Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Internet läuft, Browser gehen nicht...

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 05.09.2010, 23:08   #1
Freshed
 
Internet läuft, Browser gehen nicht... - Standard

Internet läuft, Browser gehen nicht...



Servus beisammen,

mein Laptop macht seit heute morgen Probleme.
Leider komme ich nicht mehr weiter, darum wende ich mich an euch Profis.

Situation ist wie folgt:
Internetverbindung ist OK, d.h. Skype und Outlook funktionieren
Browser gehen nicht (Chrome, Firefox, IE)
Firefox ging anfangs noch, nachdem ich diesen dann sicherheitshalber aktualisiert habe geht er auch nicht mehr.

Habe bisher Avira Antivir, Spybot und mbam durchlaufenlassen.
Ohne großen erfolg.
Habe ein paar Viren und Trojaner gefunden und entfernt.
Aber das Browser-Problem bleibt.

Hier das letzt Malware-Log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4552

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

05.09.2010 22:37:10
mbam-log-2010-09-05 (22-37-10).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 134041
Laufzeit: 6 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 1

Infizierte Speicherprozesse:
C:\Dokumente und Einstellungen\xxx\.COMMgr\complmgr.exe (Trojan.Agent) -> No action taken.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\wnxmal (Rogue.SecuritySuite) -> No action taken.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\com+ manager (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\WINDOWS\system32\lowsec (Stolen.data) -> No action taken.

Infizierte Dateien:
C:\Dokumente und Einstellungen\xxx\.COMMgr\complmgr.exe (Trojan.Agent) -> No action taken.





Habe das System mit Hijack und OLT scannen lassen:
HiJackthis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:54:41, on 05.09.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\samsung\Samsung Network Manager\SNMWLANService.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Samsung\AVStation premium\bin\AVStation agent.exe
C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\Programme\Microsoft IntelliPoint\ipoint.exe
C:\Programme\FreePDF_XP\fpassist.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\Microsoft ActiveSync\wcescomm.exe
C:\Dokumente und Einstellungen\Captain Widera\.COMMgr\complmgr.exe
C:\Programme\SAMSUNG\MagicKBD\MagicKBD.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE
C:\Programme\Skype\Plugin Manager\skypePM.exe
C:\Dokumente und Einstellungen\xxx\Desktop\HiJackThis204.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6092
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: CmjBrowserHelperObject Object - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Programme\Mindjet\MindManager 8\Mm8InternetExplorer.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: PDF-XChange Viewer IE-Plugin - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Programme\Tracker Software\PDF Viewer\PDFXCviewIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MagicKeyboard] C:\Programme\SAMSUNG\MagicKBD\PreMKBD.exe
O4 - HKLM\..\Run: [AVStation premium] "C:\Programme\Samsung\AVStation premium\bin\AVStation agent.exe"
O4 - HKLM\..\Run: [BatteryManager] C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe
O4 - HKLM\..\Run: [IntelliPoint] "c:\Programme\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SUPBackground] C:\Programme\Samsung\Samsung Update Plus\SUPBackground.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [COM+ Manager] "C:\Dokumente und Einstellungen\Captain Widera\.COMMgr\complmgr.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Programme\Mindjet\MindManager 8\Mm8InternetExplorer.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {2EF98DE5-183F-11D4-83EC-EC6A1DB6E213} (DynaGeoX Element) - hxxp://www.dynageo.de/download/dynageoviewer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E4CF4E86-D0DC-4864-8F0E-4F6EA2526334} (UI File Upload Control) - https://img.web.de/v/smartdrive/v23/activex/web_de_osupload_2002.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Update Service (gupdate1c985dc7292a122) (gupdate1c985dc7292a122) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Just Flight Limited License Service - Just Flight Limited - C:\Programme\Gemeinsame Dateien\Just Flight Limited Shared\Service\JustFlightLimitedLicSvc.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\Bluetooth\LBTServ.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: SNM WLAN Service - Unknown owner - C:\Programme\samsung\Samsung Network Manager\SNMWLANService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
 
--
End of file - 9659 bytes
         
--- --- ---




OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 05.09.2010 22:44:17 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Dokumente und Einstellungen\xxx\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.022,00 Mb Total Physical Memory | 505,00 Mb Available Physical Memory | 49,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 85,90 Gb Total Space | 50,13 Gb Free Space | 58,35% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 976,11 Mb Total Space | 871,75 Mb Free Space | 89,31% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: xxx
Current User Name: xxx
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Samsung\Samsung Update Plus\SUPBackGround.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\LogiShrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\Programme\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
PRC - C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe ()
PRC - C:\Programme\Samsung\AVStation premium\Bin\AVStation Agent.exe ()
PRC - C:\Programme\Samsung\MagicKBD\MagicKBD.exe (SAMSUNG Electronics Co., Ltd.)
PRC - C:\Programme\Samsung\Samsung Network Manager\SNMWLANService.exe ()
PRC - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe (OldTimer Tools)
MOD - c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll (Microsoft Corporation)
MOD - C:\Programme\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.)
MOD - C:\Programme\Mindjet\MindManager 8\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll (Microsoft Corporation)
MOD - c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fusion.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msi.dll (Microsoft Corporation)
MOD - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcInj.dll (Logitech Inc.)
MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (Just Flight Limited License Service) -- C:\Programme\Gemeinsame Dateien\Just Flight Limited Shared\Service\JustFlightLimitedLicSvc.exe (Just Flight Limited)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (LBTServ) -- C:\Programme\Gemeinsame Dateien\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (LVSrvLauncher) -- C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV - (LVPrcSrv) -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (LVCOMSer) -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (SNM WLAN Service) -- C:\Programme\samsung\Samsung Network Manager\SNMWLANService.exe ()
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (SoundMAX Agent Service (default)) -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (chdrvr03) -- C:\WINDOWS\System32\DRIVERS\chdrvr03.sys File not found
DRV - (chdrvr02) -- C:\WINDOWS\System32\DRIVERS\chdrvr02.sys File not found
DRV - (chdrvr01) -- C:\WINDOWS\System32\DRIVERS\chdrvr01.sys File not found
DRV - (cpuz133) -- C:\WINDOWS\system32\drivers\cpuz133_x32.sys (Windows (R) Win 7 DDK provider)
DRV - (avmaura) -- C:\WINDOWS\system32\drivers\avmaura.sys (AVM Berlin)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LBeepKE) -- C:\WINDOWS\system32\drivers\LBeepKE.sys (Logitech, Inc.)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (NuidFltr) -- C:\WINDOWS\system32\drivers\nuidfltr.sys (Microsoft Corporation)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (nhcDriverDevice) -- C:\WINDOWS\system32\drivers\nhcDriver.sys (pBUS-167 Software - hxxp://www.pbus-167.com)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (npusbio) -- C:\WINDOWS\system32\drivers\npusbio.sys (Thesycon GmbH, Germany)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (LVcKap) -- C:\WINDOWS\system32\drivers\Lvckap.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (LVMVDrv) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys (Logitech Inc.)
DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\WINDOWS\system32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (wowfilter) -- C:\WINDOWS\system32\drivers\WOWFilter.sys ()
DRV - (w29n51) Intel(R) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (risdptsk) -- C:\WINDOWS\system32\DRIVERS\risdptsk.sys (REDC)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (rimsptsk) -- C:\WINDOWS\system32\DRIVERS\rimsptsk.sys (REDC)
DRV - (rismxdp) -- C:\WINDOWS\system32\DRIVERS\rixdptsk.sys (REDC)
DRV - (RITCPT) -- C:\WINDOWS\System32\drivers\RITCPT.SYS ()
DRV - (FBAPI) -- C:\WINDOWS\system32\drivers\FBAPI.sys ()
DRV - (DOSMEMIO) -- C:\WINDOWS\system32\MEMIO.SYS ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig"
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.09.05 20:35:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.09.05 20:35:18 | 000,000,000 | ---D | M]
 
