|
Log-Analyse und Auswertung: Internet läuft, Browser gehen nicht...Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
05.09.2010, 23:08 | #1 |
| Internet läuft, Browser gehen nicht... Servus beisammen, mein Laptop macht seit heute morgen Probleme. Leider komme ich nicht mehr weiter, darum wende ich mich an euch Profis. Situation ist wie folgt: Internetverbindung ist OK, d.h. Skype und Outlook funktionieren Browser gehen nicht (Chrome, Firefox, IE) Firefox ging anfangs noch, nachdem ich diesen dann sicherheitshalber aktualisiert habe geht er auch nicht mehr. Habe bisher Avira Antivir, Spybot und mbam durchlaufenlassen. Ohne großen erfolg. Habe ein paar Viren und Trojaner gefunden und entfernt. Aber das Browser-Problem bleibt. Hier das letzt Malware-Log: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4552 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 05.09.2010 22:37:10 mbam-log-2010-09-05 (22-37-10).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 134041 Laufzeit: 6 Minute(n), 15 Sekunde(n) Infizierte Speicherprozesse: 1 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 1 Infizierte Registrierungswerte: 2 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 1 Infizierte Dateien: 1 Infizierte Speicherprozesse: C:\Dokumente und Einstellungen\xxx\.COMMgr\complmgr.exe (Trojan.Agent) -> No action taken. Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\wnxmal (Rogue.SecuritySuite) -> No action taken. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\com+ manager (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> No action taken. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: C:\WINDOWS\system32\lowsec (Stolen.data) -> No action taken. Infizierte Dateien: C:\Dokumente und Einstellungen\xxx\.COMMgr\complmgr.exe (Trojan.Agent) -> No action taken. Habe das System mit Hijack und OLT scannen lassen: HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:54:41, on 05.09.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programme\samsung\Samsung Network Manager\SNMWLANService.exe C:\Programme\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\Samsung\AVStation premium\bin\AVStation agent.exe C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe C:\Programme\Microsoft IntelliPoint\ipoint.exe C:\Programme\FreePDF_XP\fpassist.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Skype\Phone\Skype.exe C:\Programme\Microsoft ActiveSync\wcescomm.exe C:\Dokumente und Einstellungen\Captain Widera\.COMMgr\complmgr.exe C:\Programme\SAMSUNG\MagicKBD\MagicKBD.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Programme\Logitech\SetPoint\SetPoint.exe C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE C:\Programme\Skype\Plugin Manager\skypePM.exe C:\Dokumente und Einstellungen\xxx\Desktop\HiJackThis204.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6092 O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: CmjBrowserHelperObject Object - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Programme\Mindjet\MindManager 8\Mm8InternetExplorer.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: PDF-XChange Viewer IE-Plugin - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Programme\Tracker Software\PDF Viewer\PDFXCviewIEPlugin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SoundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [MagicKeyboard] C:\Programme\SAMSUNG\MagicKBD\PreMKBD.exe O4 - HKLM\..\Run: [AVStation premium] "C:\Programme\Samsung\AVStation premium\bin\AVStation agent.exe" O4 - HKLM\..\Run: [BatteryManager] C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe O4 - HKLM\..\Run: [IntelliPoint] "c:\Programme\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [SUPBackground] C:\Programme\Samsung\Samsung Update Plus\SUPBackground.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [COM+ Manager] "C:\Dokumente und Einstellungen\Captain Widera\.COMMgr\complmgr.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Programme\Mindjet\MindManager 8\Mm8InternetExplorer.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {2EF98DE5-183F-11D4-83EC-EC6A1DB6E213} (DynaGeoX Element) - hxxp://www.dynageo.de/download/dynageoviewer.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E4CF4E86-D0DC-4864-8F0E-4F6EA2526334} (UI File Upload Control) - https://img.web.de/v/smartdrive/v23/activex/web_de_osupload_2002.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Google Update Service (gupdate1c985dc7292a122) (gupdate1c985dc7292a122) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: Just Flight Limited License Service - Just Flight Limited - C:\Programme\Gemeinsame Dateien\Just Flight Limited Shared\Service\JustFlightLimitedLicSvc.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\Bluetooth\LBTServ.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: SNM WLAN Service - Unknown owner - C:\Programme\samsung\Samsung Network Manager\SNMWLANService.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 9659 bytes OTL Logfile: Code:
ATTFilter OTL logfile created on: 05.09.2010 22:44:17 - Run 1 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Dokumente und Einstellungen\xxx\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.022,00 Mb Total Physical Memory | 505,00 Mb Available Physical Memory | 49,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 83,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 85,90 Gb Total Space | 50,13 Gb Free Space | 58,35% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded Drive G: | 976,11 Mb Total Space | 871,75 Mb Free Space | 89,31% Space Free | Partition Type: FAT H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: xxx Current User Name: xxx Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Samsung\Samsung Update Plus\SUPBackGround.exe () PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) PRC - C:\Programme\Gemeinsame Dateien\LogiShrd\KHAL2\KHALMNPR.exe (Logitech, Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) PRC - C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.) PRC - C:\Programme\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation) PRC - C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe () PRC - C:\Programme\Samsung\AVStation premium\Bin\AVStation Agent.exe () PRC - C:\Programme\Samsung\MagicKBD\MagicKBD.exe (SAMSUNG Electronics Co., Ltd.) PRC - C:\Programme\Samsung\Samsung Network Manager\SNMWLANService.exe () PRC - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) PRC - C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.) PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) PRC - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe (OldTimer Tools) MOD - c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll (Microsoft Corporation) MOD - C:\Programme\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.) MOD - C:\Programme\Mindjet\MindManager 8\msscript.ocx (Microsoft Corporation) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll (Microsoft Corporation) MOD - c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fusion.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msi.dll (Microsoft Corporation) MOD - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcInj.dll (Logitech Inc.) MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.) ========== Win32 Services (SafeList) ========== SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found SRV - (Just Flight Limited License Service) -- C:\Programme\Gemeinsame Dateien\Just Flight Limited Shared\Service\JustFlightLimitedLicSvc.exe (Just Flight Limited) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (LBTServ) -- C:\Programme\Gemeinsame Dateien\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (LVSrvLauncher) -- C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.) SRV - (LVPrcSrv) -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (LVCOMSer) -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (SNM WLAN Service) -- C:\Programme\samsung\Samsung Network Manager\SNMWLANService.exe () SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) SRV - (SoundMAX Agent Service (default)) -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.) ========== Driver Services (SafeList) ========== DRV - (chdrvr03) -- C:\WINDOWS\System32\DRIVERS\chdrvr03.sys File not found DRV - (chdrvr02) -- C:\WINDOWS\System32\DRIVERS\chdrvr02.sys File not found DRV - (chdrvr01) -- C:\WINDOWS\System32\DRIVERS\chdrvr01.sys File not found DRV - (cpuz133) -- C:\WINDOWS\system32\drivers\cpuz133_x32.sys (Windows (R) Win 7 DDK provider) DRV - (avmaura) -- C:\WINDOWS\system32\drivers\avmaura.sys (AVM Berlin) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (LBeepKE) -- C:\WINDOWS\system32\drivers\LBeepKE.sys (Logitech, Inc.) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (NuidFltr) -- C:\WINDOWS\system32\drivers\nuidfltr.sys (Microsoft Corporation) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (nhcDriverDevice) -- C:\WINDOWS\system32\drivers\nhcDriver.sys (pBUS-167 Software - hxxp://www.pbus-167.com) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (npusbio) -- C:\WINDOWS\system32\drivers\npusbio.sys (Thesycon GmbH, Germany) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (LVcKap) -- C:\WINDOWS\system32\drivers\Lvckap.sys (Logitech Inc.) DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.) DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys () DRV - (LVMVDrv) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys (Logitech Inc.) DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\WINDOWS\system32\drivers\LV302V32.SYS (Logitech Inc.) DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (wowfilter) -- C:\WINDOWS\system32\drivers\WOWFilter.sys () DRV - (w29n51) Intel(R) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation) DRV - (risdptsk) -- C:\WINDOWS\system32\DRIVERS\risdptsk.sys (REDC) DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems) DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (rimsptsk) -- C:\WINDOWS\system32\DRIVERS\rimsptsk.sys (REDC) DRV - (rismxdp) -- C:\WINDOWS\system32\DRIVERS\rixdptsk.sys (REDC) DRV - (RITCPT) -- C:\WINDOWS\System32\drivers\RITCPT.SYS () DRV - (FBAPI) -- C:\WINDOWS\system32\drivers\FBAPI.sys () DRV - (DOSMEMIO) -- C:\WINDOWS\system32\MEMIO.SYS () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig" FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.09.05 20:35:21 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.09.05 20:35:18 | 000,000,000 | ---D | M] [2009.01.25 21:49:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Extensions [2010.09.05 20:33:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\zeglzlft.default\extensions [2009.09.02 12:12:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Captain Widera\Anwendungsdaten\Mozilla\Firefox\Profiles\zeglzlft.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.01.30 00:12:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\zeglzlft.default\extensions\en-GB@dictionaries.addons.mozilla.org [2009.01.30 12:17:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\zeglzlft.default\extensions\es-es@dictionaries.addons.mozilla.org [2010.09.05 17:25:47 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.07.23 20:38:45 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2007.10.18 00:01:58 | 000,266,240 | ---- | M] (SumTotal Systems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\np32neur.dll [2007.09.28 18:57:26 | 006,275,816 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\ScorchPDFWrapper.dll [2010.09.05 20:35:11 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.09.05 20:35:11 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.09.05 20:35:11 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.09.05 20:35:11 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.09.05 20:35:11 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.01.27 12:09:54 | 000,291,770 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 10046 more lines... O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll () O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Programme\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O2 - BHO: (PDF-XChange Viewer IE-Plugin) - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Programme\Tracker Software\PDF Viewer\PDFXCviewIEPlugin.dll (Tracker Software Products Ltd.) O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [AVStation premium] C:\Programme\Samsung\AVStation premium\bin\AVStation agent.exe () O4 - HKLM..\Run: [BatteryManager] C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe () O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [MagicKeyboard] C:\Programme\Samsung\MagicKBD\PreMKbd.exe () O4 - HKLM..\Run: [SoundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [SUPBackground] C:\Programme\Samsung\Samsung Update Plus\SUPBackGround.exe () O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKCU..\Run: [H/PC Connection Agent] C:\Programme\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Programme\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet) O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range37 ([*] in Lokales Intranet) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {2EF98DE5-183F-11D4-83EC-EC6A1DB6E213} hxxp://www.dynageo.de/download/dynageoviewer.cab (DynaGeoX Element) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0) O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E4CF4E86-D0DC-4864-8F0E-4F6EA2526334} https://img.web.de/v/smartdrive/v23/activex/web_de_osupload_2002.cab (UI File Upload Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\LBTWlgn: DllName - c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll - c:\Programme\Gemeinsame Dateien\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Captain Widera\Desktop\Swiss Avro\0485642.jpg O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Captain Widera\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.01.25 13:07:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.09.05 22:15:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.09.05 22:15:24 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.09.05 22:15:24 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.09.05 22:13:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Desktop\MFTools [2010.09.05 22:13:04 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe [2010.09.05 22:13:02 | 006,153,648 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\xxx\Desktop\mbam-setup.exe [2010.09.05 21:53:39 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\xxx\Desktop\HiJackThis204.exe [2010.09.05 18:20:28 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\xxx\Recent [2010.09.05 09:39:34 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\xxx\.COMMgr [2010.09.05 09:38:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\B3181E6781EBE97DBBB8F7FB73B2AD9D [2010.09.02 21:49:39 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\SecuROM [2010.08.30 23:11:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Desktop\Gildo Horn - Danke [2010.08.13 20:04:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\ATPL DC Electrics [2010.08.12 18:55:46 | 000,000,000 | -HSD | C] -- C:\Config.Msi [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.09.05 22:41:04 | 009,961,472 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\NTUSER.DAT [2010.09.05 22:40:12 | 000,001,543 | ---- | M] () -- C:\WINDOWS\System32\xxx_KBD.ini [2010.09.05 22:39:50 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2010.09.05 22:39:47 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010.09.05 22:39:38 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.09.05 22:39:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.09.05 22:38:31 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\xxx\ntuser.ini [2010.09.05 22:15:30 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.05 22:15:02 | 000,001,244 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-484763869-1801674531-1004UA.job [2010.09.05 22:10:06 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe [2010.09.05 22:07:36 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\xxx\Desktop\mbam-setup.exe [2010.09.05 22:04:44 | 000,388,197 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\Load.exe [2010.09.05 22:01:02 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010.09.05 21:47:46 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\xxx\Desktop\HiJackThis204.exe [2010.09.05 20:17:40 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{AB65D6D2-0B3B-46B5-B84D-A7E14A3E3B6E}.job [2010.09.05 10:44:46 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010.09.05 10:44:42 | 000,053,760 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.03 22:53:46 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.08.31 01:15:00 | 000,001,192 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-484763869-1801674531-1004Core.job [2010.08.19 21:59:27 | 000,028,827 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\DC_LFA_PEL_045_tcm586-74717.pdf [2010.08.19 21:54:47 | 000,031,396 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\DC_LFA_PEL_046_tcm586-74718.pdf [2010.08.12 21:38:19 | 000,303,624 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.08.12 18:57:25 | 001,006,634 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.08.12 18:57:25 | 000,452,544 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.08.12 18:57:25 | 000,435,594 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.08.12 18:57:25 | 000,081,324 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.08.12 18:57:25 | 000,068,490 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.09.05 22:15:30 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.05 22:13:02 | 000,388,197 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\Load.exe [2010.08.19 22:00:30 | 000,028,827 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\DC_LFA_PEL_045_tcm586-74717.pdf [2010.08.19 21:58:58 | 000,031,396 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\DC_LFA_PEL_046_tcm586-74718.pdf [2010.06.26 00:51:54 | 000,183,240 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2010.04.05 22:45:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI [2010.02.28 21:19:39 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db [2009.12.19 00:35:56 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\$_hpcst$.hpc [2009.04.15 12:53:46 | 000,000,608 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T2 [2009.04.15 12:53:46 | 000,000,604 | -H-- | C] () -- C:\Programme\STLL Notifier [2009.03.24 15:04:03 | 000,001,338 | ---- | C] () -- C:\WINDOWS\GARMINWT.INI [2009.02.01 21:25:42 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7R.DLL [2009.02.01 21:24:16 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL [2009.02.01 21:23:47 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll [2009.02.01 21:21:25 | 000,000,516 