.) DRV - (ossrv) -- D:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV - (ctsfm2k) -- D:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV - (MTsensor) -- D:\WINDOWS\system32\drivers\ASACPI.sys () DRV - (itchfltr) -- D:\WINDOWS\system32\drivers\itchfltr.sys (Logitech, Inc.) DRV - (LHidUsb) -- D:\WINDOWS\system32\drivers\LHidUsb.sys (Logitech, Inc.) DRV - (WmFilter) -- D:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.) DRV - (WmBEnum) -- D:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.) DRV - (WmXlCore) -- D:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.) DRV - (WmVirHid) -- D:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.) DRV - (Aspi32) -- D:\WINDOWS\System32\drivers\aspi32.sys (Adaptec) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http= ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.ch/" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.07.21 23:08:04 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.07.21 23:08:04 | 000,000,000 | ---D | M] [2008.08.26 23:45:10 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Extensions [2010.07.23 11:38:15 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\zr6i4l94.default\extensions [2010.04.27 16:23:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- D:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\zr6i4l94.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.07.10 23:35:55 | 000,000,000 | ---D | M] (Adblock Plus) -- D:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Mozilla\Firefox\Profiles\zr6i4l94.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} O1 HOSTS File: ([2010.07.23 21:24:21 | 000,000,027 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - No CLSID value found. O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - D:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Programme\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - D:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - D:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - D:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - D:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - D:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [Adobe ARM] D:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] D:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CTSysVol] D:\Programme\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd) O4 - HKLM..\Run: [FreePDF Assistant] D:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] D:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [NeroCheck] D:\WINDOWS\System32\\NeroCheck.exe () O4 - HKLM..\Run: [NvCplDaemon] D:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] D:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] D:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [P17Helper] D:\WINDOWS\System32\P17.dll () O4 - HKLM..\Run: [SunJavaUpdateSched] D:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TkBellExe] D:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [UpdReg] D:\WINDOWS\Updreg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [XboxStat] D:\Programme\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation) O4 - HKLM..\Run: [zBrowser Launcher] D:\Programme\Logitech\iTouch\iTouch.exe (Logitech Inc.) O4 - HKCU..\Run: [Steam] c:\programme\valve\steam\steam.exe (Valve Corporation) O4 - HKCU..