[2009.01.25 21:49:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Extensions
[2010.09.05 20:33:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\zeglzlft.default\extensions
[2009.09.02 12:12:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Captain Widera\Anwendungsdaten\Mozilla\Firefox\Profiles\zeglzlft.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.01.30 00:12:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\zeglzlft.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2009.01.30 12:17:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\zeglzlft.default\extensions\es-es@dictionaries.addons.mozilla.org
[2010.09.05 17:25:47 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.07.23 20:38:45 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2007.10.18 00:01:58 | 000,266,240 | ---- | M] (SumTotal Systems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\np32neur.dll
[2007.09.28 18:57:26 | 006,275,816 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\ScorchPDFWrapper.dll
[2010.09.05 20:35:11 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.09.05 20:35:11 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.05 20:35:11 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.09.05 20:35:11 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.09.05 20:35:11 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.01.27 12:09:54 | 000,291,770 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    www.0scan.com
O1 - Hosts: 127.0.0.1    0scan.com
O1 - Hosts: 127.0.0.1    www.1000gratisproben.com
O1 - Hosts: 127.0.0.1    1000gratisproben.com
O1 - Hosts: 127.0.0.1    www.1001namen.com
O1 - Hosts: 127.0.0.1    1001namen.com
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100sexlinks.com
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    www.10sek.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.1-2005-search.com
O1 - Hosts: 127.0.0.1    1-2005-search.com
O1 - Hosts: 10046 more lines...
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Programme\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (PDF-XChange Viewer IE-Plugin) - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Programme\Tracker Software\PDF Viewer\PDFXCviewIEPlugin.dll (Tracker Software Products Ltd.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVStation premium] C:\Programme\Samsung\AVStation premium\bin\AVStation agent.exe ()
O4 - HKLM..\Run: [BatteryManager] C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe ()
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [MagicKeyboard] C:\Programme\Samsung\MagicKBD\PreMKbd.exe ()
O4 - HKLM..\Run: [SoundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SUPBackground] C:\Programme\Samsung\Samsung Update Plus\SUPBackGround.exe ()
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Programme\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Programme\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Programme\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Programme\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Programme\Canon\Easy-WebPrint\Toolband.dll ()
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Programme\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet)
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range37 ([*] in Lokales Intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2EF98DE5-183F-11D4-83EC-EC6A1DB6E213} hxxp://www.dynageo.de/download/dynageoviewer.cab (DynaGeoX Element)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E4CF4E86-D0DC-4864-8F0E-4F6EA2526334} https://img.web.de/v/smartdrive/v23/activex/web_de_osupload_2002.cab (UI File Upload Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll - c:\Programme\Gemeinsame Dateien\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Captain Widera\Desktop\Swiss Avro\0485642.jpg
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Captain Widera\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.01.25 13:07:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.09.05 22:15:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.09.05 22:15:24 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.09.05 22:15:24 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.09.05 22:13:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Desktop\MFTools
[2010.09.05 22:13:04 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe
[2010.09.05 22:13:02 | 006,153,648 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\xxx\Desktop\mbam-setup.exe
[2010.09.05 21:53:39 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\xxx\Desktop\HiJackThis204.exe
[2010.09.05 18:20:28 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\xxx\Recent
[2010.09.05 09:39:34 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\xxx\.COMMgr
[2010.09.05 09:38:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\B3181E6781EBE97DBBB8F7FB73B2AD9D
[2010.09.02 21:49:39 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\SecuROM
[2010.08.30 23:11:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Desktop\Gildo Horn - Danke
[2010.08.13 20:04:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\ATPL DC Electrics
[2010.08.12 18:55:46 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.09.05 22:41:04 | 009,961,472 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\NTUSER.DAT
[2010.09.05 22:40:12 | 000,001,543 | ---- | M] () -- C:\WINDOWS\System32\xxx_KBD.ini
[2010.09.05 22:39:50 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010.09.05 22:39:47 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.09.05 22:39:38 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.09.05 22:39:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.09.05 22:38:31 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\xxx\ntuser.ini
[2010.09.05 22:15:30 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.05 22:15:02 | 000,001,244 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-484763869-1801674531-1004UA.job
[2010.09.05 22:10:06 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe
[2010.09.05 22:07:36 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\xxx\Desktop\mbam-setup.exe
[2010.09.05 22:04:44 | 000,388,197 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\Load.exe
[2010.09.05 22:01:02 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.09.05 21:47:46 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\xxx\Desktop\HiJackThis204.exe
[2010.09.05 20:17:40 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{AB65D6D2-0B3B-46B5-B84D-A7E14A3E3B6E}.job
[2010.09.05 10:44:46 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.09.05 10:44:42 | 000,053,760 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.03 22:53:46 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.08.31 01:15:00 | 000,001,192 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-484763869-1801674531-1004Core.job
[2010.08.19 21:59:27 | 000,028,827 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\DC_LFA_PEL_045_tcm586-74717.pdf
[2010.08.19 21:54:47 | 000,031,396 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\DC_LFA_PEL_046_tcm586-74718.pdf
[2010.08.12 21:38:19 | 000,303,624 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.08.12 18:57:25 | 001,006,634 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.08.12 18:57:25 | 000,452,544 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.08.12 18:57:25 | 000,435,594 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.08.12 18:57:25 | 000,081,324 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.08.12 18:57:25 | 000,068,490 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.09.05 22:15:30 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.05 22:13:02 | 000,388,197 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\Load.exe
[2010.08.19 22:00:30 | 000,028,827 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\DC_LFA_PEL_045_tcm586-74717.pdf
[2010.08.19 21:58:58 | 000,031,396 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\DC_LFA_PEL_046_tcm586-74718.pdf
[2010.06.26 00:51:54 | 000,183,240 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2010.04.05 22:45:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2010.02.28 21:19:39 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db
[2009.12.19 00:35:56 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\$_hpcst$.hpc
[2009.04.15 12:53:46 | 000,000,608 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T2
[2009.04.15 12:53:46 | 000,000,604 | -H-- | C] () -- C:\Programme\STLL Notifier
[2009.03.24 15:04:03 | 000,001,338 | ---- | C] () -- C:\WINDOWS\GARMINWT.INI
[2009.02.01 21:25:42 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7R.DLL
[2009.02.01 21:24:16 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2009.02.01 21:23:47 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2009.02.01 21:21:25 | 000,000,516 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2009.02.01 21:17:56 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\CNCFLaNL.DLL
[2009.01.29 17:15:19 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2009.01.27 12:45:29 | 000,014,737 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009.01.27 12:01:29 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009.01.26 15:08:18 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.01.26 15:08:15 | 000,053,760 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.01.25 21:03:18 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.01.25 13:42:42 | 000,001,543 | ---- | C] () -- C:\WINDOWS\System32\Captain Widera_KBD.ini
[2009.01.25 13:42:42 | 000,001,522 | ---- | C] () -- C:\WINDOWS\System32\MagicKBD.INI
[2009.01.25 13:42:40 | 000,003,425 | ---- | C] () -- C:\WINDOWS\System32\KBDR.INI
[2009.01.25 13:42:40 | 000,002,700 | ---- | C] () -- C:\WINDOWS\System32\KBDO.INI
[2009.01.25 13:42:40 | 000,002,596 | ---- | C] () -- C:\WINDOWS\System32\KBDD.INI
[2009.01.25 13:42:40 | 000,002,554 | ---- | C] () -- C:\WINDOWS\System32\KBDC.INI
[2009.01.25 13:42:40 | 000,002,461 | ---- | C] () -- C:\WINDOWS\System32\KBDB.INI
[2009.01.25 13:42:40 | 000,002,237 | ---- | C] () -- C:\WINDOWS\System32\KBDQ.INI
[2009.01.25 13:42:40 | 000,001,886 | ---- | C] () -- C:\WINDOWS\System32\KBDP.INI
[2009.01.25 13:42:40 | 000,001,820 | ---- | C] () -- C:\WINDOWS\System32\KBDN.INI
[2009.01.25 13:42:40 | 000,001,811 | ---- | C] () -- C:\WINDOWS\System32\KBDE.INI
[2009.01.25 13:42:40 | 000,001,690 | ---- | C] () -- C:\WINDOWS\System32\KBDG.INI
[2009.01.25 13:42:40 | 000,001,690 | ---- | C] () -- C:\WINDOWS\System32\KBDA.INI
[2009.01.25 13:42:40 | 000,001,522 | ---- | C] () -- C:\WINDOWS\System32\KBDS.INI
[2009.01.25 13:42:40 | 000,001,332 | ---- | C] () -- C:\WINDOWS\System32\KBDF.INI
[2009.01.25 13:42:30 | 000,043,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\RITCPT.SYS
[2009.01.25 13:42:21 | 000,005,088 | R--- | C] () -- C:\WINDOWS\System32\drivers\FBAPI.sys
[2009.01.25 13:41:35 | 000,004,300 | ---- | C] () -- C:\WINDOWS\System32\MEMIO.SYS
[2007.10.11 19:59:24 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007.05.09 21:35:54 | 000,057,126 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2005.07.08 20:21:48 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\AVS3_Resource.dll
[2005.06.08 17:58:10 | 000,017,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWFilter.sys
[2005.06.08 17:58:08 | 000,035,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWXT_kern_i386.sys
[2005.06.08 17:58:08 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2005.04.11 11:12:52 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ImageIODll.dll
[2005.04.11 11:12:50 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ImageAlbumSave.dll
[2005.02.26 14:33:04 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\AVSAudioWideStereoDMO.dll
[2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002.03.14 00:46:46 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[1998.10.11 00:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll
 
========== LOP Check ==========
 
[2009.02.01 21:25:49 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2010.01.14 00:47:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Just Flight Limited
[2009.05.15 15:37:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mindjet
[2009.01.25 13:56:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung Electronics
[2010.01.03 11:30:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Screentime
[2009.02.01 21:21:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SSScanAppDataDir
[2009.02.01 21:21:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SSScanWizard
[2009.01.26 00:50:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2009.01.26 00:50:10 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{55A29068-F2CE-456C-9148-C869879E2357}
[2010.09.05 09:39:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\B3181E6781EBE97DBBB8F7FB73B2AD9D
[2010.08.06 22:04:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Canon
[2009.06.10 14:42:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\DynaGeo
[2009.01.26 00:35:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\GrabPro
[2010.06.23 18:01:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\HTML Executable
[2010.03.05 20:19:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Leadertech
[2009.08.09 13:52:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Orbit
[2009.03.11 00:19:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Participatory Culture Foundation
[2009.01.25 13:56:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Samsung Electronics
[2009.02.01 21:21:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\ScanSoft
[2009.06.29 11:26:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\SkyTestSw
[2009.12.18 22:45:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Teleca
[2009.01.25 21:57:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Tracker Software
[2009.01.26 00:51:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\TuneUp Software
[2010.09.05 20:17:40 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{AB65D6D2-0B3B-46B5-B84D-A7E14A3E3B6E}.job
 
