Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Weißer Bildschirm - Warten Sie während die Verbindung hergestellt wird. (https://www.trojaner-board.de/114835-weisser-bildschirm-warten-waehrend-verbindung-hergestellt.html)

Chebu 06.05.2012 18:32
Weißer Bildschirm - Warten Sie während die Verbindung hergestellt wird.
 
Hallo an alle Mitglieder,

ich habe mir beim Surfen [auf Autoscout24:stirn:] einen Trojaner eingefangen.

Problemschilderung:

Sobald ich mich mit meinem Useraccount in Windows eingeloggt habe, erscheint sofort ein weisser Screen mit der Nachricht "Warten Sie während die Verbindung hergestellt wird." Dieser Verdeckt den gesamten Desktop, sodass ich zwar den Taskmanager starten, aber nicht benutzen kann.
Der abgesicherte Modus funktioniert nur mit der Eingabeaufforderung, bei den anderen Modi existiert das gleiche Problem.

Mit OTL habe ich bereits den Log erstellt, allerdings ohne die Custom Scans, da ich mit denen den Fehler "Out of Memory" in OTL bekommen habe. Ich hoffe mir kann jemand helfen, da ich noch Laie auf diesem Gebiet bin, und keine Ahnung habe, was ich jetzt tun soll.

PS: Ich habe die Dateien/Ordner, die in den letzten 30 Tagen hergestellt worden sind, absichtlich aus dem Log geschnitten, kann sie aber, wenn benoetigt, gerne ebenfalls posten.

Code:

Code:
OTL logfile created on: 5/6/2012 8:44:54 PM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
Windows 7 Ultimate Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 83.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.08 Gb Total Space | 53.55 Gb Free Space | 18.59% Space Free | Partition Type: NTFS
Drive I: | 288.09 Gb Total Space | 30.52 Gb Free Space | 10.59% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand] --  -- (DAUpdaterSvc)
SRV - [2012/05/06 05:43:05 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/24 19:18:58 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/04/24 18:12:01 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/02/29 02:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/10/15 04:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/10/14 18:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/06/12 05:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/03/29 09:33:08 | 000,598,312 | ---- | M] (Nero AG) [Auto] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011/03/28 09:41:12 | 001,242,504 | ---- | M] (LogMeIn Inc.) [Auto] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/03/21 07:21:24 | 000,632,832 | ---- | M] (Nokia) [On_Demand] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/11/21 05:49:24 | 000,247,608 | ---- | M] () [Auto] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010/11/02 17:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP)
SRV - [2010/03/11 09:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/02/19 07:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/21 08:14:46 | 000,413,696 | ---- | M] (CSR, plc) [Auto] -- C:\Windows\System32\HFGService.dll -- (HFGService)
SRV - [2009/09/02 04:41:24 | 001,466,476 | ---- | M] (IVT Corporation) [Auto] -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe -- (BlueSoleilCS)
SRV - [2009/09/02 04:41:06 | 000,102,503 | ---- | M] (IVT Corporation) [On_Demand] -- C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe -- (BsHelpCS)
SRV - [2009/08/27 11:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/08/07 05:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (XDva392)
DRV - File not found [Kernel | On_Demand] --  -- (VGPU)
DRV - File not found [Kernel | On_Demand] --  -- (tsusbhub)
DRV - File not found [Kernel | On_Demand] --  -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand] --  -- (EagleXNt)
DRV - File not found [Kernel | Boot] --  -- (BTHidMgr)
DRV - File not found [Kernel | Boot] --  -- (BTHidEnum)
DRV - [2011/11/28 05:35:09 | 000,443,448 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011/11/27 11:19:34 | 000,232,512 | ---- | M] (DT Soft Ltd) [Kernel | System] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/11/22 09:19:53 | 000,488,536 | ---- | M] (Kaspersky Lab) [File_System | System] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2011/10/15 04:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/07/19 20:54:06 | 000,047,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV - [2011/07/19 17:12:22 | 000,225,280 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\btmhsf.sys -- (btmhsf)
DRV - [2011/05/06 08:30:36 | 000,016,472 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\pwdrvio.sys -- (pwdrvio)
DRV - [2011/05/06 08:30:28 | 000,011,104 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\pwdspio.sys -- (pwdspio)
DRV - [2010/12/11 19:08:40 | 000,234,800 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2010/12/02 14:29:00 | 000,056,760 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2010/12/02 09:13:30 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/12/02 09:13:28 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/12/02 09:13:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/12/02 09:13:22 | 000,018,304 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/12/02 07:36:42 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2010/12/02 07:36:42 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2010/11/29 06:47:00 | 000,070,448 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 06:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/09 09:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010/08/30 05:48:00 | 000,080,064 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2010/06/09 11:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2010/06/09 11:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot] -- C:\Windows\System32\drivers\kl1.sys -- (KL1)
DRV - [2010/04/22 13:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2009/12/21 08:14:44 | 000,043,008 | ---- | M] (CSR, plc) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BthAudioHF.sys -- (BthAudioHF)
DRV - [2009/11/02 14:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/08/28 11:04:58 | 000,032,392 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\VCommMgr.sys -- (VcommMgr)
DRV - [2009/08/28 11:04:42 | 000,039,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2009/08/26 06:18:16 | 000,029,192 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\btnetBus.sys -- (btnetBUs)
DRV - [2009/08/26 06:16:48 | 000,025,480 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV - [2009/08/26 06:16:40 | 000,020,616 | ---- | M] (IVT Corporation.) [Kernel | Boot] -- C:\Windows\System32\drivers\BtHidBus.sys -- (BtHidBus)
DRV - [2009/08/26 06:16:16 | 000,014,856 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\VComm.sys -- (VComm)
DRV - [2009/08/04 11:44:14 | 000,213,024 | ---- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2009/08/04 11:44:12 | 000,139,296 | ---- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2009/07/13 18:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/06/17 09:02:40 | 000,017,928 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\btnetdrv.sys -- (BT)
DRV - [2009/06/17 09:02:16 | 000,027,528 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - [2009/06/17 09:02:08 | 000,033,800 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2009/06/17 06:59:00 | 000,046,984 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2009/03/18 11:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/08/26 04:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/11/02 08:22:38 | 000,105,896 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s217unic.sys -- (s217unic) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM)
DRV - [2007/11/02 08:22:38 | 000,100,008 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s217obex.sys -- (s217obex)
DRV - [2007/11/02 08:22:38 | 000,024,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s217nd5.sys -- (s217nd5) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (NDIS)
DRV - [2007/11/02 08:22:36 | 000,109,992 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s217mdm.sys -- (s217mdm)
DRV - [2007/11/02 08:22:36 | 000,083,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s217bus.sys -- (s217bus) Sony Ericsson Device 217 driver (WDM)
DRV - [2007/11/02 08:22:36 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s217mdfl.sys -- (s217mdfl)
DRV - [2006/09/24 09:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot] -- C:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [2005/08/17 19:00:00 | 000,007,168 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt -- (EverestDriver)
DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot] -- C:\Windows\System32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Dante_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKU\Dante_ON_C\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\Dante_ON_C\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} -  File not found
IE - HKU\Dante_ON_C\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\Dante_ON_C\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\5.1\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKU\Dante_ON_C\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.)
IE - HKU\Dante_ON_C\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKU\Dante_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Dante_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\UpdatusUser_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKU\UpdatusUser_ON_C\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\UpdatusUser_ON_C\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} -  File not found
IE - HKU\UpdatusUser_ON_C\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\UpdatusUser_ON_C\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\5.1\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKU\UpdatusUser_ON_C\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.)
IE - HKU\UpdatusUser_ON_C\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKU\UpdatusUser_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\UpdatusUser_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:1.1
FF - prefs.js..extensions.enabledItems: virtualKeyboard@kaspersky.ru:11.0.2.579
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.2.579
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.2.579
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:5.1
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:5.1
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher:  File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame:  File not found
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Dante\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Users\Dante\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/01/06 20:48:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/01/06 20:48:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011/05/21 12:30:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru [2011/11/09 01:08:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru [2011/11/09 01:08:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru [2011/11/09 01:08:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/24 18:12:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/05/21 12:30:29 | 000,000,000 | ---D | M]
 
