Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   PC fährt automatisch runter. Firefox spinnt. (https://www.trojaner-board.de/88001-pc-faehrt-automatisch-runter-firefox-spinnt.html)

Capone 11.07.2010 12:34
PC fährt automatisch runter. Firefox spinnt.
 
Ich habe Probleme auf meinem PC. Der Firefox ist am spinnen, wenn ich Firefox öffne kommt IE. Wäre dankbar wenn mal einer checkt. Danke.


HiJackthis Logfile:
Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:30:54, on 11.07.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\3Com_DMI\3CDMINIC.EXE
C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\Programme\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Programme\Opera\opera.exe
C:\Programme\Windows Live\Messenger\msnmsgr.exe
C:\Programme\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Programme\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programme\FlashGet\jccatch.dll
O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programme\FlashGet\getflash.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Getdo] rundll32.exe "C:\Dokumente und Einstellungen\Capone\Anwendungsdaten\Adobe\Update\flacor.dat""
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: &Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\Capone\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231518596936
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231518668420
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\Skype4COM.dll
O23 - Service: 3Com DMI Agent (3ComDMIService) - 3Com Corporation - C:\WINDOWS\System32\3Com_DMI\3CDMINIC.EXE
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Start BT in service - Unknown owner - C:\Programme\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 6832 bytes
--- --- ---

nochdigger 11.07.2010 15:38
Hallo

Zitat:
Ich habe Probleme auf meinem PC. Der Firefox ist am spinnen, wenn ich Firefox öffne kommt IE.
etwas eindeutiger dürfte die Beschreibung deiner Probleme schon sein....

Überprüfe dein System bitte mit Malwarebytes und poste das Log hierher, anschließend erstelle ein RSIT Log.

MFG

Capone 12.07.2010 01:26
Wenn ich Firefox starte, sehe ich die Webseiten so als hätte ich Internet Explorer offen. Die Icons von den Webseiten werden auch nicht dargestellt. Wenn ich unter Addons bei Firefox etwas anklicke, dann verschwindet das Addon-Fenster plötzlich. Irgendwie eigenartig. Sozusagen benutzt Firefox die IE Darstellungen.

Nachdem ich Firefox schließe ist ist im Task manager der Prozess: iexplore.exe am laufen, obwohl ich keinen IE am laufen habe.


Malwarebytes Log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4304

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12.07.2010 02:25:12
mbam-log-2010-07-12 (02-25-12).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 172465
Laufzeit: 56 Minute(n), 22 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\getdo (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Dokumente und Einstellungen\Capone\Anwendungsdaten\Adobe\Update\flacor.dat (Trojan.Agent) -> Quarantined and deleted successfully.



RSIT LOG:

RSIT Logfile:
Code:
Logfile of random's system information tool 1.08 (written by random/random)
Run by Capone at 2010-07-12 02:09:49
Microsoft Windows XP Professional Service Pack 3
System drive C: has 10 GB (49%) free of 20 GB
Total RAM: 1024 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 02:09:59, on 12.07.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\3Com_DMI\3CDMINIC.EXE
C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\Programme\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Programme\Opera\opera.exe
C:\Programme\Malwarebytes\mbam.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Capone\Lokale Einstellungen\Anwendungsdaten\Opera\Opera\temporary_downloads\RSIT.exe
C:\Programme\trend micro\Capone.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programme\FlashGet\jccatch.dll
O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programme\FlashGet\getflash.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Getdo] rundll32.exe "C:\Dokumente und Einstellungen\Capone\Anwendungsdaten\Adobe\Update\flacor.dat""
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: &Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\Capone\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231518596936
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231518668420
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\Skype4COM.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: 3Com DMI Agent (3ComDMIService) - 3Com Corporation - C:\WINDOWS\System32\3Com_DMI\3CDMINIC.EXE
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Start BT in service - Unknown owner - C:\Programme\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 7240 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\OGALogon.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - C:\Programme\FlashGet\jccatch.dll [2007-08-06 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
DVDVideoSoftTB Toolbar - C:\Programme\DVDVideoSoftTB\tbDVD1.dll [2010-06-14 2736736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2010-01-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-01-11 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - C:\Programme\FlashGet\getflash.dll [2007-05-18 163840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{872b5b88-9db5-4310-bdd0-ac189557e5f5} - DVDVideoSoftTB Toolbar - C:\Programme\DVDVideoSoftTB\tbDVD1.dll [2010-06-14 2736736]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440]
"QuickTime Task"=C:\Programme\QuickTime\qttask.exe [2009-11-11 417792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Getdo"=C:\Dokumente und Einstellungen\Capone\Anwendungsdaten\Adobe\Update\flacor.dat [2010-07-11 135680]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe [2009-11-19 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Programme\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe /startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Programme\iTunes\iTunesHelper.exe [2009-11-12 141600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
C:\Programme\Logitech\Video\ManifestEngine.exe [2005-06-08 196608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
C:\Programme\Logitech\Video\ISStart.exe [2005-06-08 458752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\Programme\Logitech\Video\LogiTray.exe [2005-06-08 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
C:\WINDOWS\system32\LVCOMSX.EXE [2005-07-19 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\PROGRA~1\MESSEN~1\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSSE]
C:\Programme\Microsoft Security Essentials\msseces.exe [2010-06-01 1093208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Programme\QuickTime\QTTask.exe [2009-11-11 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [2010-01-11 246504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Programme\Winamp\winampa.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~3\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Apple Mobile Device"=2
"WMPNetworkSvc"=3
"JavaQuickStarterService"=2
"iPod Service"=3
"Bonjour Service"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-12-01 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\Mozilla Firefox\firefox.exe"="C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Programme\FrostWire\FrostWire.exe"="C:\Programme\FrostWire\FrostWire.exe:*:Enabled:FrostWire"
"C:\Programme\eMule\emule.exe"="C:\Programme\eMule\emule.exe:*:Enabled:eMule"
"C:\Programme\Zattoo\Zattoo2.exe"="C:\Programme\Zattoo\Zattoo2.exe:*:Enabled: "
"C:\Programme\Vuze\Azureus.exe"="C:\Programme\Vuze\Azureus.exe:*:Enabled:Azureus"
"C:\Programme\SopCast\adv\SopAdver.exe"="C:\Programme\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Programme\SopCast\SopCast.exe"="C:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Programme\TVUPlayer\TVUPlayer.exe"="C:\Programme\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component"
"C:\Programme\ICQ6.5\ICQ.exe"="C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Programme\Java\jre6\bin\java.exe"="C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"F:\emu\wgens\kaillerasrv\kaillerasrv.exe"="F:\emu\wgens\kaillerasrv\kaillerasrv.exe:*:Enabled:kaillerasrv"
"C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe"="C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server"
"C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe"="C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server"
"C:\Programme\FlashGet\flashget.exe"="C:\Programme\FlashGet\flashget.exe:*:Enabled:Flashget"
"C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\Programme\Opera\opera.exe"="C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Programme\iTunes\iTunes.exe"="C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes"
"G:\Warcraft III\Warcraft III.exe"="G:\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"G:\Warcraft III\War3.exe"="G:\Warcraft III\War3.exe:*:Enabled:Warcraft III"
"C:\Programme\Xfire\Xfire.exe"="C:\Programme\Xfire\Xfire.exe:*:Enabled:Xfire"
"G:\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-deDE-downloader.exe"="G:\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-deDE-downloader.exe:*:Enabled:Blizzard Downloader"
"G:\World of Warcraft\Launcher.exe"="G:\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Programme\Internet Explorer\iexplore.exe"="C:\Programme\Internet Explorer\iexplore.exe:*:Enabled:enable"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2010-07-12 01:45:41 ----D---- C:\Programme\trend micro
2010-07-12 01:45:38 ----D---- C:\rsit
2010-06-19 13:09:53 ----D---- C:\Dokumente und Einstellungen\Capone\Anwendungsdaten\PriceGong