========== Purity Check ==========
 
 
< End of report >
         
--- --- ---





OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 05.09.2010 22:44:17 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Dokumente und Einstellungen\xxx\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.022,00 Mb Total Physical Memory | 505,00 Mb Available Physical Memory | 49,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 85,90 Gb Total Space | 50,13 Gb Free Space | 58,35% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 976,11 Mb Total Space | 871,75 Mb Free Space | 89,31% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: xxx
Current User Name: xxx
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Microsoft ActiveSync\rapimgr.exe" = C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\wcescomm.exe" = C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\WCESMgr.exe" = C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Zattoo\zattood.exe" = C:\Programme\Zattoo\zattood.exe:*:Enabled:zattood -- File not found
"C:\Programme\Microsoft ActiveSync\rapimgr.exe" = C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\wcescomm.exe" = C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\WCESMgr.exe" = C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Apps\2.0\J04B0ECY.0K9\DD2JBBZM.40E\frit..tion_8488884cfbcefd60_0002.0001_383382c5c60b72bd\fritzbox-usb-fernanschluss.exe" = C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Apps\2.0\J04B0ECY.0K9\DD2JBBZM.40E\frit..tion_8488884cfbcefd60_0002.0001_383382c5c60b72bd\fritzbox-usb-fernanschluss.exe:*:Enabled:FRITZ!Box USB-Fernanschluss -- (AVM Berlin)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Systemsteuerung
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{155FBB0D-0EE9-42D1-9E41-15E08F691031}" = Microsoft Producer für Microsoft Office PowerPoint 2003
"{1864FD5B-56B2-4EC4-9301-FB26909EC0A8}" = Mindjet MindManager 8
"{1A864A85-8818-4320-A51C-67148154DC39}" = aerosoft's - Eurowings 2004
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 12
"{28DA872A-0848-48CF-B749-19A198157A2A}" = mDriver
"{2931F734-260D-4E83-87B3-A9FE8E873192}_is1" = PDF-XChange Shell Extensions
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3215EBED-1D06-42fb-A05C-A752A46FB24C}" = Canon MP530
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{442427A3-8E71-4DBB-BA4B-2F2F387CB5F8}" = Samsung Theme
"{4B5E34BE-B93B-488E-B776-509EA41A0F39}" = AVStation premium
"{5C79D312-F68F-4B04-8A4F-E28A0AE1ECBB}" = CrissCross 8.40
"{6112293F-48E0-40E2-BAE0-69109BDDD58B}" = Sibelius 5
"{63E2EC92-0B96-46A0-B7E9-715D3ECA2546}" = GNS 480 Simulator
"{66A9D30D-1464-4C7F-B2F3-507DADAF2595}" = Microsoft IntelliPoint 6.3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Samsung Battery Manager
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{80F6A672-C39B-41CE-8AF5-A9C2FA8C2B72}" = Sibelius Scorch (all browsers)
"{84F87B60-7726-45EA-A69C-7165D2D89DBA}" = Sibelius Sounds Essentials Update
"{8A4E0D97-A9CB-4617-AE23-705F36877D84}" = Just Flight Dash 8-300 Professional DL (FS2004)
"{8BA8CE06-0C92-4A44-9924-2614DCD77F20}" = PMDG MD-11 (FS9 version of COMBO)
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}" = Logitech QuickCam
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97679567-0095-464E-B5F2-E218A1CF3421}" = PMDG747_400 Queen of the Skies
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A174DB5-0B95-46B1-A787-341DF14AB2D5}" = Samsung Smart Screen
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}" = Broadcom 440x 10/100 Integrated Controller
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A999CE76-D054-4684-80C7-53FC9243E019}" = EasyBox
"{AAB9478F-DE6B-498B-9420-21E1F1AC700D}" = WOW XT and TSXT Filter Driver
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4EA9A40-6425-48B3-89F9-9A3AD5DA3E58}" = Just Flight Flying Club v1.00
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BD723E53-A42C-4702-AA04-1D74A0311590}" = Magic Keyboard
"{BE6E6BF7-6A81-4EC2-AD29-4580025149F1}" = TrackIR4
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C59E019B-0952-4B72-A382-68A72224F88F}" = GNS400W-500W Trainer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{DD4B6FB8-8A28-4E21-B21B-3DA352DB2AEF}" = Samsung Command Center
"{DEA48EFD-22C1-4CD6-B887-EB2E6B2E4735}" = Samsung Network Manager 2.0
"{DF0038DC-A9B7-4F52-8CA4-C79A3CA631FA}" = ToolBook Neuron
"{DF7DBA82-0A55-11D6-A0A6-00105AE61887}" = Polar Precision Performance SW 4
"{E36E864B-BFB6-440A-9A23-2B0BEDE59A92}" = MultiScreen
"{EA52A1AC-D35D-4D25-8686-9466FE2C5CE5}" = Presto! PageManager 7.15.11
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Agere Systems Soft Modem" = SENS LT56ADW Modem
"Aircraft Gas Turbine Engines1.0" = Aircraft Gas Turbine Engines
"Aircraft Performance1.0" = Aircraft Performance
"Aircraft Piston Engines1.0" = Aircraft Piston Engines
"Airframes, Systems and Emergency Equipment1.0" = Airframes, Systems and Emergency Equipment
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"ATI Display Driver" = ATI Display Driver
"ATPL Air Law1.0" = ATPL Air Law
"ATPL DC Electrics1.0" = ATPL DC Electrics
"ATPL Human Performance (Part 1)1.0" = ATPL Human Performance (Part 1)
"ATPL Human Performance (Part 2)1.0" = ATPL Human Performance (Part 2)
"ATPL Meteorology3.0" = ATPL Meteorology
"Audiograbber" = Audiograbber 1.83 SE 
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Citation CJ3 FMS Demonstrator" = FMS Demonstrator CJ3 v1-1
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.54
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"Flight Simulator 9.0" = Microsoft Flight Simulator 2004 - Das Jahrhundert der Luftfahrt
"FreePDF_XP" = FreePDF XP (Remove only)
"GARMIN 400 Series Trainer" = GARMIN 400 Series Trainer
"GARMIN 500 Series Trainer" = GARMIN 500 Series Trainer
"Google Updater" = Google Updater
"GPL Ghostscript 8.62" = GPL Ghostscript 8.62
"GPL Ghostscript Fonts" = GPL Ghostscript Fonts
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{442427A3-8E71-4DBB-BA4B-2F2F387CB5F8}" = Samsung Theme
"InstallShield_{4B5E34BE-B93B-488E-B776-509EA41A0F39}" = AVStation premium
"InstallShield_{DD4B6FB8-8A28-4E21-B21B-3DA352DB2AEF}" = Samsung Command Center
"InstallShield_{DEA48EFD-22C1-4CD6-B887-EB2E6B2E4735}" = Samsung Network Manager 2.0
"IrfanView" = IrfanView (remove only)
"Joerg Loehr Screensaver 2010" = Joerg Loehr Screensaver 2010
"Level-D 767-300 Tutorials" = Level-D 767-300 Tutorials
"Level-D Simulations 767-300" = Level-D Simulations 767-300
"Lion_is1" = Lion 3.0.1
"lvdrivers_11.50" = Logitech QuickCam-Treiberpaket
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MP Navigator 2.2" = Canon MP Navigator 2.2
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyMDb_0" = MyMDb 3.4.1
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Neuratron PhotoScore Lite (D)" = Neuratron PhotoScore Lite (D)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notebook Hardware Control" = Notebook Hardware Control 2.0 Pre-Release-06
"PCFriendly" = PCFriendly
"PDF Blender" = PDF Blender
"PDF-XChange 3_is1" = PDF-XChange 3
"ProInst" = Intel(R) PROSet/Wireless Software
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"RestoreIT!" = Recover Pro
"Sibelius Sounds Essentials" = Sibelius Sounds Essentials
"SkyTest® Swiss-Trainingssoftware_is1" = SkyTest® Swiss-Trainingssoftware
"SopCast" = SopCast 3.0.3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstaller_B52EF000_Dash -8 Professional" = Dash -8 Professional (Shared Components)
"VLC media player" = VLC media player 1.0.0
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f018cf21c0452c64" = AVM FRITZ!Box USB-Fernanschluss
"Google Chrome" = Google Chrome
"jlGui 3.0" = jlGui 3.0
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 05.09.2010 10:01:05 | Computer Name = xxx | Source = Google Update | ID = 20
Description = 
 
Error - 05.09.2010 11:01:09 | Computer Name = xxx | Source = Google Update | ID = 20
Description = 
 
Error - 05.09.2010 12:01:12 | Computer Name = xxx | Source = Google Update | ID = 20
Description = 
 
Error - 05.09.2010 13:01:09 | Computer Name = xxx | Source = Google Update | ID = 20
Description = 
 
Error - 05.09.2010 14:01:11 | Computer Name = xxx | Source = Google Update | ID = 20
Description = 
 
Error - 05.09.2010 15:01:09 | Computer Name = xxx | Source = Google Update | ID = 20
Description = 
 
Error - 05.09.2010 15:15:07 | Computer Name = xxx | Source = Google Update | ID = 20
Description = 
 
Error - 05.09.2010 16:18:48 | Computer Name = xxx | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Load.exe, Version 3.3.6.1, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 05.09.2010 16:29:17 | Computer Name = xxx | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Load.exe, Version 3.3.6.1, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 05.09.2010 16:43:15 | Computer Name = xxx | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.11.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
[ System Events ]
Error - 05.09.2010 03:54:36 | Computer Name = xxx | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Microsoft
security update service.
 
Error - 05.09.2010 11:19:55 | Computer Name = xxx | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
für die Netzwerkkarte mit der Netzwerkadresse 00150002C2B3 zugeteilt werden. Der
folgende Fehler ist aufgetreten: %%1223. Es wird weiterhin im Hintergrund versucht,
eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
 
Error - 05.09.2010 11:24:00 | Computer Name = xxx | Source = Service Control Manager | ID = 7034
Description = Dienst "Java Quick Starter" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
 
Error - 05.09.2010 14:25:01 | Computer Name = xxx | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
für die Netzwerkkarte mit der Netzwerkadresse 00150002C2B3 zugeteilt werden. Der
folgende Fehler ist aufgetreten: %%1223. Es wird weiterhin im Hintergrund versucht,
eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
 
Error - 05.09.2010 16:39:55 | Computer Name = xxx | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
IntelIde
 
Error - 05.09.2010 16:39:57 | Computer Name = xxx | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im 
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
wurde angehalten.
 
[ TuneUp Events ]
Error - 02.12.2009 18:11:09 | Computer Name = xxx | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
Error - 04.12.2009 13:35:50 | Computer Name = xxx | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
Error - 05.12.2009 03:52:03 | Computer Name = xxx | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
Error - 06.12.2009 05:34:10 | Computer Name = xxx | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
Error - 07.12.2009 16:32:45 | Computer Name = xxx | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
Error - 08.12.2009 13:29:56 | Computer Name = xxx | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
Error - 09.12.2009 14:11:23 | Computer Name = xxx | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
Error - 09.12.2009 19:02:41 | Computer Name = xxx | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
Error - 11.12.2009 17:46:19 | Computer Name = xxx | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
Error - 13.12.2009 04:00:04 | Computer Name = xxx | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
 
< End of report >
         
--- --- ---

Alt 06.09.2010, 07:30   #2
Chris4You
 
Internet läuft, Browser gehen nicht... - Standard

Internet läuft, Browser gehen nicht...



