Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Internet Explorer startet von selbst (https://www.trojaner-board.de/88460-internet-explorer-startet-selbst.html)

314you 20.07.2010 23:47
Internet Explorer startet von selbst
 
Hallo, ich habe mir heute irgendeinen Trojaner an Land gezogen und würde ihn gerne wieder loswerden. Der IE startet regelmäßig mit 2 neuen Fenstern von selbst.
Durch den Research, den ich gemacht habe, kann ich feststellen, dass es immer Trojanerspezifisch ist und es keine allgemeine Lösung gibt.
Habe die Schritte befolgt und nacheinander HijackThis, CCleaner, Malware und OTL laufen lassen.
Folgende sind die Logfiles:

Zitat:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:26:01, on 20.07.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Gemeinsame Dateien\AccSys\AccVSSvc.exe
C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Intel\WiFi\bin\EvtEng.exe
C:\Programme\Avira\AntiVir Desktop\avshadow.exe
C:\Programme\Canon\IJPLM\IJPLMSVC.EXE
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Maxtor\Sync\SyncServices.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe
C:\Programme\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Programme\Intel\WiFi\bin\WLKeeper.exe
C:\Programme\Avira\AntiVir Desktop\avmailc.exe
C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Intel\WiFi\bin\ZCfgSvc.exe
C:\Programme\Dell\QuickSet\quickset.exe
C:\Programme\DellTPad\Apoint.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
C:\Programme\DellTPad\ApMsgFwd.exe
C:\Programme\DellTPad\HidFind.exe
C:\Programme\DellTPad\Apntex.exe
C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Programme\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Programme\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\WinSplit Revolution\WinSplit.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Programme\Uniblue\SpeedUpMyPC\sump.exe
C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\iFrmewrk.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programme\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\Gdemoa.exe
C:\WINDOWS\Gmiqua.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://n-tv.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hxxp://go.web.de/suchbox/webdesuche?su=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD1.dll
R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD1.dll
O2 - BHO: Online_Downloaden_Toolbar - {f6e6051c-0d37-44e3-8855-2308b314f6c2} - C:\Programme\Online-Downloaden-Service Limited\Online-Downloaden-Toolbar\adxloader.dll
O3 - Toolbar: Online_Downloaden_Toolbar - {40090c1a-85c9-419d-b493-6119f95d97a4} - C:\Programme\Online-Downloaden-Service Limited\Online-Downloaden-Toolbar\adxloader.dll
O3 - Toolbar: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD1.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Programme\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [mxomssmenu] "C:\Programme\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DivXUpdate] "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Winsplit] C:\Programme\WinSplit Revolution\WinSplit.exe
O4 - HKCU\..\Run: [SpeedUpMyPC] "C:\Programme\Uniblue\SpeedUpMyPC\launcher.exe" delay 20000
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {59136DB4-6CA3-4B40-8F2F-BBF84B6F1E91} (Attachment Upload Control) - https://stream.web.de/mail/activex/mail_upload_11213.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239790432921
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - https://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-35B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{681F9171-3D92-4436-81BB-3ABD41644196}: NameServer = 217.237.151.115,217.237.148.102
O17 - HKLM\System\CCS\Services\Tcpip\..\{6D806538-48B5-454E-B1DC-B8B23A07AC12}: NameServer = 217.237.151.115,217.237.148.102
O18 - Protocol: fluxhttp - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Gemeinsame Dateien\fluxDVD\Lib\XEB\xebnavigation.ax
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Programme\Citrix\GoToAssist\514\G2AWinLogon.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AccSys WLAN Control Service (accvssvc) - AccSys GmbH - C:\Programme\Gemeinsame Dateien\AccSys\AccVSSvc.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Programme\Intel\WiFi\bin\EvtEng.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Programme\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Programme\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Programme\Maxtor\Sync\SyncServices.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Programme\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Programme\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Programme\Intel\WiFi\bin\WLKeeper.exe

--
End of file - 12461 bytes
Zitat:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4333

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

20.07.2010 23:59:56
mbam-log-2010-07-20 (23-59-56).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 178654
Laufzeit: 9 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 2
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 5

Infizierte Speicherprozesse:
C:\WINDOWS\Gdemoa.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\WINDOWS\Gmiqua.exe (Trojan.Downloader) -> Unloaded process successfully.

Infizierte Speichermodule:
c:\WINDOWS\system32\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshnas (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\WINDOWS\system32\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\Gdemoa.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Gmiqua.exe (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Zitat:
OTL logfile created on: 21.07.2010 00:26:15 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Dokumente und Einstellungen\hrvoje\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 70,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): C:\pagefile.sys 3019 3019 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 111,79 Gb Total Space | 55,94 Gb Free Space | 50,04% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAKLER10
Current User Name: ***
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Uniblue\SpeedUpMyPC\sump.exe (Uniblue Systems Limited)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\WinSplit Revolution\WinSplit.exe ()
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Intel\WiFi\bin\WLKEEPER.exe (Intel(R) Corporation)
PRC - C:\Programme\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
PRC - C:\Programme\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Programme\Maxtor\OneTouch Status\MaxMenuMgr.exe (Maxtor Corporation)
PRC - C:\Programme\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
PRC - C:\Programme\Gemeinsame Dateien\AccSys\accvssvc.exe (AccSys GmbH)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe (SigmaTel, Inc.)
PRC - C:\Programme\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\Programme\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
PRC - C:\Programme\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)


========== Modules (SafeList) ==========

MOD - C:\Dokumente und Einstellungen\hrvoje\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Programme\WinSplit Revolution\winsplithook.dll ()
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)
SRV - (AntiVirMailService) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ACDaemon) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (getPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (GoToAssist) -- C:\Programme\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (WLANKEEPER) Intel(R) -- C:\Programme\Intel\WiFi\bin\WLKEEPER.exe (Intel(R) Corporation)
SRV - (S24EventMonitor) -- C:\Programme\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (Maxtor Sync Service) -- C:\Programme\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
SRV - (accvssvc) -- C:\Programme\Gemeinsame Dateien\AccSys\accvssvc.exe (AccSys GmbH)
SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (STacSV) -- C:\Programme\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe (SigmaTel, Inc.)
SRV - (IJPLMSVC) -- C:\Programme\Canon\IJPLM\ijplmsvc.exe ()
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (OMCI) -- C:\WINDOWS\System32\DRIVERS\OMCI.SYS File not found
DRV - (NETw4x32) Intel(R) -- C:\WINDOWS\System32\DRIVERS\NETw4x32.sys File not found
DRV - (BTWUSB) -- C:\WINDOWS\System32\Drivers\btwusb.sys File not found
DRV - (BTWDNDIS) -- C:\WINDOWS\System32\DRIVERS\btwdndis.sys File not found
DRV - (BTKRNL) -- C:\WINDOWS\System32\DRIVERS\btkrnl.sys File not found
DRV - (BTDriver) -- C:\WINDOWS\System32\DRIVERS\btport.sys File not found
DRV - (btaudio) -- C:\WINDOWS\System32\drivers\btaudio.sys File not found
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (AVerAF15DMBTH) -- C:\WINDOWS\system32\drivers\AVerAF15DMBTH.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (NETw5x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (CSRBC) -- C:\WINDOWS\system32\drivers\csrbcxp.sys (CSR, plc)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (MXOPSWD) -- C:\WINDOWS\system32\drivers\mxopswd.sys (Maxtor Corp.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (e1express) Intel(R) -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation)
DRV - (guardian2) -- C:\WINDOWS\system32\drivers\oz776.sys (O2Micro)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (FWLANUSB) -- C:\WINDOWS\system32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (vncdrv) -- C:\WINDOWS\system32\drivers\vncdrv.sys (RDV Soft)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://n-tv.de/
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "WEB.DE Suche"
FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoft Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "GMX Suche"
FF - prefs.js..browser.search.order.2: "1und1 Suche"
FF - prefs.js..browser.search.order.3: "amazon.de"
FF - prefs.js..browser.search.order.4: "WEB.DE Suche"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.n-tv.de/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {95f24680-9e31-11da-a746-0800200c9a66}:0.1.5.5
FF - prefs.js..extensions.enabledItems: {79572733-0c58-4b94-ac7d-4519df0ff1f0}:3.0
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "hxxp://go.web.de/suchbox/webdesuche?su="

FF - HKLM\software\mozilla\Firefox\Extensions\\RayVExtension@RayV.com: C:\Programme\RayV\RayV\RayVExtension@RayV.com [2008.09.09 09:57:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.06.28 09:06:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.07.06 10:00:19 | 000,000,000 | ---D | M]