[2011/01/05 21:52:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dante\AppData\Roaming\Mozilla\Extensions
[2012/05/05 08:23:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dante\AppData\Roaming\Mozilla\Firefox\Profiles\ikn4d68i.default\extensions
[2011/02/02 17:13:01 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Dante\AppData\Roaming\Mozilla\Firefox\Profiles\ikn4d68i.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/08/01 21:13:51 | 000,000,000 | ---D | M] (TinEye Reverse Image Search) -- C:\Users\Dante\AppData\Roaming\Mozilla\Firefox\Profiles\ikn4d68i.default\extensions\tineye@ideeinc.com
[2012/04/29 13:22:13 | 000,001,056 | ---- | M] () -- C:\Users\Dante\AppData\Roaming\Mozilla\Firefox\Profiles\ikn4d68i.default\searchplugins\icqplugin.xml
[2012/02/28 13:19:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/13 12:35:55 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/11/22 09:21:57 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
[2011/11/22 09:21:53 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
File not found (No name found) --
[2012/04/24 18:12:01 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/16 07:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/02/16 06:48:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/16 07:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/03/25 11:42:20 | 000,002,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchddr.xml
[2012/02/16 07:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/02/16 07:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/02/16 07:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (ICQ Sparberater) - {5A0D6E4B-B0DF-4148-8B1E-F7A430FF5E24} - C:\Program Files\icq\Internet Explorer\icq.dll (solute gmbh)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} -  File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\5.1\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} -  File not found
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\5.1\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} -  File not found
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} -  File not found
O3 - HKU\Dante_ON_C\..\Toolbar\WebBrowser: (uTorrentBar_DE Toolbar) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - C:\Program Files\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.)
O3 - HKU\Dante_ON_C\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKU\Dante_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} -  File not found
O3 - HKU\UpdatusUser_ON_C\..\Toolbar\WebBrowser: (uTorrentBar_DE Toolbar) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - C:\Program Files\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.)
O3 - HKU\UpdatusUser_ON_C\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKU\UpdatusUser_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} -  File not found
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BtTray] C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe (IVT Corporation)
O4 - HKLM..\Run: [Corel File Shell Monitor]  File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\Dante_ON_C..\Run: []  File not found
O4 - HKU\Dante_ON_C..\Run: [Corel Photo Downloader] C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKU\Dante_ON_C..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKU\Dante_ON_C..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\Dante_ON_C..\Run: [Mokyesig] C:\Users\Dante\AppData\Roaming\Viex\afazw.exe ()
O4 - HKU\Dante_ON_C..\Run: [Userinit] C:\Users\Dante\AppData\Roaming\appconf32.exe ()
O4 - HKU\Dante_ON_C..\Run: [Y8VtM54wf363aAt] C:\Users\Dante\AppData\Roaming\EPUhelpers.exe ()
O4 - HKU\Dante_ON_C..\Run: [Ymygdozoq] C:\Users\Dante\AppData\Roaming\Qeryo\zumig.exe ()
O4 - HKU\UpdatusUser_ON_C..\Run: []  File not found
O4 - HKU\UpdatusUser_ON_C..\Run: [Corel Photo Downloader] C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKU\UpdatusUser_ON_C..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Dante\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.8874011692533996.exe.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\Dante_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKU\Dante_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\Dante_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Dante_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\UpdatusUser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8 - Extra context menu item: An OneNote s&enden - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to iPod Converter - C:\Users\Dante\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Dante\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\kloehk.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\Dante_ON_C Winlogon: Shell - (C:\Users\Dante\AppData\Roaming\EPUhelpers.exe) - C:\Users\Dante\AppData\Roaming\EPUhelpers.exe ()
O20 - HKU\Dante_ON_C Winlogon: UserInit - (C:\Users\Dante\AppData\Roaming\EPUhelpers.exe) - C:\Users\Dante\AppData\Roaming\EPUhelpers.exe ()
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{78da8a53-6ceb-11e0-ae75-0021859e4294}\Shell - "" = AutoRun
O33 - MountPoints2\{78da8a53-6ceb-11e0-ae75-0021859e4294}\Shell\AutoRun\command - "" = K:\Autorun.exe
O33 - MountPoints2\{928ee05e-1907-11e1-9539-0021859e4294}\Shell - "" = AutoRun
O33 - MountPoints2\{928ee05e-1907-11e1-9539-0021859e4294}\Shell\AutoRun\command - "" = H:\raf-swkotor.exe
O33 - MountPoints2\{bfde6d06-1b7a-11e0-9493-0021859e4294}\Shell - "" = AutoRun
O33 - MountPoints2\{bfde6d06-1b7a-11e0-9493-0021859e4294}\Shell\AutoRun\command - "" = K:\Setup.exe
O33 - MountPoints2\{e2ebb3c0-e3be-11e0-9fd1-0021859e4294}\Shell - "" = AutoRun
O33 - MountPoints2\{e2ebb3c0-e3be-11e0-9fd1-0021859e4294}\Shell\AutoRun\command - "" = K:\Install.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
< End of report >

Psychotic 07.05.2012 06:26
:hallo:

Mein Name ist Marius und ich werde dir bei deinem Problem helfen.

Eines vorneweg:

Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.

Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass du clean bist.

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Solltest du irgendwo nicht weiterkommen, stoppe an diesem Punkt und beschreibe dein Problem hier!
  • Nur Scans durchführen, zu denen du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren) - wenn du die anweisungen mehrere Helfer ausführst, kann das schwere Probleme nach sich ziehen!.
  • Installiere oder Deinstalliere während der Bereinigung keine Software (ausser, du wurdest dazu aufgefordert).
  • Wenn etwas unklar ist: Frage, bevor du etwas "blind" machst!
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen, außer, ich fordere dich dazu auf. Erschwert mir nämlich das Auswerten.


Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.


Wir benötigen das vollständige OTL-Log inkl der Extras.txt - bitte poste sie oder hänge sie an!

Psychotic 09.05.2012 06:49
Hallo, benötigst Du noch weiterhin Hilfe ? Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten. Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist

Psychotic 13.05.2012 11:38
Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:59 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131