\Run: [swg] D:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - Startup: D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\HP Image Zone Schnellstart.lnk = D:\Programme\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.) O4 - Startup: D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech) O4 - Startup: D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = D:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) O4 - Startup: D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = D:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O4 - Startup: D:\Dokumente und Einstellungen\Simon\Startmenü\Programme\Autostart\Verknüpfung mit gapa.lnk = C:\Programme\Gamma panel\gapa.exe (Tomasz Porosiński) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Google Sidewiki... - D:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - Reg Error: Key error. File not found O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.) O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} hxxp://www.streamplug.com/StreamPlug/beta/SP.cab (StreamPlug Class) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx (Get_ActiveX Control) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - D:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - AppInit_DLLs: (D:\WINDOWS\system32\prio.dll) - D:\WINDOWS\system32\prio.dll (O&K Software) O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\LBTWlgn: DllName - d:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll - d:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: D:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: D:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.09.11 12:29:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009.09.04 08:10:22 | 000,214,408 | R--- | M] (Konami Digital Entertainment Co., Ltd.) - F:\autorun.exe -- [ UDF ] O32 - AutoRun File - [2009.09.04 08:10:22 | 000,000,047 | R--- | M] () - F:\Autorun.inf -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - D:\WINDOWS\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.07.23 22:04:08 | 000,574,976 | ---- | C] (OldTimer Tools) -- D:\Dokumente und Einstellungen\Simon\Desktop\OTL.exe [2010.07.23 21:16:50 | 000,212,480 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWXCACLS.exe [2010.07.23 21:16:50 | 000,161,792 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWREG.exe [2010.07.23 21:16:50 | 000,136,704 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWSC.exe [2010.07.23 21:16:50 | 000,031,232 | ---- | C] (NirSoft) -- D:\WINDOWS\NIRCMD.exe [2010.07.23 21:16:47 | 000,000,000 | ---D | C] -- D:\WINDOWS\ERDNT [2010.07.23 21:16:20 | 000,000,000 | ---D | C] -- D:\Qoobox [2010.07.23 21:12:55 | 000,000,000 | RH-D | C] -- D:\Dokumente und Einstellungen\Simon\Recent [2010.07.23 13:40:13 | 000,000,000 | ---D | C] -- D:\Programme\trend micro [2010.07.23 13:40:13 | 000,000,000 | ---D | C] -- D:\rsit [2010.07.23 12:51:33 | 000,000,000 | ---D | C] -- D:\Programme\CCleaner [2010.07.23 11:31:36 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Malwarebytes [2010.07.23 11:31:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.07.23 11:31:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbam.sys [2010.07.23 11:31:27 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.07.23 11:31:26 | 000,000,000 | ---D | C] -- D:\Programme\Malwarebytes' Anti-Malware [2010.07.22 22:09:51 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\NtmsData [2010.07.22 22:08:50 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\Simon\Lokale Einstellungen\Anwendungsdaten\dhtqnwkid [2010.07.14 11:16:55 | 000,744,448 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\helpsvc.exe [2010.07.11 17:11:08 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Avira [2002.04.11 03:41:06 | 000,065,536 | R--- | C] ( ) -- D:\WINDOWS\System32\A3d.dll [4 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ] [1 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.07.23 21:25:14 | 000,000,227 | ---- | M] () -- D:\WINDOWS\system.ini [2010.07.23 21:24:34 | 000,054,156 | -H-- | M] () -- D:\WINDOWS\QTFont.qfn [2010.07.23 21:24:27 | 000,235,289 | ---- | M] () -- D:\WINDOWS\System32\NvApps.xml [2010.07.23 21:24:21 | 000,000,027 | ---- | M] () -- D:\WINDOWS\System32\drivers\etc\hosts [2010.07.23 21:24:17 | 000,001,084 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010.07.23 21:24:13 | 000,000,006 | -H-- | M] () -- D:\WINDOWS\tasks\SA.DAT [2010.07.23 21:24:11 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat [2010.07.23 21:22:57 | 029,097,984 | -H-- | M] () -- D:\Dokumente und Einstellungen\Simon\NTUSER.DAT [2010.07.23 21:22:57 | 000,000,190 | -HS- | M] () -- D:\Dokumente und Einstellungen\Simon\ntuser.ini [2010.07.23 21:11:34 | 003,742,303 | R--- | M] () -- D:\Dokumente und Einstellungen\Simon\Desktop\cofi.exe [2010.07.23 20:19:28 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\Dokumente und Einstellungen\Simon\Desktop\OTL.exe [2010.07.23 20:17:08 | 000,001,088 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010.07.23 16:31:50 | 000,097,792 | ---- | M] () -- D:\Dokumente und Einstellungen\Simon\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.07.23 13:01:37 | 000,002,422 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl [2010.07.23 12:51:34 | 000,000,656 | ---- | M] () -- D:\Dokumente und Einstellungen\Simon\Desktop\CCleaner.lnk [2010.07.23 11:31:30 | 000,000,678 | ---- | M] () -- D:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.23 11:14:38 | 000,363,520 | ---- | M] () -- D:\Dokumente und Einstellungen\Simon\Desktop\rkill.com [2010.07.22 22:37:02 | 000,002,047 | ---- | M] () -- D:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [2010.07.13 20:38:54 | 000,019,456 | ---- | M] () -- D:\Dokumente und Einstellungen\Simon\Eigene Dateien\ts ip.doc [2010.07.13 20:38:41 | 000,002,477 | ---- | M] () -- D:\Dokumente und Einstellungen\Simon\Desktop\Microsoft Word.lnk [2010.07.13 16:01:34 | 001,579,986 | -H-- | M] () -- D:\Dokumente und Einstellungen\Simon\Lokale Einstellungen\Anwendungsdaten\IconCache.db [2010.06.29 22:01:41 | 000,017,408 | ---- | M] () -- D:\Dokumente und Einstellungen\Simon\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db [4 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ] [1 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.07.23 21:16:50 | 000,256,512 | ---- | C] () -- D:\WINDOWS\PEV.exe [2010.07.23 21:16:50 | 000,098,816 | ---- | C] () -- D:\WINDOWS\sed.exe [2010.07.23 21:16:50 | 000,080,412 | ---- | C] () -- D:\WINDOWS\grep.exe [2010.07.23 21:16:50 | 000,077,312 | ---- | C] () -- D:\WINDOWS\MBR.exe [2010.07.23 21:16:50 | 000,068,096 | ---- | C] () -- D:\WINDOWS\zip.exe [2010.07.23 21:11:49 | 003,742,303 | R--- | C] () -- D:\Dokumente und Einstellungen\Simon\Desktop\cofi.exe [2010.07.23 12:51:34 | 000,000,656 | ---- | C] () -- D:\Dokumente und Einstellungen\Simon\Desktop\CCleaner.lnk [2010.07.23 11:31:30 | 000,000,678 | ---- | C] () -- D:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.23 11:27:11 | 000,363,520 | ---- | C] () -- D:\Dokumente und Einstellungen\Simon\Desktop\rkill.com [2010.07.13 20:38:53 | 000,019,456 | ---- | C] () -- D:\Dokumente und Einstellungen\Simon\Eigene Dateien\ts ip.doc [2010.03.28 20:18:12 | 000,116,224 | ---- | C] () -- D:\WINDOWS\System32\redmonnt.dll [2010.03.05 02:11:22 | 000,041,872 | ---- | C] () -- D:\WINDOWS\System32\xfcodec.dll [2009.08.23 22:19:12 | 000,027,648 | ---- | C] () -- D:\WINDOWS\System32\AVSredirect.dll [2009.06.10 08:29:34 | 001,724,416 | ---- | C] () -- D:\WINDOWS\System32\nvwdmcpl.dll [2009.06.10 08:29:34 | 001,101,824 | ---- | C] () -- D:\WINDOWS\System32\nvwimg.dll [2009.06.10 08:29:34 | 000,466,944 | ---- | C] () -- D:\WINDOWS\System32\nvshell.dll [2009.06.10 08:29:32 | 001,507,328 | ---- | C] () -- D:\WINDOWS\System32\nview.dll [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- D:\WINDOWS\System32\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelFrench.dll [2008.09.13 11:35:10 | 000,354,816 | ---- | C] () -- D:\WINDOWS\System32\psisdecd.dll [2008.01.27 15:43:10 | 000,006,400 | ---- | C] () -- D:\WINDOWS\System32\JOXW0EB.DLL [2007.10.27 01:09:08 | 000,001,028 | ---- | C] () -- D:\WINDOWS\ARCHPR.INI [2007.10.26 15:35:10 | 000,000,063 | ---- | C] () -- D:\WINDOWS\mdm.ini [2007.10.26 15:34:40 | 000,000,403 | ---- | C] () -- D:\WINDOWS\ODBC.INI [2007.09.17 17:47:43 | 000,163,840 | ---- | C] () -- D:\WINDOWS\System32\unrar.dll [2007.09.17 17:47:41 | 001,559,040 | ---- | C] () -- D:\WINDOWS\System32\xvidcore.dll [2007.09.17 17:47:41 | 000,282,624 | ---- | C] () -- D:\WINDOWS\System32\xvidvfw.dll [2007.09.17 17:47:40 | 003,596,288 | ---- | C] () -- D:\WINDOWS\System32\qt-dx331.dll [2007.09.17 17:47:40 | 000,007,680 | ---- | C] () -- D:\WINDOWS\System32\ff_vfw.dll [2007.09.17 17:47:40 | 000,000,547 | ---- | C] () -- D:\WINDOWS\System32\ff_vfw.dll.manifest [2007.09.15 14:19:58 | 000,010,240 | ---- | C] () -- D:\WINDOWS\System32\vidx16.dll [2007.09.11 17:55:54 | 000,022,328 | ---- | C] () -- D:\WINDOWS\System32\drivers\PnkBstrK.sys [2007.09.11 17:55:33 | 000,000,313 | ---- | C] () -- D:\WINDOWS\game.ini [2007.09.11 14:23:23 | 000,000,878 | ---- | C] () -- D:\WINDOWS\prio.ini [2007.09.11 13:17:51 | 000,000,135 | ---- | C] () -- D:\WINDOWS\System32\prio.ini [2007.09.11 13:06:59 | 000,005,810 | R--- | C] () -- D:\WINDOWS\System32\drivers\ASACPI.sys [2007.09.11 13:06:58 | 000,015,611 | ---- | C] () -- D:\WINDOWS\Ascd_tmp.ini [2007.09.11 13:06:46 | 000,010,288 | ---- | C] () -- D:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2007.09.11 13:02:46 | 000,005,627 | R--- | C] () -- D:\WINDOWS\System32\Ludap17.ini [2007.09.11 13:02:46 | 000,000,039 | R--- | C] () -- D:\WINDOWS\System32\ctzapxx.ini [2006.12.08 14:02:30 | 000,230,424 | ---- | C] () -- D:\WINDOWS\ptm_nt.dll [2005.05.03 13:38:42 | 000,064,512 | R--- | C] () -- D:\WINDOWS\System32\P17.dll [2003.10.02 12:48:18 | 000,053,248 | R--- | C] () -- D:\WINDOWS\System32\P17CPI.dll [1999.01.22 19:46:58 | 000,065,536 | ---- | C] () -- D:\WINDOWS\System32\MSRTEDIT.DLL < End of report > |
![]() | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Antivir Solution Pro entfernt - was muss noch entfernt werden? Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http= O2 - BHO: (no name) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - No CLSID value found. O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 :Commands [purity] [resethosts] [emptytemp] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten ![]() |
![]() | #9 |
![]() | ![]() Antivir Solution Pro entfernt - was muss noch entfernt werden? OK hab ich gemacht, nach dem Neustart kam dieses logfile: All processes killed ========== OTL ========== HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully. Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully. ========== COMMANDS ========== D:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32835 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Simon ->Temp folder emptied: 36836 bytes ->Temporary Internet Files folder emptied: 32902 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 53270957 bytes ->Flash cache emptied: 7072 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 1138908 bytes %systemroot%\System32 .tmp files removed: 2951 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes RecycleBin emptied: 113342 bytes Total Files Cleaned = 52,00 mb OTL by OldTimer - Version log created on 07232010_230251 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
![]() | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Antivir Solution Pro entfernt - was muss noch entfernt werden? Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus. Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen. Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.