======List of files/folders modified in the last 1 months======

2010-07-12 01:45:41 ----RD---- C:\Programme
2010-07-12 01:25:58 ----D---- C:\WINDOWS\Temp
2010-07-12 01:24:09 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-11 14:21:36 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-11 13:30:38 ----D---- C:\Programme\HijackThis
2010-07-11 13:18:03 ----D---- C:\WINDOWS
2010-07-11 11:49:45 ----D---- C:\Programme\Mozilla Firefox
2010-07-11 11:49:38 ----D---- C:\WINDOWS\Prefetch
2010-07-11 11:45:57 ----SHD---- C:\WINDOWS\Installer
2010-07-11 01:59:02 ----D---- C:\Dokumente und Einstellungen\Capone\Anwendungsdaten\Adobe
2010-07-09 15:49:47 ----RASH---- C:\boot.ini
2010-07-09 15:49:47 ----A---- C:\WINDOWS\win.ini
2010-07-09 15:49:47 ----A---- C:\WINDOWS\system.ini
2010-07-09 15:01:38 ----D---- C:\Programme\Google
2010-07-05 18:02:44 ----D---- C:\WINDOWS\Debug
2010-07-05 18:02:06 ----D---- C:\Programme\CCleaner
2010-07-01 17:00:26 ----D---- C:\Programme\Opera
2010-06-29 11:43:23 ----D---- C:\Programme\ICQ6.5
2010-06-29 11:35:15 ----D---- C:\Programme\Microsoft Security Essentials
2010-06-29 11:34:31 ----HD---- C:\WINDOWS\inf
2010-06-29 11:34:31 ----D---- C:\WINDOWS\system32\drivers
2010-06-24 12:33:52 ----D---- C:\WINDOWS\Microsoft.NET
2010-06-24 12:33:28 ----RSD---- C:\WINDOWS\assembly
2010-06-24 01:55:43 ----D---- C:\WINDOWS\system32
2010-06-24 01:55:10 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-06-24 01:54:50 ----D---- C:\WINDOWS\WinSxS
2010-06-14 14:05:57 ----D---- C:\Programme\DVDVideoSoftTB

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\System32\Drivers\vbtenum.sys [2007-03-05 20880]
R0 BTHidMgr;Bluetooth HID Manager Service; C:\WINDOWS\System32\Drivers\BTHidMgr.sys [2007-03-05 35600]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-06-15 721904]
R0 viaagp1;VIA AGP Filter; C:\WINDOWS\System32\DRIVERS\viaagp1.sys [2003-07-02 27904]
R1 AmdK7;AMD K7-Prozessortreiber; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-14 41856]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2010-03-25 151216]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 BCAITDI;3Com BCAITDI DMI TDI; C:\WINDOWS\System32\DRIVERS\BCAItdi.sys [2002-03-14 19470]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2008-12-02 3452928]
R3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2007-06-24 34312]
R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys [2007-06-24 27656]
R3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2007-03-05 18320]
R3 EL2000;3Com 3C2000x EtherLink XL Adapter; C:\WINDOWS\System32\DRIVERS\EL2K_XP.sys [2003-06-03 147328]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-05-27 22016]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2003-04-02 12288]
R3 QCMerced;Logitech QuickCam Communicate; C:\WINDOWS\system32\DRIVERS\LVCM.sys [2005-05-27 1317152]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2003-04-02 5888]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-05-27 578304]
R3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2007-03-05 34448]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2007-03-05 44304]
S3 aer7b22b;aer7b22b; C:\WINDOWS\system32\drivers\aer7b22b.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2007-06-24 38920]
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 cpuz130;cpuz130; \??\C:\DOKUME~1\Capone\LOKALE~1\Temp\cpuz130\cpuz_x32.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 esihdrv;esihdrv; \??\C:\DOKUME~1\Capone\LOKALE~1\Temp\esihdrv.sys []
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\system32\DRIVERS\k750bus.sys [2005-02-11 55216]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\WINDOWS\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 3ComDMIService;3Com DMI Agent; C:\WINDOWS\System32\3Com_DMI\3CDMINIC.EXE [2003-03-04 114688]
R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-12-01 598016]
R2 BlueSoleil Hid Service;BlueSoleil Hid Service; C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe [2008-03-19 166520]
R2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2009-03-31 233472]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Programme\Microsoft Security Essentials\MsMpEng.exe [2010-03-25 17904]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Programme\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 Start BT in service;Start BT in service; C:\Programme\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2008-03-19 51816]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2009-12-11 604488]
R2 UxTuneUp;TuneUp Designerweiterung; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-12-01 593920]
S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ServiceLayer;ServiceLayer; C:\Programme\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-12-11 361288]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2010-04-01 267432]
S4 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712]
S4 Bonjour Service;Bonjour-Dienst; C:\Programme\Bonjour\mDNSResponder.exe [2008-12-12 238888]
S4 iPod Service;iPod Service; C:\Programme\iPod\bin\iPodService.exe [2009-11-12 545568]
S4 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-12-17 153376]
S4 NetTcpPortSharing;Net.Tcp-Portfreigabedienst; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576]

-----------------EOF-----------------
--- --- ---

Capone 12.07.2010 11:51
Liste der Anhänge anzeigen (Anzahl: 1)
Hier ist ein screen von meinem firefox. Der PC fährt in letzter zeit nicht mehr automatisch herunter. Aber was mich stört ist, dass der Firefox vom IE übernommen worden ist, siehe screen. Echt eigenartig. Was soll ich tun?

Capone 12.07.2010 15:53
Habe den IE komplett deinstalliert und es ist immer noch so wie es auf dem Screen zu sehen ist.

nochdigger 12.07.2010 21:18
Hallo

Zitat:
Nachdem ich Firefox schließe ist ist im Task manager der Prozess: iexplore.exe am laufen, obwohl ich keinen IE am laufen habe.
so was hab ich mit "etwas eindeutiger" gemeint, jetzt geht das in eine etwas andere Richtung.

Überprüfe dein System bitte mit OTL sowie Gmer und poste die Logs hierher.

MFG

Capone 12.07.2010 21:36
Im Firefox hatte ich das Addon "Ie tab". Das hat es anscheinend verursacht. Habe das Addon aber nicht von einer seriösen Setie anscheinend. Habe das Addon deaktiviert und Firefox komplet deinstalliert und wieder Installiert. Jetzt funktioniert Firefox wieder, so wie es sein soll. Das Addon "IE Tab" ist auch nicht mehr da. Bin mir aber noch unsicher, ob mein PC 100% ok ist. Daher habe ich die OTL Logfiles gepostet. Bei Gmer startet mein PC immer neu, wenn es starte. Keine Ahnung wieso.