[2009.04.07 12:16:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Extensions
[2010.07.20 14:51:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\16gq99ui.default\extensions
[2010.04.27 11:03:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\Mozilla\Firefox\Profiles\16gq99ui.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.03.23 11:28:55 | 000,000,000 | ---D | M] (Bibleserver.com Suchleiste) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\16gq99ui.default\extensions\{79572733-0c58-4b94-ac7d-4519df0ff1f0}
[2010.06.04 14:58:18 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\Mozilla\Firefox\Profiles\16gq99ui.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.06.04 16:22:46 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\16gq99ui.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2010.05.08 11:52:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\16gq99ui.default\extensions\personas@christopher.beard
[2010.01.21 18:26:46 | 000,000,927 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\16gq99ui.default\searchplugins\conduit.xml
[2010.01.25 11:45:43 | 000,001,983 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\16gq99ui.default\searchplugins\suche-in-wikipedia.xml
[2010.07.20 14:51:45 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.01.25 11:38:42 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Programme\Mozilla Firefox\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2010.01.25 11:38:41 | 000,000,000 | ---D | M] (WEB.DE Firefox Addon) -- C:\Programme\Mozilla Firefox\extensions\{a82d0125-000a-4a57-abbc-5d4b0dbaab54}
[2010.02.18 16:41:08 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.06.20 20:46:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.01.10 00:47:36 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.10 00:47:36 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.10 00:47:36 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.10 00:47:36 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.10 00:47:36 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2004.08.04 12:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
O2 - BHO: (Online_Downloaden_Toolbar) - {f6e6051c-0d37-44e3-8855-2308b314f6c2} - C:\Programme\Online-Downloaden-Service Limited\Online-Downloaden-Toolbar\adxloader.dll ()
O3 - HKLM\..\Toolbar: (Online_Downloaden_Toolbar) - {40090c1a-85c9-419d-b493-6119f95d97a4} - C:\Programme\Online-Downloaden-Service Limited\Online-Downloaden-Toolbar\adxloader.dll ()
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programme\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Dell QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IntelZeroConfig] C:\Programme\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [mxomssmenu] C:\Programme\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Programme\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpeedUpMyPC] C:\Programme\Uniblue\SpeedUpMyPC\launcher.exe (Uniblue Systems Limited)
O4 - HKCU..\Run: [Winsplit] C:\Programme\WinSplit Revolution\WinSplit.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O15 - HKCU\..Trusted Domains: 123.250) ([samba%203.2.7-11.6-2057-suse-code11%20(192.168] file in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {59136DB4-6CA3-4B40-8F2F-BBF84B6F1E91} https://stream.web.de/mail/activex/mail_upload_11213.cab (Attachment Upload Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239790432921 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-35B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.237.151.161 194.25.2.129
O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Gemeinsame Dateien\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Gemeinsame Dateien\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Programme\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Programme\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\hrvoje\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\hrvoje\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.05.08 13:32:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3289dc62-5778-11de-a412-001f3b6d0a4f}\Shell - "" = AutoRun
O33 - MountPoints2\{3289dc62-5778-11de-a412-001f3b6d0a4f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{801f2712-d9cd-11dd-a2e0-001f3b6d0a4f}\Shell - "" = AutoRun
O33 - MountPoints2\{801f2712-d9cd-11dd-a2e0-001f3b6d0a4f}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.07.20 23:47:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\Malwarebytes
[2010.07.20 23:47:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.07.20 23:47:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.07.20 23:47:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.07.20 23:47:47 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.07.20 23:40:53 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\hrvoje\Recent
[2010.07.20 23:24:49 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2010.07.20 15:10:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\PriceGong
[2010.07.15 14:25:40 | 001,481,928 | ---- | C] (HTC) -- C:\task29.exe
[2010.07.15 14:25:40 | 001,449,160 | ---- | C] (HTC) -- C:\RUUResource.dll
[2010.07.15 14:25:40 | 000,175,304 | ---- | C] (HTC) -- C:\rapitool.exe
[2010.07.15 14:25:40 | 000,008,904 | ---- | C] (HTC) -- C:\EnterBootloader.exe
[2010.07.15 12:14:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\hrvoje\Desktop\Hd2
[2010.07.14 14:55:28 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010.07.13 09:49:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Uniblue
[2010.07.13 09:25:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\System Tweaker
[2010.07.13 09:14:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\Uniblue
[2010.07.13 09:14:21 | 000,000,000 | ---D | C] -- C:\Programme\Uniblue
[2010.06.23 09:55:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\hrvoje\Desktop\Bilder hd2
[2010.06.21 11:17:35 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys
[2010.06.21 11:17:33 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MPE.sys
[2010.06.21 11:17:33 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpe.sys
[2010.06.21 11:17:04 | 000,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys
[2010.06.21 11:16:54 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax
[2010.06.21 11:16:54 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax
[2010.06.21 11:16:54 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys
[2010.06.21 11:16:51 | 000,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys
[2010.06.21 11:16:47 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys
[2010.06.21 11:16:42 | 000,085,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys
[2010.06.21 11:16:33 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys
[2010.06.21 10:55:13 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll
[2010.06.21 10:55:13 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2010.06.21 10:55:12 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
[2010.06.21 10:55:12 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax
[2010.06.21 10:55:12 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
[2010.06.21 10:55:12 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax
[2010.06.21 10:55:12 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
[2010.06.21 10:55:12 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax
[2010.06.21 10:55:12 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\BdaSup.sys
[2010.06.21 10:55:12 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdasup.sys
[2010.06.21 10:55:11 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdaplgin.ax
[2010.06.21 10:55:11 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\BdaPlgIn.ax
[2010.06.21 10:51:27 | 000,554,368 | ---- | C] (AVerMedia TECHNOLOGIES, Inc.) -- C:\WINDOWS\System32\drivers\AVerAF15DMBTH.sys
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.07.21 00:24:33 | 007,602,176 | -H-- | M] () -- C:\Dokumente und Einstellungen\hrvoje\NTUSER.DAT
[2010.07.21 00:23:54 | 000,091,240 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010.07.21 00:23:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.07.21 00:23:39 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.07.21 00:23:27 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.07.21 00:23:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.07.20 23:47:52 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.20 23:44:00 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.07.20 23:37:22 | 000,000,654 | ---- | M] () -- C:\Dokumente und Einstellungen\hrvoje\Desktop\CCleaner.lnk
[2010.07.20 23:24:49 | 000,001,986 | ---- | M] () -- C:\Dokumente und Einstellungen\hrvoje\Desktop\HiJackThis.lnk
[2010.07.20 23:15:08 | 000,001,035 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.07.20 23:15:08 | 000,000,327 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.07.20 23:15:08 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010.07.20 23:14:43 | 000,091,240 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2010.07.20 20:35:08 | 001,050,654 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.07.20 20:35:08 | 000,452,554 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.07.20 20:35:08 | 000,435,594 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.07.20 20:35:08 | 000,081,316 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.07.20 20:35:08 | 000,068,490 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.07.20 20:29:40 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\hrvoje\ntuser.ini
[2010.07.20 20:15:24 | 000,114,176 | ---- | M] () -- C:\Dokumente und Einstellungen\hrvoje\Desktop\Ja.doc
[2010.07.13 20:31:31 | 000,034,304 | ---- | M] () -- C:\Dokumente und Einstellungen\hrvoje\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.07 15:45:34 | 000,031,744 | ---- | M] () -- C:\Dokumente und Einstellungen\hrvoje\Desktop\Der Sinn Christi.doc
[2010.07.01 22:39:01 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.06.29 15:14:07 | 000,000,540 | ---- | M] () -- C:\WINDOWS\tasks\Rescue Reminder for 2HAS9TSZ.job
[2010.06.26 13:30:19 | 000,876,565 | ---- | M] () -- C:\Dokumente und Einstellungen\hrvoje\Desktop\Cover_SupernaturalPowerRenewedMind.pdf
[2010.06.21 17:05:55 | 000,356,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.06.21 13:04:52 | 000,091,416 | ---- | M] () -- C:\Dokumente und Einstellungen\hrvoje\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.07.20 23:47:52 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.20 23:37:22 | 000,000,654 | ---- | C] () -- C:\Dokumente und Einstellungen\hrvoje\Desktop\CCleaner.lnk
[2010.07.20 23:24:49 | 000,001,986 | ---- | C] () -- C:\Dokumente und Einstellungen\hrvoje\Desktop\HiJackThis.lnk
[2010.07.20 20:15:22 | 000,114,176 | ---- | C] () -- C:\Dokumente und Einstellungen\hrvoje\Desktop\Ja.doc
[2010.07.15 14:25:40 | 005,406,987 | ---- | C] () -- C:\RUU_signed.nbh
[2010.07.15 14:25:40 | 000,213,864 | ---- | C] () -- C:\ModelID.fig
[2010.07.15 14:25:40 | 000,141,368 | ---- | C] () -- C:\ErrorUSB.fig
[2010.07.15 14:25:40 | 000,095,552 | ---- | C] () -- C:\ErrorBattery.fig
[2010.07.15 14:25:40 | 000,013,512 | ---- | C] () -- C:\RUUGetInfo.exe
[2010.07.15 14:25:40 | 000,000,013 | ---- | C] () -- C:\ROMUpdateUtility.cfg
[2010.07.06 15:37:26 | 000,031,744 | ---- | C] () -- C:\Dokumente und Einstellungen\hrvoje\Desktop\Der Sinn Christi.doc
[2010.06.26 13:30:19 | 000,876,565 | ---- | C] () -- C:\Dokumente und Einstellungen\hrvoje\Desktop\Cover_SupernaturalPowerRenewedMind.pdf
[2010.06.21 10:55:13 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2010.06.21 10:55:13 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2010.06.21 10:55:13 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\PsisRndr.ax
[2010.06.21 10:55:13 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2010.06.21 10:55:12 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\MSDvbNP.ax
[2010.06.21 10:55:12 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2010.06.21 10:51:27 | 000,000,350 | ---- | C] () -- C:\WINDOWS\System32\AP6RMHV.BIN
[2010.06.21 10:51:27 | 000,000,252 | ---- | C] () -- C:\WINDOWS\System32\AP6RMJX.BIN
[2010.06.21 10:51:27 | 000,000,252 | ---- | C] () -- C:\WINDOWS\System32\AP6RMJH.BIN
[2010.06.21 10:51:27 | 000,000,238 | ---- | C] () -- C:\WINDOWS\System32\AP6RMFP.BIN
[2010.06.21 10:51:27 | 000,000,189 | ---- | C] () -- C:\WINDOWS\System32\AP6RMKS.BIN
[2010.06.21 10:51:27 | 000,000,126 | ---- | C] () -- C:\WINDOWS\System32\AP6RMHR.BIN
[2009.11.29 16:01:14 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2009.06.16 12:27:30 | 000,006,027 | ---- | C] () -- C:\WINDOWS\Unwise32.ini
[2009.06.01 20:25:13 | 000,000,098 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2009.04.15 11:06:12 | 000,000,474 | ---- | C] () -- C:\WINDOWS\WebAng32.INI
[2009.03.03 15:25:34 | 000,000,736 | ---- | C] () -- C:\WINDOWS\SamsungMaster.INI
[2008.12.18 13:26:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2008.12.03 14:17:09 | 000,000,404 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2008.06.02 13:18:35 | 000,000,063 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008.05.29 15:21:03 | 000,000,099 | ---- | C] () -- C:\WINDOWS\KTEL.INI
[2008.05.18 21:20:07 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008.05.18 21:20:07 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008.05.18 21:07:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008.05.13 10:58:33 | 000,000,053 | ---- | C] () -- C:\WINDOWS\IMV.ini
[2008.05.08 16:11:32 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS6d.DLL
[2008.05.08 16:06:42 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS79.DLL
[2008.05.08 15:55:31 | 000,001,084 | ---- | C] () -- C:\WINDOWS\DKAAP2DD.ini
[2008.05.08 15:16:04 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008.05.08 15:16:04 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008.05.08 15:16:04 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008.05.08 15:16:04 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007.12.21 17:46:32 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005.07.22 22:30:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2001.04.05 15:16:27 | 000,000,396 | RHS- | C] () -- C:\WINDOWS\System32\mswinsun.dll
< End of report >
Zitat:
OTL Extras logfile created on: 21.07.2010 00:26:15 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Dokumente und Einstellungen\hrvoje\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 70,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): C:\pagefile.sys 3019 3019 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 111,79 Gb Total Space | 55,94 Gb Free Space | 50,04% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAKLER10
Current User Name: ***
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Microsoft ActiveSync\rapimgr.exe" = C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\wcescomm.exe" = C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\WCESMgr.exe" = C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\SOTI\Pocket Controller-Pro\PocketController.exe" = C:\Programme\SOTI\Pocket Controller-Pro\PocketController.exe:*:Disabled:Pocket Controller Professional -- (SOTI Inc.)
"C:\Programme\RayV\RayV\RayV.exe" = C:\Programme\RayV\RayV\RayV.exe:*:Enabled:RayV -- (RayV)
"C:\Programme\CyberLink\PowerDVD\PowerDVD.exe" = C:\Programme\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD -- (CyberLink Corp.)
"C:\Programme\Microsoft ActiveSync\rapimgr.exe" = C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\wcescomm.exe" = C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\WCESMgr.exe" = C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Programme\TmNationsForever\TmForever.exe" = C:\Programme\TmNationsForever\TmForever.exe:*:Disabled:TmForever -- ()
"C:\Dokumente und Einstellungen\hrvoje\Lokale Einstellungen\Temporary Internet Files\Content.IE5\RPPBO8WX\NTRsupport[1].exe" = C:\Dokumente und Einstellungen\hrvoje\Lokale Einstellungen\Temporary Internet Files\Content.IE5\RPPBO8WX\NTRsupport[1].exe:*:Enabled:NTRsupport -- File not found
"C:\Programme\M2Office32\m2_verw.exe" = C:\Programme\M2Office32\m2_verw.exe:*:Enabled:Makler2000 Office Verwaltung -- (Immowelt AG)
"C:\Dokumente und Einstellungen\hrvoje\Lokale Einstellungen\Temporary Internet Files\Content.IE5\NEFQOIXM\NTRsupport[1].exe" = C:\Dokumente und Einstellungen\hrvoje\Lokale Einstellungen\Temporary Internet Files\Content.IE5\NEFQOIXM\NTRsupport[1].exe:*:Enabled:NTRsupport -- File not found
"C:\Dokumente und Einstellungen\hrvoje\Lokale Einstellungen\Temporary Internet Files\Content.IE5\FKLCDWJE\NTRsupport[1].exe" = C:\Dokumente und Einstellungen\hrvoje\Lokale Einstellungen\Temporary Internet Files\Content.IE5\FKLCDWJE\NTRsupport[1].exe:*:Enabled:NTRsupport -- File not found
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"E:\ProjectorGateway\AcerProjectorGateway.exe" = E:\ProjectorGateway\AcerProjectorGateway.exe:*:Enabled:ACER -- File not found
"C:\Dokumente und Einstellungen\hrvoje\Desktop\ProjectorGateway\AcerProjectorGateway.exe" = C:\Dokumente und Einstellungen\hrvoje\Desktop\ProjectorGateway\AcerProjectorGateway.exe:*:Enabled:ACER -- File not found
"C:\Acer\ProjectorGateway\AcerProjectorGateway.exe" = C:\Acer\ProjectorGateway\AcerProjectorGateway.exe:*:Enabled:ACER -- (ACER)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programme\SopCast\SopCast.exe" = C:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Programme\SopCast\adv\SopAdver.exe" = C:\Programme\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Programme\Real\RealPlayer\realplay.exe" = C:\Programme\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Programme\Multi File Downloader\MultiFileDownloader.exe" = C:\Programme\Multi File Downloader\MultiFileDownloader.exe:*:Disabled:Multi File Downloader -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series" = Canon MP610 series
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{18472E28-FCA0-421F-BDAC-AC65012E29F2}" = ArcSoft MediaImpression
"{2015B0A6-C373-44D6-BE66-B669F33BA9AB}" = Application Suite
"{24DD7C58-EAC5-41BA-AC05-1EF58525CE44}" = Pocket e-Sword (WM6)
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 20
"{275BD947-F0EF-4B3E-B393-90781665D0F4}_is1" = Artweaver Plus 1.0
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB51140-6359-47A2-BEB9-56A87246D0E2}" = Online-Downloaden-Toolbar
"{4D36E953-4456-4F8F-BC44-90BC4AA59889}" = Maxtor Manager
"{4FE61132-076C-4E13-BE57-B61A87EA07CA}" = DSL Connection Manager
"{52A7C6A6-6B88-47D1-922E-9F8A7E089E6A}" = Intel(R) PROSet/Wireless WiFi-Software
"{567885A3-D921-443F-9704-9964D1D8EE33}" = Pocket e-Sword (2005)
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72CCBEA1-8D57-4981-A337-81019F28C5BA}" = Microsoft .NET Compact Framework 3.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{793A260C-CDBF-499C-ABBA-B51E8E076867}_is1" = Uniblue PowerSuite
"{830D40F7-7092-4418-BE17-F7F7899F2B41}" = e-Sword
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{838E3304-69BE-4537-8297-1760E36A2DA5}" = Serif DrawPlus 8
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_SMALLBUSINESSR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A025CFB8-64E7-4432-824F-11E7C5ED2ECE}_is1" = Artweaver 1.0
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Samsung Master
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C336A3DB-FA32-42BE-97D0-FFD42D807FD6}" = Oz776 SCR Driver V1.1.4.2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C5C649A8-1D21-4C83-9B08-7B3752E580F4}" = Safari
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CC9EA2BC-BCFA-4DEA-8F5F-1E1032567673}" = SOTI Pocket Controller-Pro
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R) for Adobe
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1" = Uniblue SpeedUpMyPC
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FFF5F83B-1112-49EF-BABF-C00D2DECC062}" = DSL Connection Manager
"Acer Projector Gateway_is1" = Acer Projector Gateway
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.5
"Avira AntiVir Desktop" = Avira AntiVir Premium
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.1.0.1181
"Canon MP610 series Benutzerregistrierung" = Canon MP610 series Benutzerregistrierung
"CANONIJPLM100" = PIXMA Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Dell_HostCD" = Dell Druckersoftware-Deinstallation
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"ElsterFormular 11.4.1.4323" = ElsterFormular
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.5
"GoToAssist" = GoToAssist 8.0.0.514
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.70
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Inkscape" = Inkscape 0.46
"InstallShield_{4D36E953-4456-4F8F-BC44-90BC4AA59889}" = Maxtor Manager
"InstallShield_{C336A3DB-FA32-42BE-97D0-FFD42D807FD6}" = Oz776 SCR Driver V1.1.4.2
"KlickTel99" = klickTel Telefon- und Branchenbuch Netzwerkversion - 32-Bit
"Langenscheidt" = Langenscheidt
"Makler2000 Office V9.0" = Makler2000 Office V9.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MobiShow PtG Converter_is1" = MobiShow PtG Converter
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PixelPerfect_4281508C_4DA1_4d4e_81EB_725D55EC30DC_is1" = Uniblue PixelPerfect
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel(R) PRO Network Connections Drivers
"RayV" = RayV
"RealPlayer 12.0" = RealPlayer
"SensorLock" = SensorLock
"Skype™ for Windows Mobile_is1" = Skype™ for Windows Mobile 3.0
"SMALLBUSINESSR" = Microsoft Office Small Business 2007
"SopCast" = SopCast 3.2.9
"System Tweaker_is1" = Uniblue System Tweaker
"TmNationsForever_is1" = TmNationsForever
"Uninstall_is1" = Uninstall 1.0.0.1
"Videoload Manager" = Videoload Manager 2.0.2200
"VLC media player" = VLC media player 1.0.3
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Mobile Device Handbook" = Windows Mobile-Ressourcen
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinSplit Revolution" = WinSplit Revolution (v9.02)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 19.07.2010 03:12:37 | Computer Name = MAKLER10 | Source = AutoEnrollment | ID = 15
Description = Die automatische Zertifikatregistrierung für "lokaler Computer" konnte
keine Verbindung zum Active Directory (0x800704cf) herstellen. Das Netzlaufwerk
ist nicht erreichbar. Weitere Informationen über die Behebung von Netzwerkproblemen
finden Sie in der Windows-Hilfe. Die Registrierung wird nicht durchgeführt.

Error - 19.07.2010 11:12:39 | Computer Name = MAKLER10 | Source = AutoEnrollment | ID = 15
Description = Die automatische Zertifikatregistrierung für "lokaler Computer" konnte
keine Verbindung zum Active Directory (0x8007054b) herstellen. Die angegebene Domäne
ist nicht vorhanden oder es konnte keine Verbindung hergestellt werden. Die Registrierung
wird nicht durchgeführt.

Error - 20.07.2010 08:34:56 | Computer Name = MAKLER10 | Source = AutoEnrollment | ID = 15
Description = Die automatische Zertifikatregistrierung für "lokaler Computer" konnte
keine Verbindung zum Active Directory (0x800704cf) herstellen. Das Netzlaufwerk
ist nicht erreichbar. Weitere Informationen über die Behebung von Netzwerkproblemen
finden Sie in der Windows-Hilfe. Die Registrierung wird nicht durchgeführt.

Error - 20.07.2010 09:05:23 | Computer Name = MAKLER10 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung divxupdate.exe, Version 1.0.1.10, fehlgeschlagenes
Modul msvcp80.dll, Version 8.0.50727.4053, Fehleradresse 0x000100b5.

Error - 20.07.2010 09:40:31 | Computer Name = MAKLER10 | Source = AutoEnrollment | ID = 15
Description = Die automatische Zertifikatregistrierung für "lokaler Computer" konnte
keine Verbindung zum Active Directory (0x800704cf) herstellen. Das Netzlaufwerk
ist nicht erreichbar. Weitere Informationen über die Behebung von Netzwerkproblemen
finden Sie in der Windows-Hilfe. Die Registrierung wird nicht durchgeführt.

Error - 20.07.2010 10:50:25 | Computer Name = MAKLER10 | Source = AutoEnrollment | ID = 15
Description = Die automatische Zertifikatregistrierung für "lokaler Computer" konnte
keine Verbindung zum Active Directory (0x800704cf) herstellen. Das Netzlaufwerk
ist nicht erreichbar. Weitere Informationen über die Behebung von Netzwerkproblemen
finden Sie in der Windows-Hilfe. Die Registrierung wird nicht durchgeführt.

Error - 20.07.2010 14:31:03 | Computer Name = MAKLER10 | Source = AutoEnrollment | ID = 15
Description = Die automatische Zertifikatregistrierung für "lokaler Computer" konnte
keine Verbindung zum Active Directory (0x800704cf) herstellen. Das Netzlaufwerk
ist nicht erreichbar. Weitere Informationen über die Behebung von Netzwerkproblemen
finden Sie in der Windows-Hilfe. Die Registrierung wird nicht durchgeführt.

Error - 20.07.2010 17:14:20 | Computer Name = MAKLER10 | Source = AutoEnrollment | ID = 15
Description = Die automatische Zertifikatregistrierung für "lokaler Computer" konnte
keine Verbindung zum Active Directory (0x800704cf) herstellen. Das Netzlaufwerk
ist nicht erreichbar. Weitere Informationen über die Behebung von Netzwerkproblemen
finden Sie in der Windows-Hilfe. Die Registrierung wird nicht durchgeführt.

Error - 20.07.2010 18:02:37 | Computer Name = MAKLER10 | Source = AutoEnrollment | ID = 15
Description = Die automatische Zertifikatregistrierung für "lokaler Computer" konnte
keine Verbindung zum Active Directory (0x800704cf) herstellen. Das Netzlaufwerk
ist nicht erreichbar. Weitere Informationen über die Behebung von Netzwerkproblemen
finden Sie in der Windows-Hilfe. Die Registrierung wird nicht durchgeführt.

Error - 20.07.2010 18:23:28 | Computer Name = MAKLER10 | Source = AutoEnrollment | ID = 15
Description = Die automatische Zertifikatregistrierung für "lokaler Computer" konnte
keine Verbindung zum Active Directory (0x800704cf) herstellen. Das Netzlaufwerk
ist nicht erreichbar. Weitere Informationen über die Behebung von Netzwerkproblemen
finden Sie in der Windows-Hilfe. Die Registrierung wird nicht durchgeführt.

[ OSession Events ]
Error - 15.01.2010 08:49:39 | Computer Name = MAKLER10 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 15.01.2010 11:48:47 | Computer Name = MAKLER10 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.

Error - 15.01.2010 11:50:03 | Computer Name = MAKLER10 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 18
seconds with 0 seconds of active time. This session ended with a crash.

Error - 19.01.2010 07:28:30 | Computer Name = MAKLER10 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6192
seconds with 480 seconds of active time. This session ended with a crash.

Error - 19.01.2010 07:29:45 | Computer Name = MAKLER10 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 21
seconds with 0 seconds of active time. This session ended with a crash.

Error - 22.04.2010 05:39:22 | Computer Name = MAKLER10 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 392
seconds with 180 seconds of active time. This session ended with a crash.

Error - 22.04.2010 05:39:34 | Computer Name = MAKLER10 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 22.04.2010 15:24:10 | Computer Name = MAKLER10 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5255
seconds with 600 seconds of active time. This session ended with a crash.

Error - 22.04.2010 15:24:19 | Computer Name = MAKLER10 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 26.06.2010 02:42:01 | Computer Name = MAKLER10 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2011
seconds with 180 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 20.07.2010 18:06:21 | Computer Name = MAKLER10 | Source = DCOM | ID = 10016
Description = Durch die Berechtigungseinstellungen (Computerstandard) wird der SID
(S-1-5-20) für Benutzer NT-AUTORITÄT\NETZWERKDIENST keine Aktivierungberechtigung
(Lokal) für die COM-Serveranwendung mit CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

gewährt. Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste
geändert werden.