Hi,

lass sofort alle Funde von MAM uach bereinigen, d.h. update von MAM und neuer Suchlauf (Fullscan) und alle Funde bereinigen lassen.

Fixe dann mit HJ folgende Einträge:
öffne das HijackThis -- Button "scan" -- vor den nachfolgenden Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten
Beim fixen müssen alle Programme geschlossen sein!
(Falls vorhanden, Teatimer von Spyboot wie folgt deaktivieren:
Modus-->Erweiterte Modus-->Ja-->Werkzeuge-->Resident-->dHäkchen entfernen aus der "Resident "TeaTimer" (Schutz aller Systemeinstellungen)->exit)

Code:
ATTFilter
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6092
O4 - HKCU\..\Run: [COM+ Manager] "C:\Dokumente und Einstellungen\Captain Widera\.COMMgr\complmgr.exe"
         
Danach ein neues OTL-Log erstellen und posten.

chris
__________________

__________________

Alt 06.09.2010, 18:10   #3
Freshed
 
Internet läuft, Browser gehen nicht... - Standard

Internet läuft, Browser gehen nicht...



Hi Chris,

danke schon mal für deine Hilfe.
Bin Grad am Malware-Scan.

Sobald ich fertig bin poste ich die Ergebnisse.

Gruß
Martin
__________________

Alt 06.09.2010, 19:46   #4
Chris4You
 
Internet läuft, Browser gehen nicht... - Standard

Internet läuft, Browser gehen nicht...



Hi,

poste dann die Ergebnisse...

chris
(Mal sehen wielange der notebookakku noch mitspielt ,o)...
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 06.09.2010, 20:35   #5
Freshed
 
Internet läuft, Browser gehen nicht... - Standard

Internet läuft, Browser gehen nicht...



Sooo,
das hätten wir.

habe nochmal das komplette paket gelogt.
übrigens war der COM+ Manager eintrag im Hijack-Log nicht mehr vorhanden

Übrigens gehen wieder alle Browser - Hurra!!!
Hab ichs jetzt überstanden ???

Also hier die Logs:

Zitat:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4552

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

06.09.2010 20:28:54
mbam-log-2010-09-06 (20-28-54).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 250615
Laufzeit: 1 Stunde(n), 25 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Programme\CryptLoad_1.1.6\ocr\netload.in\asmCaptcha\test.exe (Malware.Packer) -> Quarantined and deleted successfully.
C:\Rockwell_Collins\FMS_Demonstrator\CJ3\MESA\NT\EXE\ndo_id_db.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DFB54E39-4E62-4DA2-9B17-E69C7181DAE2}\RP486\A0073320.exe (Rogue.SecuritySuite) -> Quarantined and deleted successfully.


Hijack:

Zitat:

HiJackthis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:15:52, on 06.09.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\samsung\Samsung Network Manager\SNMWLANService.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Samsung\AVStation premium\bin\AVStation agent.exe
C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\Programme\Microsoft IntelliPoint\ipoint.exe
C:\Programme\FreePDF_XP\fpassist.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Microsoft ActiveSync\wcescomm.exe
C:\Programme\SAMSUNG\MagicKBD\MagicKBD.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE
C:\Dokumente und Einstellungen\xxx\Desktop\HiJackThis204.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: CmjBrowserHelperObject Object - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Programme\Mindjet\MindManager 8\Mm8InternetExplorer.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: PDF-XChange Viewer IE-Plugin - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Programme\Tracker Software\PDF Viewer\PDFXCviewIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MagicKeyboard] C:\Programme\SAMSUNG\MagicKBD\PreMKBD.exe
O4 - HKLM\..\Run: [AVStation premium] "C:\Programme\Samsung\AVStation premium\bin\AVStation agent.exe"
O4 - HKLM\..\Run: [BatteryManager] C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe
O4 - HKLM\..\Run: [IntelliPoint] "c:\Programme\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SUPBackground] C:\Programme\Samsung\Samsung Update Plus\SUPBackground.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Programme\Mindjet\MindManager 8\Mm8InternetExplorer.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {2EF98DE5-183F-11D4-83EC-EC6A1DB6E213} (DynaGeoX Element) - hxxp://www.dynageo.de/download/dynageoviewer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E4CF4E86-D0DC-4864-8F0E-4F6EA2526334} (UI File Upload Control) - https://img.web.de/v/smartdrive/v23/activex/web_de_osupload_2002.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Update Service (gupdate1c985dc7292a122) (gupdate1c985dc7292a122) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Just Flight Limited License Service - Just Flight Limited - C:\Programme\Gemeinsame Dateien\Just Flight Limited Shared\Service\JustFlightLimitedLicSvc.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\Bluetooth\LBTServ.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: SNM WLAN Service - Unknown owner - C:\Programme\samsung\Samsung Network Manager\SNMWLANService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 9300 bytes
         
--- --- ---

OLT:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 06.09.2010 20:44:19 - Run 2
OTL by OldTimer - Version 3.2.11.0     Folder = C:\Dokumente und Einstellungen\xxx\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.022,00 Mb Total Physical Memory | 570,00 Mb Available Physical Memory | 56,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 85,90 Gb Total Space | 50,24 Gb Free Space | 58,48% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: xxx
Current User Name: xxx
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Samsung\Samsung Update Plus\SUPBackGround.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\LogiShrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\Programme\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
PRC - C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe ()
PRC - C:\Programme\Samsung\AVStation premium\Bin\AVStation Agent.exe ()
PRC - C:\Programme\Samsung\MagicKBD\MagicKBD.exe (SAMSUNG Electronics Co., Ltd.)
PRC - C:\Programme\Samsung\Samsung Network Manager\SNMWLANService.exe ()
PRC - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe (OldTimer Tools)
MOD - c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll (Microsoft Corporation)
MOD - C:\Programme\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.)
MOD - C:\Programme\Mindjet\MindManager 8\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll (Microsoft Corporation)
MOD - c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fusion.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msi.dll (Microsoft Corporation)
MOD - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcInj.dll (Logitech Inc.)
MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (Just Flight Limited License Service) -- C:\Programme\Gemeinsame Dateien\Just Flight Limited Shared\Service\JustFlightLimitedLicSvc.exe (Just Flight Limited)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (LBTServ) -- C:\Programme\Gemeinsame Dateien\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (LVSrvLauncher) -- C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV - (LVPrcSrv) -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (LVCOMSer) -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (SNM WLAN Service) -- C:\Programme\samsung\Samsung Network Manager\SNMWLANService.exe ()
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (SoundMAX Agent Service (default)) -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (chdrvr03) -- C:\WINDOWS\System32\DRIVERS\chdrvr03.sys File not found
DRV - (chdrvr02) -- C:\WINDOWS\System32\DRIVERS\chdrvr02.sys File not found
DRV - (chdrvr01) -- C:\WINDOWS\System32\DRIVERS\chdrvr01.sys File not found
DRV - (cpuz133) -- C:\WINDOWS\system32\drivers\cpuz133_x32.sys (Windows (R) Win 7 DDK provider)
DRV - (avmaura) -- C:\WINDOWS\system32\drivers\avmaura.sys (AVM Berlin)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LBeepKE) -- C:\WINDOWS\system32\drivers\LBeepKE.sys (Logitech, Inc.)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (NuidFltr) -- C:\WINDOWS\system32\drivers\nuidfltr.sys (Microsoft Corporation)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (nhcDriverDevice) -- C:\WINDOWS\system32\drivers\nhcDriver.sys (pBUS-167 Software - hxxp://www.pbus-167.com)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (npusbio) -- C:\WINDOWS\system32\drivers\npusbio.sys (Thesycon GmbH, Germany)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (LVcKap) -- C:\WINDOWS\system32\drivers\Lvckap.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (LVMVDrv) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys (Logitech Inc.)
DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\WINDOWS\system32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (wowfilter) -- C:\WINDOWS\system32\drivers\WOWFilter.sys ()
DRV - (w29n51) Intel(R) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (risdptsk) -- C:\WINDOWS\system32\DRIVERS\risdptsk.sys (REDC)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (rimsptsk) -- C:\WINDOWS\system32\DRIVERS\rimsptsk.sys (REDC)
DRV - (rismxdp) -- C:\WINDOWS\system32\DRIVERS\rixdptsk.sys (REDC)
DRV - (RITCPT) -- C:\WINDOWS\System32\drivers\RITCPT.SYS ()
DRV - (FBAPI) -- C:\WINDOWS\system32\drivers\FBAPI.sys ()
DRV - (DOSMEMIO) -- C:\WINDOWS\system32\MEMIO.SYS ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig"
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.09.05 20:35:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.09.05 20:35:18 | 000,000,000 | ---D | M]
 
