| |
| |||||||
Log-Analyse und Auswertung: Computer fährt, nach dem 1. Mal anmelden, selbstständig wieder runter!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
01.12.2010, 09:30
| #1 |
 |  Computer fährt, nach dem 1. Mal anmelden, selbstständig wieder runter! Hallo zusammen, wie schon eingangs beschrieben, fährt mein PC nach dem Anmelden, erst einmal wieder runter. Folgende Gegenmaßnahmen habe ich schon ergriffen: - CC Cleaner - aktueller AntiVir - Malewarebytes - Spybot Alle Programme bringen nach dem Suchlauf: "nichts gefunden" Vielen Dank für Eure Hilfe Grüße MBrait Anbei der Logfile: HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4[/I] Scan saved at 09:17:09, on 01.12.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\Programme\FreePDF_XP\fpassist.exe C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe C:\Programme\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\WinZip\WZQKPICK.EXE C:\WINDOWS\explorer.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\svchost.exe C:\Programme\iPod\bin\iPodService.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\Mozilla Firefox\plugin-container.exe C:\Programme\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://vshare.toolbarhome.com/?hp=df R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll O3 - Toolbar: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [EPSON SX210 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFDE.EXE /FU "C:\WINDOWS\TEMP\E_S65.tmp" /EF "HKCU" O4 - HKCU\..\Run: [Reguser] C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Regmod\depreg.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Programme\vShare\vshare_toolbar.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe -- End of file - 7527 bytes Leider ist mein Problem immer noch nicht behoben. Kann den niemand helfen? Schöne Grüße MBrait |
|
03.12.2010, 12:28
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Computer fährt, nach dem 1. Mal anmelden, selbstständig wieder runter!Zitat:
__________________ |
|
03.12.2010, 15:31
| #3 |
| | Computer fährt, nach dem 1. Mal anmelden, selbstständig wieder runter! Danke für Deine Hilfe! Anbei die LOG´s
__________________Anhang 11333 Anhang 11334 Anhang 11335 Anhang 11336 Grüße MBrait |
|
03.12.2010, 21:06
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Computer fährt, nach dem 1. Mal anmelden, selbstständig wieder runter! Du hast ständig nur mit dem gleichen Signaturstand gescannt, das kann nicht viel bringen. Aktualisier mal auf MBAM Version 1.50, danach manuell die Signaturen und mach noch einen Vollscan.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
03.12.2010, 23:15
| #5 |
| | Computer fährt, nach dem 1. Mal anmelden, selbstständig wieder runter! Ein LOG mit dem Upgrade ist angehängt. Was meinst Du mit Signaturen? |
|
03.12.2010, 23:19
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Computer fährt, nach dem 1. Mal anmelden, selbstständig wieder runter! Signaturen sind die Datenbanken. Die Aktualität dieser ist für einen Virenscanner entscheidend, denn mit alten Datenbanken ist ein Virenscanner quasi wirkungslos (neuere Schädling werden nicht gefunden)
__________________ --> Computer fährt, nach dem 1. Mal anmelden, selbstständig wieder runter! |
|
04.12.2010, 09:51
| #7 |
| | Computer fährt, nach dem 1. Mal anmelden, selbstständig wieder runter! Danke für die Info. Anbei ein aktueller LOG. Immer noch kein Fund. Kannst Du etwas erkennen? |
|
04.12.2010, 17:49
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Computer fährt, nach dem 1. Mal anmelden, selbstständig wieder runter! Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.12.2010, 09:42
| #9 |
| | Computer fährt, nach dem 1. Mal anmelden, selbstständig wieder runter! Anbei die OTL-Files. |
|
05.12.2010, 15:07
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Computer fährt, nach dem 1. Mal anmelden, selbstständig wieder runter! Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O4 - HKCU..\Run: [Reguser] C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Regmod\depreg.exe ()
O33 - MountPoints2\{203c229a-2937-11df-a370-000d60acc2bb}\Shell - "" = AutoRun