Error - 20.07.2010 18:06:21 | Computer Name = MAKLER10 | Source = DCOM | ID = 10016
Description = Durch die Berechtigungseinstellungen (Computerstandard) wird der SID
(S-1-5-20) für Benutzer NT-AUTORITÄT\NETZWERKDIENST keine Aktivierungberechtigung
(Lokal) für die COM-Serveranwendung mit CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

gewährt. Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste
geändert werden.

Error - 20.07.2010 18:22:28 | Computer Name = MAKLER10 | Source = DCOM | ID = 10010
Description = Der Server "{B2B3C70A-B20F-40B7-90C5-EA7E946C16E0}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error - 20.07.2010 18:23:30 | Computer Name = MAKLER10 | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der
nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle
herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit.

Error - 20.07.2010 18:23:30 | Computer Name = MAKLER10 | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der
nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle
herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit.

Error - 20.07.2010 18:23:30 | Computer Name = MAKLER10 | Source = W32Time | ID = 39452700
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
Zeitquellen konfiguriert. Es ist jedoch keine der Quellen verfügbar. Der NtpClient
verfügt über keine Quelle mit genauer Zeit.

Error - 20.07.2010 18:23:32 | Computer Name = MAKLER10 | Source = DCOM | ID = 10016
Description = Durch die Berechtigungseinstellungen (Computerstandard) wird der SID
(S-1-5-20) für Benutzer NT-AUTORITÄT\NETZWERKDIENST keine Aktivierungberechtigung
(Lokal) für die COM-Serveranwendung mit CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

gewährt. Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste
geändert werden.

Error - 20.07.2010 18:23:32 | Computer Name = MAKLER10 | Source = DCOM | ID = 10016
Description = Durch die Berechtigungseinstellungen (Computerstandard) wird der SID
(S-1-5-20) für Benutzer NT-AUTORITÄT\NETZWERKDIENST keine Aktivierungberechtigung
(Lokal) für die COM-Serveranwendung mit CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

gewährt. Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste
geändert werden.

Error - 20.07.2010 18:23:32 | Computer Name = MAKLER10 | Source = DCOM | ID = 10016
Description = Durch die Berechtigungseinstellungen (Computerstandard) wird der SID
(S-1-5-20) für Benutzer NT-AUTORITÄT\NETZWERKDIENST keine Aktivierungberechtigung
(Lokal) für die COM-Serveranwendung mit CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

gewährt. Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste
geändert werden.

Error - 20.07.2010 18:23:32 | Computer Name = MAKLER10 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Treiber für parallelen Anschluss" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1058


< End of report >
Ich hoffe, dass man mir helfen kann. Das wäre wirklich phantastisch.

cosinus 21.07.2010 18:42
Hallo und :hallo:

Mach bitte mal einen Vollscan mit einem aktualisiertem Malwarebytes und poste das Log in code-tags

314you 21.07.2010 20:51
Hallo Arne,

vielen Dank für deine Hilfe.

Ich habe jetzt einen Vollscan mit der aktuellsten Version durchgeführt, sowie OTL.

Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4336

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

21.07.2010 21:31:37
mbam-log-2010-07-21 (21-31-37).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 265264
Laufzeit: 1 Stunde(n), 16 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Dokumente und Einstellungen\hrvoje\Eigene Dateien\000CABA1.007 (Trojan.Spambot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CAF24D36-69A3-49CF-85E2-D06A0953F077}\RP337\A0088007.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CAF24D36-69A3-49CF-85E2-D06A0953F077}\RP337\A0088009.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CAF24D36-69A3-49CF-85E2-D06A0953F077}\RP337\A0088010.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
Code:
OTL logfile created on: 21.07.2010 21:35:42 - Run 3
OTL by OldTimer - Version 3.2.9.1    Folder = C:\Dokumente und Einstellungen\****\Desktop\Virusreiniger
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 71,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): C:\pagefile.sys 3019 3019 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 111,79 Gb Total Space | 55,90 Gb Free Space | 50,01% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ****
Current User Name: ****
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\****\Desktop\Virusreiniger\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Uniblue\SpeedUpMyPC\sump.exe (Uniblue Systems Limited)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\WinSplit Revolution\WinSplit.exe ()
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Intel\WiFi\bin\WLKEEPER.exe (Intel(R) Corporation)
PRC - C:\Programme\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
PRC - C:\Programme\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Programme\Maxtor\OneTouch Status\MaxMenuMgr.exe (Maxtor Corporation)
PRC - C:\Programme\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
PRC - C:\Programme\Gemeinsame Dateien\AccSys\accvssvc.exe (AccSys GmbH)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe (SigmaTel, Inc.)
PRC - C:\Programme\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\Programme\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
PRC - C:\Programme\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\hrvoje\Desktop\Virusreiniger\OTL.exe (OldTimer Tools)
MOD - C:\Programme\WinSplit Revolution\winsplithook.dll ()
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)
SRV - (AntiVirMailService) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ACDaemon) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (getPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (GoToAssist) -- C:\Programme\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (WLANKEEPER) Intel(R) -- C:\Programme\Intel\WiFi\bin\WLKEEPER.exe (Intel(R) Corporation)
SRV - (S24EventMonitor) -- C:\Programme\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (Maxtor Sync Service) -- C:\Programme\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
SRV - (accvssvc) -- C:\Programme\Gemeinsame Dateien\AccSys\accvssvc.exe (AccSys GmbH)
SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (STacSV) -- C:\Programme\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe (SigmaTel, Inc.)
SRV - (IJPLMSVC) -- C:\Programme\Canon\IJPLM\ijplmsvc.exe ()
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (OMCI) -- C:\WINDOWS\System32\DRIVERS\OMCI.SYS File not found
DRV - (NETw4x32) Intel(R) -- C:\WINDOWS\System32\DRIVERS\NETw4x32.sys File not found
DRV - (BTWUSB) -- C:\WINDOWS\System32\Drivers\btwusb.sys File not found
DRV - (BTWDNDIS) -- C:\WINDOWS\System32\DRIVERS\btwdndis.sys File not found
DRV - (BTKRNL) -- C:\WINDOWS\System32\DRIVERS\btkrnl.sys File not found
DRV - (BTDriver) -- C:\WINDOWS\System32\DRIVERS\btport.sys File not found
DRV - (btaudio) -- C:\WINDOWS\System32\drivers\btaudio.sys File not found
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (AVerAF15DMBTH) -- C:\WINDOWS\system32\drivers\AVerAF15DMBTH.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (NETw5x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (CSRBC) -- C:\WINDOWS\system32\drivers\csrbcxp.sys (CSR, plc)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (MXOPSWD) -- C:\WINDOWS\system32\drivers\mxopswd.sys (Maxtor Corp.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (e1express) Intel(R) -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation)
DRV - (guardian2) -- C:\WINDOWS\system32\drivers\oz776.sys (O2Micro)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (FWLANUSB) -- C:\WINDOWS\system32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (vncdrv) -- C:\WINDOWS\system32\drivers\vncdrv.sys (RDV Soft)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://n-tv.de/
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "WEB.DE Suche"
FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoft Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "GMX Suche"
FF - prefs.js..browser.search.order.2: "1und1 Suche"
FF - prefs.js..browser.search.order.3: "amazon.de"
FF - prefs.js..browser.search.order.4: "WEB.DE Suche"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.n-tv.de/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {95f24680-9e31-11da-a746-0800200c9a66}:0.1.5.5
FF - prefs.js..extensions.enabledItems: {79572733-0c58-4b94-ac7d-4519df0ff1f0}:3.0
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "hxxp://go.web.de/suchbox/webdesuche?su="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\RayVExtension@RayV.com: C:\Programme\RayV\RayV\RayVExtension@RayV.com [2008.09.09 09:57:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.06.28 09:06:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.07.06 10:00:19 | 000,000,000 | ---D | M]
 
[2009.04.07 12:16:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\Mozilla\Extensions
[2010.07.21 15:51:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\Mozilla\Firefox\Profiles\16gq99ui.default\extensions
[2010.04.27 11:03:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\Mozilla\Firefox\Profiles\16gq99ui.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.03.23 11:28:55 | 000,000,000 | ---D | M] (Bibleserver.com Suchleiste) -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\Mozilla\Firefox\Profiles\16gq99ui.default\extensions\{79572733-0c58-4b94-ac7d-4519df0ff1f0}
[2010.06.04 14:58:18 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\Mozilla\Firefox\Profiles\16gq99ui.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.06.04 16:22:46 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\Mozilla\Firefox\Profiles\16gq99ui.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2010.05.08 11:52:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\Mozilla\Firefox\Profiles\16gq99ui.default\extensions\personas@christopher.beard
[2010.01.21 18:26:46 | 000,000,927 | ---- | M] () -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\Mozilla\Firefox\Profiles\16gq99ui.default\searchplugins\conduit.xml
[2010.01.25 11:45:43 | 000,001,983 | ---- | M] () -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\Mozilla\Firefox\Profiles\16gq99ui.default\searchplugins\suche-in-wikipedia.xml
[2010.07.21 15:51:14 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.01.25 11:38:42 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Programme\Mozilla Firefox\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2010.01.25 11:38:41 | 000,000,000 | ---D | M] (WEB.DE Firefox Addon) -- C:\Programme\Mozilla Firefox\extensions\{a82d0125-000a-4a57-abbc-5d4b0dbaab54}
[2010.02.18 16:41:08 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.06.20 20:46:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.01.10 00:47:36 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.10 00:47:36 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.10 00:47:36 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.10 00:47:36 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.10 00:47:36 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2004.08.04 12:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
O2 - BHO: (Online_Downloaden_Toolbar) - {f6e6051c-0d37-44e3-8855-2308b314f6c2} - C:\Programme\Online-Downloaden-Service Limited\Online-Downloaden-Toolbar\adxloader.dll ()
O3 - HKLM\..\Toolbar: (Online_Downloaden_Toolbar) - {40090c1a-85c9-419d-b493-6119f95d97a4} - C:\Programme\Online-Downloaden-Service Limited\Online-Downloaden-Toolbar\adxloader.dll ()
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programme\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Dell QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IntelZeroConfig] C:\Programme\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [mxomssmenu] C:\Programme\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Programme\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpeedUpMyPC] C:\Programme\Uniblue\SpeedUpMyPC\launcher.exe (Uniblue Systems Limited)
O4 - HKCU..\Run: [Winsplit] C:\Programme\WinSplit Revolution\WinSplit.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O15 - HKCU\..Trusted Domains: 123.250) ([samba%203.2.7-11.6-2057-suse-code11%20(192.168] file in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {59136DB4-6CA3-4B40-8F2F-BBF84B6F1E91} https://stream.web.de/mail/activex/mail_upload_11213.cab (Attachment Upload Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239790432921 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-35B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Gemeinsame Dateien\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Gemeinsame Dateien\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Programme\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Programme\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\hrvoje\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\hrvoje\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.05.08 13:32:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3289dc62-5778-11de-a412-001f3b6d0a4f}\Shell - "" = AutoRun
O33 - MountPoints2\{3289dc62-5778-11de-a412-001f3b6d0a4f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{801f2712-d9cd-11dd-a2e0-001f3b6d0a4f}\Shell - "" = AutoRun
O33 - MountPoints2\{801f2712-d9cd-11dd-a2e0-001f3b6d0a4f}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.07.21 15:23:09 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\hrvoje\Recent
[2010.07.21 00:51:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\hrvoje\Desktop\Virusreiniger
[2010.07.20 23:47:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\Malwarebytes
[2010.07.20 23:47:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.07.20 23:47:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.07.20 23:47:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.07.20 23:47:47 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.07.20 23:24:49 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2010.07.20 15:10:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\PriceGong
[2010.07.15 14:25:40 | 001,481,928 | ---- | C] (HTC) -- C:\task29.exe
[2010.07.15 14:25:40 | 001,449,160 | ---- | C] (HTC) -- C:\RUUResource.dll
[2010.07.15 14:25:40 | 000,175,304 | ---- | C] (HTC) -- C:\rapitool.exe
[2010.07.15 14:25:40 | 000,008,904 | ---- | C] (HTC) -- C:\EnterBootloader.exe
[2010.07.15 12:14:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\hrvoje\Desktop\Hd2
[2010.07.14 14:55:28 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010.07.13 09:49:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Uniblue
[2010.07.13 09:25:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\System Tweaker
[2010.07.13 09:14:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\Uniblue
[2010.07.13 09:14:21 | 000,000,000 | ---D | C] -- C:\Programme\Uniblue
[2010.06.23 09:55:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\hrvoje\Desktop\Bilder hd2
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.07.21 21:34:14 | 000,091,240 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010.07.21 21:34:10 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.07.21 21:34:07 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.07.21 21:33:31 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.07.21 21:33:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.07.21 21:32:47 | 007,602,176 | -H-- | M] () -- C:\Dokumente und Einstellungen\hrvoje\NTUSER.DAT
[2010.07.21 20:44:36 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.07.20 23:15:08 | 000,001,035 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.07.20 23:15:08 | 000,000,327 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.07.20 23:15:08 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010.07.20 23:14:43 | 000,091,240 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2010.07.20 20:35:08 | 001,050,654 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.07.20 20:35:08 | 000,452,554 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.07.20 20:35:08 | 000,435,594 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.07.20 20:35:08 | 000,081,316 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.07.20 20:35:08 | 000,068,490 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.07.20 20:29:40 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\hrvoje\ntuser.ini
[2010.07.20 20:15:24 | 000,114,176 | ---- | M] () -- C:\Dokumente und Einstellungen\hrvoje\Desktop\Ja.doc
[2010.07.13 20:31:31 | 000,034,304 | ---- | M] () -- C:\Dokumente und Einstellungen\hrvoje\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.07 15:45:34 | 000,031,744 | ---- | M] () -- C:\Dokumente und Einstellungen\hrvoje\Desktop\Der Sinn Christi.doc
[2010.07.01 22:39:01 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.06.29 15:14:07 | 000,000,540 | ---- | M] () -- C:\WINDOWS\tasks\Rescue Reminder for 2HAS9TSZ.job
[2010.06.26 13:30:19 | 000,876,565 | ---- | M] () -- C:\Dokumente und Einstellungen\hrvoje\Desktop\Cover_SupernaturalPowerRenewedMind.pdf
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.07.20 20:15:22 | 000,114,176 | ---- | C] () -- C:\Dokumente und Einstellungen\hrvoje\Desktop\Ja.doc
[2010.07.15 14:25:40 | 005,406,987 | ---- | C] () -- C:\RUU_signed.nbh
[2010.07.15 14:25:40 | 000,213,864 | ---- | C] () -- C:\ModelID.fig
[2010.07.15 14:25:40 | 000,141,368 | ---- | C] () -- C:\ErrorUSB.fig
[2010.07.15 14:25:40 | 000,095,552 | ---- | C] () -- C:\ErrorBattery.fig
[2010.07.15 14:25:40 | 000,013,512 | ---- | C] () -- C:\RUUGetInfo.exe
[2010.07.15 14:25:40 | 000,000,013 | ---- | C] () -- C:\ROMUpdateUtility.cfg
[2010.07.06 15:37:26 | 000,031,744 | ---- | C] () -- C:\Dokumente und Einstellungen\hrvoje\Desktop\Der Sinn Christi.doc
[2010.06.26 13:30:19 | 000,876,565 | ---- | C] () -- C:\Dokumente und Einstellungen\hrvoje\Desktop\Cover_SupernaturalPowerRenewedMind.pdf
[2010.06.21 10:55:13 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2009.11.29 16:01:14 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2009.06.16 12:27:30 | 000,006,027 | ---- | C] () -- C:\WINDOWS\Unwise32.ini
[2009.06.01 20:25:13 | 000,000,098 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2009.04.15 11:06:12 | 000,000,474 | ---- | C] () -- C:\WINDOWS\WebAng32.INI
[2009.03.03 15:25:34 | 000,000,736 | ---- | C] () -- C:\WINDOWS\SamsungMaster.INI
[2008.12.18 13:26:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2008.12.03 14:17:09 | 000,000,404 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2008.06.02 13:18:35 | 000,000,063 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008.05.29 15:21:03 | 000,000,099 | ---- | C] () -- C:\WINDOWS\KTEL.INI
[2008.05.18 21:20:07 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008.05.18 21:20:07 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008.05.18 21:07:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008.05.13 10:58:33 | 000,000,053 | ---- | C] () -- C:\WINDOWS\IMV.ini
[2008.05.08 16:11:32 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS6d.DLL
[2008.05.08 16:06:42 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS79.DLL
[2008.05.08 15:55:31 | 000,001,084 | ---- | C] () -- C:\WINDOWS\DKAAP2DD.ini
[2008.05.08 15:16:04 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008.05.08 15:16:04 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008.05.08 15:16:04 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008.05.08 15:16:04 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007.12.21 17:46:32 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005.07.22 22:30:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2001.04.05 15:16:27 | 000,000,396 | RHS- | C] () -- C:\WINDOWS\System32\mswinsun.dll
< End of report >

314you 21.07.2010 21:02
Hallo Arne,
vielen Dank für die Hilfe.
Ich habe nun ein Vollscan mit der aktuellsten Version durchgeführt, wie auch ein OTL.

Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4336

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

21.07.2010 21:31:37
mbam-log-2010-07-21 (21-31-37).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 265264
Laufzeit: 1 Stunde(n), 16 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Dokumente und Einstellungen\hrvoje\Eigene Dateien\000CABA1.007 (Trojan.Spambot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CAF24D36-69A3-49CF-85E2-D06A0953F077}\RP337\A0088007.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CAF24D36-69A3-49CF-85E2-D06A0953F077}\RP337\A0088009.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CAF24D36-69A3-49CF-85E2-D06A0953F077}\RP337\A0088010.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
Code:
OTL logfile created on: 21.07.2010 21:35:42 - Run 3
OTL by OldTimer - Version 3.2.9.1    Folder = C:\Dokumente und Einstellungen\****\Desktop\Virusreiniger
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 71,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): C:\pagefile.sys 3019 3019 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 111,79 Gb Total Space | 55,90 Gb Free Space | 50,01% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ****
Current User Name: ****
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\****\Desktop\Virusreiniger\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Uniblue\SpeedUpMyPC\sump.exe (Uniblue Systems Limited)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\WinSplit Revolution\WinSplit.exe ()
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Intel\WiFi\bin\WLKEEPER.exe (Intel(R) Corporation)
PRC - C:\Programme\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
PRC - C:\Programme\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Programme\Maxtor\OneTouch Status\MaxMenuMgr.exe (Maxtor Corporation)
PRC - C:\Programme\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
PRC - C:\Programme\Gemeinsame Dateien\AccSys\accvssvc.exe (AccSys GmbH)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe (SigmaTel, Inc.)
PRC - C:\Programme\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\Programme\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
PRC - C:\Programme\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\hrvoje\Desktop\Virusreiniger\OTL.exe (OldTimer Tools)
MOD - C:\Programme\WinSplit Revolution\winsplithook.dll ()
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)
SRV - (AntiVirMailService) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ACDaemon) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (getPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (GoToAssist) -- C:\Programme\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (WLANKEEPER) Intel(R) -- C:\Programme\Intel\WiFi\bin\WLKEEPER.exe (Intel(R) Corporation)
SRV - (S24EventMonitor) -- C:\Programme\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (Maxtor Sync Service) -- C:\Programme\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
SRV - (accvssvc) -- C:\Programme\Gemeinsame Dateien\AccSys\accvssvc.exe (AccSys GmbH)
SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (STacSV) -- C:\Programme\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe (SigmaTel, Inc.)
SRV - (IJPLMSVC) -- C:\Programme\Canon\IJPLM\ijplmsvc.exe ()
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (OMCI) -- C:\WINDOWS\System32\DRIVERS\OMCI.SYS File not found
DRV - (NETw4x32) Intel(R) -- C:\WINDOWS\System32\DRIVERS\NETw4x32.sys File not found
DRV - (BTWUSB) -- C:\WINDOWS\System32\Drivers\btwusb.sys File not found
DRV - (BTWDNDIS) -- C:\WINDOWS\System32\DRIVERS\btwdndis.sys File not found
DRV - (BTKRNL) -- C:\WINDOWS\System32\DRIVERS\btkrnl.sys File not found
DRV - (BTDriver) -- C:\WINDOWS\System32\DRIVERS\btport.sys File not found
DRV - (btaudio) -- C:\WINDOWS\System32\drivers\btaudio.sys File not found
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (AVerAF15DMBTH) -- C:\WINDOWS\system32\drivers\AVerAF15DMBTH.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (NETw5x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (CSRBC) -- C:\WINDOWS\system32\drivers\csrbcxp.sys (CSR, plc)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (MXOPSWD) -- C:\WINDOWS\system32\drivers\mxopswd.sys (Maxtor Corp.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (e1express) Intel(R) -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation)
DRV - (guardian2) -- C:\WINDOWS\system32\drivers\oz776.sys (O2Micro)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (FWLANUSB) -- C:\WINDOWS\system32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (vncdrv) -- C:\WINDOWS\system32\drivers\vncdrv.sys (RDV Soft)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://n-tv.de/
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "WEB.DE Suche"
FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoft Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "GMX Suche"
FF - prefs.js..browser.search.order.2: "1und1 Suche"
FF - prefs.js..browser.search.order.3: "amazon.de"
FF - prefs.js..browser.search.order.4: "WEB.DE Suche"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.n-tv.de/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {95f24680-9e31-11da-a746-0800200c9a66}:0.1.5.5
FF - prefs.js..extensions.enabledItems: {79572733-0c58-4b94-ac7d-4519df0ff1f0}:3.0
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "hxxp://go.web.de/suchbox/webdesuche?su="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\RayVExtension@RayV.com: C:\Programme\RayV\RayV\RayVExtension@RayV.com [2008.09.09 09:57:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.06.28 09:06:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.07.06 10:00:19 | 000,000,000 | ---D | M]
 
[2009.04.07 12:16:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\Mozilla\Extensions
[2010.07.21 15:51:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\Mozilla\Firefox\Profiles\16gq99ui.default\extensions
[2010.04.27 11:03:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\Mozilla\Firefox\Profiles\16gq99ui.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.03.23 11:28:55 | 000,000,000 | ---D | M] (Bibleserver.com Suchleiste) -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\Mozilla\Firefox\Profiles\16gq99ui.default\extensions\{79572733-0c58-4b94-ac7d-4519df0ff1f0}
[2010.06.04 14:58:18 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\Mozilla\Firefox\Profiles\16gq99ui.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.06.04 16:22:46 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\Mozilla\Firefox\Profiles\16gq99ui.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2010.05.08 11:52:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\Mozilla\Firefox\Profiles\16gq99ui.default\extensions\personas@christopher.beard
[2010.01.21 18:26:46 | 000,000,927 | ---- | M] () -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\Mozilla\Firefox\Profiles\16gq99ui.default\searchplugins\conduit.xml
[2010.01.25 11:45:43 | 000,001,983 | ---- | M] () -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\Mozilla\Firefox\Profiles\16gq99ui.default\searchplugins\suche-in-wikipedia.xml
[2010.07.21 15:51:14 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.01.25 11:38:42 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Programme\Mozilla Firefox\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2010.01.25 11:38:41 | 000,000,000 | ---D | M] (WEB.DE Firefox Addon) -- C:\Programme\Mozilla Firefox\extensions\{a82d0125-000a-4a57-abbc-5d4b0dbaab54}
[2010.02.18 16:41:08 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.06.20 20:46:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.01.10 00:47:36 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.10 00:47:36 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.10 00:47:36 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.10 00:47:36 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.10 00:47:36 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2004.08.04 12:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
O2 - BHO: (Online_Downloaden_Toolbar) - {f6e6051c-0d37-44e3-8855-2308b314f6c2} - C:\Programme\Online-Downloaden-Service Limited\Online-Downloaden-Toolbar\adxloader.dll ()
O3 - HKLM\..\Toolbar: (Online_Downloaden_Toolbar) - {40090c1a-85c9-419d-b493-6119f95d97a4} - C:\Programme\Online-Downloaden-Service Limited\Online-Downloaden-Toolbar\adxloader.dll ()
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programme\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Dell QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IntelZeroConfig] C:\Programme\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [mxomssmenu] C:\Programme\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Programme\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpeedUpMyPC] C:\Programme\Uniblue\SpeedUpMyPC\launcher.exe (Uniblue Systems Limited)
O4 - HKCU..\Run: [Winsplit] C:\Programme\WinSplit Revolution\WinSplit.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O15 - HKCU\..Trusted Domains: 123.250) ([samba%203.2.7-11.6-2057-suse-code11%20(192.168] file in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {59136DB4-6CA3-4B40-8F2F-BBF84B6F1E91} https://stream.web.de/mail/activex/mail_upload_11213.cab (Attachment Upload Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239790432921 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-35B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Gemeinsame Dateien\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Gemeinsame Dateien\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Programme\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Programme\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\hrvoje\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\hrvoje\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.05.08 13:32:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3289dc62-5778-11de-a412-001f3b6d0a4f}\Shell - "" = AutoRun
O33 - MountPoints2\{3289dc62-5778-11de-a412-001f3b6d0a4f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{801f2712-d9cd-11dd-a2e0-001f3b6d0a4f}\Shell - "" = AutoRun
O33 - MountPoints2\{801f2712-d9cd-11dd-a2e0-001f3b6d0a4f}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.07.21 15:23:09 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\hrvoje\Recent
[2010.07.21 00:51:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\hrvoje\Desktop\Virusreiniger
[2010.07.20 23:47:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\Malwarebytes
[2010.07.20 23:47:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.07.20 23:47:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.07.20 23:47:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.07.20 23:47:47 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.07.20 23:24:49 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2010.07.20 15:10:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\PriceGong
[2010.07.15 14:25:40 | 001,481,928 | ---- | C] (HTC) -- C:\task29.exe
[2010.07.15 14:25:40 | 001,449,160 | ---- | C] (HTC) -- C:\RUUResource.dll
[2010.07.15 14:25:40 | 000,175,304 | ---- | C] (HTC) -- C:\rapitool.exe
[2010.07.15 14:25:40 | 000,008,904 | ---- | C] (HTC) -- C:\EnterBootloader.exe
[2010.07.15 12:14:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\hrvoje\Desktop\Hd2
[2010.07.14 14:55:28 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010.07.13 09:49:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Uniblue
[2010.07.13 09:25:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\System Tweaker
[2010.07.13 09:14:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\Uniblue
[2010.07.13 09:14:21 | 000,000,000 | ---D | C] -- C:\Programme\Uniblue
[2010.06.23 09:55:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\hrvoje\Desktop\Bilder hd2
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.07.21 21:34:14 | 000,091,240 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010.07.21 21:34:10 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.07.21 21:34:07 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.07.21 21:33:31 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.07.21 21:33:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.07.21 21:32:47 | 007,602,176 | -H-- | M] () -- C:\Dokumente und Einstellungen\hrvoje\NTUSER.DAT
[2010.07.21 20:44:36 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.07.20 23:15:08 | 000,001,035 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.07.20 23:15:08 | 000,000,327 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.07.20 23:15:08 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010.07.20 23:14:43 | 000,091,240 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2010.07.20 20:35:08 | 001,050,654 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.07.20 20:35:08 | 000,452,554 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.07.20 20:35:08 | 000,435,594 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.07.20 20:35:08 | 000,081,316 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.07.20 20:35:08 | 000,068,490 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.07.20 20:29:40 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\hrvoje\ntuser.ini
[2010.07.20 20:15:24 | 000,114,176 | ---- | M] () -- C:\Dokumente und Einstellungen\hrvoje\Desktop\Ja.doc
[2010.07.13 20:31:31 | 000,034,304 | ---- | M] () -- C:\Dokumente und Einstellungen\hrvoje\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.07 15:45:34 | 000,031,744 | ---- | M] () -- C:\Dokumente und Einstellungen\hrvoje\Desktop\Der Sinn Christi.doc
[2010.07.01 22:39:01 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.06.29 15:14:07 | 000,000,540 | ---- | M] () -- C:\WINDOWS\tasks\Rescue Reminder for 2HAS9TSZ.job
[2010.06.26 13:30:19 | 000,876,565 | ---- | M] () -- C:\Dokumente und Einstellungen\hrvoje\Desktop\Cover_SupernaturalPowerRenewedMind.pdf
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.07.20 20:15:22 | 000,114,176 | ---- | C] () -- C:\Dokumente und Einstellungen\hrvoje\Desktop\Ja.doc
[2010.07.15 14:25:40 | 005,406,987 | ---- | C] () -- C:\RUU_signed.nbh
[2010.07.15 14:25:40 | 000,213,864 | ---- | C] () -- C:\ModelID.fig
[2010.07.15 14:25:40 | 000,141,368 | ---- | C] () -- C:\ErrorUSB.fig
[2010.07.15 14:25:40 | 000,095,552 | ---- | C] () -- C:\ErrorBattery.fig
[2010.07.15 14:25:40 | 000,013,512 | ---- | C] () -- C:\RUUGetInfo.exe
[2010.07.15 14:25:40 | 000,000,013 | ---- | C] () -- C:\ROMUpdateUtility.cfg
[2010.07.06 15:37:26 | 000,031,744 | ---- | C] () -- C:\Dokumente und Einstellungen\hrvoje\Desktop\Der Sinn Christi.doc
[2010.06.26 13:30:19 | 000,876,565 | ---- | C] () -- C:\Dokumente und Einstellungen\hrvoje\Desktop\Cover_SupernaturalPowerRenewedMind.pdf
[2010.06.21 10:55:13 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2009.11.29 16:01:14 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2009.06.16 12:27:30 | 000,006,027 | ---- | C] () -- C:\WINDOWS\Unwise32.ini
[2009.06.01 20:25:13 | 000,000,098 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2009.04.15 11:06:12 | 000,000,474 | ---- | C] () -- C:\WINDOWS\WebAng32.INI
[2009.03.03 15:25:34 | 000,000,736 | ---- | C] () -- C:\WINDOWS\SamsungMaster.INI
[2008.12.18 13:26:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2008.12.03 14:17:09 | 000,000,404 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2008.06.02 13:18:35 | 000,000,063 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008.05.29 15:21:03 | 000,000,099 | ---- | C] () -- C:\WINDOWS\KTEL.INI
[2008.05.18 21:20:07 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008.05.18 21:20:07 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008.05.18 21:07:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008.05.13 10:58:33 | 000,000,053 | ---- | C] () -- C:\WINDOWS\IMV.ini
[2008.05.08 16:11:32 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS6d.DLL
[2008.05.08 16:06:42 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS79.DLL
[2008.05.08 15:55:31 | 000,001,084 | ---- | C] () -- C:\WINDOWS\DKAAP2DD.ini
[2008.05.08 15:16:04 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008.05.08 15:16:04 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008.05.08 15:16:04 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008.05.08 15:16:04 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007.12.21 17:46:32 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005.07.22 22:30:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2001.04.05 15:16:27 | 000,000,396 | RHS- | C] () -- C:\WINDOWS\System32\mswinsun.dll
< End of report >

cosinus 22.07.2010 14:01
Ist rel. unauffällig.
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O33 - MountPoints2\{3289dc62-5778-11de-a412-001f3b6d0a4f}\Shell - "" = AutoRun
O33 - MountPoints2\{3289dc62-5778-11de-a412-001f3b6d0a4f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{801f2712-d9cd-11dd-a2e0-001f3b6d0a4f}\Shell - "" = AutoRun
O33 - MountPoints2\{801f2712-d9cd-11dd-a2e0-001f3b6d0a4f}\Shell\AutoRun - "" = Auto&Play
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann auf den Button Run Fixes!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

314you 22.07.2010 14:16
Hallo,
also, ich habe das OTL geöffnet und auch deinen Text hineinkopiert.
Ich verstehe nicht ganz, was du damit meinst: (das ":OTL" muss mitkopiert werden!!!)

cosinus 22.07.2010 14:24
Du sollst einfach nur alles in der Codebox kopieren...
Ich weise extra darauf hin, dass das :OTL mitkopiert werden muss, weil manche das einfach mal weggelassen hatten :balla:

314you 22.07.2010 14:57
Alles klar, habe das OTL direkt unter deinen Text in die Codebox kopiert.
Folgendes ist herausgekommen:

Code:
All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3289dc62-5778-11de-a412-001f3b6d0a4f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3289dc62-5778-11de-a412-001f3b6d0a4f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3289dc62-5778-11de-a412-001f3b6d0a4f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3289dc62-5778-11de-a412-001f3b6d0a4f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{801f2712-d9cd-11dd-a2e0-001f3b6d0a4f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{801f2712-d9cd-11dd-a2e0-001f3b6d0a4f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{801f2712-d9cd-11dd-a2e0-001f3b6d0a4f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{801f2712-d9cd-11dd-a2e0-001f3b6d0a4f}\ not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: Admin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Administrator.GASPERSLOUIS-AG
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: ADMINI~1~GAS
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: hrvoje
->Temp folder emptied: 3092 bytes
->Temporary Internet Files folder emptied: 66314 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 7500869 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 405 bytes
 
User: hrvoje.GASPERSLOUIS-AG
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: sirovina
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16955 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 7,00 mb
 
Error: Unable to interpret <OTL Logfile:

       
Code:

       
OTL logfile created on: 22.07.2010 15:48:47 - Run 4> in the current context!
Error: Unable to interpret <OTL by OldTimer - Version 3.2.9.1     Folder = C:\Dokumente und Einstellungen\hrvoje\Desktop\Virusreiniger> in the current context!
Error: Unable to interpret <Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation> in the current context!
Error: Unable to interpret <Internet Explorer (Version = 8.0.6001.18702)> in the current context!
Error: Unable to interpret <Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy> in the current context!
Error: Unable to interpret <2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 70,00% Memory free> in the current context!
Error: Unable to interpret <5,00 Gb Paging File | 4,00 Gb Available in Paging File | 89,00% Paging File free> in the current context!
Error: Unable to interpret <Paging file location(s): C:\pagefile.sys 3019 3019 [binary data]> in the current context!
Error: Unable to interpret <%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme> in the current context!
Error: Unable to interpret <Drive C: | 111,79 Gb Total Space | 56,57 Gb Free Space | 50,60% Space Free | Partition Type: NTFS> in the current context!
Error: Unable to interpret <D: Drive not present or media not loaded> in the current context!
Error: Unable to interpret <E: Drive not present or media not loaded> in the current context!
Error: Unable to interpret <F: Drive not present or media not loaded> in the current context!
Error: Unable to interpret <G: Drive not present or media not loaded> in the current context!
Error: Unable to interpret <H: Drive not present or media not loaded> in the current context!
Error: Unable to interpret <I: Drive not present or media not loaded> in the current context!
Error: Unable to interpret <Computer Name: MAKLER10> in the current context!
Error: Unable to interpret <Current User Name: hrvoje> in the current context!
Error: Unable to interpret <Logged in as Administrator.> in the current context!
Error: Unable to interpret <Current Boot Mode: Normal> in the current context!
Error: Unable to interpret <Scan Mode: Current user> in the current context!
Error: Unable to interpret <Company Name Whitelist: Off> in the current context!
Error: Unable to interpret <Skip Microsoft Files: Off> in the current context!
Error: Unable to interpret <File Age = 30 Days> in the current context!
Error: Unable to interpret <Output = Minimal> in the current context!
Error: Unable to interpret <========== Processes (SafeList) ==========> in the current context!
Error: Unable to interpret <PRC - C:\Dokumente und Einstellungen\hrvoje\Desktop\Virusreiniger\OTL.exe (OldTimer Tools)> in the current context!
Error: Unable to interpret <PRC - C:\Programme\Uniblue\SpeedUpMyPC\sump.exe (Uniblue Systems Limited)> in the current context!
Error: Unable to interpret <PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()> in the current context!
Error: Unable to interpret <PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH)> in the current context!
Error: Unable to interpret <PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)> in the current context!
Error: Unable to interpret <PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)> in the current context!
Error: Unable to interpret <PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)> in the current context!
Error: Unable to interpret <PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)> in the current context!
Error: Unable to interpret <PRC - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)> in the current context!
Error: Unable to interpret <PRC - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)> in the current context!
Error: Unable to interpret <PRC - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)> in the current context!
Error: Unable to interpret <PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)> in the current context!
Error: Unable to interpret <PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)> in the current context!
Error: Unable to interpret <PRC - C:\Programme\WinSplit Revolution\WinSplit.exe ()> in the current context!
Error: Unable to interpret <PRC - C:\Programme\RayV\RayV\RayV.exe (RayV)> in the current context!
Error: Unable to interpret <PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)> in the current context!
Error: Unable to interpret <PRC - C:\Programme\Intel\WiFi\bin\WLKEEPER.exe (Intel(R) Corporation)> in the current context!
Error: Unable to interpret <PRC - C:\Programme\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)> in the current context!
Error: Unable to interpret <PRC - C:\Programme\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)> in the current context!
Error: Unable to interpret <PRC - C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)> in the current context!
Error: Unable to interpret <PRC - C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)> in the current context!
Error: Unable to interpret <PRC - C:\Programme\Maxtor\OneTouch Status\MaxMenuMgr.exe (Maxtor Corporation)> in the current context!
Error: Unable to interpret <PRC - C:\Programme\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)> in the current context!
Error: Unable to interpret <PRC - C:\Programme\Gemeinsame Dateien\AccSys\accvssvc.exe (AccSys GmbH)> in the current context!
Error: Unable to interpret <PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <PRC - C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)> in the current context!
Error: Unable to interpret <PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)> in the current context!
Error: Unable to interpret <PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)> in the current context!
Error: Unable to interpret <PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe (TOSHIBA CORPORATION.)> in the current context!
Error: Unable to interpret <PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)> in the current context!
Error: Unable to interpret <PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)> in the current context!
Error: Unable to interpret <PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)> in the current context!
Error: Unable to interpret <PRC - C:\Programme\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)> in the current context!
Error: Unable to interpret <PRC - C:\Programme\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)> in the current context!
Error: Unable to interpret <PRC - C:\Programme\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe (SigmaTel, Inc.)> in the current context!
Error: Unable to interpret <PRC - C:\Programme\Canon\IJPLM\ijplmsvc.exe ()> in the current context!
Error: Unable to interpret <PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)> in the current context!
Error: Unable to interpret <PRC - C:\Programme\ScanSoft\OmniPageSE4\OpWareSE4.exe (Nuance Communications, Inc.)> in the current context!
Error: Unable to interpret <PRC - C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)> in the current context!
Error: Unable to interpret <PRC - C:\Programme\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <PRC - C:\Programme\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <PRC - C:\Programme\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)> in the current context!
Error: Unable to interpret <PRC - C:\Programme\avmwlanstick\FRITZWLanMini.exe (AVM Berlin GmbH)> in the current context!
Error: Unable to interpret <========== Modules (SafeList) ==========> in the current context!
Error: Unable to interpret <MOD - C:\Dokumente und Einstellungen\hrvoje\Desktop\Virusreiniger\OTL.exe (OldTimer Tools)> in the current context!
Error: Unable to interpret <MOD - C:\Programme\WinSplit Revolution\winsplithook.dll ()> in the current context!
Error: Unable to interpret <MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)> in the current context!
Error: Unable to interpret <MOD - C:\Programme\Dell\QuickSet\dadkeyb.dll ()> in the current context!
Error: Unable to interpret <MOD - C:\Programme\ScanSoft\OmniPageSE4\OpHookSE4.dll (Nuance Communications, Inc.)> in the current context!
Error: Unable to interpret <========== Win32 Services (SafeList) ==========> in the current context!
Error: Unable to interpret <SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)> in the current context!
Error: Unable to interpret <SRV - (AntiVirMailService) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)> in the current context!
Error: Unable to interpret <SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)> in the current context!
Error: Unable to interpret <SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)> in the current context!
Error: Unable to interpret <SRV - (ACDaemon) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)> in the current context!
Error: Unable to interpret <SRV - (getPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)> in the current context!
Error: Unable to interpret <SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)> in the current context!
Error: Unable to interpret <SRV - (GoToAssist) -- C:\Programme\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)> in the current context!
Error: Unable to interpret <SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)> in the current context!
Error: Unable to interpret <SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)> in the current context!
Error: Unable to interpret <SRV - (WLANKEEPER) Intel(R) -- C:\Programme\Intel\WiFi\bin\WLKEEPER.exe (Intel(R) Corporation)> in the current context!
Error: Unable to interpret <SRV - (S24EventMonitor) -- C:\Programme\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)> in the current context!
Error: Unable to interpret <SRV - (RegSrvc) -- C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)> in the current context!
Error: Unable to interpret <SRV - (Maxtor Sync Service) -- C:\Programme\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)> in the current context!
Error: Unable to interpret <SRV - (accvssvc) -- C:\Programme\Gemeinsame Dateien\AccSys\accvssvc.exe (AccSys GmbH)> in the current context!
Error: Unable to interpret <SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)> in the current context!
Error: Unable to interpret <SRV - (STacSV) -- C:\Programme\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe (SigmaTel, Inc.)> in the current context!
Error: Unable to interpret <SRV - (IJPLMSVC) -- C:\Programme\Canon\IJPLM\ijplmsvc.exe ()> in the current context!
Error: Unable to interpret <SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)> in the current context!
Error: Unable to interpret <========== Driver Services (SafeList) ==========> in the current context!
Error: Unable to interpret <DRV - (OMCI) -- C:\WINDOWS\System32\DRIVERS\OMCI.SYS File not found> in the current context!
Error: Unable to interpret <DRV - (NETw4x32) Intel(R) -- C:\WINDOWS\System32\DRIVERS\NETw4x32.sys File not found> in the current context!
Error: Unable to interpret <DRV - (BTWUSB) -- C:\WINDOWS\System32\Drivers\btwusb.sys File not found> in the current context!
Error: Unable to interpret <DRV - (BTWDNDIS) -- C:\WINDOWS\System32\DRIVERS\btwdndis.sys File not found> in the current context!
Error: Unable to interpret <DRV - (BTKRNL) -- C:\WINDOWS\System32\DRIVERS\btkrnl.sys File not found> in the current context!
Error: Unable to interpret <DRV - (BTDriver) -- C:\WINDOWS\System32\DRIVERS\btport.sys File not found> in the current context!
Error: Unable to interpret <DRV - (btaudio) -- C:\WINDOWS\System32\drivers\btaudio.sys File not found> in the current context!
Error: Unable to interpret <DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)> in the current context!
Error: Unable to interpret <DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)> in the current context!
Error: Unable to interpret <DRV - (AVerAF15DMBTH) -- C:\WINDOWS\system32\drivers\AVerAF15DMBTH.sys (AVerMedia TECHNOLOGIES, Inc.)> in the current context!
Error: Unable to interpret <DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)> in the current context!
Error: Unable to interpret <DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)> in the current context!
Error: Unable to interpret <DRV - (NETw5x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation)> in the current context!
Error: Unable to interpret <DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)> in the current context!
Error: Unable to interpret <DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation)> in the current context!
Error: Unable to interpret <DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)> in the current context!
Error: Unable to interpret <DRV - (tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)> in the current context!
Error: Unable to interpret <DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)> in the current context!
Error: Unable to interpret <DRV - (tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)> in the current context!
Error: Unable to interpret <DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)> in the current context!
Error: Unable to interpret <DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)> in the current context!
Error: Unable to interpret <DRV - (CSRBC) -- C:\WINDOWS\system32\drivers\csrbcxp.sys (CSR, plc)> in the current context!
Error: Unable to interpret <DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)> in the current context!
Error: Unable to interpret <DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)> in the current context!
Error: Unable to interpret <DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)> in the current context!
Error: Unable to interpret <DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)> in the current context!
Error: Unable to interpret <DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)> in the current context!
Error: Unable to interpret <DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)> in the current context!
Error: Unable to interpret <DRV - (MXOPSWD) -- C:\WINDOWS\system32\drivers\mxopswd.sys (Maxtor Corp.)> in the current context!
Error: Unable to interpret <DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)> in the current context!
Error: Unable to interpret <DRV - (e1express) Intel(R) -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation)> in the current context!
Error: Unable to interpret <DRV - (guardian2) -- C:\WINDOWS\system32\drivers\oz776.sys (O2Micro)> in the current context!
Error: Unable to interpret <DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)> in the current context!
Error: Unable to interpret <DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)> in the current context!
Error: Unable to interpret <DRV - (FWLANUSB) -- C:\WINDOWS\system32\drivers\fwlanusb.sys (AVM GmbH)> in the current context!
Error: Unable to interpret <DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)> in the current context!
Error: Unable to interpret <DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)> in the current context!
Error: Unable to interpret <DRV - (vncdrv) -- C:\WINDOWS\system32\drivers\vncdrv.sys (RDV Soft)> in the current context!
Error: Unable to interpret <========== Standard Registry (SafeList) ==========> in the current context!
Error: Unable to interpret <========== Internet Explorer ==========> in the current context!
Error: Unable to interpret <IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://n-tv.de/> in the current context!
Error: Unable to interpret <IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)> in the current context!
Error: Unable to interpret <IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)> in the current context!
Error: Unable to interpret <IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0> in the current context!
Error: Unable to interpret <IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local> in the current context!
Error: Unable to interpret <========== FireFox ==========> in the current context!
Error: Unable to interpret <FF - prefs.js..browser.search.defaultenginename: "WEB.DE Suche"> in the current context!
Error: Unable to interpret <FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoft Customized Web Search"> in the current context!
Error: Unable to interpret <FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"> in the current context!
Error: Unable to interpret <FF - prefs.js..browser.search.order.1: "GMX Suche"> in the current context!
Error: Unable to interpret <FF - prefs.js..browser.search.order.2: "1und1 Suche"> in the current context!
Error: Unable to interpret <FF - prefs.js..browser.search.order.3: "amazon.de"> in the current context!
Error: Unable to interpret <FF - prefs.js..browser.search.order.4: "WEB.DE Suche"> in the current context!
Error: Unable to interpret <FF - prefs.js..browser.search.useDBForOrder: true> in the current context!
Error: Unable to interpret <FF - prefs.js..browser.startup.homepage: "hxxp://www.n-tv.de/"> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: {95f24680-9e31-11da-a746-0800200c9a66}:0.1.5.5> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: {79572733-0c58-4b94-ac7d-4519df0ff1f0}:3.0> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20> in the current context!
Error: Unable to interpret <FF - prefs.js..keyword.URL: "hxxp://go.web.de/suchbox/webdesuche?su="> in the current context!
Error: Unable to interpret <FF - HKLM\software\mozilla\Firefox\Extensions\\RayVExtension@RayV.com: C:\Programme\RayV\RayV\RayVExtension@RayV.com [2008.09.09 09:57:24 | 000,000,000 | ---D | M]> in the current context!
Error: Unable to interpret <FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.07.21 21:41:15 | 000,000,000 | ---D | M]> in the current context!
Error: Unable to interpret <FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.07.21 21:41:15 | 000,000,000 | ---D | M]> in the current context!
Error: Unable to interpret <[2009.04.07 12:16:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\Mozilla\Extensions> in the current context!
Error: Unable to interpret <[2010.07.21 15:51:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\Mozilla\Firefox\Profiles\16gq99ui.default\extensions> in the current context!
Error: Unable to interpret <[2010.04.27 11:03:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\Mozilla\Firefox\Profiles\16gq99ui.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}> in the current context!
Error: Unable to interpret <[2010.03.23 11:28:55 | 000,000,000 | ---D | M] (Bibleserver.com Suchleiste) -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\Mozilla\Firefox\Profiles\16gq99ui.default\extensions\{79572733-0c58-4b94-ac7d-4519df0ff1f0}> in the current context!
Error: Unable to interpret <[2010.06.04 14:58:18 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\Mozilla\Firefox\Profiles\16gq99ui.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}> in the current context!
Error: Unable to interpret <[2010.06.04 16:22:46 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\Mozilla\Firefox\Profiles\16gq99ui.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}> in the current context!
Error: Unable to interpret <[2010.05.08 11:52:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\Mozilla\Firefox\Profiles\16gq99ui.default\extensions\personas@christopher.beard> in the current context!
Error: Unable to interpret <[2010.01.21 18:26:46 | 000,000,927 | ---- | M] () -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\Mozilla\Firefox\Profiles\16gq99ui.default\searchplugins\conduit.xml> in the current context!
Error: Unable to interpret <[2010.01.25 11:45:43 | 000,001,983 | ---- | M] () -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\Mozilla\Firefox\Profiles\16gq99ui.default\searchplugins\suche-in-wikipedia.xml> in the current context!
Error: Unable to interpret <[2010.07.21 15:51:14 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions> in the current context!
Error: Unable to interpret <[2010.01.25 11:38:42 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Programme\Mozilla Firefox\extensions\{95f24680-9e31-11da-a746-0800200c9a66}> in the current context!
Error: Unable to interpret <[2010.01.25 11:38:41 | 000,000,000 | ---D | M] (WEB.DE Firefox Addon) -- C:\Programme\Mozilla Firefox\extensions\{a82d0125-000a-4a57-abbc-5d4b0dbaab54}> in the current context!
Error: Unable to interpret <[2010.02.18 16:41:08 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}> in the current context!
Error: Unable to interpret <[2010.06.20 20:46:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}> in the current context!
Error: Unable to interpret <[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll> in the current context!
Error: Unable to interpret <[2010.01.10 00:47:36 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml> in the current context!
Error: Unable to interpret <[2010.01.10 00:47:36 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml> in the current context!
Error: Unable to interpret <[2010.01.10 00:47:36 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml> in the current context!
Error: Unable to interpret <[2010.01.10 00:47:36 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml> in the current context!
Error: Unable to interpret <[2010.01.10 00:47:36 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml> in the current context!
Error: Unable to interpret <O1 HOSTS File: ([2010.07.22 15:24:40 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts> in the current context!
Error: Unable to interpret <O1 - Hosts: 127.0.0.1       localhost> in the current context!
Error: Unable to interpret <O1 - Hosts: ::1       localhost> in the current context!
Error: Unable to interpret <O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)> in the current context!
Error: Unable to interpret <O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)> in the current context!
Error: Unable to interpret <O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)> in the current context!
Error: Unable to interpret <O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)> in the current context!
Error: Unable to interpret <O2 - BHO: (Online_Downloaden_Toolbar) - {f6e6051c-0d37-44e3-8855-2308b314f6c2} - C:\Programme\Online-Downloaden-Service Limited\Online-Downloaden-Toolbar\adxloader.dll ()> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (Online_Downloaden_Toolbar) - {40090c1a-85c9-419d-b493-6119f95d97a4} - C:\Programme\Online-Downloaden-Service Limited\Online-Downloaden-Toolbar\adxloader.dll ()> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)> in the current context!
Error: Unable to interpret <O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)> in the current context!
Error: Unable to interpret <O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programme\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLanMini.exe (AVM Berlin GmbH)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [Dell QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [IntelWireless] C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [IntelZeroConfig] C:\Programme\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [ITSecMng] C:\Programme\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [mxomssmenu] C:\Programme\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [OpwareSE4] C:\Programme\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Programme\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [SSBkgdUpdate] C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)> in the current context!
Error: Unable to interpret <O4 - HKCU..\Run: [H/PC Connection Agent] C:\Programme\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O4 - HKCU..\Run: [RayV] C:\Programme\RayV\RayV\RayV.exe (RayV)> in the current context!
Error: Unable to interpret <O4 - HKCU..\Run: [SpeedUpMyPC] C:\Programme\Uniblue\SpeedUpMyPC\launcher.exe (Uniblue Systems Limited)> in the current context!
Error: Unable to interpret <O4 - HKCU..\Run: [Winsplit] C:\Programme\WinSplit Revolution\WinSplit.exe ()> in the current context!
Error: Unable to interpret <O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Bluetooth Manager.lnk = C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)> in the current context!
Error: Unable to interpret <O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Sonic CinePlayer Quick Launch.lnk = C:\Programme\Gemeinsame Dateien\Sonic Shared\CineTray.exe File not found> in the current context!
Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1> in the current context!
Error: Unable to interpret <O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145> in the current context!
Error: Unable to interpret <O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm ()> in the current context!
Error: Unable to interpret <O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O9 - Extra 'Tools' menuitem : Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)> in the current context!
Error: Unable to interpret <O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)> in the current context!
Error: Unable to interpret <O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)> in the current context!
Error: Unable to interpret <O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)> in the current context!
Error: Unable to interpret <O15 - HKCU\..Trusted Domains: 123.250) ([samba%203.2.7-11.6-2057-suse-code11%20(192.168] file in Lokales Intranet)> in the current context!
Error: Unable to interpret <O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)> in the current context!
Error: Unable to interpret <O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)> in the current context!
Error: Unable to interpret <O16 - DPF: {59136DB4-6CA3-4B40-8F2F-BBF84B6F1E91} https://stream.web.de/mail/activex/mail_upload_11213.cab (Attachment Upload Control)> in the current context!
Error: Unable to interpret <O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239790432921 (MUWebControl Class)> in the current context!
Error: Unable to interpret <O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)> in the current context!
Error: Unable to interpret <O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control)> in the current context!
Error: Unable to interpret <O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)> in the current context!
Error: Unable to interpret <O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)> in the current context!
Error: Unable to interpret <O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)> in the current context!
Error: Unable to interpret <O16 - DPF: {D27CDB6E-AE6D-11CF-35B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Gemeinsame Dateien\fluxDVD\Lib\XEB\xebnavigation.ax ()> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Gemeinsame Dateien\fluxDVD\Lib\XEB\xebnavigation.ax ()> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)> in the current context!
Error: Unable to interpret <O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O20 - Winlogon\Notify\GoToAssist: DllName - C:\Programme\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Programme\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)> in the current context!
Error: Unable to interpret <O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home> in the current context!
Error: Unable to interpret <O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\hrvoje\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp> in the current context!
Error: Unable to interpret <O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\hrvoje\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp> in the current context!
Error: Unable to interpret <O32 - HKLM CDRom: AutoRun - 1> in the current context!
Error: Unable to interpret <O32 - AutoRun File - [2008.05.08 13:32:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]> in the current context!
Error: Unable to interpret <O34 - HKLM BootExecute: (autocheck autochk *) -  File not found> in the current context!
Error: Unable to interpret <O35 - HKLM\..comfile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <O35 - HKLM\..exefile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <O37 - HKLM\...com [@ = comfile] -- "%1" %*> in the current context!
Error: Unable to interpret <O37 - HKLM\...exe [@ = exefile] -- "%1" %*> in the current context!
Error: Unable to interpret <========== Files/Folders - Created Within 30 Days ==========> in the current context!
Error: Unable to interpret <[2010.07.22 15:34:56 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\hrvoje\Recent> in the current context!
Error: Unable to interpret <[2010.07.22 15:33:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\hrvoje\Lokale Einstellungen\Anwendungsdaten\RayV> in the current context!
Error: Unable to interpret <[2010.07.22 15:33:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\RayV> in the current context!
Error: Unable to interpret <[2010.07.22 15:24:39 | 000,000,000 | ---D | C] -- C:\_OTL> in the current context!
Error: Unable to interpret <[2010.07.21 00:51:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\hrvoje\Desktop\Virusreiniger> in the current context!
Error: Unable to interpret <[2010.07.20 23:47:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\Malwarebytes> in the current context!
Error: Unable to interpret <[2010.07.20 23:47:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys> in the current context!
Error: Unable to interpret <[2010.07.20 23:47:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys> in the current context!
Error: Unable to interpret <[2010.07.20 23:47:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes> in the current context!
Error: Unable to interpret <[2010.07.20 23:47:47 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware> in the current context!
Error: Unable to interpret <[2010.07.20 23:24:49 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro> in the current context!
Error: Unable to interpret <[2010.07.20 15:10:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\PriceGong> in the current context!
Error: Unable to interpret <[2010.07.15 14:25:40 | 001,481,928 | ---- | C] (HTC) -- C:\task29.exe> in the current context!
Error: Unable to interpret <[2010.07.15 14:25:40 | 001,449,160 | ---- | C] (HTC) -- C:\RUUResource.dll> in the current context!
Error: Unable to interpret <[2010.07.15 14:25:40 | 000,175,304 | ---- | C] (HTC) -- C:\rapitool.exe> in the current context!
Error: Unable to interpret <[2010.07.15 14:25:40 | 000,008,904 | ---- | C] (HTC) -- C:\EnterBootloader.exe> in the current context!
Error: Unable to interpret <[2010.07.15 12:14:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\hrvoje\Desktop\Hd2> in the current context!
Error: Unable to interpret <[2010.07.14 14:55:28 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe> in the current context!
Error: Unable to interpret <[2010.07.13 09:49:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Uniblue> in the current context!
Error: Unable to interpret <[2010.07.13 09:25:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\System Tweaker> in the current context!
Error: Unable to interpret <[2010.07.13 09:14:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\Uniblue> in the current context!
Error: Unable to interpret <[2010.07.13 09:14:21 | 000,000,000 | ---D | C] -- C:\Programme\Uniblue> in the current context!
Error: Unable to interpret <[2010.06.23 09:55:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\hrvoje\Desktop\Bilder hd2> in the current context!
Error: Unable to interpret <========== Files - Modified Within 30 Days ==========> in the current context!
Error: Unable to interpret <[2010.07.22 15:44:49 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job> in the current context!
Error: Unable to interpret <[2010.07.22 15:33:01 | 000,091,240 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001> in the current context!
Error: Unable to interpret <[2010.07.22 15:32:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl> in the current context!
Error: Unable to interpret <[2010.07.22 15:32:48 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job> in the current context!
Error: Unable to interpret <[2010.07.22 15:32:28 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT> in the current context!
Error: Unable to interpret <[2010.07.22 15:32:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat> in the current context!
Error: Unable to interpret <[2010.07.22 15:31:46 | 007,602,176 | -H-- | M] () -- C:\Dokumente und Einstellungen\hrvoje\NTUSER.DAT> in the current context!
Error: Unable to interpret <[2010.07.22 15:31:27 | 000,000,665 | ---- | M] () -- C:\WINDOWS\win.ini> in the current context!
Error: Unable to interpret <[2010.07.22 15:31:27 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini> in the current context!
Error: Unable to interpret <[2010.07.22 15:31:27 | 000,000,211 | -HS- | M] () -- C:\boot.ini> in the current context!
Error: Unable to interpret <[2010.07.22 15:24:40 | 001,050,654 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI> in the current context!
Error: Unable to interpret <[2010.07.22 15:24:40 | 000,452,554 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat> in the current context!
Error: Unable to interpret <[2010.07.22 15:24:40 | 000,435,594 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat> in the current context!
Error: Unable to interpret <[2010.07.22 15:24:40 | 000,081,316 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat> in the current context!
Error: Unable to interpret <[2010.07.22 15:24:40 | 000,068,490 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat> in the current context!
Error: Unable to interpret <[2010.07.22 15:24:40 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts> in the current context!
Error: Unable to interpret <[2010.07.20 23:14:43 | 000,091,240 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat> in the current context!
Error: Unable to interpret <[2010.07.20 20:29:40 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\hrvoje\ntuser.ini> in the current context!
Error: Unable to interpret <[2010.07.20 20:15:24 | 000,114,176 | ---- | M] () -- C:\Dokumente und Einstellungen\hrvoje\Desktop\Ja.doc> in the current context!
Error: Unable to interpret <[2010.07.13 20:31:31 | 000,034,304 | ---- | M] () -- C:\Dokumente und Einstellungen\hrvoje\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini> in the current context!
Error: Unable to interpret <[2010.07.07 15:45:34 | 000,031,744 | ---- | M] () -- C:\Dokumente und Einstellungen\hrvoje\Desktop\Der Sinn Christi.doc> in the current context!
Error: Unable to interpret <[2010.07.01 22:39:01 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job> in the current context!
Error: Unable to interpret <[2010.06.29 15:14:07 | 000,000,540 | ---- | M] () -- C:\WINDOWS\tasks\Rescue Reminder for 2HAS9TSZ.job> in the current context!
Error: Unable to interpret <[2010.06.26 13:30:19 | 000,876,565 | ---- | M] () -- C:\Dokumente und Einstellungen\hrvoje\Desktop\Cover_SupernaturalPowerRenewedMind.pdf> in the current context!
Error: Unable to interpret <========== Files Created - No Company Name ==========> in the current context!
Error: Unable to interpret <[2010.07.22 15:31:11 | 000,000,783 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Sonic CinePlayer Quick Launch.lnk> in the current context!
Error: Unable to interpret <[2010.07.22 15:31:11 | 000,000,687 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Bluetooth Manager.lnk> in the current context!
Error: Unable to interpret <[2010.07.20 20:15:22 | 000,114,176 | ---- | C] () -- C:\Dokumente und Einstellungen\hrvoje\Desktop\Ja.doc> in the current context!
Error: Unable to interpret <[2010.07.15 14:25:40 | 005,406,987 | ---- | C] () -- C:\RUU_signed.nbh> in the current context!
Error: Unable to interpret <[2010.07.15 14:25:40 | 000,213,864 | ---- | C] () -- C:\ModelID.fig> in the current context!
Error: Unable to interpret <[2010.07.15 14:25:40 | 000,141,368 | ---- | C] () -- C:\ErrorUSB.fig> in the current context!
Error: Unable to interpret <[2010.07.15 14:25:40 | 000,095,552 | ---- | C] () -- C:\ErrorBattery.fig> in the current context!
Error: Unable to interpret <[2010.07.15 14:25:40 | 000,013,512 | ---- | C] () -- C:\RUUGetInfo.exe> in the current context!
Error: Unable to interpret <[2010.07.15 14:25:40 | 000,000,013 | ---- | C] () -- C:\ROMUpdateUtility.cfg> in the current context!
Error: Unable to interpret <[2010.07.06 15:37:26 | 000,031,744 | ---- | C] () -- C:\Dokumente und Einstellungen\hrvoje\Desktop\Der Sinn Christi.doc> in the current context!
Error: Unable to interpret <[2010.06.26 13:30:19 | 000,876,565 | ---- | C] () -- C:\Dokumente und Einstellungen\hrvoje\Desktop\Cover_SupernaturalPowerRenewedMind.pdf> in the current context!
Error: Unable to interpret <[2010.06.21 10:55:13 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll> in the current context!
Error: Unable to interpret <[2009.11.29 16:01:14 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll> in the current context!
Error: Unable to interpret <[2009.06.16 12:27:30 | 000,006,027 | ---- | C] () -- C:\WINDOWS\Unwise32.ini> in the current context!
Error: Unable to interpret <[2009.06.01 20:25:13 | 000,000,098 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI> in the current context!
Error: Unable to interpret <[2009.04.15 11:06:12 | 000,000,474 | ---- | C] () -- C:\WINDOWS\WebAng32.INI> in the current context!
Error: Unable to interpret <[2009.03.03 15:25:34 | 000,000,736 | ---- | C] () -- C:\WINDOWS\SamsungMaster.INI> in the current context!
Error: Unable to interpret <[2008.12.18 13:26:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI> in the current context!
Error: Unable to interpret <[2008.12.03 14:17:09 | 000,000,404 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI> in the current context!
Error: Unable to interpret <[2008.06.02 13:18:35 | 000,000,063 | ---- | C] () -- C:\WINDOWS\WININIT.INI> in the current context!
Error: Unable to interpret <[2008.05.29 15:21:03 | 000,000,099 | ---- | C] () -- C:\WINDOWS\KTEL.INI> in the current context!
Error: Unable to interpret <[2008.05.18 21:20:07 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll> in the current context!
Error: Unable to interpret <[2008.05.18 21:20:07 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll> in the current context!
Error: Unable to interpret <[2008.05.18 21:07:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI> in the current context!
Error: Unable to interpret <[2008.05.13 10:58:33 | 000,000,053 | ---- | C] () -- C:\WINDOWS\IMV.ini> in the current context!
Error: Unable to interpret <[2008.05.08 16:11:32 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS6d.DLL> in the current context!
Error: Unable to interpret <[2008.05.08 16:06:42 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS79.DLL> in the current context!
Error: Unable to interpret <[2008.05.08 15:55:31 | 000,001,084 | ---- | C] () -- C:\WINDOWS\DKAAP2DD.ini> in the current context!
Error: Unable to interpret <[2008.05.08 15:16:04 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll> in the current context!
Error: Unable to interpret <[2008.05.08 15:16:04 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll> in the current context!
Error: Unable to interpret <[2008.05.08 15:16:04 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll> in the current context!
Error: Unable to interpret <[2008.05.08 15:16:04 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll> in the current context!
Error: Unable to interpret <[2007.12.21 17:46:32 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll> in the current context!
Error: Unable to interpret <[2005.07.22 22:30:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll> in the current context!
Error: Unable to interpret <[2001.04.05 15:16:27 | 000,000,396 | RHS- | C] () -- C:\WINDOWS\System32\mswinsun.dll> in the current context!
Error: Unable to interpret <========== Custom Scans ==========> in the current context!
Error: Unable to interpret <<  >> in the current context!
Error: Unable to interpret << End of report >