[2009.01.25 21:49:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Extensions
[2010.09.05 20:33:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\zeglzlft.default\extensions
[2009.09.02 12:12:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\zeglzlft.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.01.30 00:12:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\zeglzlft.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2009.01.30 12:17:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\zeglzlft.default\extensions\es-es@dictionaries.addons.mozilla.org
[2010.09.05 17:25:47 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.07.23 20:38:45 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2007.10.18 00:01:58 | 000,266,240 | ---- | M] (SumTotal Systems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\np32neur.dll
[2007.09.28 18:57:26 | 006,275,816 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\ScorchPDFWrapper.dll
[2010.09.05 20:35:11 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.09.05 20:35:11 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.05 20:35:11 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.09.05 20:35:11 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.09.05 20:35:11 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.01.27 12:09:54 | 000,291,770 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 10046 more lines...
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Programme\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (PDF-XChange Viewer IE-Plugin) - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Programme\Tracker Software\PDF Viewer\PDFXCviewIEPlugin.dll (Tracker Software Products Ltd.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVStation premium] C:\Programme\Samsung\AVStation premium\bin\AVStation agent.exe ()
O4 - HKLM..\Run: [BatteryManager] C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe ()
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [MagicKeyboard] C:\Programme\Samsung\MagicKBD\PreMKbd.exe ()
O4 - HKLM..\Run: [SoundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SUPBackground] C:\Programme\Samsung\Samsung Update Plus\SUPBackGround.exe ()
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Programme\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Programme\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Programme\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Programme\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Programme\Canon\Easy-WebPrint\Toolband.dll ()
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Programme\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet)
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range37 ([*] in Lokales Intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2EF98DE5-183F-11D4-83EC-EC6A1DB6E213} hxxp://www.dynageo.de/download/dynageoviewer.cab (DynaGeoX Element)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E4CF4E86-D0DC-4864-8F0E-4F6EA2526334} https://img.web.de/v/smartdrive/v23/activex/web_de_osupload_2002.cab (UI File Upload Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll - c:\Programme\Gemeinsame Dateien\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\xxx\Desktop\Swiss Avro\0485642.jpg
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.01.25 13:07:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.09.06 20:38:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Desktop\backups
[2010.09.05 22:15:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.09.05 22:15:24 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.09.05 22:15:24 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.09.05 22:13:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Desktop\MFTools
[2010.09.05 22:13:04 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe
[2010.09.05 22:13:02 | 006,153,648 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\xxx\Desktop\mbam-setup.exe
[2010.09.05 21:53:39 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\xxx\Desktop\HiJackThis204.exe
[2010.09.05 18:20:28 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\xxx\Recent
[2010.09.05 09:39:34 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\xxx\.COMMgr
[2010.09.05 09:38:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\B3181E6781EBE97DBBB8F7FB73B2AD9D
[2010.09.02 21:49:39 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\SecuROM
[2010.08.30 23:11:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Desktop\Gildo Horn - Danke
[2010.08.13 20:04:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\ATPL DC Electrics
[2010.08.12 18:55:46 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.09.06 20:41:49 | 000,001,543 | ---- | M] () -- C:\WINDOWS\System32\Captain Widera_KBD.ini
[2010.09.06 20:41:33 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010.09.06 20:41:31 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.09.06 20:41:22 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.09.06 20:41:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.09.06 20:40:33 | 009,961,472 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\NTUSER.DAT
[2010.09.06 20:40:33 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\xxx\ntuser.ini
[2010.09.06 20:15:10 | 000,001,244 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-484763869-1801674531-1004UA.job
[2010.09.06 20:01:12 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.09.06 19:43:51 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{AB65D6D2-0B3B-46B5-B84D-A7E14A3E3B6E}.job
[2010.09.05 22:15:30 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.05 22:10:06 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe
[2010.09.05 22:07:36 | 006,153,648 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\xxx\Desktop\mbam-setup.exe
[2010.09.05 22:04:44 | 000,388,197 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\Load.exe
[2010.09.05 21:47:46 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\xxx\Desktop\HiJackThis204.exe
[2010.09.05 10:44:46 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.09.05 10:44:42 | 000,053,760 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.03 22:53:46 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.08.31 01:15:00 | 000,001,192 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-484763869-1801674531-1004Core.job
[2010.08.19 21:59:27 | 000,028,827 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\DC_LFA_PEL_045_tcm586-74717.pdf
[2010.08.19 21:54:47 | 000,031,396 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\DC_LFA_PEL_046_tcm586-74718.pdf
[2010.08.12 21:38:19 | 000,303,624 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.08.12 18:57:25 | 001,006,634 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.08.12 18:57:25 | 000,452,544 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.08.12 18:57:25 | 000,435,594 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.08.12 18:57:25 | 000,081,324 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.08.12 18:57:25 | 000,068,490 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.09.05 22:15:30 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.05 22:13:02 | 000,388,197 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\Load.exe
[2010.08.19 22:00:30 | 000,028,827 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\DC_LFA_PEL_045_tcm586-74717.pdf
[2010.08.19 21:58:58 | 000,031,396 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\DC_LFA_PEL_046_tcm586-74718.pdf
[2010.06.26 00:51:54 | 000,183,240 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2010.04.05 22:45:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2010.02.28 21:19:39 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db
[2009.12.19 00:35:56 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\$_hpcst$.hpc
[2009.04.15 12:53:46 | 000,000,608 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T2
[2009.04.15 12:53:46 | 000,000,604 | -H-- | C] () -- C:\Programme\STLL Notifier
[2009.03.24 15:04:03 | 000,001,338 | ---- | C] () -- C:\WINDOWS\GARMINWT.INI
[2009.02.01 21:25:42 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7R.DLL
[2009.02.01 21:24:16 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2009.02.01 21:23:47 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2009.02.01 21:21:25 | 000,000,516 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2009.02.01 21:17:56 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\CNCFLaNL.DLL
[2009.01.29 17:15:19 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2009.01.27 12:45:29 | 000,014,737 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009.01.27 12:01:29 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009.01.26 15:08:18 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.01.26 15:08:15 | 000,053,760 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.01.25 21:03:18 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.01.25 13:42:42 | 000,001,543 | ---- | C] () -- C:\WINDOWS\System32\Captain Widera_KBD.ini
[2009.01.25 13:42:42 | 000,001,522 | ---- | C] () -- C:\WINDOWS\System32\MagicKBD.INI
[2009.01.25 13:42:40 | 000,003,425 | ---- | C] () -- C:\WINDOWS\System32\KBDR.INI
[2009.01.25 13:42:40 | 000,002,700 | ---- | C] () -- C:\WINDOWS\System32\KBDO.INI
[2009.01.25 13:42:40 | 000,002,596 | ---- | C] () -- C:\WINDOWS\System32\KBDD.INI
[2009.01.25 13:42:40 | 000,002,554 | ---- | C] () -- C:\WINDOWS\System32\KBDC.INI
[2009.01.25 13:42:40 | 000,002,461 | ---- | C] () -- C:\WINDOWS\System32\KBDB.INI
[2009.01.25 13:42:40 | 000,002,237 | ---- | C] () -- C:\WINDOWS\System32\KBDQ.INI
[2009.01.25 13:42:40 | 000,001,886 | ---- | C] () -- C:\WINDOWS\System32\KBDP.INI
[2009.01.25 13:42:40 | 000,001,820 | ---- | C] () -- C:\WINDOWS\System32\KBDN.INI
[2009.01.25 13:42:40 | 000,001,811 | ---- | C] () -- C:\WINDOWS\System32\KBDE.INI
[2009.01.25 13:42:40 | 000,001,690 | ---- | C] () -- C:\WINDOWS\System32\KBDG.INI
[2009.01.25 13:42:40 | 000,001,690 | ---- | C] () -- C:\WINDOWS\System32\KBDA.INI
[2009.01.25 13:42:40 | 000,001,522 | ---- | C] () -- C:\WINDOWS\System32\KBDS.INI
[2009.01.25 13:42:40 | 000,001,332 | ---- | C] () -- C:\WINDOWS\System32\KBDF.INI
[2009.01.25 13:42:30 | 000,043,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\RITCPT.SYS
[2009.01.25 13:42:21 | 000,005,088 | R--- | C] () -- C:\WINDOWS\System32\drivers\FBAPI.sys
[2009.01.25 13:41:35 | 000,004,300 | ---- | C] () -- C:\WINDOWS\System32\MEMIO.SYS
[2007.10.11 19:59:24 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007.05.09 21:35:54 | 000,057,126 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2005.07.08 20:21:48 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\AVS3_Resource.dll
[2005.06.08 17:58:10 | 000,017,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWFilter.sys
[2005.06.08 17:58:08 | 000,035,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWXT_kern_i386.sys
[2005.06.08 17:58:08 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2005.04.11 11:12:52 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ImageIODll.dll
[2005.04.11 11:12:50 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ImageAlbumSave.dll
[2005.02.26 14:33:04 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\AVSAudioWideStereoDMO.dll
[2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002.03.14 00:46:46 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[1998.10.11 00:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll
 
========== LOP Check ==========
 
[2009.02.01 21:25:49 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2010.01.14 00:47:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Just Flight Limited
[2009.05.15 15:37:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mindjet
[2009.01.25 13:56:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung Electronics
[2010.01.03 11:30:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Screentime
[2009.02.01 21:21:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SSScanAppDataDir
[2009.02.01 21:21:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SSScanWizard
[2009.01.26 00:50:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2009.01.26 00:50:10 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{55A29068-F2CE-456C-9148-C869879E2357}
[2010.09.05 09:39:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\B3181E6781EBE97DBBB8F7FB73B2AD9D
[2010.08.06 22:04:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Canon
[2009.06.10 14:42:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\DynaGeo
[2009.01.26 00:35:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\GrabPro
[2010.06.23 18:01:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\HTML Executable
[2010.03.05 20:19:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Leadertech
[2009.08.09 13:52:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Orbit
[2009.03.11 00:19:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Participatory Culture Foundation
[2009.01.25 13:56:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Samsung Electronics
[2009.02.01 21:21:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\ScanSoft
[2009.06.29 11:26:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\SkyTestSw
[2009.12.18 22:45:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Teleca
[2009.01.25 21:57:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Tracker Software
[2009.01.26 00:51:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\TuneUp Software
[2010.09.06 19:43:51 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{AB65D6D2-0B3B-46B5-B84D-A7E14A3E3B6E}.job
 
========== Purity Check ==========
 
 
< End of report >
         
--- --- ---

[/QUOTE]