OTL Logfile:
Code:
OTL Extras logfile created on: 12.07.2010 22:33:40 - Run 1
OTL by OldTimer - Version 3.2.9.0    Folder = C:\Dokumente und Einstellungen\Capone\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.024,00 Mb Total Physical Memory | 250,00 Mb Available Physical Memory | 24,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 19,53 Gb Total Space | 9,49 Gb Free Space | 48,59% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 48,83 Gb Total Space | 41,99 Gb Free Space | 85,99% Space Free | Partition Type: NTFS
Drive G: | 80,68 Gb Total Space | 59,87 Gb Free Space | 74,21% Space Free | Partition Type: NTFS
Drive H: | 955,72 Mb Total Space | 107,02 Mb Free Space | 11,20% Space Free | Partition Type: FAT
I: Drive not present or media not loaded
 
Computer Name: CAPONE-46O0H4TC
Current User Name: Capone
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programme\FrostWire\FrostWire.exe" = C:\Programme\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)
"C:\Programme\eMule\emule.exe" = C:\Programme\eMule\emule.exe:*:Enabled:eMule -- (hxxp://www.emule-project.net)
"C:\Programme\Zattoo\Zattoo2.exe" = C:\Programme\Zattoo\Zattoo2.exe:*:Enabled:  -- ()
"C:\Programme\Vuze\Azureus.exe" = C:\Programme\Vuze\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.)
"C:\Programme\SopCast\adv\SopAdver.exe" = C:\Programme\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Programme\SopCast\SopCast.exe" = C:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Programme\TVUPlayer\TVUPlayer.exe" = C:\Programme\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component -- (TVU networks)
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"F:\emu\wgens\kaillerasrv\kaillerasrv.exe" = F:\emu\wgens\kaillerasrv\kaillerasrv.exe:*:Enabled:kaillerasrv -- ()
"C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
"C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)
"C:\Programme\FlashGet\flashget.exe" = C:\Programme\FlashGet\flashget.exe:*:Enabled:Flashget -- (FlashGet.com)
"C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe" = C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil -- (IVT Corporation.)
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"G:\Warcraft III\Warcraft III.exe" = G:\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
"G:\Warcraft III\War3.exe" = G:\Warcraft III\War3.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
"C:\Programme\Xfire\Xfire.exe" = C:\Programme\Xfire\Xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)
"G:\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-deDE-downloader.exe" = G:\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"G:\World of Warcraft\Launcher.exe" = G:\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1D2C96C3-A3F3-49E7-B839-95279DED837F}" = Opera 10.60
"{1ED6E4D0-8DB0-A333-DEA6-188F957F5A43}" = Catalyst Control Center Graphics Light
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FF12BFD-84AC-4E81-9A8F-496E5C2DDA79}_is1" = Didi V3
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 18
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{407E0CBD-D6BF-F243-6DE9-F1EEA525BA1C}" = Catalyst Control Center Graphics Full Existing
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{5EC634FA-5047-38B2-A53A-15963D9BD872}" = CCC Help English
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{651AFCC8-2F1A-8132-0A33-FA5F041380BA}" = Catalyst Control Center Graphics Full New
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69EF33D7-3425-1409-0BE1-C4F3A6FB57A8}" = ccc-utility
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7510EF8C-99B9-8533-524E-BF41BDC04188}" = Skins
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773040E1-3B60-6507-C387-71F8F0A03C59}" = ccc-core-static
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{84ED5482-CFB0-4DD9-BF18-489FFDACD18A}" = Microsoft Antimalware Service DE-DE Language Pack
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{92DEC792-A722-5991-2607-3EE3A4BD502B}" = Catalyst Control Center HydraVision Full
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96793032-8651-805A-67EF-E1759C1A8E3D}" = Catalyst Control Center Graphics Previews Common
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{B094F70F-2CC2-5062-8534-D3830FC4B018}" = Catalyst Control Center Core Implementation
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9A17C96-1348-45CB-BB0A-1BCB3A0F854E}" = Bluesoleil2.7.0.35 VoIP Release 080317
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam-Software
"{CA42C38C-B369-B190-AD06-76D3AC95CFAC}" = ccc-core-preinstall
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D3E7A2A5-A059-4A44-949B-21FBD371A8B8}" = Paint.NET v3.5
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
"3ComDMI" = 3Com DMI Agent
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIMP2" = AIMP2
"All ATI Software" = ATI - Software Uninstall Utility
"Ashampoo Burning Studio 2009_is1" = Ashampoo Burning Studio 2009
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"eMule" = eMule
"FlashGet" = FlashGet 1.9.6.1073
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.3
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.5
"FrostWire" = FrostWire 4.17.2
"HijackThis" = HijackThis 2.0.2
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"QcDrv" = Logitech® Camera-Treiber
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"SopCast" = SopCast 3.2.4
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TVUPlayer" = TVUPlayer 2.5.2.2
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.0
"Vuze" = Vuze
"Winamp" = Winamp
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"Xfire" = Xfire (remove only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 12.07.2010 11:57:40 | Computer Name = CAPONE-46O0H4TC | Source = Userenv | ID = 1041
Description = Der Registrierungseintrag DllName konnte für "{7B849a69-220F-451E-B3FE-2CB811AF94AE}"
 nicht abgerufen und daher auch nicht geladen werden. Dies wurde wahrscheinlich
durch eine fehlerhafte Registrierung verursacht.
 
Error - 12.07.2010 11:57:40 | Computer Name = CAPONE-46O0H4TC | Source = Userenv | ID = 1041
Description = Der Registrierungseintrag DllName konnte für "{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}"
 nicht abgerufen und daher auch nicht geladen werden. Dies wurde wahrscheinlich
durch eine fehlerhafte Registrierung verursacht.
 
Error - 12.07.2010 12:56:15 | Computer Name = CAPONE-46O0H4TC | Source = Userenv | ID = 1041
Description = Der Registrierungseintrag DllName konnte für "{7B849a69-220F-451E-B3FE-2CB811AF94AE}"
 nicht abgerufen und daher auch nicht geladen werden. Dies wurde wahrscheinlich
durch eine fehlerhafte Registrierung verursacht.
 
Error - 12.07.2010 12:56:15 | Computer Name = CAPONE-46O0H4TC | Source = Userenv | ID = 1041
Description = Der Registrierungseintrag DllName konnte für "{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}"
 nicht abgerufen und daher auch nicht geladen werden. Dies wurde wahrscheinlich
durch eine fehlerhafte Registrierung verursacht.
 
Error - 12.07.2010 12:56:15 | Computer Name = CAPONE-46O0H4TC | Source = Userenv | ID = 1041
Description = Der Registrierungseintrag DllName konnte für "{7B849a69-220F-451E-B3FE-2CB811AF94AE}"
 nicht abgerufen und daher auch nicht geladen werden. Dies wurde wahrscheinlich
durch eine fehlerhafte Registrierung verursacht.
 