__________________ Logfiles bitte immer in CODE-Tags posten ![]() |
![]() | #11 |
![]() | ![]() Antivir Solution Pro entfernt - was muss noch entfernt werden? Also GMER ist 2 mal abgestürzt, aber das osam log hab ich: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 16:19:47 on 24.07.2010 OS: Windows XP Home Edition Service Pack 3 (Build 2600) Default Browser: Mozilla Corporation Firefox 3.6.8 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [AppInit DLLs] -----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )----- "AppInit_DLLs" - "O&K Software" - D:\WINDOWS\system32\prio.dll [Boot Execute] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )----- "BootExecute" - ? - D:\WINDOWS\system32\lsdelete.exe (File found, but it contains no detailed information) [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - D:\Programme\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - D:\Programme\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "infocardcpl.cpl" - "Microsoft Corporation" - D:\WINDOWS\system32\infocardcpl.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - D:\WINDOWS\system32\javacpl.cpl "nvcpl.cpl" - "NVIDIA Corporation" - D:\WINDOWS\system32\nvcpl.cpl "nvtuicpl.cpl" - "NVIDIA Corporation" - D:\WINDOWS\system32\nvtuicpl.cpl "PhysX.cpl" - "NVIDIA Corporation" - D:\WINDOWS\system32\PhysX.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - D:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl "Avira AntiVir PersonalEdition Classic" - ? - D:\PROGRA~1\ANTIVI~1\avconfig.cpl (File not found) "DeviceControl" - "Creative Technology Ltd." - D:\Programme\Creative\SBAudigy\Device Control\USBAudio.cpl "QuickTime" - "Apple Inc." - D:\Programme\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Aspi32" (Aspi32) - "Adaptec" - D:\WINDOWS\system32\drivers\Aspi32.sys "avgio" (avgio) - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - D:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - D:\WINDOWS\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - D:\cofi\catchme.sys (File not found) "Changer" (Changer) - ? - D:\WINDOWS\system32\drivers\Changer.sys (File not found) "DDC/CI monitor" (DDCCI) - "Mitsubishi Electric , NEC-Mitsubishi Electric Visual Systems" - D:\WINDOWS\System32\DRIVERS\Moni2c.sys "FssFltr" (fssfltr) - "Microsoft Corporation" - D:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys "GEARAspiWDM" (GEARAspiWDM) - "GEAR Software Inc." - D:\WINDOWS\System32\Drivers\GEARAspiWDM.sys "Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - D:\WINDOWS\System32\DRIVERS\hamachi.sys "i2omgmt" (i2omgmt) - ? - D:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "Lbd" (Lbd) - "Lavasoft AB" - D:\WINDOWS\System32\DRIVERS\Lbd.sys "lbrtfdc" (lbrtfdc) - ? - D:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "NDSPCIIO" (NDSPCIIO) - ? - D:\WINDOWS\system32\DRIVERS\NDSPCIIO.SYS (File not found) "PCIDump" (PCIDump) - ? - D:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - D:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - D:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - D:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - D:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "ssmdrv" (ssmdrv) - "Avira GmbH" - D:\WINDOWS\System32\DRIVERS\ssmdrv.sys "WDICA" (WDICA) - ? - D:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - D:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - D:\WINDOWS\system32\Rundll32.exe D:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - D:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - D:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - D:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - D:\WINDOWS\system32\mscoree.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - D:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - D:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - D:\Programme\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - D:\Programme\Windows Live\Mail\mailcomm.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - D:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - D:\WINDOWS\system32\nvshell.dll {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - D:\WINDOWS\system32\nvcpl.dll {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll {DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - D:\Programme\Logitech\SetPoint\kbcplext.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {B9B9F083-2B04-452A-8691-83694AC1037B} "LogiExt Class" - "Logitech, Inc." - D:\Programme\Logitech\SetPoint\mcplext.dll {32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? - (File not found | COM-object registry key not found) {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - D:\WINDOWS\system32\nvcpl.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - D:\WINDOWS\system32\nvshell.dll {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\shlext.