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI [2009.02.01 21:17:56 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\CNCFLaNL.DLL [2009.01.29 17:15:19 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll [2009.01.27 12:45:29 | 000,014,737 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2009.01.27 12:01:29 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2009.01.26 15:08:18 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009.01.26 15:08:15 | 000,053,760 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.01.25 21:03:18 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009.01.25 13:42:42 | 000,001,543 | ---- | C] () -- C:\WINDOWS\System32\Captain Widera_KBD.ini [2009.01.25 13:42:42 | 000,001,522 | ---- | C] () -- C:\WINDOWS\System32\MagicKBD.INI [2009.01.25 13:42:40 | 000,003,425 | ---- | C] () -- C:\WINDOWS\System32\KBDR.INI [2009.01.25 13:42:40 | 000,002,700 | ---- | C] () -- C:\WINDOWS\System32\KBDO.INI [2009.01.25 13:42:40 | 000,002,596 | ---- | C] () -- C:\WINDOWS\System32\KBDD.INI [2009.01.25 13:42:40 | 000,002,554 | ---- | C] () -- C:\WINDOWS\System32\KBDC.INI [2009.01.25 13:42:40 | 000,002,461 | ---- | C] () -- C:\WINDOWS\System32\KBDB.INI [2009.01.25 13:42:40 | 000,002,237 | ---- | C] () -- C:\WINDOWS\System32\KBDQ.INI [2009.01.25 13:42:40 | 000,001,886 | ---- | C] () -- C:\WINDOWS\System32\KBDP.INI [2009.01.25 13:42:40 | 000,001,820 | ---- | C] () -- C:\WINDOWS\System32\KBDN.INI [2009.01.25 13:42:40 | 000,001,811 | ---- | C] () -- C:\WINDOWS\System32\KBDE.INI [2009.01.25 13:42:40 | 000,001,690 | ---- | C] () -- C:\WINDOWS\System32\KBDG.INI [2009.01.25 13:42:40 | 000,001,690 | ---- | C] () -- C:\WINDOWS\System32\KBDA.INI [2009.01.25 13:42:40 | 000,001,522 | ---- | C] () -- C:\WINDOWS\System32\KBDS.INI [2009.01.25 13:42:40 | 000,001,332 | ---- | C] () -- C:\WINDOWS\System32\KBDF.INI [2009.01.25 13:42:30 | 000,043,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\RITCPT.SYS [2009.01.25 13:42:21 | 000,005,088 | R--- | C] () -- C:\WINDOWS\System32\drivers\FBAPI.sys [2009.01.25 13:41:35 | 000,004,300 | ---- | C] () -- C:\WINDOWS\System32\MEMIO.SYS [2007.10.11 19:59:24 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys [2007.05.09 21:35:54 | 000,057,126 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2005.07.08 20:21:48 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\AVS3_Resource.dll [2005.06.08 17:58:10 | 000,017,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWFilter.sys [2005.06.08 17:58:08 | 000,035,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWXT_kern_i386.sys [2005.06.08 17:58:08 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys [2005.04.11 11:12:52 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ImageIODll.dll [2005.04.11 11:12:50 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ImageAlbumSave.dll [2005.02.26 14:33:04 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\AVSAudioWideStereoDMO.dll [2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2002.03.14 00:46:46 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll [1998.10.11 00:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll ========== LOP Check ========== [2009.02.01 21:25:49 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ [2010.01.14 00:47:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Just Flight Limited [2009.05.15 15:37:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mindjet [2009.01.25 13:56:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung Electronics [2010.01.03 11:30:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Screentime [2009.02.01 21:21:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SSScanAppDataDir [2009.02.01 21:21:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SSScanWizard [2009.01.26 00:50:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2009.01.26 00:50:10 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{55A29068-F2CE-456C-9148-C869879E2357} [2010.09.05 09:39:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\B3181E6781EBE97DBBB8F7FB73B2AD9D [2010.08.06 22:04:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Canon [2009.06.10 14:42:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\DynaGeo [2009.01.26 00:35:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\GrabPro [2010.06.23 18:01:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\HTML Executable [2010.03.05 20:19:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Leadertech [2009.08.09 13:52:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Orbit [2009.03.11 00:19:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Participatory Culture Foundation [2009.01.25 13:56:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Samsung Electronics [2009.02.01 21:21:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\ScanSoft [2009.06.29 11:26:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\SkyTestSw [2009.12.18 22:45:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Teleca [2009.01.25 21:57:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Tracker Software [2009.01.26 00:51:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\TuneUp Software [2010.09.05 20:17:40 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{AB65D6D2-0B3B-46B5-B84D-A7E14A3E3B6E}.job ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 05.09.2010 22:44:17 - Run 1 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Dokumente und Einstellungen\xxx\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.022,00 Mb Total Physical Memory | 505,00 Mb Available Physical Memory | 49,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 83,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 85,90 Gb Total Space | 50,13 Gb Free Space | 58,35% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded Drive G: | 976,11 Mb Total Space | 871,75 Mb Free Space | 89,31% Space Free | Partition Type: FAT H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: xxx Current User Name: xxx Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Programme\Microsoft ActiveSync\rapimgr.exe" = C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation) "C:\Programme\Microsoft ActiveSync\wcescomm.exe" = C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation) "C:\Programme\Microsoft ActiveSync\WCESMgr.exe" = C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\Zattoo\zattood.exe" = C:\Programme\Zattoo\zattood.exe:*:Enabled:zattood -- File not found "C:\Programme\Microsoft ActiveSync\rapimgr.exe" = C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation) "C:\Programme\Microsoft ActiveSync\wcescomm.exe" = C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation) "C:\Programme\Microsoft ActiveSync\WCESMgr.exe" = C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation) "C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Apps\2.0\J04B0ECY.0K9\DD2JBBZM.40E\frit..tion_8488884cfbcefd60_0002.0001_383382c5c60b72bd\fritzbox-usb-fernanschluss.exe" = C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Apps\2.0\J04B0ECY.0K9\DD2JBBZM.40E\frit..tion_8488884cfbcefd60_0002.0001_383382c5c60b72bd\fritzbox-usb-fernanschluss.exe:*:Enabled:FRITZ!Box USB-Fernanschluss -- (AVM Berlin) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Systemsteuerung "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{155FBB0D-0EE9-42D1-9E41-15E08F691031}" = Microsoft Producer für Microsoft Office PowerPoint 2003 "{1864FD5B-56B2-4EC4-9301-FB26909EC0A8}" = Mindjet MindManager 8 "{1A864A85-8818-4320-A51C-67148154DC39}" = aerosoft's - Eurowings 2004 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 12 "{28DA872A-0848-48CF-B749-19A198157A2A}" = mDriver "{2931F734-260D-4E83-87B3-A9FE8E873192}_is1" = PDF-XChange Shell Extensions "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper "{3215EBED-1D06-42fb-A05C-A752A46FB24C}" = Canon MP530 "{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{442427A3-8E71-4DBB-BA4B-2F2F387CB5F8}" = Samsung Theme "{4B5E34BE-B93B-488E-B776-509EA41A0F39}" = AVStation premium "{5C79D312-F68F-4B04-8A4F-E28A0AE1ECBB}" = CrissCross 8.40 "{6112293F-48E0-40E2-BAE0-69109BDDD58B}" = Sibelius 5 "{63E2EC92-0B96-46A0-B7E9-715D3ECA2546}" = GNS 480 Simulator "{66A9D30D-1464-4C7F-B2F3-507DADAF2595}" = Microsoft IntelliPoint 6.3 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Samsung Battery Manager "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0 "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{80F6A672-C39B-41CE-8AF5-A9C2FA8C2B72}" = Sibelius Scorch (all browsers) "{84F87B60-7726-45EA-A69C-7165D2D89DBA}" = Sibelius Sounds Essentials Update "{8A4E0D97-A9CB-4617-AE23-705F36877D84}" = Just Flight Dash 8-300 Professional DL (FS2004) "{8BA8CE06-0C92-4A44-9924-2614DCD77F20}" = PMDG MD-11 (FS9 version of COMBO) "{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}" = Logitech QuickCam "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{97679567-0095-464E-B5F2-E218A1CF3421}" = PMDG747_400 Queen of the Skies "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync "{9A174DB5-0B95-46B1-A787-341DF14AB2D5}" = Samsung Smart Screen "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}" = Broadcom 440x 10/100 Integrated Controller "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A999CE76-D054-4684-80C7-53FC9243E019}" = EasyBox "{AAB9478F-DE6B-498B-9420-21E1F1AC700D}" = WOW XT and TSXT Filter Driver "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B4EA9A40-6425-48B3-89F9-9A3AD5DA3E58}" = Just