Error - 12.07.2010 12:56:15 | Computer Name = CAPONE-46O0H4TC | Source = Userenv | ID = 1041
Description = Der Registrierungseintrag DllName konnte für "{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}"
 nicht abgerufen und daher auch nicht geladen werden. Dies wurde wahrscheinlich
durch eine fehlerhafte Registrierung verursacht.
 
Error - 12.07.2010 15:24:17 | Computer Name = CAPONE-46O0H4TC | Source = Userenv | ID = 1041
Description = Der Registrierungseintrag DllName konnte für "{7B849a69-220F-451E-B3FE-2CB811AF94AE}"
 nicht abgerufen und daher auch nicht geladen werden. Dies wurde wahrscheinlich
durch eine fehlerhafte Registrierung verursacht.
 
Error - 12.07.2010 15:24:17 | Computer Name = CAPONE-46O0H4TC | Source = Userenv | ID = 1041
Description = Der Registrierungseintrag DllName konnte für "{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}"
 nicht abgerufen und daher auch nicht geladen werden. Dies wurde wahrscheinlich
durch eine fehlerhafte Registrierung verursacht.
 
Error - 12.07.2010 15:24:17 | Computer Name = CAPONE-46O0H4TC | Source = Userenv | ID = 1041
Description = Der Registrierungseintrag DllName konnte für "{7B849a69-220F-451E-B3FE-2CB811AF94AE}"
 nicht abgerufen und daher auch nicht geladen werden. Dies wurde wahrscheinlich
durch eine fehlerhafte Registrierung verursacht.
 
Error - 12.07.2010 15:24:17 | Computer Name = CAPONE-46O0H4TC | Source = Userenv | ID = 1041
Description = Der Registrierungseintrag DllName konnte für "{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}"
 nicht abgerufen und daher auch nicht geladen werden. Dies wurde wahrscheinlich
durch eine fehlerhafte Registrierung verursacht.
 
[ System Events ]
Error - 12.07.2010 13:07:42 | Computer Name = CAPONE-46O0H4TC | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 12.07.2010 13:07:44 | Computer Name = CAPONE-46O0H4TC | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 12.07.2010 13:07:52 | Computer Name = CAPONE-46O0H4TC | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 12.07.2010 13:07:55 | Computer Name = CAPONE-46O0H4TC | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 12.07.2010 13:07:58 | Computer Name = CAPONE-46O0H4TC | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 12.07.2010 13:07:58 | Computer Name = CAPONE-46O0H4TC | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 12.07.2010 13:08:09 | Computer Name = CAPONE-46O0H4TC | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 12.07.2010 13:08:19 | Computer Name = CAPONE-46O0H4TC | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 12.07.2010 13:08:20 | Computer Name = CAPONE-46O0H4TC | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 12.07.2010 15:24:27 | Computer Name = CAPONE-46O0H4TC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Microsoft TV-/Videoverbindung" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%1058
 
[ TuneUp Events ]
Error - 09.03.2010 06:15:28 | Computer Name = CAPONE-46O0H4TC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-03-09 11:15:28', '\device\harddiskvolume1\dokumente
 und einstellungen\all users\anwendungsdaten\malwarebytes\malwarebytes' anti-malware\mbam-setup.exe','340',0)
 
 
< End of report >
--- --- ---


OTL Logfile:
Code:
OTL logfile created on: 12.07.2010 22:33:40 - Run 1
OTL by OldTimer - Version 3.2.9.0    Folder = C:\Dokumente und Einstellungen\Capone\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.024,00 Mb Total Physical Memory | 250,00 Mb Available Physical Memory | 24,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 19,53 Gb Total Space | 9,49 Gb Free Space | 48,59% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 48,83 Gb Total Space | 41,99 Gb Free Space | 85,99% Space Free | Partition Type: NTFS
Drive G: | 80,68 Gb Total Space | 59,87 Gb Free Space | 74,21% Space Free | Partition Type: NTFS
Drive H: | 955,72 Mb Total Space | 107,02 Mb Free Space | 11,20% Space Free | Partition Type: FAT
I: Drive not present or media not loaded
 
Computer Name: CAPONE-46O0H4TC
Current User Name: Capone
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Processes (SafeList) ==========
 
PRC - [2010.07.12 22:32:40 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Capone\Desktop\OTL.exe
PRC - [2010.06.26 10:43:35 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2010.06.26 10:43:35 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\plugin-container.exe
PRC - [2010.03.25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Essentials\MsMpEng.exe
PRC - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2009.12.11 19:02:43 | 000,604,488 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TUProgSt.exe
PRC - [2009.03.31 10:39:36 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.03.19 17:52:44 | 000,166,520 | ---- | M] () -- C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
PRC - [2008.03.19 17:52:38 | 000,051,816 | ---- | M] () -- C:\Programme\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
PRC - [2003.03.04 09:38:04 | 000,114,688 | ---- | M] (3Com Corporation) -- C:\WINDOWS\system32\3com_dmi\3CDMINIC.EXE
PRC - [2002.09.20 17:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.07.12 22:32:40 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Capone\Desktop\OTL.exe
MOD - [2008.04.14 04:21:06 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) [Disabled | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.12.11 19:02:43 | 000,604,488 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2009.12.11 19:02:40 | 000,361,288 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009.11.16 13:25:48 | 000,029,000 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009.05.29 13:41:26 | 000,144,712 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009.03.31 10:39:36 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008.04.07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.03.19 17:52:44 | 000,166,520 | ---- | M] () [Auto | Running] -- C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service)
SRV - [2008.03.19 17:52:38 | 000,051,816 | ---- | M] () [Auto | Running] -- C:\Programme\IVT Corporation\BlueSoleil\StartSkysolSvc.exe -- (Start BT in service)
SRV - [2003.03.04 09:38:04 | 000,114,688 | ---- | M] (3Com Corporation) [Auto | Running] -- C:\WINDOWS\system32\3com_dmi\3CDMINIC.EXE -- (3ComDMIService)
SRV - [2002.09.20 17:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\Capone\LOKALE~1\Temp\esihdrv.sys -- (esihdrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\Capone\LOKALE~1\Temp\cpuz130\cpuz_x32.sys -- (cpuz130)
DRV - [2010.03.25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2010.03.01 10:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.06.15 02:27:11 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.31 10:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009.03.20 11:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009.03.20 11:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009.03.20 11:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2008.12.02 00:13:40 | 003,452,928 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008.04.13 20:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008.04.13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM)
DRV - [2007.09.17 16:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007.06.24 22:56:54 | 000,038,920 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2007.06.24 22:56:40 | 000,027,656 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - [2007.06.24 22:56:34 | 000,034,312 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2007.03.05 21:59:04 | 000,018,320 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btnetdrv.sys -- (BT)
DRV - [2007.03.05 21:56:18 | 000,035,600 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2007.03.05 21:55:12 | 000,020,880 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2007.03.05 21:53:18 | 000,044,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2007.03.05 21:52:18 | 000,034,448 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2005.05.27 09:32:52 | 001,317,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvcm.sys -- (QCMerced)
DRV - [2005.05.27 09:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005.02.11 10:19:20 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM)
DRV - [2003.07.02 05:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2003.06.03 17:48:12 | 000,147,328 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EL2K_XP.sys -- (EL2000)
DRV - [2002.03.14 12:05:50 | 000,019,470 | ---- | M] (3Com Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\BCAITDI.SYS -- (BCAITDI)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.07.12 19:00:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.07.12 19:00:30 | 000,000,000 | ---D | M]
 