O33 - MountPoints2\{203c229a-2937-11df-a370-000d60acc2bb}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{203c229a-2937-11df-a370-000d60acc2bb}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{29c2f1de-d447-11df-a492-000d60acc2bb}\Shell\AutoRun\command - "" = E:\EmDesk.exe -- File not found
O33 - MountPoints2\{29c2f1de-d447-11df-a492-000d60acc2bb}\Shell\EmDesk\command - "" = E:\EmDesk.exe -- File not found
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.12.2010, 16:09
| #11 |
| | Computer fährt, nach dem 1. Mal anmelden, selbstständig wieder runter! Hmmm, heruntergefahren ist er seit gestern nicht mehr, aber er braucht immer noch viel Zeit beim Hochfahren Anbei die benötigte Datei. |
|
06.12.2010, 19:47
| #12 |
| | Computer fährt, nach dem 1. Mal anmelden, selbstständig wieder runter! Super Tip. Anbei der OSAM-LOG Code:
ATTFilter <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Report of OSAM: Autorun Manager v5.0.11926.0</title> <style type="text/css"> body { margin : 10px 10px 10px 20px; color : #000000; background-color : #fffbf0; font : 10pt Tahoma, Verdana, Arial, Helvetica, sans-serif; scrollbar-3dlight-color : #fffbf0; scrollbar-arrow-color : #000000; scrollbar-darkshadow-color: #000000; scrollbar-face-color : #fffbf0; scrollbar-highlight-color : #000000; scrollbar-shadow-color : #fffbf0; scrollbar-track-color : #fffbf0; } a:link { color: #e15616; } a:visited { color: #e15616; } a:hover { color: #e4743f; } a:active { color: #e4743f; } .header1 { font-size : 115%; font-weight: bold; margin-left: 0px; } table { border-collapse: collapse; border : 1px solid #000000; cellpadding : 0; cellspacing : 0; width : 90%; } td,th { font-size : 12px; color : #000000; background : #fffbf0; border : 1px solid #000000; text-align : left; vertical-align: top; padding : 2px 4px 2px 4px; } .cap { font-weight: bold; font-size : 10pt; padding : 2px 4px 2px 4px; border : 1px solid #000000; } .group { font-weight: bold; font-size : 10pt; padding : 2px 4px 2px 4px; text-align : center; } .reg { font-weight: bold; font-size : 10pt; border : 0px none; padding : 2px 4px 2px 4px; } .notfound { background-color: #B3DDFF; } .blocked { background-color: #FF96EB; } .nodetails { background-color: #FFFF75; } .trusted { background-color: #C8FFC8; } .rootkit { background-color: #FF8696; } td.rs { text-align: center; vertical-align: center; font-family: courier; } td.rs.rm { background: #F90424; title: "Malware"; } td.rs.ri { background: #F90424; title: "Infected"; color: #21F411; } td.rs.rw { background: #F90424; title: "Unwanted"; } td.rs.rs { background: #F90424; title: "Suspicious"; } td.rs.rt { background: #21F411; title: "Trusted"; } td.rs.rc { background: #21F411; title: "Checked"; } td.rs.ry { background: #21F411; title: "Up-to-You"; } td.rs.rr { background: #F6EB13; title: "Riskware"; } td.rs.ru { background: #D4D0C8; title: "Unknown"; } td.rs.rn { background: #FFFFFF; title: "Not checked"; } </style> </head> <body> <p><span class="header1">Report of OSAM: Autorun Manager v5.0.11926.0</span><br> <a href="hxxp://www.online-solutions.ru/en/" target="_blank">hxxp://www.online-solutions.ru/en/</a><br> Saved at 19:43:17 on 06.12.2010</p> <b>OS</b>: Windows XP Professional Service Pack 3 (Build 2600)<br> <b>Default Browser</b>: Mozilla Corporation Firefox 3.6.12<br> <br><b>Scanner Settings</b><br> <input type="checkbox" disabled checked>Rootkits detection (hidden registry)<br> <input type="checkbox" disabled checked>Rootkits detection (hidden files)<br> <input type="checkbox" disabled checked>Retrieve files information<br> <input type="checkbox" disabled checked>Check Microsoft signatures<br> <br><b>Filters</b><br> <input type="checkbox" disabled>Trusted entries<br> <input type="checkbox" disabled>Empty entries<br> <input type="checkbox" disabled checked>Hidden registry entries (rootkit activity)<br> <input type="checkbox" disabled checked>Exclusively opened files<br> <input type="checkbox" disabled checked>Not found files<br> <input type="checkbox" disabled checked>Files without detailed information<br> <input type="checkbox" disabled checked>Existing files<br> <input type="checkbox" disabled>Non-startable services<br> <input type="checkbox" disabled>Non-startable drivers<br> <input type="checkbox" disabled checked>Active entries<br> <input type="checkbox" disabled checked>Disabled entries<br> <br> <table border="1" cellpadding="0" cellspacing="0"> <tr> <th class="cap" width="20"> </th> <th class="cap">Risk</th> <th class="cap">Name</th> <th class="cap">Publisher</th> <th class="cap">Full Path</th> <th class="cap">Status</th> </tr> <tr> <td class="group" colspan="6">Common</td> </tr> <tr> <td class="reg" colspan="6">%SystemRoot%\Tasks</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>"AppleSoftwareUpdate.job"</td> <td>"Apple Inc."