OLT-Extras

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 06.09.2010 20:44:19 - Run 2
OTL by OldTimer - Version 3.2.11.0     Folder = C:\Dokumente und Einstellungen\xxx\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.022,00 Mb Total Physical Memory | 570,00 Mb Available Physical Memory | 56,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 85,90 Gb Total Space | 50,24 Gb Free Space | 58,48% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: xxx
Current User Name: xxx
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Microsoft ActiveSync\rapimgr.exe" = C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\wcescomm.exe" = C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\WCESMgr.exe" = C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Zattoo\zattood.exe" = C:\Programme\Zattoo\zattood.exe:*:Enabled:zattood -- File not found
"C:\Programme\Microsoft ActiveSync\rapimgr.exe" = C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\wcescomm.exe" = C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\WCESMgr.exe" = C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Apps\2.0\J04B0ECY.0K9\DD2JBBZM.40E\frit..tion_8488884cfbcefd60_0002.0001_383382c5c60b72bd\fritzbox-usb-fernanschluss.exe" = C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Apps\2.0\J04B0ECY.0K9\DD2JBBZM.40E\frit..tion_8488884cfbcefd60_0002.0001_383382c5c60b72bd\fritzbox-usb-fernanschluss.exe:*:Enabled:FRITZ!Box USB-Fernanschluss -- (AVM Berlin)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Systemsteuerung
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{155FBB0D-0EE9-42D1-9E41-15E08F691031}" = Microsoft Producer für Microsoft Office PowerPoint 2003
"{1864FD5B-56B2-4EC4-9301-FB26909EC0A8}" = Mindjet MindManager 8
"{1A864A85-8818-4320-A51C-67148154DC39}" = aerosoft's - Eurowings 2004
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 12
"{28DA872A-0848-48CF-B749-19A198157A2A}" = mDriver
"{2931F734-260D-4E83-87B3-A9FE8E873192}_is1" = PDF-XChange Shell Extensions
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3215EBED-1D06-42fb-A05C-A752A46FB24C}" = Canon MP530
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{442427A3-8E71-4DBB-BA4B-2F2F387CB5F8}" = Samsung Theme
"{4B5E34BE-B93B-488E-B776-509EA41A0F39}" = AVStation premium
"{5C79D312-F68F-4B04-8A4F-E28A0AE1ECBB}" = CrissCross 8.40
"{6112293F-48E0-40E2-BAE0-69109BDDD58B}" = Sibelius 5
"{63E2EC92-0B96-46A0-B7E9-715D3ECA2546}" = GNS 480 Simulator
"{66A9D30D-1464-4C7F-B2F3-507DADAF2595}" = Microsoft IntelliPoint 6.3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Samsung Battery Manager
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{80F6A672-C39B-41CE-8AF5-A9C2FA8C2B72}" = Sibelius Scorch (all browsers)
"{84F87B60-7726-45EA-A69C-7165D2D89DBA}" = Sibelius Sounds Essentials Update
"{8A4E0D97-A9CB-4617-AE23-705F36877D84}" = Just Flight Dash 8-300 Professional DL (FS2004)
"{8BA8CE06-0C92-4A44-9924-2614DCD77F20}" = PMDG MD-11 (FS9 version of COMBO)
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}" = Logitech QuickCam
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97679567-0095-464E-B5F2-E218A1CF3421}" = PMDG747_400 Queen of the Skies
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A174DB5-0B95-46B1-A787-341DF14AB2D5}" = Samsung Smart Screen
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}" = Broadcom 440x 10/100 Integrated Controller
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A999CE76-D054-4684-80C7-53FC9243E019}" = EasyBox
"{AAB9478F-DE6B-498B-9420-21E1F1AC700D}" = WOW XT and TSXT Filter Driver
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4EA9A40-6425-48B3-89F9-9A3AD5DA3E58}" = Just Flight Flying Club v1.00
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BD723E53-A42C-4702-AA04-1D74A0311590}" = Magic Keyboard
"{BE6E6BF7-6A81-4EC2-AD29-4580025149F1}" = TrackIR4
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C59E019B-0952-4B72-A382-68A72224F88F}" = GNS400W-500W Trainer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{DD4B6FB8-8A28-4E21-B21B-3DA352DB2AEF}" = Samsung Command Center
"{DEA48EFD-22C1-4CD6-B887-EB2E6B2E4735}" = Samsung Network Manager 2.0
"{DF0038DC-A9B7-4F52-8CA4-C79A3CA631FA}" = ToolBook Neuron
"{DF7DBA82-0A55-11D6-A0A6-00105AE61887}" = Polar Precision Performance SW 4
"{E36E864B-BFB6-440A-9A23-2B0BEDE59A92}" = MultiScreen
"{EA52A1AC-D35D-4D25-8686-9466FE2C5CE5}" = Presto! PageManager 7.15.11
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Agere Systems Soft Modem" = SENS LT56ADW Modem
"Aircraft Gas Turbine Engines1.0" = Aircraft Gas Turbine Engines
"Aircraft Performance1.0" = Aircraft Performance
"Aircraft Piston Engines1.0" = Aircraft Piston Engines
"Airframes, Systems and Emergency Equipment1.0" = Airframes, Systems and Emergency Equipment
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"ATI Display Driver" = ATI Display Driver
"ATPL Air Law1.0" = ATPL Air Law
"ATPL DC Electrics1.0" = ATPL DC Electrics
"ATPL Human Performance (Part 1)1.0" = ATPL Human Performance (Part 1)
"ATPL Human Performance (Part 2)1.0" = ATPL Human Performance (Part 2)
"ATPL Meteorology3.0" = ATPL Meteorology
"Audiograbber" = Audiograbber 1.83 SE 
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Citation CJ3 FMS Demonstrator" = FMS Demonstrator CJ3 v1-1
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.54
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"Flight Simulator 9.0" = Microsoft Flight Simulator 2004 - Das Jahrhundert der Luftfahrt
"FreePDF_XP" = FreePDF XP (Remove only)
"GARMIN 400 Series Trainer" = GARMIN 400 Series Trainer
"GARMIN 500 Series Trainer" = GARMIN 500 Series Trainer
"Google Updater" = Google Updater
"GPL Ghostscript 8.62" = GPL Ghostscript 8.62
"GPL Ghostscript Fonts" = GPL Ghostscript Fonts
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{442427A3-8E71-4DBB-BA4B-2F2F387CB5F8}" = Samsung Theme
"InstallShield_{4B5E34BE-B93B-488E-B776-509EA41A0F39}" = AVStation premium
"InstallShield_{DD4B6FB8-8A28-4E21-B21B-3DA352DB2AEF}" = Samsung Command Center
"InstallShield_{DEA48EFD-22C1-4CD6-B887-EB2E6B2E4735}" = Samsung Network Manager 2.0
"IrfanView" = IrfanView (remove only)
"Joerg Loehr Screensaver 2010" = Joerg Loehr Screensaver 2010
"Level-D 767-300 Tutorials" = Level-D 767-300 Tutorials
"Level-D Simulations 767-300" = Level-D Simulations 767-300
"Lion_is1" = Lion 3.0.1
"lvdrivers_11.50" = Logitech QuickCam-Treiberpaket
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MP Navigator 2.2" = Canon MP Navigator 2.2
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyMDb_0" = MyMDb 3.4.1
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Neuratron PhotoScore Lite (D)" = Neuratron PhotoScore Lite (D)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notebook Hardware Control" = Notebook Hardware Control 2.0 Pre-Release-06
"PCFriendly" = PCFriendly
"PDF Blender" = PDF Blender
"PDF-XChange 3_is1" = PDF-XChange 3
"ProInst" = Intel(R) PROSet/Wireless Software
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"RestoreIT!" = Recover Pro
"Sibelius Sounds Essentials" = Sibelius Sounds Essentials
"SkyTest® Swiss-Trainingssoftware_is1" = SkyTest® Swiss-Trainingssoftware
"SopCast" = SopCast 3.0.3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstaller_B52EF000_Dash -8 Professional" = Dash -8 Professional (Shared Components)
"VLC media player" = VLC media player 1.0.0
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f018cf21c0452c64" = AVM FRITZ!Box USB-Fernanschluss
"Google Chrome" = Google Chrome
"jlGui 3.0" = jlGui 3.0
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 05.09.2010 14:01:11 | Computer Name = xxx | Source = Google Update | ID = 20
Description = 
 
Error - 05.09.2010 15:01:09 | Computer Name = xxx | Source = Google Update | ID = 20
Description = 
 
Error - 05.09.2010 15:15:07 | Computer Name = xxx | Source = Google Update | ID = 20
Description = 
 
Error - 05.09.2010 16:18:48 | Computer Name = xxx | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Load.exe, Version 3.3.6.1, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 05.09.2010 16:29:17 | Computer Name = xxx | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Load.exe, Version 3.3.6.1, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 05.09.2010 16:43:15 | Computer Name = xxx | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.11.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 06.09.2010 13:01:08 | Computer Name = xxx | Source = Google Update | ID = 20
Description = 
 
Error - 06.09.2010 13:15:10 | Computer Name = xxx | Source = Google Update | ID = 20
Description = 
 
Error - 06.09.2010 14:01:11 | Computer Name = xxx | Source = Google Update | ID = 20
Description = 
 
Error - 06.09.2010 14:15:10 | Computer Name = xxx | Source = Google Update | ID = 20
Description = 
 
[ System Events ]
Error - 05.09.2010 03:54:36 | Computer Name = xxx | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Microsoft
 security update service.
 
Error - 05.09.2010 11:19:55 | Computer Name = xxx | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
 für die  Netzwerkkarte mit der Netzwerkadresse 00150002C2B3 zugeteilt werden. Der
 folgende Fehler  ist aufgetreten:   %%1223.  Es wird weiterhin im Hintergrund versucht,
 eine Adresse vom  Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
 
Error - 05.09.2010 11:24:00 | Computer Name = xxx | Source = Service Control Manager | ID = 7034
Description = Dienst "Java Quick Starter" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 05.09.2010 14:25:01 | Computer Name = xxx | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
 für die  Netzwerkkarte mit der Netzwerkadresse 00150002C2B3 zugeteilt werden. Der
 folgende Fehler  ist aufgetreten:   %%1223.  Es wird weiterhin im Hintergrund versucht,
 eine Adresse vom  Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
 
Error - 05.09.2010 16:39:55 | Computer Name = xxx | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   IntelIde
 
Error - 05.09.2010 16:39:57 | Computer Name = xxx | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im 
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
 wurde angehalten.
 
Error - 06.09.2010 14:31:09 | Computer Name = xxx | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im 
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
 wurde angehalten.
 