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - D:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - D:\WINDOWS\system32\dfshim.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - D:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - D:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - D:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - D:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - D:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - D:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - D:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - D:\Programme\WinRAR\rarext.dll (File found, but it contains no detailed information) {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - D:\Programme\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - D:\Programme\Windows Live\Toolbar\wltcore.dll <binary data> "Google Toolbar" - "Google Inc." - D:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) <binary data> "{855F3B16-6D32-4FE6-8A56-BBB695989046}" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {855F3B16-6D32-4fe6-8A56-BBB695989046} "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {67DABFBF-D0AB-41FA-9C46-CC0F21721616} "DivXBrowserPlugin Object" - "DivX,Inc." - D:\Programme\DivX\DivX Web Player\npdivx32.dll / hxxp://download.divx.com/player/DivXBrowserPlugin.cab {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} "Get_ActiveX Control" - "Netopsystems AG" - D:\WINDOWS\DOWNLO~1\HPGETD~1.OCX / https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - D:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - D:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - D:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - D:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx / hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab {2019DC25-D1C0-11D6-97B3-0008A124F542} "StreamPlug Class" - "Cedelia Corporation" - D:\WINDOWS\DOWNLO~1\STREAM~1.DLL / hxxp://www.streamplug.com/StreamPlug/beta/SP.cab {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {E7A829CC-671F-4C3D-B590-8C0AEA72E6B2} "BitComet Search" - ? - (File not found | COM-object registry key not found) "ICQ6" - "ICQ, Inc." - C:\Programme\ICQ6\ICQ.exe {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - D:\Programme\Windows Live\Writer\WriterBrowserExtension.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - D:\Programme\Windows Live\Toolbar\wltcore.dll <binary data> "Google Toolbar" - "Google Inc." - D:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll <binary data> "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - D:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - D:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - D:\Programme\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - D:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - D:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corporation" - D:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - D:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} "Windows Live Toolbar Helper" - "Microsoft Corporation" - D:\Programme\Windows Live\Toolbar\wltcore.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini "HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - D:\Programme\HP\Digital Imaging\bin\hpqtra08.exe (Shortcut exists | File exists) "HP Image Zone Schnellstart.lnk" - "Hewlett-Packard Co." - D:\Programme\HP\Digital Imaging\bin\hpqthb08.exe (Shortcut exists | File exists) "Logitech Desktop Messenger.lnk" - "Logitech" - C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Shortcut exists | File exists) "Logitech SetPoint.lnk" - "Logitech, Inc." - D:\Programme\Logitech\SetPoint\SetPoint.exe (Shortcut exists | File exists) "Microsoft Office.lnk" - "Microsoft Corporation" - D:\Programme\Microsoft Office\Office\OSA9.EXE (Shortcut exists | File exists) -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - D:\Dokumente und Einstellungen\Simon\Startmenü\Programme\Autostart\desktop.ini "Verknüpfung mit gapa.lnk" - "Tomasz Porosiński" - C:\Programme\Gamma panel\gapa.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "Steam" - "Valve Corporation" - "c:\programme\valve\steam\steam.exe" -silent "swg" - "Google Inc." - "D:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "D:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "D:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" "avgnt" - "Avira GmbH" - "D:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min "CTSysVol" - "Creative Technology Ltd" - D:\Programme\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r "FreePDF Assistant" - "shbox.de" - D:\Programme\FreePDF_XP\fpassist.exe "HP Software Update" - "Hewlett-Packard Company" - "D:\Programme\HP\HP Software Update\HPWuSchd2.exe" "iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe" "NeroCheck" - "Ahead Software Gmbh" - D:\WINDOWS\system32\\NeroCheck.exe "NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup "NvMediaCenter" - "NVIDIA Corporation" - RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit "nwiz" - "NVIDIA Corporation" - nwiz.exe /install "QuickTime Task" - "Apple Inc." - "D:\Programme\QuickTime\qttask.exe" -atboottime "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "D:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" "TkBellExe" - "RealNetworks, Inc." - "D:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot "UpdReg" - "Creative Technology Ltd." - D:\WINDOWS\UpdReg.EXE "XboxStat" - "Microsoft Corporation" - "D:\Programme\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun "zBrowser Launcher" - "Logitech Inc." - D:\Programme\Logitech\iTouch\iTouch.exe [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Redirected Port" - ? - D:\WINDOWS\system32\redmonnt.dll (File found, but it contains no detailed information) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Ad-Aware 2007 Service" (aawservice) - "Lavasoft AB" - D:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe "Anwendungsverwaltung" (AppMgmt) - ? - D:\WINDOWS\System32\appmgmts.dll (File not found) "Apple Mobile Device" (Apple Mobile Device) - "Apple, Inc." - D:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe "ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Automatische Updates" (wuauserv) - ? - C:\WINDOWS\system32\wuauserv.dll (File not found) "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\sched.exe "Google Software Updater" (gusvc) - "Google" - D:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - D:\Programme\Google\Update\GoogleUpdate.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - D:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - D:\Programme\iPod\bin\iPodService.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - D:\Programme\Java\jre6\bin\jqs.exe "Lavasoft Ad-Aware Service" (Lavasoft Ad-Aware Service) - ? - "D:\Programme\Lavasoft\Ad-Aware\AAWService.exe" (File not found) "Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - D:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - D:\WINDOWS\system32\nvsvc32.exe "Pml Driver HPZ12" (Pml Driver HPZ12) - "HP" - D:\WINDOWS\system32\HPZipm12.exe "PnkBstrA" (PnkBstrA) - ? - D:\WINDOWS\system32\PnkBstrA.exe (File found, but it contains no detailed information) "SeaPort" (SeaPort) - "Microsoft Corporation" - D:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Live Family Safety-Dienst" (fsssvc) - "Microsoft Corporation" - D:\Programme\Windows Live\Family Safety\fsssvc.exe "Windows Presentation Foundation Font Cache" (FontCache3.0.0.0) - "Microsoft Corporation" - D:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "LBTWlgn" - "Logitech, Inc." - d:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Bei dem bootkit remover kommt im schwarzen Fenster die Meldung "unknown boot code has been found on some of your physical disks." Der Device Name der angezeigt wird ist das Laufwerk D also da wo ich mein Windows drauf installiert habe. Aber bei der Grösse steht 157 GB, also die Grösse der gesamten HD, auf der sich noch eine 2te Partition befindet. Darunter stehen noch die 2 Möglichkeiten: -"to inspect the boot code manually, dump the master boot sector: remover.exe dump <device name> [output file]" -"to disinfect the master boot sector, use the following command: remover.exe fix <device name>" Darunter steht Done; press any key to quit... |
![]() | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Antivir Solution Pro entfernt - was muss noch entfernt werden? Poste bitte den Text 1:1 oder mach ein Screenshot vom bootkit remover
__________________ Logfiles bitte immer in CODE-Tags posten ![]() |
![]() | #13 |
![]() | ![]() Antivir Solution Pro entfernt - was muss noch entfernt werden? OK, habe den Screenshot im Anhang hochgeladen. |
![]() | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Antivir Solution Pro entfernt - was muss noch entfernt werden? Zuerst mal bitte - falls noch nicht getan - die Datei remover.exe (vom BootkitRemover) vom Desktop nach c:\windows\system32 kopieren! Danach die Konsole starten über Start, Ausführen, cmd eintippen, ok. Den Text im folgenden Codefeld eintippen und mit Enter/Return ausführen: Code:
ATTFilter remover.exe fix \\.\PhysicalDrive0
__________________ Logfiles bitte immer in CODE-Tags posten ![]() |
![]() | #15 |
![]() | ![]() Antivir Solution Pro entfernt - was muss noch entfernt werden? Hab ich gemacht. Hier der Screenshot danach. |
![]() |
Themen zu Antivir Solution Pro entfernt - was muss noch entfernt werden? |
.com, alles weg, antivir, avira, browser, dateien, einstellungen, explorer, fehler, forum, helper, icq, iexplore.exe, internet, malwarebytes, microsoft, namen, programme, registry, rkill, scan, software, system, system volume information, system32, temp, trojan.agent |