</td> <td>C:\Programme\Apple Software Update\SoftwareUpdate.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>"GoogleUpdateTaskMachineCore.job"</td> <td>"Google Inc."</td> <td>C:\Programme\Google\Update\GoogleUpdate.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>"GoogleUpdateTaskMachineUA.job"</td> <td>"Google Inc."</td> <td>C:\Programme\Google\Update\GoogleUpdate.exe</td> <td>File exists</td> </tr> <tr> <td class="group" colspan="6">Control Panel Objects</td> </tr> <tr> <td class="reg" colspan="6">%SystemRoot%\system32</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"javacpl.cpl"</td> <td>"Sun Microsystems, Inc."</td> <td>C:\WINDOWS\system32\javacpl.cpl</td> <td>File exists</td> </tr> <tr> <td class="reg" colspan="6">HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"Avira AntiVir Personal - Free Antivirus "</td> <td>"Avira GmbH"</td> <td>C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"QuickTime"</td> <td>"Apple Inc."</td> <td>C:\Programme\QuickTime\QTSystem\QuickTime.cpl</td> <td>File exists</td> </tr> <tr> <td class="group" colspan="6">Drivers</td> </tr> <tr> <td class="reg" colspan="6">HKLM\SYSTEM\CurrentControlSet\Services</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ru"> </td> <td>"Apple Mobile USB Driver" (USBAAPL)</td> <td>"Apple, Inc."</td> <td>C:\WINDOWS\System32\Drivers\usbaapl.sys</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"avgio" (avgio)</td> <td>"Avira GmbH"</td> <td>C:\Programme\Avira\AntiVir Desktop\avgio.sys</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"avgntflt" (avgntflt)</td> <td>"Avira GmbH"</td> <td>C:\WINDOWS\System32\DRIVERS\avgntflt.sys</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"avipbb" (avipbb)</td> <td>"Avira GmbH"</td> <td>C:\WINDOWS\System32\DRIVERS\avipbb.sys</td> <td>File exists</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">"catchme" (catchme)</td> <td class="notfound"></td> <td class="notfound">C:\DOKUME~1\Admin\LOKALE~1\Temp\catchme.sys</td> <td class="notfound">File not found</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">"Changer" (Changer)</td> <td class="notfound"></td> <td class="notfound">C:\WINDOWS\system32\drivers\Changer.sys</td> <td class="notfound">File not found</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"grmnusb" (grmnusb)</td> <td>"GARMIN Corp."</td> <td>C:\WINDOWS\System32\drivers\grmnusb.sys</td> <td>File exists</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">"i2omgmt" (i2omgmt)</td> <td class="notfound"></td> <td class="notfound">C:\WINDOWS\system32\drivers\i2omgmt.sys</td> <td class="notfound">File not found</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">"lbrtfdc" (lbrtfdc)</td> <td class="notfound"></td> <td class="notfound">C:\WINDOWS\system32\drivers\lbrtfdc.sys</td> <td class="notfound">File not found</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">"PCIDump" (PCIDump)</td> <td class="notfound"></td> <td class="notfound">C:\WINDOWS\system32\drivers\PCIDump.sys</td> <td class="notfound">File not found</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">"PDCOMP" (PDCOMP)</td> <td class="notfound"></td> <td class="notfound">C:\WINDOWS\system32\drivers\PDCOMP.sys</td> <td class="notfound">File not found</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">"PDFRAME" (PDFRAME)</td> <td class="notfound"></td> <td class="notfound">C:\WINDOWS\system32\drivers\PDFRAME.sys</td> <td class="notfound">File not found</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">"PDRELI" (PDRELI)</td> <td class="notfound"></td> <td class="notfound">C:\WINDOWS\system32\drivers\PDRELI.sys</td> <td class="notfound">File