--- --- ---
> in the current context!
 
OTL by OldTimer - Version 3.2.9.1 log created on 07222010_155018

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Kann es sein, dass der Virus vom CCleaner, HijackThis und der Malware bereinigt wurde?
Seit ich diese Prozesse gestern laufen lassen habe, startet der IE auch nicht mehr von selbst.

Vielen Dank noch einmal!

cosinus 22.07.2010 15:28
Zitat:
Kann es sein, dass der Virus vom CCleaner, HijackThis und der Malware bereinigt wurde?
Von Malwarebytes evtl ja, aber meistens ist da noch mehr.
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

314you 22.07.2010 15:46
Wie schalte ich mein Antivir ab?

cosinus 22.07.2010 15:47
Regenschirm schließen.
Notfalls, wenn das nicht geht, AntiVir deinstallieren!

314you 22.07.2010 16:11
so hier ist das log file:
Code:
ComboFix 10-07-21.02 - hrvoje 22.07.2010  16:56:51.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.2014.1429 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\hrvoje\Desktop\cofi.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\st325602.dll
c:\windows\system32\Thumbs.db
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Legacy_SSHNAS
-------\Service_NPF


(((((((((((((((((((((((  Dateien erstellt von 2010-06-22 bis 2010-07-22  ))))))))))))))))))))))))))))))
.