Error - 06.09.2010 14:31:26 | Computer Name = xxx | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   IntelIde
 
[ TuneUp Events ]
Error - 02.12.2009 18:11:09 | Computer Name = xxx | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
Error - 04.12.2009 13:35:50 | Computer Name = xxx | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
Error - 05.12.2009 03:52:03 | Computer Name = xxx | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
Error - 06.12.2009 05:34:10 | Computer Name = xxx | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
Error - 07.12.2009 16:32:45 | Computer Name = xxx | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
Error - 08.12.2009 13:29:56 | Computer Name = xxx | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
Error - 09.12.2009 14:11:23 | Computer Name = xxx | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
Error - 09.12.2009 19:02:41 | Computer Name = xxx | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
Error - 11.12.2009 17:46:19 | Computer Name = xxx | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
Error - 13.12.2009 04:00:04 | Computer Name = xxx | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
 
< End of report >
         
--- --- ---


[/QUOTE]


Alt 06.09.2010, 20:47   #6
Chris4You
 
Internet läuft, Browser gehen nicht... - Standard

Internet läuft, Browser gehen nicht...



Hi,

sieht gut aus, muss aber morgen noch mal drüber, da Akku vom notebook leer...

chris
__________________
--> Internet läuft, Browser gehen nicht...

Alt 06.09.2010, 20:54   #7
Freshed
 
Internet läuft, Browser gehen nicht... - Standard

Internet läuft, Browser gehen nicht...



Servus Chris,

danke schon mal für das schnelle Feedback.
Dann bin ich mal auf den hoffentlich abschließenden Bericht gespannt.

Schönen Abend noch

Alt 07.09.2010, 07:17   #8
Chris4You
 
Internet läuft, Browser gehen nicht... - Standard

Internet läuft, Browser gehen nicht...



Hi,

zur Sicherheit noch zwei Files prüfen:


Dateien Online überprüfen lassen:
  • Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:
Code:
ATTFilter
C:\WINDOWS\system32\drivers\cpuz133_x32.sys
C:\WINDOWS\System32\MEMIO.SYS
         
  • Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)
  • Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.
  • Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

Etwas aufräumen:
Fix für OTL:
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"
Code:
ATTFilter
:OTL
DRV - (chdrvr03) -- C:\WINDOWS\System32\DRIVERS\chdrvr03.sys File not found
DRV - (chdrvr02) -- C:\WINDOWS\System32\DRIVERS\chdrvr02.sys File not found
DRV - (chdrvr01) -- C:\WINDOWS\System32\DRIVERS\chdrvr01.sys File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
:Commands
[emptytemp]
[Reboot]
         
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 07.09.2010, 18:38   #9
Freshed
 
Internet läuft, Browser gehen nicht... - Standard

Internet läuft, Browser gehen nicht...



Servus Chris,

also hier die Scans/Logs:

CPUZ:

Zitat:
0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
cpuz133_x32.sys
Submission date:
2010-09-07 17:07:28 (UTC)
Current status:
queued queued analysing finished
Result:
0/ 43 (0.0%)

VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2010.09.07.01 2010.09.07 -
AntiVir 8.2.4.50 2010.09.07 -
Antiy-AVL 2.0.3.7 2010.09.07 -
Authentium 5.2.0.5 2010.09.07 -
Avast 4.8.1351.0 2010.09.07 -
Avast5 5.0.594.0 2010.09.07 -
AVG 9.0.0.851 2010.09.07 -
BitDefender 7.2 2010.09.07 -
CAT-QuickHeal 11.00 2010.09.07 -
ClamAV 0.96.2.0-git 2010.09.07 -
Comodo 6002 2010.09.07 -
DrWeb 5.0.2.03300 2010.09.07 -
Emsisoft 5.0.0.37 2010.09.07 -
eSafe 7.0.17.0 2010.09.07 -
eTrust-Vet 36.1.7839 2010.09.06 -
F-Prot 4.6.1.107 2010.09.01 -
F-Secure 9.0.15370.0 2010.09.07 -
Fortinet 4.1.143.0 2010.09.07 -
GData 21 2010.09.07 -
Ikarus T3.1.1.88.0 2010.09.07 -
Jiangmin 13.0.900 2010.09.07 -
K7AntiVirus 9.63.2463 2010.09.07 -
Kaspersky 7.0.0.125 2010.09.07 -
McAfee 5.400.0.1158 2010.09.07 -
McAfee-GW-Edition 2010.1B 2010.09.07 -
Microsoft 1.6103 2010.09.07 -
NOD32 5432 2010.09.07 -
Norman 6.06.05 2010.09.07 -
nProtect 2010-09-07.02 2010.09.07 -
Panda 10.0.2.7 2010.09.07 -
PCTools 7.0.3.5 2010.09.07 -
Prevx 3.0 2010.09.07 -
Rising 22.64.01.04 2010.09.07 -
Sophos 4.57.0 2010.09.07 -
Sunbelt 6842 2010.09.07 -
SUPERAntiSpyware 4.40.0.1006 2010.09.07 -
Symantec 20101.1.1.7 2010.09.07 -
TheHacker 6.5.2.1.367 2010.09.07 -
TrendMicro 9.120.0.1004 2010.09.07 -
TrendMicro-HouseCall 9.120.0.1004 2010.09.07 -
VBA32 3.12.14.0 2010.09.07 -
ViRobot 2010.8.25.4006 2010.09.07 -
VirusBuster 12.64.21.0 2010.09.07 -
Additional information
Show all
MD5 : 13a0d3f9d5f39adaca0a8d3bb327eb31
SHA1 : 0fd700fee341148661616ecd8af8eca5e9fa60e3
SHA256: c7f64b27cd3be5af1c8454680529ea493dfbb09e634eec7e316445ad73499ae0
ssdeep: 384:hLYGHQSPT3mKRnd4Bz6kYJLWBkFbx6jua:hLYg7VdMzgLvFbxmd
File size : 20968 bytes
First seen: 2010-07-02 20:39:34
Last seen : 2010-09-07 17:07:28
TrID:
Win64 Executable Generic (87.2%)
Win32 Executable Generic (8.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Windows (R) Win 7 DDK provider
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Windows (R) Win 7 DDK driver
description..: CPUID Driver
original name: cpuz.sys
internal name: cpuz.sys
file version.: 6.1.7600.16385 built by: WinDDK
comments.....: n/a
signers......: CPUID
VeriSign Class 3 Code Signing 2004 CA
Class 3 Public Primary Certification Authority
signing date.: 11:38 PM 3/30/2010
verified.....: -
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x603E
timedatestamp....: 0x4BB26F39 (Tue Mar 30 21:38:01 2010)
machinetype......: 0x14c (I386)

[[ 6 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x2040, 0x2200, 6.04, 42feb67ba0c33bf33a829807e805e745
.rdata, 0x4000, 0x2EC, 0x400, 3.56, 01c42071e1aaf650ae4970932ec3621f
.data, 0x5000, 0x1C0, 0x200, 0.20, 8eace0f42ff989c42a1bd953f30db495
INIT, 0x6000, 0x3FC, 0x400, 5.36, 4fa6351efbbc2c77d4d4d49c1e0b2270
.rsrc, 0x7000, 0x3D0, 0x400, 3.29, baec7dd7d34d2405c692b6eac3497aac
.reloc, 0x8000, 0x22E, 0x400, 3.54, b3d7159ad00b1e91ec3b340c44b36495

[[ 2 import(s) ]]
ntoskrnl.exe: ExFreePoolWithTag, ExAllocatePoolWithTag, RtlFreeUnicodeString, ObfDereferenceObject, MmIsAddressValid, IoGetDeviceObjectPointer, RtlAnsiStringToUnicodeString, IofCompleteRequest, MmMapIoSpace, ProbeForWrite, IoCreateSymbolicLink, IoCreateDevice, KeTickCount, KeBugCheckEx, MmUnmapIoSpace, RtlInitUnicodeString, IoDeleteSymbolicLink, IoDeleteDevice, PsGetVersion, KeInitializeEvent, IoBuildDeviceIoControlRequest, IofCallDriver, RtlInitAnsiString, KeWaitForSingleObject, RtlUnwind
HAL.dll: READ_PORT_USHORT, READ_PORT_ULONG, WRITE_PORT_UCHAR, WRITE_PORT_USHORT, WRITE_PORT_ULONG, HalGetBusDataByOffset, HalSetBusDataByOffset, KeStallExecutionProcessor, READ_PORT_UCHAR

VT Community

0

This file has never been reviewed by any VT Community member. Be the first one to comment on it!

VirusTotal Team
MEMIO:

Zitat:
0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
MEMIO.SYS
Submission date:
2010-09-07 17:09:46 (UTC)
Current status:
queued (#2) queued analysing finished
Result:
0/ 43 (0.0%)

VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2010.09.07.01 2010.09.07 -
AntiVir 8.2.4.50 2010.09.07 -
Antiy-AVL 2.0.3.7 2010.09.07 -
Authentium 5.2.0.5 2010.09.07 -
Avast 4.8.1351.0 2010.09.07 -
Avast5 5.0.594.0 2010.09.07 -
AVG 9.0.0.851 2010.09.07 -
BitDefender 7.2 2010.09.07 -
CAT-QuickHeal 11.00 2010.09.07 -
ClamAV 0.96.2.0-git 2010.09.07 -
Comodo 6002 2010.09.07 -
DrWeb 5.0.2.03300 2010.09.07 -
Emsisoft 5.0.0.37 2010.09.07 -
eSafe 7.0.17.0 2010.09.07 -
eTrust-Vet 36.1.7839 2010.09.06 -
F-Prot 4.6.1.107 2010.09.01 -
F-Secure 9.0.15370.0 2010.09.07 -
Fortinet 4.1.143.0 2010.09.07 -
GData 21 2010.09.07 -
Ikarus T3.1.1.88.0 2010.09.07 -
Jiangmin 13.0.900 2010.09.07 -
K7AntiVirus 9.63.2463 2010.09.07 -
Kaspersky 7.0.0.125 2010.09.07 -
McAfee 5.400.0.1158 2010.09.07 -
McAfee-GW-Edition 2010.1B 2010.09.07 -
Microsoft 1.6103 2010.09.07 -
NOD32 5432 2010.09.07 -
Norman 6.06.05 2010.09.07 -
nProtect 2010-09-07.02 2010.09.07 -
Panda 10.0.2.7 2010.09.07 -
PCTools 7.0.3.5 2010.09.07 -
Prevx 3.0 2010.09.07 -
Rising 22.64.01.04 2010.09.07 -
Sophos 4.57.0 2010.09.07 -
Sunbelt 6842 2010.09.07 -
SUPERAntiSpyware 4.40.0.1006 2010.09.07 -
Symantec 20101.1.1.7 2010.09.07 -
TheHacker 6.5.2.1.367 2010.09.07 -
TrendMicro 9.120.0.1004 2010.09.07 -
TrendMicro-HouseCall 9.120.0.1004 2010.09.07 -
VBA32 3.12.14.0 2010.09.07 -
ViRobot 2010.8.25.4006 2010.09.07 -
VirusBuster 12.64.21.0 2010.09.07 -
Additional information
Show all
MD5 : 8a4cb9438571814b128b6dc30d698064
SHA1 : d62d435a5d9b799e36d05fc32237397602b3dd8c
SHA256: 2ce7dc464723c427c88e6ffb086330719dfe57f9ef0fe31ae9e0d8d0c910c388
ssdeep: 96:10rzOx7yxqQvQlwSBEhE9v1eNbsh+8i1T:Wrz87yxq/5EiA/BT
File size : 4300 bytes
First seen: 2008-02-24 12:29:21
Last seen : 2010-09-07 17:09:46
TrID:
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x536
timedatestamp....: 0x39A3F999 (Wed Aug 23 16:19:37 2000)
machinetype......: 0x14c (I386)