Flight Flying Club v1.00 "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{BD723E53-A42C-4702-AA04-1D74A0311590}" = Magic Keyboard "{BE6E6BF7-6A81-4EC2-AD29-4580025149F1}" = TrackIR4 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU "{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU "{C59E019B-0952-4B72-A382-68A72224F88F}" = GNS400W-500W Trainer "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus "{DD4B6FB8-8A28-4E21-B21B-3DA352DB2AEF}" = Samsung Command Center "{DEA48EFD-22C1-4CD6-B887-EB2E6B2E4735}" = Samsung Network Manager 2.0 "{DF0038DC-A9B7-4F52-8CA4-C79A3CA631FA}" = ToolBook Neuron "{DF7DBA82-0A55-11D6-A0A6-00105AE61887}" = Polar Precision Performance SW 4 "{E36E864B-BFB6-440A-9A23-2B0BEDE59A92}" = MultiScreen "{EA52A1AC-D35D-4D25-8686-9466FE2C5CE5}" = Presto! PageManager 7.15.11 "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11 "Agere Systems Soft Modem" = SENS LT56ADW Modem "Aircraft Gas Turbine Engines1.0" = Aircraft Gas Turbine Engines "Aircraft Performance1.0" = Aircraft Performance "Aircraft Piston Engines1.0" = Aircraft Piston Engines "Airframes, Systems and Emergency Equipment1.0" = Airframes, Systems and Emergency Equipment "All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software "ATI Display Driver" = ATI Display Driver "ATPL Air Law1.0" = ATPL Air Law "ATPL DC Electrics1.0" = ATPL DC Electrics "ATPL Human Performance (Part 1)1.0" = ATPL Human Performance (Part 1) "ATPL Human Performance (Part 2)1.0" = ATPL Human Performance (Part 2) "ATPL Meteorology3.0" = ATPL Meteorology "Audiograbber" = Audiograbber 1.83 SE "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CCleaner" = CCleaner "Citation CJ3 FMS Demonstrator" = FMS Demonstrator CJ3 v1-1 "CPUID CPU-Z_is1" = CPUID CPU-Z 1.54 "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DVD Decrypter" = DVD Decrypter (Remove Only) "DVD Shrink_is1" = DVD Shrink 3.2 "Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint "Easy-WebPrint" = Easy-WebPrint "Flight Simulator 9.0" = Microsoft Flight Simulator 2004 - Das Jahrhundert der Luftfahrt "FreePDF_XP" = FreePDF XP (Remove only) "GARMIN 400 Series Trainer" = GARMIN 400 Series Trainer "GARMIN 500 Series Trainer" = GARMIN 500 Series Trainer "Google Updater" = Google Updater "GPL Ghostscript 8.62" = GPL Ghostscript 8.62 "GPL Ghostscript Fonts" = GPL Ghostscript Fonts "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie8" = Windows Internet Explorer 8 "InstallShield_{442427A3-8E71-4DBB-BA4B-2F2F387CB5F8}" = Samsung Theme "InstallShield_{4B5E34BE-B93B-488E-B776-509EA41A0F39}" = AVStation premium "InstallShield_{DD4B6FB8-8A28-4E21-B21B-3DA352DB2AEF}" = Samsung Command Center "InstallShield_{DEA48EFD-22C1-4CD6-B887-EB2E6B2E4735}" = Samsung Network Manager 2.0 "IrfanView" = IrfanView (remove only) "Joerg Loehr Screensaver 2010" = Joerg Loehr Screensaver 2010 "Level-D 767-300 Tutorials" = Level-D 767-300 Tutorials "Level-D Simulations 767-300" = Level-D Simulations 767-300 "Lion_is1" = Lion 3.0.1 "lvdrivers_11.50" = Logitech QuickCam-Treiberpaket "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "MediaNavigation.CDLabelPrint" = CD-LabelPrint "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8) "MP Navigator 2.2" = Canon MP Navigator 2.2 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MyMDb_0" = MyMDb 3.4.1 "Nero - Burning Rom!UninstallKey" = Nero OEM "Neuratron PhotoScore Lite (D)" = Neuratron PhotoScore Lite (D) "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Notebook Hardware Control" = Notebook Hardware Control 2.0 Pre-Release-06 "PCFriendly" = PCFriendly "PDF Blender" = PDF Blender "PDF-XChange 3_is1" = PDF-XChange 3 "ProInst" = Intel(R) PROSet/Wireless Software "Redirection Port Monitor" = RedMon - Redirection Port Monitor "RestoreIT!" = Recover Pro "Sibelius Sounds Essentials" = Sibelius Sounds Essentials "SkyTest® Swiss-Trainingssoftware_is1" = SkyTest® Swiss-Trainingssoftware "SopCast" = SopCast 3.0.3 "SynTPDeinstKey" = Synaptics Pointing Device Driver "Uninstaller_B52EF000_Dash -8 Professional" = Dash -8 Professional (Shared Components) "VLC media player" = VLC media player 1.0.0 "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = WinRAR "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "f018cf21c0452c64" = AVM FRITZ!Box USB-Fernanschluss "Google Chrome" = Google Chrome "jlGui 3.0" = jlGui 3.0 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 05.09.2010 10:01:05 | Computer Name = xxx | Source = Google Update | ID = 20 Description = Error - 05.09.2010 11:01:09 | Computer Name = xxx | Source = Google Update | ID = 20 Description = Error - 05.09.2010 12:01:12 | Computer Name = xxx | Source = Google Update | ID = 20 Description = Error - 05.09.2010 13:01:09 | Computer Name = xxx | Source = Google Update | ID = 20 Description = Error - 05.09.2010 14:01:11 | Computer Name = xxx | Source = Google Update | ID = 20 Description = Error - 05.09.2010 15:01:09 | Computer Name = xxx | Source = Google Update | ID = 20 Description = Error - 05.09.2010 15:15:07 | Computer Name = xxx | Source = Google Update | ID = 20 Description = Error - 05.09.2010 16:18:48 | Computer Name = xxx | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung Load.exe, Version 3.3.6.1, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 05.09.2010 16:29:17 | Computer Name = xxx | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung Load.exe, Version 3.3.6.1, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 05.09.2010 16:43:15 | Computer Name = xxx | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung OTL.exe, Version 3.2.11.0, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. [ System Events ] Error - 05.09.2010 03:54:36 | Computer Name = xxx | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Microsoft security update service. Error - 05.09.2010 11:19:55 | Computer Name = xxx | Source = Dhcp | ID = 1001 Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server für die Netzwerkkarte mit der Netzwerkadresse 00150002C2B3 zugeteilt werden. Der folgende Fehler ist aufgetreten: %%1223. Es wird weiterhin im Hintergrund versucht, eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen. Error - 05.09.2010 11:24:00 | Computer Name = xxx | Source = Service Control Manager | ID = 7034 Description = Dienst "Java Quick Starter" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 05.09.2010 14:25:01 | Computer Name = xxx | Source = Dhcp | ID = 1001 Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server für die Netzwerkkarte mit der Netzwerkadresse 00150002C2B3 zugeteilt werden. Der folgende Fehler ist aufgetreten: %%1223. Es wird weiterhin im Hintergrund versucht, eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen. Error - 05.09.2010 16:39:55 | Computer Name = xxx | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: IntelIde Error - 05.09.2010 16:39:57 | Computer Name = xxx | Source = sr | ID = 1 Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung wurde angehalten. [ TuneUp Events ] Error - 02.12.2009 18:11:09 | Computer Name = xxx | Source = TuneUp Program Statistics | ID = 131840 Description = Error - 04.12.2009 13:35:50 | Computer Name = xxx | Source = TuneUp Program Statistics | ID = 131840 Description = Error - 05.12.2009 03:52:03 | Computer Name = xxx | Source = TuneUp Program Statistics | ID = 131840 Description = Error - 06.12.2009 05:34:10 | Computer Name = xxx | Source = TuneUp Program Statistics | ID = 131840 Description = Error - 07.12.2009 16:32:45 | Computer Name = xxx | Source = TuneUp Program Statistics | ID = 131840 Description = Error - 08.12.2009 13:29:56 | Computer Name = xxx | Source = TuneUp Program Statistics | ID = 131840 Description = Error - 09.12.2009 14:11:23 | Computer Name = xxx | Source = TuneUp Program Statistics | ID = 131840 Description = Error - 09.12.2009 19:02:41 | Computer Name = xxx | Source = TuneUp Program Statistics | ID = 131840 Description = Error - 11.12.2009 17:46:19 | Computer Name = xxx | Source = TuneUp Program Statistics | ID = 131840 Description = Error - 13.12.2009 04:00:04 | Computer Name = xxx | Source = TuneUp Program Statistics | ID = 131840 Description = < End of report > |
06.09.2010, 07:30 | #2 |
| Internet läuft, Browser gehen nicht... Hi,
__________________lass sofort alle Funde von MAM uach bereinigen, d.h. update von MAM und neuer Suchlauf (Fullscan) und alle Funde bereinigen lassen. Fixe dann mit HJ folgende Einträge: öffne das HijackThis -- Button "scan" -- vor den nachfolgenden Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten Beim fixen müssen alle Programme geschlossen sein! (Falls vorhanden, Teatimer von Spyboot wie folgt deaktivieren: Modus-->Erweiterte Modus-->Ja-->Werkzeuge-->Resident-->dHäkchen entfernen aus der "Resident "TeaTimer" (Schutz aller Systemeinstellungen)->exit) Code:
ATTFilter R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6092 O4 - HKCU\..\Run: [COM+ Manager] "C:\Dokumente und Einstellungen\Captain Widera\.COMMgr\complmgr.exe" chris
__________________ |
06.09.2010, 18:10 | #3 |
| Internet läuft, Browser gehen nicht... Hi Chris,
__________________danke schon mal für deine Hilfe. Bin Grad am Malware-Scan. Sobald ich fertig bin poste ich die Ergebnisse. Gruß Martin |
06.09.2010, 19:46 | #4 |
| Internet läuft, Browser gehen nicht... Hi, poste dann die Ergebnisse... chris (Mal sehen wielange der notebookakku noch mitspielt ,o)...