[2010.07.12 19:00:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Capone\Anwendungsdaten\Mozilla\Extensions
[2010.07.12 19:00:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Capone\Anwendungsdaten\Mozilla\Firefox\Profiles\hl04edjj.default\extensions
[2010.07.12 19:00:30 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.06.26 10:03:55 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.06.26 10:03:55 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.06.26 10:03:55 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.06.26 10:03:55 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.06.26 10:03:55 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2003.04.02 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programme\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programme\FlashGet\getflash.dll (www.flashget.com)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Programme\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Mit FlashGet laden - C:\Programme\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\Capone\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231518596936 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231518668420 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.01.09 18:14:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.07.12 22:32:40 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Capone\Desktop\OTL.exe
[2010.07.12 22:18:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010.07.12 19:00:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Capone\Lokale Einstellungen\Anwendungsdaten\Mozilla
[2010.07.12 19:00:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Capone\Anwendungsdaten\Mozilla
[2010.07.12 19:00:30 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2010.07.12 01:45:41 | 000,000,000 | ---D | C] -- C:\Programme\trend micro
[2010.07.12 01:45:38 | 000,000,000 | ---D | C] -- C:\rsit
[2010.07.11 11:50:58 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Capone\Recent
[2010.07.11 11:41:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Capone\Eigene Dateien\Downloads
[2010.07.10 15:15:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Capone\Lokale Einstellungen\Anwendungsdaten\Oleg_Zhuk
[2010.06.19 13:09:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Capone\Anwendungsdaten\PriceGong
[2010.06.14 14:05:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Capone\Lokale Einstellungen\Anwendungsdaten\Conduit
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.07.12 22:32:40 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Capone\Desktop\OTL.exe
[2010.07.12 21:24:34 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.07.12 21:24:15 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010.07.12 21:24:10 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.07.12 21:24:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.07.12 19:16:54 | 004,456,448 | -H-- | M] () -- C:\Dokumente und Einstellungen\Capone\NTUSER.DAT
[2010.07.12 19:16:54 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Capone\ntuser.ini
[2010.07.12 18:36:28 | 000,023,992 | ---- | M] () -- C:\Dokumente und Einstellungen\Capone\Desktop\opera bookmarks.adr
[2010.07.12 17:18:38 | 001,868,820 | -H-- | M] () -- C:\Dokumente und Einstellungen\Capone\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2010.07.12 12:53:53 | 000,593,143 | ---- | M] () -- C:\Dokumente und Einstellungen\Capone\Desktop\firefox ie.png
[2010.07.12 12:47:08 | 000,003,739 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.07.12 12:43:33 | 001,039,700 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.07.12 12:43:33 | 000,448,470 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.07.12 12:43:33 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.07.12 12:43:33 | 000,079,910 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.07.12 12:43:33 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.07.12 12:31:12 | 000,000,230 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010.07.12 02:09:11 | 000,723,092 | ---- | M] () -- C:\Dokumente und Einstellungen\Capone\Desktop\bookmarks firefox-2010-07-12.html
[2010.07.10 17:00:04 | 000,129,536 | ---- | M] () -- C:\Dokumente und Einstellungen\Capone\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.09 15:49:47 | 000,000,589 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.07.09 15:49:47 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.07.09 15:49:47 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010.07.05 18:02:09 | 000,000,654 | ---- | M] () -- C:\Dokumente und Einstellungen\Capone\Desktop\CCleaner.lnk
[2010.06.29 11:34:03 | 000,000,798 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Microsoft Security Essentials.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.07.12 18:36:28 | 000,023,992 | ---- | C] () -- C:\Dokumente und Einstellungen\Capone\Desktop\opera bookmarks.adr
[2010.07.12 12:46:34 | 000,593,143 | ---- | C] () -- C:\Dokumente und Einstellungen\Capone\Desktop\firefox ie.png
[2010.07.12 12:31:12 | 000,000,230 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010.07.12 12:19:37 | 000,003,739 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010.07.12 02:09:10 | 000,723,092 | ---- | C] () -- C:\Dokumente und Einstellungen\Capone\Desktop\bookmarks firefox-2010-07-12.html
[2010.07.11 13:19:57 | 000,000,055 | ---- | C] () -- C:\Dokumente und Einstellungen\Capone\FixBlast.log
[2009.12.23 01:59:32 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2009.11.19 02:05:33 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2009.11.19 02:05:33 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2009.10.07 20:46:32 | 000,000,446 | ---- | C] () -- C:\WINDOWS\kaillera.ini
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009.07.26 13:06:58 | 001,317,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvcm.sys
[2009.07.26 13:06:58 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009.06.15 02:27:09 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.05.10 12:38:15 | 000,000,796 | ---- | C] () -- C:\WINDOWS\gnuchess.ini
[2009.02.01 15:25:12 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.01.09 20:45:05 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2009.01.09 18:19:02 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009.01.09 18:19:02 | 000,003,470 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007.10.25 18:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
 
========== LOP Check ==========
 
[2009.03.02 17:09:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ashampoo
[2009.03.14 16:13:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Azureus
[2009.11.27 14:51:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Bluetooth
[2009.06.15 02:29:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
[2009.06.15 12:00:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Degener
[2009.05.27 16:07:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\InterAction studios
[2009.12.18 13:48:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Messenger Plus!
[2009.11.19 02:24:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2009.06.16 15:50:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2009.03.12 13:19:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009.06.16 15:50:06 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{55A29068-F2CE-456C-9148-C869879E2357}
[2009.12.13 13:47:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009.04.07 01:23:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010.04.17 12:59:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Capone\Anwendungsdaten\AIMP
[2009.03.02 17:10:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Capone\Anwendungsdaten\Ashampoo
[2009.12.16 16:09:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Capone\Anwendungsdaten\Azureus
[2009.06.15 02:29:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Capone\Anwendungsdaten\DAEMON Tools Lite
[2009.06.15 02:35:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Capone\Anwendungsdaten\Degener
[2010.06.06 14:29:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Capone\Anwendungsdaten\DVDVideoSoftIEHelpers
[2009.06.15 02:35:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Capone\Anwendungsdaten\Ebner
[2009.02.21 16:18:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Capone\Anwendungsdaten\eMule
[2009.11.27 00:14:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Capone\Anwendungsdaten\FileZilla
[2009.05.10 12:58:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Capone\Anwendungsdaten\FrostWire
[2010.06.04 15:11:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Capone\Anwendungsdaten\ICQ
[2009.06.12 12:01:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Capone\Anwendungsdaten\Opera
[2009.11.19 02:24:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Capone\Anwendungsdaten\PC Suite
[2010.07.12 12:36:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Capone\Anwendungsdaten\PriceGong
[2009.11.19 02:05:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Capone\Anwendungsdaten\Samsung
[2009.11.08 17:15:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Capone\Anwendungsdaten\StreamTorrent
[2010.05.18 22:51:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Capone\Anwendungsdaten\TS3Client
[2009.06.16 15:51:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Capone\Anwendungsdaten\TuneUp Software
[2010.07.12 21:24:15 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
 
========== Purity Check ==========
 
 
< End of report >
--- --- ---

nochdigger 13.07.2010 21:05
Hallo

Zitat:
C:\Programme\FrostWire\FrostWire.exe
C:\Programme\eMule\emule.exe
C:\Programme\Vuze\Azureus.exe
du bietest reichlich Angriffsfläche:rolleyes:


Zitat:
Bei Gmer startet mein PC immer neu, wenn es starte. Keine Ahnung wieso.
eventuell läuft da noch was im Hintergrund, bitte erstelle ein Log mit Osam und poste es hierher.