2010-07-22 14:36 . 2010-07-22 14:36        --------        d-----w-        c:\dokumente und einstellungen\hrvoje\Lokale Einstellungen\Anwendungsdaten\PCHealth
2010-07-22 13:33 . 2010-07-22 13:33        --------        d-----w-        c:\dokumente und einstellungen\hrvoje\Lokale Einstellungen\Anwendungsdaten\RayV
2010-07-22 13:33 . 2010-07-22 13:33        --------        d-----w-        c:\dokumente und einstellungen\hrvoje\Anwendungsdaten\RayV
2010-07-22 13:24 . 2010-07-22 13:24        --------        d-----w-        C:\_OTL
2010-07-20 21:47 . 2010-07-20 21:47        --------        d-----w-        c:\dokumente und einstellungen\hrvoje\Anwendungsdaten\Malwarebytes
2010-07-20 21:47 . 2010-04-29 10:19        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-20 21:47 . 2010-07-20 21:47        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-07-20 21:47 . 2010-04-29 10:19        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-07-20 21:47 . 2010-07-21 18:01        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware
2010-07-20 21:24 . 2010-07-20 21:24        --------        d-----w-        c:\programme\Trend Micro
2010-07-20 13:10 . 2010-07-20 21:52        --------        d-----w-        c:\dokumente und einstellungen\hrvoje\Anwendungsdaten\PriceGong
2010-07-15 12:25 . 2010-03-10 16:54        1481928        ----a-w-        C:\task29.exe
2010-07-15 12:25 . 2010-03-10 16:51        8904        ----a-w-        C:\EnterBootloader.exe
2010-07-15 12:25 . 2010-03-10 16:51        175304        ----a-w-        C:\rapitool.exe
2010-07-15 12:25 . 2010-03-10 16:51        1449160        ----a-w-        C:\RUUResource.dll
2010-07-15 12:25 . 2010-03-10 16:51        13512        ----a-w-        C:\RUUGetInfo.exe
2010-07-14 12:55 . 2010-06-14 14:31        744448        -c----w-        c:\windows\system32\dllcache\helpsvc.exe
2010-07-13 07:49 . 2010-07-13 07:49        --------        d-----w-        c:\dokumente und einstellungen\All Users\Uniblue
2010-07-13 07:25 . 2010-07-13 07:25        --------        d-----w-        c:\dokumente und einstellungen\hrvoje\Anwendungsdaten\System Tweaker
2010-07-13 07:14 . 2010-07-13 07:49        --------        d-----w-        c:\dokumente und einstellungen\hrvoje\Anwendungsdaten\Uniblue
2010-07-13 07:14 . 2010-07-13 07:40        --------        d-----w-        c:\programme\Uniblue

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-22 14:35 . 2008-05-08 13:30        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft Help
2010-07-22 13:50 . 2004-08-04 10:00        81316        ----a-w-        c:\windows\system32\perfc007.dat
2010-07-22 13:50 . 2004-08-04 10:00        452554        ----a-w-        c:\windows\system32\perfh007.dat
2010-07-20 21:37 . 2008-12-10 12:57        --------        d-----w-        c:\programme\CCleaner
2010-07-20 21:24 . 2010-07-20 21:24        388096        ----a-r-        c:\dokumente und einstellungen\hrvoje\Anwendungsdaten\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-20 21:14 . 2008-05-08 13:16        91240        ----a-w-        c:\windows\system32\nvModes.dat
2010-07-20 13:19 . 2010-06-04 14:22        --------        d-----w-        c:\programme\DVDVideoSoftTB
2010-07-14 12:35 . 2008-05-08 16:27        --------        d-----w-        c:\programme\OpenOffice.org 2.4
2010-07-14 12:34 . 2008-11-21 08:01        --------        d-----w-        c:\dokumente und einstellungen\hrvoje\Anwendungsdaten\OpenOffice.org2
2010-07-13 19:50 . 2009-11-18 20:04        --------        d-----w-        c:\dokumente und einstellungen\hrvoje\Anwendungsdaten\vlc
2010-07-13 18:34 . 2010-03-17 18:54        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX
2010-06-21 11:04 . 2008-06-26 15:57        91416        ----a-w-        c:\dokumente und einstellungen\hrvoje\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2010-06-21 08:51 . 2008-05-08 11:49        --------        d--h--w-        c:\programme\InstallShield Installation Information
2010-06-20 18:46 . 2009-11-26 13:49        --------        d-----w-        c:\programme\Java
2010-06-19 10:54 . 2010-02-06 10:08        --------        d-----w-        c:\programme\DVDVideoSoft
2010-06-19 10:14 . 2010-05-01 18:45        57344        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-06-19 10:08 . 2010-06-19 10:08        56997        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\WebPlayer\Uninstaller.exe
2010-06-19 10:08 . 2010-06-19 10:08        56765        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-06-19 10:08 . 2009-08-06 09:40        --------        d-----w-        c:\programme\DivX
2010-06-19 10:08 . 2010-06-19 10:08        53600        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\Update\Uninstaller.exe
2010-06-19 10:08 . 2010-06-19 10:08        57715        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\Player\Uninstaller.exe
2010-06-19 10:07 . 2010-06-19 10:07        54153        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\DFXPlugin\Uninstaller.exe
2010-06-19 10:07 . 2010-06-19 10:07        54128        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\Converter\Uninstaller.exe
2010-06-19 10:07 . 2010-06-19 10:07        54644        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\TranscodeEngine\Uninstaller.exe
2010-06-19 10:07 . 2010-06-19 10:07        54101        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-19 10:04 . 2010-05-01 18:45        1062184        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\Setup\Resource.dll
2010-06-19 10:04 . 2010-03-17 18:58        895256        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\Setup\DivXSetup.exe
2010-06-15 13:59 . 2010-06-15 13:59        8854        ----a-r-        c:\dokumente und einstellungen\hrvoje\Anwendungsdaten\Microsoft\Installer\{24DD7C58-EAC5-41BA-AC05-1EF58525CE44}\ARPPRODUCTICON.exe
2010-06-14 14:31 . 2008-05-08 11:29        744448        ----a-w-        c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-04 20:58 . 2008-05-08 15:28        --------        d-----w-        c:\programme\Microsoft Silverlight
2010-06-04 12:58 . 2010-06-04 12:58        --------        d-----w-        c:\dokumente und einstellungen\hrvoje\Anwendungsdaten\DVDVideoSoftIEHelpers
2010-06-04 12:58 . 2010-02-06 10:08        --------        d-----w-        c:\programme\Gemeinsame Dateien\DVDVideoSoft
2010-06-02 19:51 . 2008-07-13 11:54        --------        d-----w-        c:\dokumente und einstellungen\hrvoje\Anwendungsdaten\dvdcss
2010-05-29 17:48 . 2010-04-02 07:21        443912        ----a-w-        c:\dokumente und einstellungen\hrvoje\Anwendungsdaten\Real\Update\setup3.10\setup.exe
2010-05-29 09:45 . 2010-01-27 19:25        --------        d-----w-        c:\dokumente und einstellungen\hrvoje\Anwendungsdaten\Winsplit Revolution
2010-05-28 13:19 . 2010-05-28 13:19        --------        d-----w-        c:\programme\WinSplit Revolution
2010-05-28 10:37 . 2010-05-28 10:37        503808        ----a-w-        c:\dokumente und einstellungen\hrvoje\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6b1bbc66-n\msvcp71.dll
2010-05-28 10:37 . 2010-05-28 10:37        499712        ----a-w-        c:\dokumente und einstellungen\hrvoje\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6b1bbc66-n\jmc.dll
2010-05-28 10:37 . 2010-05-28 10:37        348160        ----a-w-        c:\dokumente und einstellungen\hrvoje\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6b1bbc66-n\msvcr71.dll
2010-05-28 10:37 . 2010-05-28 10:37        61440        ----a-w-        c:\dokumente und einstellungen\hrvoje\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-10ad5ac4-n\decora-sse.dll
2010-05-28 10:37 . 2010-05-28 10:37        12800        ----a-w-        c:\dokumente und einstellungen\hrvoje\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-10ad5ac4-n\decora-d3d.dll
2010-05-27 13:38 . 2010-05-27 13:38        --------        d-----w-        c:\dokumente und einstellungen\hrvoje\Anwendungsdaten\elsterformular
2010-05-27 13:38 . 2008-06-12 10:24        --------        d-----w-        c:\programme\ElsterFormular
2010-05-27 13:38 . 2010-05-27 13:38        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\elsterformular
2010-05-06 10:31 . 2006-03-04 03:34        916480        ----a-w-        c:\windows\system32\wininet.dll
2010-05-04 18:28 . 2010-05-04 18:28        84040        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\TransferWizard\Uninstaller.exe
2010-05-04 18:28 . 2010-05-04 18:28        54166        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\DSAVCDecoder\Uninstaller.exe
2010-05-04 18:28 . 2010-05-04 18:28        57532        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\DSASPDecoder\Uninstaller.exe
2010-05-04 18:28 . 2010-05-04 18:28        57409        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\ControlPanel\Uninstaller.exe
2010-05-02 08:05 . 2004-08-04 10:00        1851392        ----a-w-        c:\windows\system32\win32k.sys
2010-05-01 18:44 . 2010-05-01 18:44        57054        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\DSDesktopComponents\Uninstaller.exe
2010-05-01 18:44 . 2010-05-01 18:44        56458        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-05-01 18:44 . 2010-05-01 18:44        54174        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\DSAACDecoder\Uninstaller.exe
2010-05-01 18:44 . 2010-05-01 18:44        52963        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-05-01 18:44 . 2010-05-01 18:44        54073        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\Qt4.5\Uninstaller.exe
2010-05-01 18:44 . 2010-05-01 18:44        56969        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\ASPEncoder\Uninstaller.exe
2009-04-07 10:16 . 2009-04-07 10:15        7353544        ----a-w-        c:\programme\Firefox_Setup_3.0.8.exe
2009-04-03 14:08 . 2009-04-03 14:08        17010016        ----a-w-        c:\programme\IE8-WindowsXP-x86-DEU.exe
2009-03-31 07:07 . 2009-03-31 07:07        2647336        ----a-w-        c:\programme\e-sword elberfelder.exe
2009-03-26 11:28 . 2009-03-26 11:28        304295        ----a-w-        c:\programme\kfz.zip
2009-02-23 10:37 . 2009-02-23 10:37        310273        ----a-w-        c:\programme\MusicBridge2.0.1.zip
2009-02-12 15:57 . 2009-02-12 15:57        22772888        ----a-w-        c:\programme\antivir_workstation_winu_de_hp.exe
2009-02-02 13:41 . 2009-02-02 13:41        1039016        ----a-w-        c:\programme\Google_Earth.exe
2009-01-14 16:06 . 2009-01-14 16:06        12990311        ----a-w-        c:\programme\Soti1507962_112616_PCPro601Setup.exe
2009-01-13 11:31 . 2009-01-13 11:31        12990311        ----a-w-        c:\programme\Soti Pocket Controller1507962_112616_PCPro601Setup.exe
2008-05-30 12:37 . 2008-05-30 12:37        148847        ----a-w-        c:\programme\DEC2006_XACT_x86.cab
2008-05-30 12:36 . 2008-05-30 12:36        13267416        ----a-w-        c:\programme\dxnt.cab
2008-05-30 12:36 . 2008-05-30 12:36        4165878        ----a-w-        c:\programme\Apr2006_MDX1_x86_Archive.cab
2008-05-30 12:36 . 2008-05-30 12:36        1805306        ----a-w-        c:\programme\Nov2007_d3dx9_36_x64.cab
2008-05-30 12:36 . 2008-05-30 12:36        1803408        ----a-w-        c:\programme\AUG2007_d3dx9_35_x64.cab
2008-05-30 12:34 . 2008-05-30 12:34        528392        ----a-w-        c:\programme\DXSETUP.exe
2002-05-06 14:07 . 2001-04-05 13:16        396        --sh--r-        c:\windows\system32\mswinsun.dll
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\programme\DVDVideoSoft\tbDVD1.dll" [2010-06-19 2736736]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\programme\DVDVideoSoftTB\tbDVD1.dll" [2010-07-20 2736736]

[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-07-20 13:19        2736736        ----a-w-        c:\programme\DVDVideoSoftTB\tbDVD1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
2010-06-19 10:54        2736736        ----a-w-        c:\programme\DVDVideoSoft\tbDVD1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f6e6051c-0d37-44e3-8855-2308b314f6c2}]
2009-07-13 14:18        462848        ----a-w-        c:\programme\Online-Downloaden-Service Limited\Online-Downloaden-Toolbar\adxloader.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{40090c1a-85c9-419d-b493-6119f95d97a4}"= "c:\programme\Online-Downloaden-Service Limited\Online-Downloaden-Toolbar\adxloader.dll" [2009-07-13 462848]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\programme\DVDVideoSoft\tbDVD1.dll" [2010-06-19 2736736]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\programme\DVDVideoSoftTB\tbDVD1.dll" [2010-07-20 2736736]

[HKEY_CLASSES_ROOT\clsid\{40090c1a-85c9-419d-b493-6119f95d97a4}]
[HKEY_CLASSES_ROOT\Online_Downloaden_Toolbar.Online_Downloaden_Toolbar]

[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"= "c:\programme\DVDVideoSoft\tbDVD1.dll" [2010-06-19 2736736]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\programme\DVDVideoSoftTB\tbDVD1.dll" [2010-07-20 2736736]

[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Winsplit"="c:\programme\WinSplit Revolution\WinSplit.exe" [2009-02-27 3958784]
"SpeedUpMyPC"="c:\programme\Uniblue\SpeedUpMyPC\launcher.exe" [2010-06-25 67960]
"WMPNSCFG"="c:\programme\Windows Media Player\WMPNSCFG.exe" [2006-10-24 204288]
"RayV"="c:\programme\RayV\RayV\RayV.exe" [2008-08-31 3708200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-28 8429568]
"IntelZeroConfig"="c:\programme\Intel\WiFi\bin\ZCfgSvc.exe" [2008-08-20 1368064]
"Dell QuickSet"="c:\programme\Dell\QuickSet\quickset.exe" [2008-02-22 1245184]
"Apoint"="c:\programme\Apoint\Apoint.exe" [2007-01-25 159744]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-28 81920]
"mxomssmenu"="c:\programme\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]
"ArcSoft Connection Service"="c:\programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-02-18 248040]
"nwiz"="nwiz.exe" [2007-04-28 1626112]
"DivXUpdate"="c:\programme\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"SSBkgdUpdate"="c:\programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"SigmatelSysTrayApp"="c:\programme\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"RemoteControl"="c:\programme\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2009-05-26 413696]
"OpwareSE4"="c:\programme\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"NVHotkey"="nvHotkey.dll" [2007-04-28 67584]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"ITSecMng"="c:\programme\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"IntelWireless"="c:\programme\Gemeinsame Dateien\Intel\WirelessCommon\iFrmewrk.exe" [2008-08-20 1191936]
"Easy-PrintToolBox"="c:\programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"CanonSolutionMenu"="c:\programme\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\programme\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"AVMWlanClient"="c:\programme\avmwlanstick\FRITZWLANMini.exe" [2006-06-23 343552]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Bluetooth Manager.lnk - c:\programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-2-22 2938184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-12-10 12:08        10536        ----a-w-        c:\programme\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programme\\SOTI\\Pocket Controller-Pro\\PocketController.exe"=
"c:\\Programme\\RayV\\RayV\\RayV.exe"=
"c:\\Programme\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\programme\Microsoft ActiveSync\rapimgr.exe"= c:\programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programme\Microsoft ActiveSync\wcescomm.exe"= c:\programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programme\Microsoft ActiveSync\WCESMgr.exe"= c:\programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Programme\\TmNationsForever\\TmForever.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\M2Office32\\m2_verw.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Acer\\ProjectorGateway\\AcerProjectorGateway.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\SopCast\\SopCast.exe"=
"c:\\Programme\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programme\\Real\\RealPlayer\\realplay.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 accvssvc;AccSys WLAN Control Service;c:\programme\Gemeinsame Dateien\AccSys\accvssvc.exe [09.10.2008 23:02 131072]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\programme\Avira\AntiVir Desktop\avmailc.exe [18.03.2009 17:57 337064]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [18.03.2009 17:57 135336]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\programme\Avira\AntiVir Desktop\avwebgrd.exe [18.03.2009 17:57 405672]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [06.01.2010 19:24 135664]
S3 AVerAF15DMBTH;AVerMedia A850 USB;c:\windows\system32\drivers\AVerAF15DMBTH.sys [21.06.2010 10:51 554368]
S3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\drivers\fwlanusb.sys [23.06.2008 19:22 264704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper        REG_MULTI_SZ          getPlusHelper
.
Inhalt des "geplante Tasks" Ordners

2010-07-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-01-06 17:24]

2010-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-01-06 17:24]

2010-06-29 c:\windows\Tasks\Rescue Reminder for 2HAS9TSZ.job
- c:\programme\Maxtor\ManagerApp\MaxUtilities.exe [2008-07-21 14:52]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://n-tv.de/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://go.web.de/suchbox/webdesuche?su=%s
IE: Free YouTube to Mp3 Converter - c:\dokumente und einstellungen\hrvoje\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\programme\Avira\AntiVir Desktop\avsda.dll
TCP: {681F9171-3D92-4436-81BB-3ABD41644196} = 217.237.151.115,217.237.148.102
TCP: {6D806538-48B5-454E-B1DC-B8B23A07AC12} = 217.237.151.115,217.237.148.102
Handler: fluxhttp - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - c:\programme\Gemeinsame Dateien\fluxDVD\Lib\XEB\xebnavigation.ax
Handler: fluxhttp\0x00000007 - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - c:\programme\Gemeinsame Dateien\fluxDVD\Lib\XEB\xebnavigation.ax
DPF: {59136DB4-6CA3-4B40-8F2F-BBF84B6F1E91} - hxxps://stream.web.de/mail/activex/mail_upload_11213.cab
FF - ProfilePath - c:\dokumente und einstellungen\hrvoje\Anwendungsdaten\Mozilla\Firefox\Profiles\16gq99ui.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.n-tv.de/
FF - prefs.js: keyword.URL - hxxp://go.web.de/suchbox/webdesuche?su=
FF - component: c:\dokumente und einstellungen\hrvoje\Anwendungsdaten\Mozilla\Firefox\Profiles\16gq99ui.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll
FF - component: c:\dokumente und einstellungen\hrvoje\Anwendungsdaten\Mozilla\Firefox\Profiles\16gq99ui.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\RadioWMPCore.dll
FF - component: c:\programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: c:\programme\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\dokumente und einstellungen\hrvoje\Anwendungsdaten\Move Networks\plugins\071802000001\npqmp071802000001.dll
FF - plugin: c:\programme\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\programme\Gemeinsame Dateien\mpDRM\NPMPDRM.dll
FF - plugin: c:\programme\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programme\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\programme\Videoload Manager\NPWMDRMWrapper.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size",  4096);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("general.useragent.extra.cck", "(WEB.DE)");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-07-22 17:02
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(1168)
c:\programme\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\windows\system32\netprovcredman.dll

- - - - - - - > 'lsass.exe'(1224)
c:\programme\Avira\AntiVir Desktop\avsda.dll

- - - - - - - > 'explorer.exe'(5280)
c:\programme\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Intel\WiFi\bin\S24EvMon.exe
c:\windows\System32\SCardSvr.exe
c:\programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\programme\Intel\WiFi\bin\EvtEng.exe
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\programme\Canon\IJPLM\IJPLMSVC.EXE
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\Maxtor\Sync\SyncServices.exe
c:\windows\system32\nvsvc32.exe
c:\programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe
c:\programme\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
c:\programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\programme\Intel\WiFi\bin\WLKeeper.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\wbem\unsecapp.exe
c:\programme\DellTPad\ApMsgFwd.exe
c:\programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\programme\DellTPad\HidFind.exe
c:\programme\DellTPad\Apntex.exe
c:\windows\system32\rundll32.exe
c:\programme\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MICROS~4\rapimgr.exe
c:\programme\Uniblue\SpeedUpMyPC\sump.exe
c:\programme\iPod\bin\iPodService.exe
c:\programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\programme\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\programme\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
c:\programme\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
c:\programme\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-07-22  17:08:52 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-07-22 15:08

Vor Suchlauf: 16 Verzeichnis(se), 60.617.084.928 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 60.643.856.384 Bytes frei

WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - C572B6EA50EB433E11633069168762A0

cosinus 22.07.2010 16:17
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.