not found</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">"PDRFRAME" (PDRFRAME)</td> <td class="notfound"></td> <td class="notfound">C:\WINDOWS\system32\drivers\PDRFRAME.sys</td> <td class="notfound">File not found</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"ssmdrv" (ssmdrv)</td> <td>"Avira GmbH"</td> <td>C:\WINDOWS\System32\DRIVERS\ssmdrv.sys</td> <td>File exists</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">"WDICA" (WDICA)</td> <td class="notfound"></td> <td class="notfound">C:\WINDOWS\system32\drivers\WDICA.sys</td> <td class="notfound">File not found</td> </tr> <tr> <td class="group" colspan="6">Explorer</td> </tr> <tr> <td class="reg" colspan="6">HKLM\Software\Classes\Folder\shellex\ColumnHandlers</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension"</td> <td>"Adobe Systems, Inc."</td> <td>C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll</td> <td>File exists</td> </tr> <tr> <td class="reg" colspan="6">HKLM\Software\Classes\Protocols\Handler</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler"</td> <td>"Microsoft Corporation"</td> <td>C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0"</td> <td>"Microsoft Corporation"</td> <td>C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{CD00020A-8B95-11D1-82DB-00C04FB1625D} "Microsoft PKM KnowledgePluggable Class"</td> <td>"Microsoft Corporation"</td> <td>C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL</td> <td>File exists</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">{3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} "vsharechrome"</td> <td class="notfound"></td> <td class="notfound"></td> <td class="notfound">File not found | COM-object registry key not found</td> </tr> <tr> <td class="reg" colspan="6">HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung"</td> <td class="notfound"></td> <td class="notfound">deskpan.dll</td> <td class="notfound">File not found</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist"</td> <td class="notfound"></td> <td class="notfound"></td> <td class="notfound">File not found | COM-object registry key not found</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ru"> </td> <td>{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes"</td> <td>"Apple Inc."</td> <td>C:\Programme\iTunes\iTunesMiniPlayer.dll</td> <td>File exists</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung"</td> <td class="notfound"></td> <td class="notfound"></td> <td class="notfound">File not found | COM-object registry key not found</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler"</td> <td>"Microsoft Corporation"</td> <td>C:\Programme\Microsoft Office\Office10\msohev.dll</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung"</td> <td>"Microsoft Corporation"</td> <td>C:\Programme\Microsoft Office\Office10\OLKFSTUB.DLL</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning"</td> <td>"Avira GmbH"</td> <td>C:\Programme\Avira\AntiVir Desktop\shlext.dll</td> <td>File exists</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung"</td> <td class="notfound"></td> <td class="notfound"></td> <td class="notfound">File not found | COM-object registry key not found</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner"</td> <td>"Microsoft Corporation"</td> <td>C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR"</td> <td>"Alexander Roshal"</td> <td>C:\Programme\WinRAR\rarext.dll</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{E0D79304-84BE-11CE-9641-444553540000} "WinZip"</td> <td>"WinZip Computing, Inc."</td> <td>C:\PROGRA~1\WINZIP\WZSHLSTB.DLL</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{E0D79305-84BE-11CE-9641-444553540000} "WinZip"</td> <td>"WinZip Computing, Inc."</td> <td>C:\PROGRA~1\WINZIP\WZSHLSTB.DLL</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{E0D79306-84BE-11CE-9641-444553540000} "WinZip"</td> <td>"WinZip Computing, Inc."</td> <td>C:\PROGRA~1\WINZIP\WZSHLSTB.DLL</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{E0D79307-84BE-11CE-9641-444553540000} "WinZip"</td> <td>"WinZip Computing, Inc."