Anschließend lass bitte Combofix auf dein System los
ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
MFG

Capone 15.07.2010 15:10
OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 16:08:33 on 15.07.2010

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.6.6

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"OGALogon.job" - ? - C:\WINDOWS\system32\OGAEXEC.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"camcpl.cpl" - "Logitech Inc." - C:\WINDOWS\system32\camcpl.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl
"SMAX3CP" - "Analog Devices, Inc." - C:\Programme\Analog Devices\SoundMAX\SMax3CP.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"3Com BCAITDI DMI TDI" (BCAITDI) - "3Com Corporation" - C:\WINDOWS\System32\DRIVERS\BCAItdi.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"axv0kv46" (axv0kv46) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\axv0kv46.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"cpuz130" (cpuz130) - ? - C:\DOKUME~1\Capone\LOKALE~1\Temp\cpuz130\cpuz_x32.sys  (File not found)
"ENTECH" (ENTECH) - "EnTech Taiwan" - C:\WINDOWS\system32\DRIVERS\ENTECH.sys
"esihdrv" (esihdrv) - ? - C:\DOKUME~1\Capone\LOKALE~1\Temp\esihdrv.sys  (File not found)
"FsUsbExDisk" (FsUsbExDisk) - ? - C:\WINDOWS\system32\FsUsbExDisk.SYS  (File found, but it contains no detailed information)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} "Versions-Update für Internet Explorer" - "Microsoft Corporation" - C:\WINDOWS\system32\ieudinit.exe
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\WINDOWS\system32\Skype4COM.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3} "Eigene Logitech-Bilder" - "Logitech Inc." - C:\Programme\Logitech\Video\Namespc2.dll
{88895560-9AA2-1069-930E-00AA0030EBC8} "Erweiterung für HyperTerminal-Icons" - ? -  (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -  (File not found | COM-object registry key not found)
{32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\msohev.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -  (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Programme\TuneUp Utilities 2009\DseShExt-x86.dll
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Programme\TuneUp Utilities 2009\SDShelEx-win32.dll
{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\WINDOWS\System32\uxtuneup.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? -  (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoftTB\tbDVD1.dll
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -  (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoftTB\tbDVD1.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -  (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"FlashGet" - "FlashGet.com" - C:\Programme\FlashGet\FlashGet.exe
"ICQ6" - "ICQ, LLC." - C:\Programme\ICQ6.5\ICQ.exe
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoftTB\tbDVD1.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoftTB\tbDVD1.dll
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} "FGCatchUrl" - "www.flashget.com" - C:\Programme\FlashGet\jccatch.dll
{F156768E-81EF-470C-9057-481BA8380DBA} "FlashGet GetFlash Class" - "www.flashget.com" - C:\Programme\FlashGet\getflash.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Capone\Startmenü\Programme\Autostart\desktop.ini
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"3Com DMI Agent" (3ComDMIService) - "3Com Corporation" - C:\WINDOWS\System32\3Com_DMI\3CDMINIC.EXE
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"ATI Smart" (ATI Smart) - ? - C:\WINDOWS\system32\ati2sgag.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"BlueSoleil Hid Service" (BlueSoleil Hid Service) - ? - C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe  (File found, but it contains no detailed information)
"FsUsbExService" (FsUsbExService) - "Teruten" - C:\WINDOWS\system32\FsUsbExService.Exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - C:\Programme\Microsoft Security Essentials\MsMpEng.exe
"ServiceLayer" (ServiceLayer) - "Nokia." - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
"SoundMAX Agent Service" (SoundMAX Agent Service (default)) - "Analog Devices, Inc." - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
"Start BT in service" (Start BT in service) - ? - C:\Programme\IVT Corporation\BlueSoleil\StartSkysolSvc.exe  (File found, but it contains no detailed information)
"TuneUp Designerweiterung" (UxTuneUp) - "TuneUp Software" - C:\WINDOWS\System32\uxtuneup.dll
"TuneUp Drive Defrag-Dienst" (TuneUp.Defrag) - "TuneUp Software" - C:\WINDOWS\System32\TuneUpDefragService.exe
"TuneUp Program Statistics Service" (TuneUp.ProgramStatisticsSvc) - "TuneUp Software" - C:\WINDOWS\System32\TUProgSt.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Capone 15.07.2010 16:21
ComboFix 10-07-14.04 - Capone 15.07.2010 16:29:30.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.1024.599 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Capone\Desktop\cofi.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((( Dateien erstellt von 2010-06-15 bis 2010-07-15 ))))))))))))))))))))))))))))))
.

2010-07-14 11:58:10 . 2010-06-14 14:31:20 744448 -c----w- C:\WINDOWS\system32\dllcache\helpsvc.exe
2010-07-14 11:57:38 . 2009-08-13 15:15:57 512000 -c----w- C:\WINDOWS\system32\dllcache\jscript.dll
2010-07-13 21:39:00 . 2010-07-13 21:39:00 -------- d-----w- C:\Dokumente und Einstellungen\Capone\Lokale Einstellungen\Anwendungsdaten\Microsoft_Research
2010-07-13 21:36:50 . 2010-07-13 21:36:50 -------- d-----w- C:\Programme\Microsoft Research
2010-07-12 21:09:16 . 2010-07-12 21:09:16 -------- d-----w- C:\Programme\Gemeinsame Dateien\Java
2010-07-12 21:08:43 . 2010-07-12 21:08:44 503808 ----a-w- C:\Dokumente und Einstellungen\Capone\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4420e182-n\msvcp71.dll
2010-07-12 21:08:43 . 2010-07-12 21:08:43 499712 ----a-w- C:\Dokumente und Einstellungen\Capone\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4420e182-n\jmc.dll
2010-07-12 21:08:43 . 2010-07-12 21:08:43 348160 ----a-w- C:\Dokumente und Einstellungen\Capone\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4420e182-n\msvcr71.dll
2010-07-12 21:08:41 . 2010-07-12 21:08:41 61440 ----a-w- C:\Dokumente und Einstellungen\Capone\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4de50014-n\decora-sse.dll
2010-07-12 21:08:41 . 2010-07-12 21:08:41 12800 ----a-w- C:\Dokumente und Einstellungen\Capone\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4de50014-n\decora-d3d.dll
2010-07-12 21:08:32 . 2010-07-12 21:08:17 411368 ----a-w- C:\WINDOWS\system32\deployJava1.dll
2010-07-12 21:07:50 . 2010-07-12 21:07:50 79488 ----a-w- C:\Dokumente und Einstellungen\Capone\Anwendungsdaten\Sun\Java\jre1.6.0_20\gtapi.dll
2010-07-12 21:07:50 . 2010-07-12 21:07:50 152576 ----a-w- C:\Dokumente und Einstellungen\Capone\Anwendungsdaten\Sun\Java\jre1.6.0_20\lzma.dll
2010-07-12 20:59:38 . 2001-08-18 02:55:04 139776 -c--a-w- C:\WINDOWS\system32\dllcache\sndvol32.exe
2010-07-12 20:59:38 . 2001-08-18 02:55:04 139776 ----a-w- C:\WINDOWS\system32\sndvol32.exe
2010-07-12 17:00:39 . 2010-07-12 17:00:39 -------- d-----w- C:\Dokumente und Einstellungen\Capone\Lokale Einstellungen\Anwendungsdaten\Mozilla
2010-07-11 23:45:41 . 2010-07-12 00:09:52 -------- d-----w- C:\Programme\trend micro
2010-07-11 23:45:38 . 2010-07-11 23:45:55 -------- d-----w- C:\rsit
2010-07-10 13:15:19 . 2010-07-10 13:15:19 -------- d-----w- C:\Dokumente und Einstellungen\Capone\Lokale Einstellungen\Anwendungsdaten\Oleg_Zhuk
2010-06-19 11:09:53 . 2010-07-12 10:36:52 -------- d-----w- C:\Dokumente und Einstellungen\Capone\Anwendungsdaten\PriceGong
2010-06-16 12:11:05 . 2010-06-16 12:11:17 5642000 ----a-w- C:\Dokumente und Einstellungen\Capone\Anwendungsdaten\TVU networks\AutoUpgrade\TVUPlayer2.5.3.1.exe