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
06.09.2010, 20:35 | #5 | ||
| Internet läuft, Browser gehen nicht... Sooo, das hätten wir. habe nochmal das komplette paket gelogt. übrigens war der COM+ Manager eintrag im Hijack-Log nicht mehr vorhanden Übrigens gehen wieder alle Browser - Hurra!!! Hab ichs jetzt überstanden ??? Also hier die Logs: Zitat:
Hijack: Zitat:
OLT: OTL Logfile: Code:
ATTFilter OTL logfile created on: 06.09.2010 20:44:19 - Run 2 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Dokumente und Einstellungen\xxx\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.022,00 Mb Total Physical Memory | 570,00 Mb Available Physical Memory | 56,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 85,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 85,90 Gb Total Space | 50,24 Gb Free Space | 58,48% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: xxx Current User Name: xxx Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Samsung\Samsung Update Plus\SUPBackGround.exe () PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) PRC - C:\Programme\Gemeinsame Dateien\LogiShrd\KHAL2\KHALMNPR.exe (Logitech, Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) PRC - C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.) PRC - C:\Programme\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation) PRC - C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe () PRC - C:\Programme\Samsung\AVStation premium\Bin\AVStation Agent.exe () PRC - C:\Programme\Samsung\MagicKBD\MagicKBD.exe (SAMSUNG Electronics Co., Ltd.) PRC - C:\Programme\Samsung\Samsung Network Manager\SNMWLANService.exe () PRC - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) PRC - C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.) PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) PRC - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe (OldTimer Tools) MOD - c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll (Microsoft Corporation) MOD - C:\Programme\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.) MOD - C:\Programme\Mindjet\MindManager 8\msscript.ocx (Microsoft Corporation) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll (Microsoft Corporation) MOD - c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fusion.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msi.dll (Microsoft Corporation) MOD - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcInj.dll (Logitech Inc.) MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.) ========== Win32 Services (SafeList) ========== SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found SRV - (Just Flight Limited License Service) -- C:\Programme\Gemeinsame Dateien\Just Flight Limited Shared\Service\JustFlightLimitedLicSvc.exe (Just Flight Limited) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (LBTServ) -- C:\Programme\Gemeinsame Dateien\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (LVSrvLauncher) -- C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.) SRV - (LVPrcSrv) -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (LVCOMSer) -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (SNM WLAN Service) -- C:\Programme\samsung\Samsung Network Manager\SNMWLANService.exe () SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) SRV - (SoundMAX Agent Service (default)) -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.) ========== Driver Services (SafeList) ========== DRV - (chdrvr03) -- C:\WINDOWS\System32\DRIVERS\chdrvr03.sys File not found DRV - (chdrvr02) -- C:\WINDOWS\System32\DRIVERS\chdrvr02.sys File not found DRV - (chdrvr01) -- C:\WINDOWS\System32\DRIVERS\chdrvr01.sys File not found DRV - (cpuz133) -- C:\WINDOWS\system32\drivers\cpuz133_x32.sys (Windows (R) Win 7 DDK provider) DRV - (avmaura) -- C:\WINDOWS\system32\drivers\avmaura.sys (AVM Berlin) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (LBeepKE) -- C:\WINDOWS\system32\drivers\LBeepKE.sys (Logitech, Inc.) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (NuidFltr) -- C:\WINDOWS\system32\drivers\nuidfltr.sys (Microsoft Corporation) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (nhcDriverDevice) -- C:\WINDOWS\system32\drivers\nhcDriver.sys (pBUS-167 Software - hxxp://www.pbus-167.com) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (npusbio) -- C:\WINDOWS\system32\drivers\npusbio.sys (Thesycon GmbH, Germany) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (LVcKap) -- C:\WINDOWS\system32\drivers\Lvckap.sys (Logitech Inc.) DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.) DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys () DRV - (LVMVDrv) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys (Logitech Inc.) DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\WINDOWS\system32\drivers\LV302V32.SYS (Logitech Inc.) DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (wowfilter) -- C:\WINDOWS\system32\drivers\WOWFilter.sys () DRV - (w29n51) Intel(R) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation) DRV - (risdptsk) -- C:\WINDOWS\system32\DRIVERS\risdptsk.sys (REDC) DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems) DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (rimsptsk) -- C:\WINDOWS\system32\DRIVERS\rimsptsk.sys (REDC) DRV - (rismxdp) -- C:\WINDOWS\system32\DRIVERS\rixdptsk.sys (REDC) DRV - (RITCPT) -- C:\WINDOWS\System32\drivers\RITCPT.SYS () DRV - (FBAPI) -- C:\WINDOWS\system32\drivers\FBAPI.sys () DRV - (DOSMEMIO) -- C:\WINDOWS\system32\MEMIO.SYS () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig" FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.09.05 20:35:21 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.09.05 20:35:18 | 000,000,000 | ---D | M] [2009.01.25 21:49:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Extensions [2010.09.05 20:33:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\zeglzlft.default\extensions [2009.09.02 12:12:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\zeglzlft.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.01.30 00:12:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\zeglzlft.default\extensions\en-GB@dictionaries.addons.mozilla.org [2009.01.30 12:17:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\zeglzlft.default\extensions\es-es@dictionaries.addons.mozilla.org [2010.09.05 17:25:47 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.07.23 20:38:45 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2007.10.18 00:01:58 | 000,266,240 | ---- | M] (SumTotal Systems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\np32neur.dll [2007.09.28 18:57:26 | 006,275,816 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\ScorchPDFWrapper.dll [2010.09.05 20:35:11 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.09.05 20:35:11 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.09.05 20:35:11 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.09.05 20:35:11 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.09.05 20:35:11 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.01.27 12:09:54 | 000,291,770 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 10046 more lines... O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll () O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Programme\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O2 - BHO: (PDF-XChange Viewer IE-Plugin) - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Programme\Tracker Software\PDF Viewer\PDFXCviewIEPlugin.dll (Tracker Software Products Ltd.) O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [AVStation premium] C:\Programme\Samsung\AVStation premium\bin\AVStation agent.exe () O4 - HKLM..\Run: [BatteryManager] C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe () O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [MagicKeyboard] C:\Programme\Samsung\MagicKBD\PreMKbd.exe () O4 - HKLM..\Run: [SoundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [SUPBackground] C:\Programme\Samsung\Samsung Update Plus\SUPBackGround.exe () O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKCU..\Run: [H/PC Connection Agent] C:\Programme\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Programme\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet) O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range37 ([*] in Lokales Intranet) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {2EF98DE5-183F-11D4-83EC-EC6A1DB6E213} hxxp://www.dynageo.de/download/dynageoviewer.cab (DynaGeoX Element) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0) O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E4CF4E86-D0DC-4864-8F0E-4F6EA2526334} https://img.web.de/v/smartdrive/v23/activex/web_de_osupload_2002.cab (UI File Upload Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\LBTWlgn: DllName - c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll - c:\Programme\Gemeinsame Dateien\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\xxx\Desktop\Swiss Avro\0485642.jpg O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.01.25 13:07:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.09.06 20:38:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Desktop\backups [2010.09.05 22:15:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.09.05 22:15:24 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.09.05 22:15:24 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.09.05 22:13:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Desktop\MFTools [2010.09.05 22:13:04 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe [2010.09.05 22:13:02 | 006,153,648 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\xxx\Desktop\mbam-setup.exe [2010.09.05 21:53:39 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\xxx\Desktop\HiJackThis204.exe [2010.09.05 18:20:28 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\xxx\Recent [2010.09.05 09:39:34 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\xxx\.COMMgr [2010.09.05 09:38:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\B3181E6781EBE97DBBB8F7FB73B2AD9D [2010.09.02 21:49:39 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\SecuROM [2010.08.30 23:11:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Desktop\Gildo Horn - Danke [2010.08.13 20:04:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\ATPL DC Electrics [2010.08.12 18:55:46 | 000,000,000 | -HSD | C] -- C:\Config.Msi [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.09.06 20:41:49 | 000,001,543 | ---- | M] () -- C:\WINDOWS\System32\Captain Widera_KBD.ini [2010.09.06 20:41:33 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2010.09.06 20:41:31 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010.09.06 20:41:22 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.09.06 20:41:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.09.06 20:40:33 | 009,961,472 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\NTUSER.DAT [2010.09.06 20:40:33 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\xxx\ntuser.ini [2010.09.06 20:15:10 | 000,001,244 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-484763869-1801674531-1004UA.job [2010.09.06 20:01:12 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010.09.06 19:43:51 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{AB65D6D2-0B3B-46B5-B84D-A7E14A3E3B6E}.job [2010.09.05 22:15:30 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.05 22:10:06 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe [2010.09.05 22:07:36 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\xxx\Desktop\mbam-setup.exe [2010.09.05 22:04:44 | 000,388,197 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\Load.exe [2010.09.05 21:47:46 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\xxx\Desktop\HiJackThis204.exe [2010.09.05 10:44:46 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010.09.05 10:44:42 | 000,053,760 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.03 22:53:46 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.08.31 01:15:00 | 000,001,192 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-484763869-1801674531-1004Core.job [2010.08.19 21:59:27 | 000,028,827 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\DC_LFA_PEL_045_tcm586-74717.pdf [2010.08.19 21:54:47 | 000,031,396 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\DC_LFA_PEL_046_tcm586-74718.pdf [2010.08.12 21:38:19 | 000,303,624 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.08.12 18:57:25 | 001,006,634 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.08.12 18:57:25 | 000,452,544 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.08.12 18:57:25 | 000,435,594 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.08.12 18:57:25 | 000,081,324 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.08.12 18:57:25 | 000,068,490 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.09.05 22:15:30 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.05 22:13:02 | 000,388,197 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\Load.exe [2010.08.19 22:00:30 | 000,028,827 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\DC_LFA_PEL_045_tcm586-74717.pdf [2010.08.19 21:58:58 | 000,031,396 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\DC_LFA_PEL_046_tcm586-74718.pdf [2010.06.26 00:51:54 | 000,183,240 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2010.04.05 22:45:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI [2010.02.28 21:19:39 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db [2009.12.19 00:35:56 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\$_hpcst$.hpc [2009.04.15 12:53:46 | 000,000,608 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T2 [2009.04.15 12:53:46 | 000,000,604 | -H-- | C] () -- C:\Programme\STLL Notifier [2009.03.24 15:04:03 | 000,001,338 | ---- | C] () -- C:\WINDOWS\GARMINWT.INI [2009.02.01 21:25:42 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7R.DLL [2009.02.01 21:24:16 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL [2009.02.01 21:23:47 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll [2009.02.01 21:21:25 | 000,000,516 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI [2009.02.01 21:17:56 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\CNCFLaNL.DLL [2009.01.29 17:15:19 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll [2009.01.27 12:45:29 | 000,014,737 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2009.01.27 12:01:29 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2009.01.26 15:08:18 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009.01.26 15:08:15 | 000,053,760 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.01.25 21:03:18 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009.01.25 13:42:42 | 000,001,543 | ---- | C] () -- C:\WINDOWS\System32\Captain Widera_KBD.ini [2009.01.25 13:42:42 | 000,001,522 | ---- | C] () -- C:\WINDOWS\System32\MagicKBD.INI [2009.01.25 13:42:40 | 000,003,425 | ---- | C] () -- C:\WINDOWS\System32\KBDR.INI [2009.01.25 13:42:40 | 000,002,700 | ---- | C] () -- C:\WINDOWS\System32\KBDO.INI [2009.01.25 13:42:40 | 000,002,596 | ---- | C] () -- C:\WINDOWS\System32\KBDD.INI [2009.01.25 13:42:40 | 000,002,554 | ---- | C] () -- C:\WINDOWS\System32\KBDC.INI [2009.01.25 13:42:40 | 000,002,461 | ---- | C] () -- C:\WINDOWS\System32\KBDB.INI [2009.01.25 13:42:40 | 000,002,237 | ---- | C] () -- C:\WINDOWS\System32\KBDQ.INI [2009.01.25 13:42:40 | 000,001,886 | ---- | C] () -- C:\WINDOWS\System32\KBDP.INI [2009.01.25 13:42:40 | 000,001,820 | ---- | C] () -- C:\WINDOWS\System32\KBDN.INI [2009.01.25 13:42:40 | 000,001,811 | ---- | C] () -- C:\WINDOWS\System32\KBDE.INI [2009.01.25 13:42:40 | 000,001,690 | ---- | C] () -- C:\WINDOWS\System32\KBDG.INI [2009.01.25 13:42:40 | 000,001,690 | ---- | C] () -- C:\WINDOWS\System32\KBDA.INI [2009.01.25 13:42:40 | 000,001,522 | ---- | C] () -- C:\WINDOWS\System32\KBDS.INI [2009.01.25 13:42:40 | 000,001,332 | ---- | C] () -- C:\WINDOWS\System32\KBDF.INI [2009.01.25 13:42:30 | 000,043,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\RITCPT.SYS [2009.01.25 13:42:21 | 000,005,088 | R--- | C] () -- C:\WINDOWS\System32\drivers\FBAPI.sys [2009.01.25 13:41:35 | 000,004,300 | ---- | C] () -- C:\WINDOWS\System32\MEMIO.SYS [2007.10.11 19:59:24 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys [2007.05.09 21:35:54 | 000,057,126 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2005.07.08 20:21:48 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\AVS3_Resource.dll [2005.06.08 17:58:10 | 000,017,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWFilter.sys [2005.06.08 17:58:08 | 000,035,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWXT_kern_i386.sys [2005.06.08 17:58:08 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys [2005.04.11 11:12:52 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ImageIODll.dll [2005.04.11 11:12:50 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ImageAlbumSave.dll [2005.02.26 14:33:04 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\AVSAudioWideStereoDMO.dll [2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2002.03.14 00:46:46 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll [1998.10.11 00:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll ========== LOP Check ========== [2009.02.01 21:25:49 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ [2010.01.14 00:47:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Just Flight Limited [2009.05.15 15:37:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mindjet [2009.01.25 13:56:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung Electronics [2010.01.03 11:30:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Screentime [2009.02.01 21:21:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SSScanAppDataDir [2009.02.01 21:21:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SSScanWizard [2009.01.26 00:50:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2009.01.26 