</td> <td>C:\PROGRA~1\WINZIP\WZSHLSTB.DLL</td> <td>File exists</td> </tr> <tr> <td class="group" colspan="6">Internet Explorer</td> </tr> <tr> <td class="reg" colspan="6">HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td><binary data> "EPSON Web-To-Page"</td> <td>"SEIKO EPSON CORPORATION"</td> <td>C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll</td> <td>File exists</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">ITBar7Height "ITBar7Height"</td> <td class="notfound"></td> <td class="notfound"></td> <td class="notfound">File not found | COM-object registry key not found</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound"><binary data> "ITBar7Layout"</td> <td class="notfound"></td> <td class="notfound"></td> <td class="notfound">File not found | COM-object registry key not found</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound"><binary data> "ITBarLayout"</td> <td class="notfound"></td> <td class="notfound"></td> <td class="notfound">File not found | COM-object registry key not found</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound"><binary data> "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"</td> <td class="notfound"></td> <td class="notfound"></td> <td class="notfound">File not found | COM-object registry key not found</td> </tr> <tr> <td class="reg" colspan="6">HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_21"<br>hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab</td> <td>"Sun Microsystems, Inc."</td> <td>C:\Programme\Java\jre6\bin\npjpi160_21.dll</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21"<br>hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab</td> <td>"Sun Microsystems, Inc."</td> <td>C:\Programme\Java\jre6\bin\npjpi160_21.dll</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21"<br>hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab</td> <td>"Sun Microsystems, Inc."</td> <td>C:\Programme\Java\jre6\bin\npjpi160_21.dll</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object"<br>hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab</td> <td>"Adobe Systems, Inc."</td> <td>C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx</td> <td>File exists</td> </tr> <tr> <td class="reg" colspan="6">HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension"</td> <td>"Safer Networking Limited"</td> <td>C:\PROGRA~1\SPYBOT~1\SDHelper.dll</td> <td>File exists</td> </tr> <tr> <td class="reg" colspan="6">HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>{9421DD08-935F-4701-A9CA-22DF90AC4EA6} "Easy Photo Print"</td> <td>"SEIKO EPSON CORPORATION / CyCom Technology Corp."</td> <td>C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td><binary data> "EPSON Web-To-Page"</td> <td>"SEIKO EPSON CORPORATION"</td> <td>C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll</td> <td>File exists</td> </tr> <tr> <td class="reg" colspan="6">HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper"</td> <td>"Adobe Systems Incorporated"</td> <td>C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>{9421DD08-935F-4701-A9CA-22DF90AC4EA6} "Easy Photo Print"</td> <td>"SEIKO EPSON CORPORATION / CyCom Technology Corp."</td> <td>C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} "EpsonToolBandKicker Class"</td> <td>"SEIKO EPSON CORPORATION"</td> <td>C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper"</td> <td>"Sun Microsystems, Inc."</td> <td>C:\Programme\Java\jre6\bin\jp2ssv.dll</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class"</td> <td>"Sun Microsystems, Inc."</td> <td>C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection"</td> <td>"Safer Networking Limited"</td> <td>C:\PROGRA~1\SPYBOT~1\SDHelper.dll</td> <td>File exists</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">{02478D38-C3F9-4efb-9B51-7695ECA05670} "{02478D38-C3F9-4efb-9B51-7695ECA05670}"</td> <td class="notfound"></td> <td class="notfound"></td> <td class="notfound">File not found | COM-object registry key not found</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">{043C5167-00BB-4324-AF7E-62013FAEDACF} "{043C5167-00BB-4324-AF7E-62013FAEDACF}"</td> <td class="notfound"></td> <td class="notfound"></td> <td class="notfound">File not found | COM-object registry key not found</td> </tr> <tr> <td class="group" colspan="6">Logon</td> </tr> <tr> <td class="reg" colspan="6">%AllUsersProfile%\Startmenü\Programme\Autostart</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"desktop.ini"</td> <td></td> <td>C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>"Microsoft Office.lnk"</td> <td>"Microsoft Corporation"</td> <td>C:\Programme\Microsoft Office\Office10\OSA.EXE</td> <td>Shortcut exists | File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>"WinZip Quick Pick.lnk"</td> <td>"WinZip Computing, Inc."