[[ 3 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x260, 0x3D4, 0x3E0, 5.56, cff4fa2b6a2447cdaafb75c219574d08
INIT, 0x640, 0x1C8, 0x1E0, 4.69, f74ffb39ec6562bc6e4dd88d6efb84a0
.reloc, 0x820, 0x62, 0x80, 2.84, 83b34193848d7c2bab1ad0d9fee784a4

[[ 2 import(s) ]]
ntoskrnl.exe: RtlInitUnicodeString, IoCreateDevice, IoCreateSymbolicLink, IofCompleteRequest, IoDeleteDevice, MmUnmapIoSpace, IoDeleteSymbolicLink, MmMapIoSpace
HAL.dll: READ_PORT_UCHAR, READ_PORT_ULONG, WRITE_PORT_USHORT, HalTranslateBusAddress, READ_PORT_USHORT, WRITE_PORT_UCHAR, WRITE_PORT_ULONG

VT Community

0

This file has never been reviewed by any VT Community member. Be the first one to comment on it!

VirusTotal Team
OST-Log:

Zitat:
All processes killed
========== OTL ==========
Service chdrvr03 stopped successfully!
Service chdrvr03 deleted successfully!
File C:\WINDOWS\System32\DRIVERS\chdrvr03.sys File not found not found.
Service chdrvr02 stopped successfully!
Service chdrvr02 deleted successfully!
File C:\WINDOWS\System32\DRIVERS\chdrvr02.sys File not found not found.
Service chdrvr01 stopped successfully!
Service chdrvr01 deleted successfully!
File C:\WINDOWS\System32\DRIVERS\chdrvr01.sys File not found not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Captain Widera
->Temp folder emptied: 2087870 bytes
->Temporary Internet Files folder emptied: 9286444 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 33260157 bytes
->Google Chrome cache emptied: 50814986 bytes
->Flash cache emptied: 3184 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 5048252 bytes

User: NetworkService
->Temp folder emptied: 49632 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2134333 bytes
%systemroot%\System32 .tmp files removed: 2676103 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 86001 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 101,00 mb


OTL by OldTimer - Version 3.2.11.0 log created on 09072010_192203

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
So, was sagt der Fachmann dazu?

Und was hab ich da eigentlich grad gefixt?

Alt 07.09.2010, 18:56   #10
Chris4You
 
Internet läuft, Browser gehen nicht... - Standard

Internet läuft, Browser gehen nicht...



Hi,

Treiber die "unsichtbar sind"... was immer etwas "seltsam" ist...
Zitat:
Service chdrvr03 stopped successfully!
Service chdrvr03 deleted successfully!
File C:\WINDOWS\System32\DRIVERS\chdrvr03.sys [b]File not found]/b] not found.
...
Was macht der Rechner so?

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 07.09.2010, 19:19   #11
Freshed
 
Internet läuft, Browser gehen nicht... - Standard

Internet läuft, Browser gehen nicht...



Servus,

aso, unsichtbare Treiber... also eigentlich auch unnötige???

Der Laptop läuft wieder recht geschmeidig.
Heute keine Macken festgestellt...

Ist ja eigentlich n gutes Zeichen, oder?

Alt 08.09.2010, 06:36   #12
Chris4You
 
Internet läuft, Browser gehen nicht... - Standard

Internet läuft, Browser gehen nicht...



Hi,

so, zum Abschluß noch SUPERAntiSpyware und die Systemwiederherstellung plätten...

Superantispyware:
Anleitung&Download hier: http://www.trojaner-board.de/51871-a...tispyware.html

Systemwiederherstellung löschen
BSI-Faltblattt (https://www.bsi.bund.de/cln_134/ContentBSI/Publikationen/Faltblaetter/F24VirenundCo.html) und dort unter Viren entfernen
Wenn der Rechner einwandfrei läuft abschließend alle Systemwiederherstellungspunkte löschen lassen(das sind die: C:\System Volume Information\_restore - Dateien die gefunden wurden, d.h. der Trojaner wurde mit gesichert und wenn Du auf einen Restorepunkt zurück gehen solltest, dann ist er wieder da) wie folgt:

Arbeitsplatz ->rechte Maus -> Eigenschaften -> Systemwiederherstellung ->
anhaken: "Systemwiederherstellung auf allen Laufwerken deaktivieren" -> Übernehmen -> Sicherheitsabfrage OK -> Fenster mit OK schliessen -> neu Booten;

Dann das gleiche nochmal nur das Häkchen entfernen (dann läuft sie wieder).

Einen ersten Restorepunkt setzten:
Start->Programme->Zubehör->Systemprogramme->Systemwiederherstellung->einen Wiederherstellungspunkt erstellen->weiter, Beschreibung ausdenken->Erstellen

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 10.09.2010, 13:23   #13
Freshed
 
Internet läuft, Browser gehen nicht... - Standard

Internet läuft, Browser gehen nicht...



Sers Chris,

bin leider nicht dazugekommen die abschließenden Arbeiten durchzuführen.
Werde wohl erst Di/Mi dazukommen.
Danke aber für deine Hilfe,

Schönes WE wünsch ich!!!

Antwort

Themen zu Internet läuft, Browser gehen nicht...
0x00000001, 0xc0000001, agere systems, antivir, antivir guard, audiograbber, avgntflt.sys, avira, bho, browser, canon, components, cpu-z, decrypter, desktop, error, excel, fehler, firefox, flash player, fontcache, format, google chrome, helper, hijack, hijackthis, hkus\s-1-5-18, home, internet, intranet, location, msvcr80.dll, oldtimer, otl logfile, otl.exe, plug-in, recover, registry, rogue.securitysuite, rojaner gefunden, rundll, saver, searchplugins, senden, shell32.dll, sicherheitshalber, software, stolen.data, system, tracker, trojaner, trojaner gefunden, viren, vlc media player, windows internet, windows internet explorer, windows xp




Ähnliche Themen: Internet läuft, Browser gehen nicht...


  1. Windows7, Internet geht nicht mehr bis auf Google Seite, manche Programm gehen nicht
    Log-Analyse und Auswertung - 30.01.2015 (21)
  2. Mein Internet läuft absolut flüssig, aber alle Streams, Videos usw gehen praktisch gar nicht.
    Plagegeister aller Art und deren Bekämpfung - 21.02.2014 (3)
  3. Browser gehen nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 06.11.2013 (15)
  4. Internet Browser alle total langsam! Restlicher PC läuft ganz normal!
    Plagegeister aller Art und deren Bekämpfung - 08.09.2012 (1)
  5. TR/Crypt/XPACK.Gen2 Browser gehen nicht, wie entfernen?
    Plagegeister aller Art und deren Bekämpfung - 11.05.2012 (5)
  6. Browser öffnet keine Webseiten mehr - Internet läuft!
    Log-Analyse und Auswertung - 13.06.2011 (20)
  7. Antivir und internet explorer gehen nicht.
    Log-Analyse und Auswertung - 08.02.2011 (25)
  8. Messenger gehen / Browser nicht
    Log-Analyse und Auswertung - 14.06.2010 (2)
  9. Internet zu langsam. Programe gehen nicht online.
    Log-Analyse und Auswertung - 02.03.2010 (2)
  10. troz inet gehen Internet Explorer,Msn und andere programme nicht
    Alles rund um Windows - 25.11.2009 (1)
  11. www über browser ereichbar. icq o.Ä gehen nicht
    Log-Analyse und Auswertung - 15.06.2009 (0)
  12. Internet Seiten gehen nicht auf
    Mülltonne - 13.06.2009 (1)
  13. Browser Hijackin? Google.de und amazon gehen nicht mehr
    Log-Analyse und Auswertung - 29.03.2009 (0)
  14. Internet Explorer und Firefox gehen nicht!
    Log-Analyse und Auswertung - 28.01.2009 (19)
  15. Internet slow/Googlelinks gehen nicht
    Log-Analyse und Auswertung - 17.09.2008 (9)
  16. browser gehen nicht und CPU total ausgelastet
    Plagegeister aller Art und deren Bekämpfung - 27.05.2008 (1)
  17. GData Internet Security 2007 und installiert und der Internet Explorer läuft nicht
    Antiviren-, Firewall- und andere Schutzprogramme - 25.01.2007 (1)

Zum Thema Internet läuft, Browser gehen nicht... - Servus beisammen, mein Laptop macht seit heute morgen Probleme. Leider komme ich nicht mehr weiter, darum wende ich mich an euch Profis. Situation ist wie folgt: Internetverbindung ist OK, d.h. - Internet läuft, Browser gehen nicht......
Archiv
Du betrachtest: Internet läuft, Browser gehen nicht... auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.