00:50:10 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{55A29068-F2CE-456C-9148-C869879E2357} [2010.09.05 09:39:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\B3181E6781EBE97DBBB8F7FB73B2AD9D [2010.08.06 22:04:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Canon [2009.06.10 14:42:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\DynaGeo [2009.01.26 00:35:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\GrabPro [2010.06.23 18:01:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\HTML Executable [2010.03.05 20:19:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Leadertech [2009.08.09 13:52:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Orbit [2009.03.11 00:19:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Participatory Culture Foundation [2009.01.25 13:56:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Samsung Electronics [2009.02.01 21:21:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\ScanSoft [2009.06.29 11:26:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\SkyTestSw [2009.12.18 22:45:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Teleca [2009.01.25 21:57:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Tracker Software [2009.01.26 00:51:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\TuneUp Software [2010.09.06 19:43:51 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{AB65D6D2-0B3B-46B5-B84D-A7E14A3E3B6E}.job ========== Purity Check ========== < End of report > [/QUOTE] OLT-Extras OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 06.09.2010 20:44:19 - Run 2 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Dokumente und Einstellungen\xxx\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.022,00 Mb Total Physical Memory | 570,00 Mb Available Physical Memory | 56,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 85,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 85,90 Gb Total Space | 50,24 Gb Free Space | 58,48% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: xxx Current User Name: xxx Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Programme\Microsoft ActiveSync\rapimgr.exe" = C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation) "C:\Programme\Microsoft ActiveSync\wcescomm.exe" = C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation) "C:\Programme\Microsoft ActiveSync\WCESMgr.exe" = C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\Zattoo\zattood.exe" = C:\Programme\Zattoo\zattood.exe:*:Enabled:zattood -- File not found "C:\Programme\Microsoft ActiveSync\rapimgr.exe" = C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation) "C:\Programme\Microsoft ActiveSync\wcescomm.exe" = C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation) "C:\Programme\Microsoft ActiveSync\WCESMgr.exe" = C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation) "C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Apps\2.0\J04B0ECY.0K9\DD2JBBZM.40E\frit..tion_8488884cfbcefd60_0002.0001_383382c5c60b72bd\fritzbox-usb-fernanschluss.exe" = C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Apps\2.0\J04B0ECY.0K9\DD2JBBZM.40E\frit..tion_8488884cfbcefd60_0002.0001_383382c5c60b72bd\fritzbox-usb-fernanschluss.exe:*:Enabled:FRITZ!Box USB-Fernanschluss -- (AVM Berlin) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Systemsteuerung "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{155FBB0D-0EE9-42D1-9E41-15E08F691031}" = Microsoft Producer für Microsoft Office PowerPoint 2003 "{1864FD5B-56B2-4EC4-9301-FB26909EC0A8}" = Mindjet MindManager 8 "{1A864A85-8818-4320-A51C-67148154DC39}" = aerosoft's - Eurowings 2004 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 12 "{28DA872A-0848-48CF-B749-19A198157A2A}" = mDriver "{2931F734-260D-4E83-87B3-A9FE8E873192}_is1" = PDF-XChange Shell Extensions "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper "{3215EBED-1D06-42fb-A05C-A752A46FB24C}" = Canon MP530 "{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{442427A3-8E71-4DBB-BA4B-2F2F387CB5F8}" = Samsung Theme "{4B5E34BE-B93B-488E-B776-509EA41A0F39}" = AVStation premium "{5C79D312-F68F-4B04-8A4F-E28A0AE1ECBB}" = CrissCross 8.40 "{6112293F-48E0-40E2-BAE0-69109BDDD58B}" = Sibelius 5 "{63E2EC92-0B96-46A0-B7E9-715D3ECA2546}" = GNS 480 Simulator "{66A9D30D-1464-4C7F-B2F3-507DADAF2595}" = Microsoft IntelliPoint 6.3 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Samsung Battery Manager "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0 "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{80F6A672-C39B-41CE-8AF5-A9C2FA8C2B72}" = Sibelius Scorch (all browsers) "{84F87B60-7726-45EA-A69C-7165D2D89DBA}" = Sibelius Sounds Essentials Update "{8A4E0D97-A9CB-4617-AE23-705F36877D84}" = Just Flight Dash 8-300 Professional DL (FS2004) "{8BA8CE06-0C92-4A44-9924-2614DCD77F20}" = PMDG MD-11 (FS9 version of COMBO) "{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}" = Logitech QuickCam "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{97679567-0095-464E-B5F2-E218A1CF3421}" = PMDG747_400 Queen of the Skies "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync "{9A174DB5-0B95-46B1-A787-341DF14AB2D5}" = Samsung Smart Screen "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}" = Broadcom 440x 10/100 Integrated Controller "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A999CE76-D054-4684-80C7-53FC9243E019}" = EasyBox "{AAB9478F-DE6B-498B-9420-21E1F1AC700D}" = WOW XT and TSXT Filter Driver "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B4EA9A40-6425-48B3-89F9-9A3AD5DA3E58}" = Just Flight Flying Club v1.00 "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{BD723E53-A42C-4702-AA04-1D74A0311590}" = Magic Keyboard "{BE6E6BF7-6A81-4EC2-AD29-4580025149F1}" = TrackIR4 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU "{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU "{C59E019B-0952-4B72-A382-68A72224F88F}" = GNS400W-500W Trainer "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus "{DD4B6FB8-8A28-4E21-B21B-3DA352DB2AEF}" = Samsung Command Center "{DEA48EFD-22C1-4CD6-B887-EB2E6B2E4735}" = Samsung Network Manager 2.0 "{DF0038DC-A9B7-4F52-8CA4-C79A3CA631FA}" = ToolBook Neuron "{DF7DBA82-0A55-11D6-A0A6-00105AE61887}" = Polar Precision Performance SW 4 "{E36E864B-BFB6-440A-9A23-2B0BEDE59A92}" = MultiScreen "{EA52A1AC-D35D-4D25-8686-9466FE2C5CE5}" = Presto! PageManager 7.15.11 "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11 "Agere Systems Soft Modem" = SENS LT56ADW Modem "Aircraft Gas Turbine Engines1.0" = Aircraft Gas Turbine Engines "Aircraft Performance1.0" = Aircraft Performance "Aircraft Piston Engines1.0" = Aircraft Piston Engines "Airframes, Systems and Emergency Equipment1.0" = Airframes, Systems and Emergency Equipment "All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software "ATI Display Driver" = ATI Display Driver "ATPL Air Law1.0" = ATPL Air Law "ATPL DC Electrics1.0" = ATPL DC Electrics "ATPL Human Performance (Part 1)1.0" = ATPL Human Performance (Part 1) "ATPL Human Performance (Part 2)1.0" = ATPL Human Performance (Part 2) "ATPL Meteorology3.0" = ATPL Meteorology "Audiograbber" = Audiograbber 1.83 SE "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CCleaner" = CCleaner "Citation CJ3 FMS Demonstrator" = FMS Demonstrator CJ3 v1-1 "CPUID CPU-Z_is1" = CPUID CPU-Z 1.54 "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DVD Decrypter" = DVD Decrypter (Remove Only) "DVD Shrink_is1" = DVD Shrink 3.2 "Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint "Easy-WebPrint" = Easy-WebPrint "Flight Simulator 9.0" = Microsoft Flight Simulator 2004 - Das Jahrhundert der Luftfahrt "FreePDF_XP" = FreePDF XP (Remove only) "GARMIN 400 Series Trainer" = GARMIN 400 Series Trainer "GARMIN 500 Series Trainer" = GARMIN 500 Series Trainer "Google Updater" = Google Updater "GPL Ghostscript 8.62" = GPL Ghostscript 8.62 "GPL Ghostscript Fonts" = GPL Ghostscript Fonts "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie8" = Windows Internet Explorer 8 "InstallShield_{442427A3-8E71-4DBB-BA4B-2F2F387CB5F8}" = Samsung Theme "InstallShield_{4B5E34BE-B93B-488E-B776-509EA41A0F39}" = AVStation premium "InstallShield_{DD4B6FB8-8A28-4E21-B21B-3DA352DB2AEF}" = Samsung Command Center "InstallShield_{DEA48EFD-22C1-4CD6-B887-EB2E6B2E4735}" = Samsung Network Manager 2.0 "IrfanView" = IrfanView (remove only) "Joerg Loehr Screensaver 2010" = Joerg Loehr Screensaver 2010 "Level-D 767-300 Tutorials" = Level-D 767-300 Tutorials "Level-D Simulations 767-300" = Level-D Simulations 767-300 "Lion_is1" = Lion 3.0.1 "lvdrivers_11.50" = Logitech QuickCam-Treiberpaket "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "MediaNavigation.CDLabelPrint" = CD-LabelPrint "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8) "MP Navigator 2.2" = Canon MP Navigator 2.2 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MyMDb_0" = MyMDb 3.4.1 "Nero - Burning Rom!UninstallKey" = Nero OEM "Neuratron PhotoScore Lite (D)" = Neuratron PhotoScore