</td> <td>C:\Programme\WinZip\WZQKPICK.EXE</td> <td>Shortcut exists | File exists</td> </tr> <tr> <td class="reg" colspan="6">%UserProfile%\Startmenü\Programme\Autostart</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"desktop.ini"</td> <td></td> <td>C:\Dokumente und Einstellungen\Admin\Startmenü\Programme\Autostart\desktop.ini</td> <td>File exists</td> </tr> <tr> <td class="reg" colspan="6">HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"SpybotSD TeaTimer"</td> <td>"Safer-Networking Ltd."</td> <td>C:\Programme\Spybot - Search & Destroy\TeaTimer.exe</td> <td>File exists</td> </tr> <tr> <td class="reg" colspan="6">HKLM\Software\Microsoft\Windows\CurrentVersion\Run</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>"Adobe Reader Speed Launcher"</td> <td>"Adobe Systems Incorporated"</td> <td>"C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>"AppleSyncNotifier"</td> <td>"Apple Inc."</td> <td>C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"avgnt"</td> <td>"Avira GmbH"</td> <td>"C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>"EEventManager"</td> <td>"SEIKO EPSON CORPORATION"</td> <td>C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rc">|| </td> <td>"FreePDF Assistant"</td> <td>"shbox.de"</td> <td>C:\Programme\FreePDF_XP\fpassist.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ru"> </td> <td>"iTunesHelper"</td> <td>"Apple Inc."</td> <td>"C:\Programme\iTunes\iTunesHelper.exe"</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rc">|| </td> <td>"QuickTime Task"</td> <td>"Apple Inc."</td> <td>"C:\Programme\QuickTime\QTTask.exe" -atboottime</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>"SunJavaUpdateSched"</td> <td>"Sun Microsystems, Inc."</td> <td>"C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"</td> <td>File exists</td> </tr> <tr> <td class="group" colspan="6">Print Monitors</td> </tr> <tr> <td class="reg" colspan="6">HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors</td> </tr> <tr> <td class="nodetails"><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td class="nodetails">"Redirected Port"</td> <td class="nodetails"></td> <td class="nodetails">C:\WINDOWS\system32\redmonnt.dll</td> <td class="nodetails">File found, but it contains no detailed information</td> </tr> <tr> <td class="group" colspan="6">Services</td> </tr> <tr> <td class="reg" colspan="6">HKLM\SYSTEM\CurrentControlSet\Services</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ru"> </td> <td>"Apple Mobile Device" (Apple Mobile Device)</td> <td>"Apple Inc."</td> <td>C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"Avira AntiVir Guard" (AntiVirService)</td> <td>"Avira GmbH"</td> <td>C:\Programme\Avira\AntiVir Desktop\avguard.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"Avira AntiVir Planer" (AntiVirSchedulerService)</td> <td>"Avira GmbH"</td> <td>C:\Programme\Avira\AntiVir Desktop\sched.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"Dienst "Bonjour"" (Bonjour Service)</td> <td>"Apple Inc."</td> <td>C:\Programme\Bonjour\mDNSResponder.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>"Google Update Service (gupdate)" (gupdate)</td> <td>"Google Inc."</td> <td>C:\Programme\Google\Update\GoogleUpdate.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ru"> </td> <td>"iPod-Dienst" (iPod Service)</td> <td>"Apple Inc."</td> <td>C:\Programme\iPod\bin\iPodService.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"Java Quick Starter" (JavaQuickStarterService)</td> <td>"Sun Microsystems, Inc."</td> <td>C:\Programme\Java\jre6\bin\jqs.