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-13 22:53:13 . 2009-07-07 09:46:58 -------- d-----w- C:\Dokumente und Einstellungen\Capone\Anwendungsdaten\vlc
2010-07-12 16:53:45 . 2009-12-13 11:46:24 -------- d-----w- C:\Programme\iTunes
2010-07-12 10:43:33 . 2003-04-02 12:00:00 79910 ----a-w- C:\WINDOWS\system32\perfc007.dat
2010-07-12 10:43:33 . 2003-04-02 12:00:00 448470 ----a-w- C:\WINDOWS\system32\perfh007.dat
2010-07-09 13:01:38 . 2009-03-16 12:58:11 -------- d-----w- C:\Programme\Google
2010-07-05 16:02:06 . 2009-01-10 14:17:02 -------- d-----w- C:\Programme\CCleaner
2010-07-01 15:00:26 . 2009-06-12 10:01:28 -------- d-----w- C:\Programme\Opera
2010-06-29 09:43:23 . 2009-07-26 14:31:51 -------- d-----w- C:\Programme\ICQ6.5
2010-06-29 09:35:15 . 2009-09-29 19:32:43 -------- d-----w- C:\Programme\Microsoft Security Essentials
2010-06-14 14:31:20 . 2009-01-09 16:12:28 744448 ----a-w- C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-14 12:05:57 . 2010-06-06 12:57:43 -------- d-----w- C:\Programme\DVDVideoSoftTB
2010-06-06 12:29:05 . 2010-06-06 12:29:05 -------- d-----w- C:\Dokumente und Einstellungen\Capone\Anwendungsdaten\DVDVideoSoftIEHelpers
2010-06-06 12:29:01 . 2009-04-05 15:15:09 -------- d-----w- C:\Programme\Gemeinsame Dateien\DVDVideoSoft
2010-06-04 13:11:39 . 2009-07-26 14:32:20 -------- d-----w- C:\Dokumente und Einstellungen\Capone\Anwendungsdaten\ICQ
2010-06-01 17:37:48 . 2009-09-29 19:36:26 221568 ------w- C:\WINDOWS\system32\MpSigStub.exe
2010-05-18 20:51:58 . 2010-05-18 20:50:17 -------- d-----w- C:\Dokumente und Einstellungen\Capone\Anwendungsdaten\TS3Client
2010-05-18 20:50:01 . 2010-05-18 20:49:57 -------- d-----w- C:\Programme\TeamSpeak 3 Client
2010-05-02 08:05:54 . 2003-04-02 12:00:00 1851392 ----a-w- C:\WINDOWS\system32\win32k.sys
2010-05-01 13:08:35 . 2009-03-18 00:28:04 45416 ----a-w- C:\WINDOWS\system32\drivers\avgntdd.sys
2010-05-01 13:08:35 . 2009-03-18 00:28:04 22360 ----a-w- C:\WINDOWS\system32\drivers\avgntmgr.sys
2010-04-29 13:39:38 . 2009-10-28 00:02:21 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39:26 . 2009-10-28 00:02:19 20952 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2010-04-20 05:29:56 . 2003-04-02 12:00:00 285696 ----a-w- C:\WINDOWS\system32\atmfd.dll
2010-04-16 16:06:44 . 2003-04-02 12:00:00 672768 ----a-w- C:\WINDOWS\system32\wininet.dll
2010-04-16 16:06:37 . 2009-03-20 00:14:48 81920 ----a-w- C:\WINDOWS\system32\ieencode.dll
2009-05-13 21:55:22 . 2009-05-13 21:55:22 1044480 ----a-w- C:\Programme\opera\program\plugins\libdivx.dll
2009-05-13 21:55:22 . 2009-05-13 21:55:22 200704 ----a-w- C:\Programme\opera\program\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "C:\Programme\DVDVideoSoftTB\tbDVD1.dll" [2010-06-14 12:06:03 2736736]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-06-14 12:06:03 2736736 ----a-w- C:\Programme\DVDVideoSoftTB\tbDVD1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "C:\Programme\DVDVideoSoftTB\tbDVD1.dll" [2010-06-14 12:06:03 2736736]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "C:\Programme\DVDVideoSoftTB\tbDVD1.dll" [2010-06-14 12:06:03 2736736]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 16:11:14 61440]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2009-11-10 22:08:18 417792]
"SunJavaUpdateSched"="C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-02-18 09:43:18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 02:22:40 15360]
"DWQueuedReporting"="C:\PROGRA~1\GEMEIN~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 00:01:00 437160]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2009-11-19 00:19:12 102400 ----a-w- C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2010-03-02 09:28:23 282792 ----a-w- C:\Programme\Avira\AntiVir Desktop\avgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51:38 691656 ----a-w- C:\Programme\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 15:33:10 141600 ----a-w- C:\Programme\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
2005-06-08 12:44:14 196608 ----a-w- C:\Programme\Logitech\Video\ManifestEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
2005-06-08 13:24:32 458752 ----a-w- C:\Programme\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
2005-06-08 13:14:44 217088 ----a-w- C:\Programme\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2005-07-19 15:32:18 221184 ----a-w- C:\WINDOWS\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 02:22:54 1695232 --sh--w- C:\PROGRA~1\MESSEN~1\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSSE]
2010-06-01 12:53:46 1093208 ----a-w- C:\Programme\Microsoft Security Essentials\msseces.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08:18 417792 ----a-w- C:\Programme\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43:18 248040 ----a-w- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Apple Mobile Device"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programme\\Mozilla Firefox\\firefox.exe"=
"C:\\Programme\\FrostWire\\FrostWire.exe"=
"C:\\Programme\\eMule\\emule.exe"=
"C:\\Programme\\Zattoo\\Zattoo2.exe"=
"C:\\Programme\\Vuze\\Azureus.exe"=
"C:\\Programme\\SopCast\\adv\\SopAdver.exe"=
"C:\\Programme\\SopCast\\SopCast.exe"=
"C:\\Programme\\TVUPlayer\\TVUPlayer.exe"=
"C:\\Programme\\ICQ6.5\\ICQ.exe"=
"C:\\Programme\\Java\\jre6\\bin\\java.exe"=
"C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"F:\\emu\\wgens\\kaillerasrv\\kaillerasrv.exe"=
"C:\\Programme\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"C:\\Programme\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"C:\\Programme\\FlashGet\\flashget.exe"=
"C:\\Programme\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Programme\\Opera\\opera.exe"=
"C:\\Programme\\Bonjour\\mDNSResponder.exe"=
"C:\\Programme\\iTunes\\iTunes.exe"=
"G:\\Warcraft III\\Warcraft III.exe"=
"G:\\Warcraft III\\War3.exe"=
"C:\\Programme\\Xfire\\Xfire.exe"=
"G:\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-deDE-downloader.exe"=
"G:\\World of Warcraft\\Launcher.exe"=
"C:\\Programme\\Microsoft Research\\Microsoft WorldWide Telescope\\WWTExplorer.exe"=