Lite (D) "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Notebook Hardware Control" = Notebook Hardware Control 2.0 Pre-Release-06 "PCFriendly" = PCFriendly "PDF Blender" = PDF Blender "PDF-XChange 3_is1" = PDF-XChange 3 "ProInst" = Intel(R) PROSet/Wireless Software "Redirection Port Monitor" = RedMon - Redirection Port Monitor "RestoreIT!" = Recover Pro "Sibelius Sounds Essentials" = Sibelius Sounds Essentials "SkyTest® Swiss-Trainingssoftware_is1" = SkyTest® Swiss-Trainingssoftware "SopCast" = SopCast 3.0.3 "SynTPDeinstKey" = Synaptics Pointing Device Driver "Uninstaller_B52EF000_Dash -8 Professional" = Dash -8 Professional (Shared Components) "VLC media player" = VLC media player 1.0.0 "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = WinRAR "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "f018cf21c0452c64" = AVM FRITZ!Box USB-Fernanschluss "Google Chrome" = Google Chrome "jlGui 3.0" = jlGui 3.0 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 05.09.2010 14:01:11 | Computer Name = xxx | Source = Google Update | ID = 20 Description = Error - 05.09.2010 15:01:09 | Computer Name = xxx | Source = Google Update | ID = 20 Description = Error - 05.09.2010 15:15:07 | Computer Name = xxx | Source = Google Update | ID = 20 Description = Error - 05.09.2010 16:18:48 | Computer Name = xxx | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung Load.exe, Version 3.3.6.1, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 05.09.2010 16:29:17 | Computer Name = xxx | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung Load.exe, Version 3.3.6.1, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 05.09.2010 16:43:15 | Computer Name = xxx | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung OTL.exe, Version 3.2.11.0, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 06.09.2010 13:01:08 | Computer Name = xxx | Source = Google Update | ID = 20 Description = Error - 06.09.2010 13:15:10 | Computer Name = xxx | Source = Google Update | ID = 20 Description = Error - 06.09.2010 14:01:11 | Computer Name = xxx | Source = Google Update | ID = 20 Description = Error - 06.09.2010 14:15:10 | Computer Name = xxx | Source = Google Update | ID = 20 Description = [ System Events ] Error - 05.09.2010 03:54:36 | Computer Name = xxx | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Microsoft security update service. Error - 05.09.2010 11:19:55 | Computer Name = xxx | Source = Dhcp | ID = 1001 Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server für die Netzwerkkarte mit der Netzwerkadresse 00150002C2B3 zugeteilt werden. Der folgende Fehler ist aufgetreten: %%1223. Es wird weiterhin im Hintergrund versucht, eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen. Error - 05.09.2010 11:24:00 | Computer Name = xxx | Source = Service Control Manager | ID = 7034 Description = Dienst "Java Quick Starter" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 05.09.2010 14:25:01 | Computer Name = xxx | Source = Dhcp | ID = 1001 Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server für die Netzwerkkarte mit der Netzwerkadresse 00150002C2B3 zugeteilt werden. Der folgende Fehler ist aufgetreten: %%1223. Es wird weiterhin im Hintergrund versucht, eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen. Error - 05.09.2010 16:39:55 | Computer Name = xxx | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: IntelIde Error - 05.09.2010 16:39:57 | Computer Name = xxx | Source = sr | ID = 1 Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung wurde angehalten. Error - 06.09.2010 14:31:09 | Computer Name = xxx | Source = sr | ID = 1 Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung wurde angehalten. Error - 06.09.2010 14:31:26 | Computer Name = xxx | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: IntelIde [ TuneUp Events ] Error - 02.12.2009 18:11:09 | Computer Name = xxx | Source = TuneUp Program Statistics | ID = 131840 Description = Error - 04.12.2009 13:35:50 | Computer Name = xxx | Source = TuneUp Program Statistics | ID = 131840 Description = Error - 05.12.2009 03:52:03 | Computer Name = xxx | Source = TuneUp Program Statistics | ID = 131840 Description = Error - 06.12.2009 05:34:10 | Computer Name = xxx | Source = TuneUp Program Statistics | ID = 131840 Description = Error - 07.12.2009 16:32:45 | Computer Name = xxx | Source = TuneUp Program Statistics | ID = 131840 Description = Error - 08.12.2009 13:29:56 | Computer Name = xxx | Source = TuneUp Program Statistics | ID = 131840 Description = Error - 09.12.2009 14:11:23 | Computer Name = xxx | Source = TuneUp Program Statistics | ID = 131840 Description = Error - 09.12.2009 19:02:41 | Computer Name = xxx | Source = TuneUp Program Statistics | ID = 131840 Description = Error - 11.12.2009 17:46:19 | Computer Name = xxx | Source = TuneUp Program Statistics | ID = 131840 Description = Error - 13.12.2009 04:00:04 | Computer Name = xxx | Source = TuneUp Program Statistics | ID = 131840 Description = < End of report > [/QUOTE] |
06.09.2010, 20:47 | #6 |
| Internet läuft, Browser gehen nicht... Hi, sieht gut aus, muss aber morgen noch mal drüber, da Akku vom notebook leer... chris
__________________ --> Internet läuft, Browser gehen nicht... |
06.09.2010, 20:54 | #7 |
| Internet läuft, Browser gehen nicht... Servus Chris, danke schon mal für das schnelle Feedback. Dann bin ich mal auf den hoffentlich abschließenden Bericht gespannt. Schönen Abend noch |
07.09.2010, 07:17 | #8 |
| Internet läuft, Browser gehen nicht... Hi, zur Sicherheit noch zwei Files prüfen: Dateien Online überprüfen lassen:
Code:
ATTFilter C:\WINDOWS\system32\drivers\cpuz133_x32.sys C:\WINDOWS\System32\MEMIO.SYS
Etwas aufräumen: Fix für OTL:
Code:
ATTFilter :OTL DRV - (chdrvr03) -- C:\WINDOWS\System32\DRIVERS\chdrvr03.sys File not found DRV - (chdrvr02) -- C:\WINDOWS\System32\DRIVERS\chdrvr02.sys File not found DRV - (chdrvr01) -- C:\WINDOWS\System32\DRIVERS\chdrvr01.sys File not found O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found. :Commands [emptytemp] [Reboot]
chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
07.09.2010, 18:38 | #9 | |||
| Internet läuft, Browser gehen nicht... Servus Chris, also hier die Scans/Logs: CPUZ: Zitat:
Zitat:
Zitat:
Und was hab ich da eigentlich grad gefixt? |
07.09.2010, 18:56 | #10 | |
| Internet läuft, Browser gehen nicht... Hi, Treiber die "unsichtbar sind"... was immer etwas "seltsam" ist... Zitat:
chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
07.09.2010, 19:19 | #11 |
| Internet läuft, Browser gehen nicht... Servus, aso, unsichtbare Treiber... also eigentlich auch unnötige??? Der Laptop läuft wieder recht geschmeidig. Heute keine Macken festgestellt... Ist ja eigentlich n gutes Zeichen, oder? |
08.09.2010, 06:36 | #12 |
| Internet läuft, Browser gehen nicht... Hi, so, zum Abschluß noch SUPERAntiSpyware und die Systemwiederherstellung plätten... Superantispyware: Anleitung&Download hier: http://www.trojaner-board.de/51871-a...tispyware.html Systemwiederherstellung löschen BSI-Faltblattt (https://www.bsi.bund.de/cln_134/ContentBSI/Publikationen/Faltblaetter/F24VirenundCo.html) und dort unter Viren entfernen Wenn der Rechner einwandfrei läuft abschließend alle Systemwiederherstellungspunkte löschen lassen(das sind die: C:\System Volume Information\_restore - Dateien die gefunden wurden, d.h. der Trojaner wurde mit gesichert und wenn Du auf einen Restorepunkt zurück gehen solltest, dann ist er wieder da) wie folgt: Arbeitsplatz ->rechte Maus -> Eigenschaften -> Systemwiederherstellung -> anhaken: "Systemwiederherstellung auf allen Laufwerken deaktivieren" -> Übernehmen -> Sicherheitsabfrage OK -> Fenster mit OK schliessen -> neu Booten; Dann das gleiche nochmal nur das Häkchen entfernen (dann läuft sie wieder). Einen ersten Restorepunkt setzten: Start->Programme->Zubehör->Systemprogramme->Systemwiederherstellung->einen Wiederherstellungspunkt erstellen->weiter, Beschreibung ausdenken->Erstellen chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
10.09.2010, 13:23 | #13 |
| Internet läuft, Browser gehen nicht... Sers Chris, bin leider nicht dazugekommen die abschließenden Arbeiten durchzuführen. Werde wohl erst Di/Mi dazukommen. Danke aber für deine Hilfe, Schönes WE wünsch ich!!! |
Themen zu Internet läuft, Browser gehen nicht... |
0x00000001, 0xc0000001, agere systems, antivir, antivir guard, audiograbber, avgntflt.sys, avira, bho, browser, canon, components, cpu-z, decrypter, desktop, error, excel, fehler, firefox, flash player, fontcache, format, google chrome, helper, hijack, hijackthis, hkus\s-1-5-18, home, internet, intranet, location, msvcr80.dll, oldtimer, otl logfile, otl.exe, plug-in, recover, registry, rogue.securitysuite, rojaner gefunden, rundll, saver, searchplugins, senden, shell32.dll, sicherheitshalber, software, stolen.data, system, tracker, trojaner, trojaner gefunden, viren, vlc media player, windows internet, windows internet explorer, windows xp |