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>"Machine Debug Manager" (MDM)</td> <td>"Microsoft Corporation"</td> <td>C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe</td> <td>File exists</td> </tr> <tr> <td class="group" colspan="6">Winlogon</td> </tr> <tr> <td class="reg" colspan="6">HKCU\Control Panel\IOProcs</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">"MVB"</td> <td class="notfound"></td> <td class="notfound">mvfs32.dll</td> <td class="notfound">File not found</td> </tr> <tr> <td class="group" colspan="6">Winsock Providers</td> </tr> <tr> <td class="reg" colspan="6">HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"mdnsNSP"</td> <td>"Apple Inc."</td> <td>C:\Programme\Bonjour\mdnsNSP.dll</td> <td>File exists</td> </tr> </table> <p>If You have questions or want to get some help, You can visit <a href="hxxp://forum.online-solutions.ru" target="_blank">hxxp://forum.online-solutions.ru</a></p> </body></html> |
|
05.12.2010, 16:28
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Computer fährt, nach dem 1. Mal anmelden, selbstständig wieder runter! Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.12.2010, 17:45
| #14 |
| | Computer fährt, nach dem 1. Mal anmelden, selbstständig wieder runter! Habe Deine Empfehlungen artig umgesetzt. Die wir einiges über das Internet machen, habe ich diesbezüglich noch die Frage, ob wir nun sämtliche Passwörter etc. ändern müssen? Der LOG: Combofix Logfile: Code:
ATTFilter ComboFix 10-12-04.02 - Admin 05.12.2010 17:24:02.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.503.285 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Admin\Desktop\cofi.exe.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Install.exe
.
((((((((((((((((((((((( Dateien erstellt von 2010-11-05 bis 2010-12-05 ))))))))))))))))))))))))))))))
.
2010-12-05 14:58 . 2010-12-05 14:58 -------- d-----w- C:\_OTL
2010-12-02 08:47 . 2010-12-02 08:47 -------- d-----w- c:\dokumente und einstellungen\Admin\Anwendungsdaten\Uniblue
2010-12-02 08:46 . 2010-12-02 08:46 -------- d-----w- c:\dokumente und einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\PackageAware
2010-11-30 12:30 . 2010-11-30 12:30 388096 ----a-r- c:\dokumente und einstellungen\Admin\Anwendungsdaten\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-11-30 12:30 . 2010-11-30 12:30 -------- d-----w- c:\programme\Trend Micro
2010-11-30 12:16 . 2010-11-30 12:16 -------- d-----w- c:\dokumente und einstellungen\Admin\Anwendungsdaten\Malwarebytes
2010-11-30 12:15 . 2010-11-29 16:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-30 12:15 . 2010-11-30 12:15 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-11-30 12:15 . 2010-12-03 20:39 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2010-11-30 12:15 . 2010-11-29 16:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-30 11:57 . 2010-12-05 14:58 -------- d-----w- c:\dokumente und einstellungen\Admin\Anwendungsdaten\Regmod
2010-11-29 19:18 . 2010-11-29 19:18 -------- d-----w- c:\programme\iPod
2010-11-29 19:17 . 2010-11-29 19:19 -------- d-----w- c:\programme\iTunes
2010-11-29 14:36 . 2010-11-30 11:57 -------- d-----w- c:\dokumente und einstellungen\Admin\Anwendungsdaten\Msnet
2010-11-29 12:24 . 2008-04-14 03:22 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2010-11-29 12:24 . 2008-04-14 03:22 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-11-29 12:24 . 2008-04-14 02:58 14720 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-11-29 12:24 . 2008-04-14 02:58 14720 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-11-09 19:14 . 2010-11-09 19:14 -------- d-----w- c:\dokumente und einstellungen\Admin\Anwendungsdaten\GARMIN
2010-11-09 19:09 . 2010-11-09 19:27 -------- d-----w- C:\Garmin
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 10:22 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:52 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:52 . 2004-08-04 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:52 . 2004-08-04 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:47 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:47 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:47 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-08 09:17 . 2010-09-08 09:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 09:17 . 2010-09-08 09:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2009-12-23 05:54 . 2009-12-23 06:00 32494896 ----a-w- c:\programme\QuickTimeInstaller.exe