R2 3ComDMIService;3Com DMI Agent;C:\WINDOWS\system32\3com_dmi\3CDMINIC.EXE [09.01.2009 18:20:11 114688]
R2 AntiVirSchedulerService;Avira AntiVir Planer;C:\Programme\Avira\AntiVir Desktop\sched.exe [18.03.2009 02:28:04 135336]
R2 BCAITDI;3Com BCAITDI DMI TDI;C:\WINDOWS\system32\drivers\BCAITDI.SYS [09.01.2009 18:20:11 19470]
R2 FsUsbExService;FsUsbExService;C:\WINDOWS\system32\FsUsbExService.Exe [19.11.2009 02:05:33 233472]
R2 Start BT in service;Start BT in service;C:\Programme\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [19.03.2008 17:52:38 51816]
R3 FsUsbExDisk;FsUsbExDisk;C:\WINDOWS\system32\FsUsbExDisk.Sys [19.11.2009 02:05:33 36608]
S3 cpuz130;cpuz130;\??\C:\DOKUME~1\Capone\LOKALE~1\Temp\cpuz130\cpuz_x32.sys --> C:\DOKUME~1\Capone\LOKALE~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 esihdrv;esihdrv;\??\C:\DOKUME~1\Capone\LOKALE~1\Temp\esihdrv.sys --> C:\DOKUME~1\Capone\LOKALE~1\Temp\esihdrv.sys [?]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);C:\WINDOWS\system32\drivers\ss_bbus.sys [19.11.2009 02:05:45 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);C:\WINDOWS\system32\drivers\ss_bmdfl.sys [19.11.2009 02:05:45 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;C:\WINDOWS\system32\drivers\ss_bmdm.sys [19.11.2009 02:05:45 121856]
S4 sptd;sptd;C:\WINDOWS\system32\drivers\sptd.sys [15.06.2009 02:27:09 721904]

--- Andere Dienste/Treiber im Speicher ---

*NewlyCreated* - FSUSBEXDISK

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners

2010-07-15 C:\WINDOWS\Tasks\OGALogon.job
- C:\WINDOWS\system32\OGAEXEC.exe [2009-08-03 13:07:42 . 2009-08-03 13:07:42]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: &Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm
IE: &Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm
IE: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\Capone\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft &Excel exportieren - C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
FF - ProfilePath - C:\Dokumente und Einstellungen\Capone\Anwendungsdaten\Mozilla\Firefox\Profiles\hl04edjj.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Programme\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Programme\Opera\program\plugins\npdivx32.dll

---- FIREFOX Richtlinien ----
C:\Programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
C:\Programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
C:\Programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
C:\Programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
C:\Programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
C:\Programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
C:\Programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
C:\Programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
C:\Programme\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
C:\Programme\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
C:\Programme\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
C:\Programme\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
C:\Programme\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
C:\Programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
C:\Programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
C:\Programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
C:\Programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
C:\Programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
C:\Programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
C:\Programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
C:\Programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
C:\Programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
C:\Programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
C:\Programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
C:\Programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

MSConfigStartUp-Google Desktop Search - C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-WinampAgent - C:\Programme\Winamp\winampa.exe

Capone 15.07.2010 16:23
Der PC fährt nicht mehr automatisch runter. Wie schon oben erwähnt. Würde gerne wissen, wo ich noch Angriffsfläche biete oder ob ich noch etwas verstecktes am laufen habe.
Danke für die Antworten.

nochdigger 16.07.2010 08:07
Hallo

Zitat:
Der PC fährt nicht mehr automatisch runter.
Gut

Zitat:
...wo ich noch Angriffsfläche biete...
Dein Java ist veraltet alte Version deinstallieren neue Version bei Bedarf installieren

sehr viel kann ich sonst nicht finden

Löschen mit OTL
Code:
:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\Capone\LOKALE~1\Temp\esihdrv.sys -- (esihdrv)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
:services
:files
:reg
:Commands
[purity]
[emptytemp]
[reboot]
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


Anschließend bitte mal den Bootkitremover laufen lassen
Zitat:
Zitat von cosinus (Beitrag 542643)
Bitte den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.

Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.
MFG

Capone 16.07.2010 10:46
All processes killed
========== OTL ==========
Service esihdrv stopped successfully!
Service esihdrv deleted successfully!
File C:\DOKUME~1\Capone\LOKALE~1\Temp\esihdrv.sys not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
========== SERVICES/DRIVERS ==========
========== FILES ==========
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Capone
->Temp folder emptied: 9786412 bytes
->Temporary Internet Files folder emptied: 496800 bytes
->Java cache emptied: 281414 bytes
->FireFox cache emptied: 98410600 bytes
->Apple Safari cache emptied: 144785878 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 7407 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService
->Temp folder emptied: 8522 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1139177 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 41325 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 243,00 mb


OTL by OldTimer - Version 3.2.9.0 log created on 07162010_114329

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...



[IMG]http://img15.imageshack.us/img15/325...veranalyse.png Uploaded with ImageShack.us[/IMG]

nochdigger 17.07.2010 06:56
Hallo

Hast du einen Bootmanager oder zweites/anderes Betriebssystem auf dieser Platte (gehabt)?

Wenn nicht, starte bitte mal die Konsole über Start -> Ausführen, cmd eintippen, ok.

Den Text im folgenden Codefeld eintippen und mit Enter/Return ausführen:
Code:
remover.exe fix \\.\PhysicalDrive0
Falls der den Befehl remover.exe nicht findet, die Datei remover.exe (vom BootkitRemover) vom Desktop nach c:\windows\system32 kopieren und den Vorgang wiederholen.

Wie sieht es aus mit deinen Problemen?

MFG


Alle Zeitangaben in WEZ +1. Es ist jetzt 23:48 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131