2009-08-29 07:39 . 2009-08-29 07:44 714136 ----a-w- c:\programme\jre-6u14-windows-i586-iftw.exe
2009-08-23 08:45 . 2009-08-23 08:46 59954024 ----a-w- c:\programme\ElsterFormular2008-Setup.exe
2009-08-06 17:54 . 2009-08-23 08:46 3278552 ----a-w- c:\programme\ccsetup222.exe
2009-07-23 17:04 . 2009-07-23 17:41 318904 ----a-w- c:\programme\wmpfirefoxplugin.exe
2009-06-13 08:12 . 2009-06-13 08:14 1878888 ----a-w- c:\programme\install_flash_player.exe
2009-06-13 08:10 . 2009-06-13 08:11 1577984 ----a-w- c:\programme\FreePDFXP3.20.EXE
2009-05-05 09:13 . 2009-06-13 07:16 16409960 ----a-w- c:\programme\spybotsd162.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\programme\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-05 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-05 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-05 114688]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"FreePDF Assistant"="c:\programme\FreePDF_XP\fpassist.exe" [2007-04-25 311296]
"AppleSyncNotifier"="c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-21 47904]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2010-11-17 421160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Microsoft Office.lnk - c:\programme\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
WinZip Quick Pick.lnk - c:\programme\WinZip\WZQKPICK.EXE [2009-6-13 118784]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\GameSpy Arcade\\Aphex.exe"=
"c:\\Programme\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [13.06.2009 08:42 108289]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [03.06.2010 18:04 136176]
.
Inhalt des "geplante Tasks" Ordners
2010-11-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-06-03 17:04]
2010-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-06-03 17:04]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://vshare.toolbarhome.com/?hp=df
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\dokumente und einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\4kzkf2s1.default\
FF - plugin: c:\dokumente und einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\4kzkf2s1.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: c:\programme\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programme\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\programme\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\np-mswmp.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\programme\Java\jre6\lib\deploy\jqs\ff
FF - Extension: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - c:\dokumente und einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\4kzkf2s1.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Extension: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - c:\dokumente und einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\4kzkf2s1.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
---- FIREFOX Richtlinien ----
FF - user.js: yahoo.homepage.dontask - true
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-12-05 17:30
Windows 5.1.2600 Service Pack 3 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
Zeit der Fertigstellung: 2010-12-05 17:34:48
ComboFix-quarantined-files.txt 2010-12-05 16:34
Vor Suchlauf: 9 Verzeichnis(se), 21.714.698.240 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 21.674.364.928 Bytes frei
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
[spybotsd]
timeout.old=30
- - End Of File - - F4353639F1270863C6C0C8AB9D81FA9E
|
|
05.12.2010, 18:12
| #15 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Computer fährt, nach dem 1. Mal anmelden, selbstständig wieder runter!Zitat:
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Computer fährt, nach dem 1. Mal anmelden, selbstständig wieder runter! |
| adobe, antivir guard, avg, avira, bho, bonjour, c:\windows\system32\services.exe, computer, desktop, einstellungen, excel, explorer, firefox, firefox.exe, google, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, jusched.exe, logfile, maßnahme, mozilla, plug-in, programme, sched.exe, software, system, temp, windows, windows xp |
Hybrid-Darstellung