314you 22.07.2010 19:18
Ich habe versucht gmer laufen zu lassen.
Es hat auch bis zum Schluss geklappt, jedoch hat es sich beim kopieren aufgehängt.
Seitdem hat sich mein Notebook 3-4 weitere Male aufgehängt und ist auch sehr träge.

314you 22.07.2010 19:31
Osam log.file
Code:
Report of OSAM: Autorun Manager vError get version
hxxp://www.online-solutions.ru/en/
Saved at 20:28:57 on 22.07.2010

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Rescue Reminder for 2HAS9TSZ.job" - "Seagate Technology LLC" - C:\Programme\Maxtor\ManagerApp\MaxUtilities.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\WINDOWS\system32\DivXControlPanelApplet.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"LocalCOM.cpl" - "TOSHIBA CORPORATION" - C:\WINDOWS\system32\LocalCOM.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl
"nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal – Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Avira AntiVir Premium " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"APPDRV" (APPDRV) - "Dell Inc" - C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
"AVerMedia A850 USB" (AVerAF15DMBTH) - "AVerMedia TECHNOLOGIES, Inc." - C:\WINDOWS\System32\Drivers\AVerAF15DMBTH.sys
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"Bluetooth-Audiogerät" (btaudio) - ? - C:\WINDOWS\System32\drivers\btaudio.sys  (File not found)
"Bluetooth-Bus-Enumerator" (BTKRNL) - ? - C:\WINDOWS\System32\DRIVERS\btkrnl.sys  (File not found)
"Bluetooth-LAN-Zugangsserver" (BTWDNDIS) - ? - C:\WINDOWS\System32\DRIVERS\btwdndis.sys  (File not found)
"catchme" (catchme) - ? - C:\cofi\catchme.sys  (File not found)
"cercsr6" (cercsr6) - "Adaptec, Inc." - C:\WINDOWS\system32\drivers\cercsr6.sys
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"CSRBC.Sys CSR test driver" (CSRBC) - "CSR, plc" - C:\WINDOWS\System32\Drivers\csrbcxp.sys
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"Intel(R) Wireless WiFi Link Adaptertreiber für Windows XP 32 Bit" (NETw4x32) - ? - C:\WINDOWS\System32\DRIVERS\NETw4x32.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"OMCI" (OMCI) - ? - C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS  (File not found)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PPdus ASPI Shell" (Afc) - "Arcsoft, Inc." - C:\WINDOWS\System32\drivers\Afc.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"Virtueller Bluetooth-Kommunikationstreiber" (BTDriver) - ? - C:\WINDOWS\System32\DRIVERS\btport.sys  (File not found)
"vncdrv" (vncdrv) - "RDV Soft" - C:\WINDOWS\System32\DRIVERS\vncdrv.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
"WIDCOMM USB Bluetooth Driver" (BTWUSB) - ? - C:\WINDOWS\System32\Drivers\btwusb.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
{8E2D00A0-82C6-4821-90BC-07F290841BB6} "XEB Navigation Filter" - ? - C:\Programme\Gemeinsame Dateien\fluxDVD\Lib\XEB\xebnavigation.ax
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{45C6AFA5-2C13-402f-BC5D-45CC8172EF6B} "Bluetooth-Informationsaustausch" - "TOSHIBA" - C:\WINDOWS\system32\TosBtExt.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{3FCEF010-09A4-11D4-8D3B-D12F9D3D8B02} "FileTimeShlExt Class" - "Uniblue Systems Ltd." - C:\Programme\Uniblue\PixelPerfect\UBImageProp.dll
{C9CF278C-460E-4917-BC43-3F75E6E47D3D} "fluxDVD Shell Information Extractor" - "ACE GmbH" - C:\PROGRA~1\GEMEIN~1\fluxDVD\Lib\XEB\XEBShell.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -  (File not found | COM-object registry key not found)
{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} "Microsoft Browser Architecture" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{49BF5420-FA7F-11cf-8011-00A0C90A8F78} "Mobiles Gerät" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Wcesview.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Programme\Real\RealPlayer\rpshell.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -  (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "DVDVideoSoft Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoft\tbDVD1.dll
<binary data> "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoftTB\tbDVD1.dll
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} "DVDVideoSoft Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoft\tbDVD1.dll
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoftTB\tbDVD1.dll
{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Programme\softonic-de3\tbsoft.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{59136DB4-6CA3-4B40-8F2F-BBF84B6F1E91} "Attachment Upload Control" - "WEB.DE GmbH" - C:\WINDOWS\DOWNLO~1\MAIL_U~1.OCX / https://stream.web.de/mail/activex/mail_upload_11213.cab
{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} "get_atlcom Class" - "NOS Microsystems Ltd." - C:\WINDOWS\Downloaded Program Files\gp.ocx / hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
{CAC677B6-4963-4305-9066-0BD135CD9233} "IPSUploader4 Control" - "IP Labs GmbH - Germany" - C:\WINDOWS\Downloaded Program Files\IPSUploader4.ocx / https://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10c.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
{17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\WINDOWS\system32\legitcheckcontrol.dll / hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
{D27CDB6E-AE6D-11CF-35B8-444553540000} "{D27CDB6E-AE6D-11CF-35B8-444553540000}" - ? -  (File not found | COM-object registry key not found) / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\INetRepl.dll
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "Create Mobile Favorite" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\INetRepl.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} "DVDVideoSoft Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoft\tbDVD1.dll
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoftTB\tbDVD1.dll
{40090c1a-85c9-419d-b493-6119f95d97a4} "Online_Downloaden_Toolbar" - ? - C:\Programme\Online-Downloaden-Service Limited\Online-Downloaden-Toolbar\adxloader.dll
{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Programme\softonic-de3\tbsoft.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} "DVDVideoSoft Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoft\tbDVD1.dll
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoftTB\tbDVD1.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{f6e6051c-0d37-44e3-8855-2308b314f6c2} "Online_Downloaden_Toolbar" - ? - C:\Programme\Online-Downloaden-Service Limited\Online-Downloaden-Toolbar\adxloader.dll
{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll
{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Programme\softonic-de3\tbsoft.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"Bluetooth Manager.lnk" - "TOSHIBA CORPORATION." - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"Sonic CinePlayer Quick Launch.lnk" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Sonic CinePlayer Quick Launch.lnk  (Shortcut exists | File not found)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\hrvoje\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"H/PC Connection Agent" - "Microsoft Corporation" - "C:\Programme\Microsoft ActiveSync\wcescomm.exe"
"RayV" - "RayV" - C:\Programme\RayV\RayV\RayV.exe /background
"SpeedUpMyPC" - "Uniblue Systems Limited" - "C:\Programme\Uniblue\SpeedUpMyPC\launcher.exe" delay 20000
"Winsplit" - ? - C:\Programme\WinSplit Revolution\WinSplit.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Apoint" - "Alps Electric Co., Ltd." - C:\Programme\Apoint\Apoint.exe
"ArcSoft Connection Service" - "ArcSoft Inc." - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe
"AVMWlanClient" - "AVM Berlin GmbH" - C:\Programme\avmwlanstick\FRITZWLANMini.exe
"CanonMyPrinter" - "CANON INC." - C:\Programme\Canon\MyPrinter\BJMyPrt.exe /logon
"CanonSolutionMenu" - "CANON INC." - C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe /logon
"Dell QuickSet" - "Dell Inc." - C:\Programme\Dell\QuickSet\quickset.exe
"DivXUpdate" - ? - "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Easy-PrintToolBox" - "CANON INC." - C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
"IntelWireless" - "Intel(R) Corporation" - "C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
"IntelZeroConfig" - "Intel(R) Corporation" - "C:\Programme\Intel\WiFi\bin\ZCfgSvc.exe"
"ITSecMng" - " TOSHIBA CORPORATION" - %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
"iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe"
"mxomssmenu" - "Maxtor Corporation" - "C:\Programme\Maxtor\OneTouch Status\maxmenumgr.exe"
"NVHotkey" - "NVIDIA Corporation" - rundll32.exe nvHotkey.dll,Start
"nwiz" - "NVIDIA Corporation" - nwiz.exe /installquiet
"OpwareSE4" - "Nuance Communications, Inc." - "C:\Programme\ScanSoft\OmniPageSE4\OpwareSE4.exe"
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime
"RemoteControl" - "Cyberlink Corp." - C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
"SSBkgdUpdate" - "Nuance Communications, Inc." - "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"

[Network Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----
"IntelNetProvCredMan" - "Intel(R) Corporation" - C:\WINDOWS\system32\netprovcredman.dll

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Bullzip PDF Print Monitor" - "Bullzip" - C:\WINDOWS\system32\bzpdf.dll
"Canon BJ Language Monitor iP5200" - "CANON INC." - C:\WINDOWS\system32\CNMLM79.DLL
"Canon BJ Language Monitor PIXMA iP5000" - "CANON INC." - C:\WINDOWS\system32\CNMLM6d.DLL
"Toshiba Bluetooth Monitor" - "TOSHIBA CORPORATION." - C:\WINDOWS\system32\tbtmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"AccSys WLAN Control Service" (accvssvc) - "AccSys GmbH" - C:\Programme\Gemeinsame Dateien\AccSys\AccVSSvc.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
"ArcSoft Connect Daemon" (ACDaemon) - "ArcSoft Inc." - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir MailGuard" (AntiVirMailService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avmailc.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"Avira AntiVir WebGuard" (AntiVirWebService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE
"Bonjour-Dienst" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe
"getPlus(R) Helper" (getPlusHelper) - "NOS Microsystems Ltd." - C:\Programme\NOS\bin\getPlus_Helper.dll
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"GoToAssist" (GoToAssist) - "Citrix Online, a division of Citrix Systems, Inc." - C:\Programme\Citrix\GoToAssist\514\g2aservice.exe
"HID Input Service" (HidServ) - ? -  C:\WINDOWS\System32\hidserv.dll  (File not found)
"Intel(R) PROSet/Wireless SSO Service" (WLANKEEPER) - "Intel(R) Corporation" - C:\Programme\Intel\WiFi\bin\WLKeeper.exe
"Intel® PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Programme\Intel\WiFi\bin\EvtEng.exe
"Intel® PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe
"Intel® PROSet/Wireless WiFi Service" (S24EventMonitor) - "Intel(R) Corporation" - C:\Programme\Intel\WiFi\bin\S24EvMon.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"Maxtor Service" (Maxtor Sync Service) - "Seagate Technology LLC" - C:\Programme\Maxtor\Sync\SyncServices.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"PIXMA Extended Survey Program" (IJPLMSVC) - ? - C:\Programme\Canon\IJPLM\IJPLMSVC.EXE
"TOSHIBA Bluetooth Service" (TOSHIBA Bluetooth Service) - "TOSHIBA CORPORATION" - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"GoToAssist" - "Citrix Online, a division of Citrix Systems, Inc." - C:\Programme\Citrix\GoToAssist\514\G2AWinLogon.dll
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"AVSDA" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avsda.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

314you 22.07.2010 19:47
Liste der Anhänge anzeigen (Anzahl: 1)
Bootkit
anbei auch ein jpeg des schwarzen Fensters
Ich hoffe, dass es so erwünscht war.

Code:
.\debug.cpp(238) : Debug log started at 22.07.2010 - 18:35:56
.\boot_cleaner.cpp(675) : Bootkit Remover
.\boot_cleaner.cpp(676) : (c) 2009 eSage Lab
.\boot_cleaner.cpp(677) : www.esagelab.com
.\boot_cleaner.cpp(681) : Program version: 1.1.0.0
.\boot_cleaner.cpp(688) : OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x804d7000 0x0020e000 "\WINDOWS\system32\ntkrnlpa.exe"
.\debug.cpp(256) : 0x806e5000 0x00020d00 "\WINDOWS\system32\hal.dll"
.\debug.cpp(256) : 0xba5a8000 0x00002000 "\WINDOWS\system32\KDCOM.DLL"
.\debug.cpp(256) : 0xba4b8000 0x00003000 "\WINDOWS\system32\BOOTVID.dll"
.\debug.cpp(256) : 0xb9f78000 0x0002f000 "ACPI.sys"
.\debug.cpp(256) : 0xba5aa000 0x00002000 "\WINDOWS\system32\DRIVERS\WMILIB.SYS"
.\debug.cpp(256) : 0xb9f67000 0x00011000 "pci.sys"
.\debug.cpp(256) : 0xba0a8000 0x0000a000 "isapnp.sys"
.\debug.cpp(256) : 0xba0b8000 0x00010000 "ohci1394.sys"
.\debug.cpp(256) : 0xba0c8000 0x0000e000 "\WINDOWS\system32\DRIVERS\1394BUS.SYS"
.\debug.cpp(256) : 0xba4bc000 0x00003000 "compbatt.sys"
.\debug.cpp(256) : 0xba4c0000 0x00004000 "\WINDOWS\system32\DRIVERS\BATTC.SYS"
.\debug.cpp(256) : 0xba670000 0x00001000 "pciide.sys"
.\debug.cpp(256) : 0xba328000 0x00007000 "\WINDOWS\system32\DRIVERS\PCIIDEX.SYS"
.\debug.cpp(256) : 0xb9f49000 0x0001e000 "pcmcia.sys"
.\debug.cpp(256) : 0xba0d8000 0x0000b000 "MountMgr.sys"
.\debug.cpp(256) : 0xb9f2a000 0x0001f000 "ftdisk.sys"
.\debug.cpp(256) : 0xba330000 0x00005000 "PartMgr.sys"
.\debug.cpp(256) : 0xba0e8000 0x0000e000 "VolSnap.sys"
.\debug.cpp(256) : 0xb9f12000 0x00018000 "atapi.sys"
.\debug.cpp(256) : 0xba338000 0x00008000 "cercsr6.sys"
.\debug.cpp(256) : 0xb9efa000 0x00018000 "\WINDOWS\System32\Drivers\SCSIPORT.SYS"
.\debug.cpp(256) : 0xba0f8000 0x00009000 "disk.sys"
.\debug.cpp(256) : 0xba108000 0x0000d000 "\WINDOWS\system32\DRIVERS\CLASSPNP.SYS"
.\debug.cpp(256) : 0xb9eda000 0x00020000 "fltmgr.sys"
.\debug.cpp(256) : 0xb9ec8000 0x00012000 "sr.sys"
.\debug.cpp(256) : 0xba118000 0x0000a000 "PxHelp20.sys"
.\debug.cpp(256) : 0xb9eb1000 0x00017000 "KSecDD.sys"
.\debug.cpp(256) : 0xb9e9e000 0x00013000 "WudfPf.sys"
.\debug.cpp(256) : 0xb9e11000 0x0008d000 "Ntfs.sys"
.\debug.cpp(256) : 0xb9de4000 0x0002d000 "NDIS.sys"
.\debug.cpp(256) : 0xb9dca000 0x0001a000 "Mup.sys"
.\debug.cpp(256) : 0xba168000 0x0000a000 "\SystemRoot\system32\DRIVERS\intelppm.sys"
.\debug.cpp(256) : 0xb87a7000 0x0066b000 "\SystemRoot\system32\DRIVERS\nv4_mini.sys"
.\debug.cpp(256) : 0xb8793000 0x00014000 "\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS"
.\debug.cpp(256) : 0xb8752000 0x00041000 "\SystemRoot\system32\DRIVERS\e1e5132.sys"
.\debug.cpp(256) : 0xba428000 0x00006000 "\SystemRoot\system32\DRIVERS\usbuhci.sys"
.\debug.cpp(256) : 0xb872e000 0x00024000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0xba430000 0x00008000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
.\debug.cpp(256) : 0xb8706000 0x00028000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys"
.\debug.cpp(256) : 0xb838f000 0x00377000 "\SystemRoot\system32\DRIVERS\NETw5x32.sys"
.\debug.cpp(256) : 0xba178000 0x00010000 "\SystemRoot\system32\DRIVERS\nic1394.sys"
.\debug.cpp(256) : 0xba188000 0x0000d000 "\SystemRoot\system32\DRIVERS\i8042prt.sys"
.\debug.cpp(256) : 0xb8363000 0x0002c000 "\SystemRoot\system32\DRIVERS\Apfiltr.sys"
.\debug.cpp(256) : 0xba198000 0x0000d000 "\SystemRoot\system32\DRIVERS\WDFLDR.SYS"
.\debug.cpp(256) : 0xb82e8000 0x0007b000 "\SystemRoot\system32\DRIVERS\Wdf01000.sys"
.\debug.cpp(256) : 0xba438000 0x00006000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0xba440000 0x00007000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0xba1a8000 0x00010000 "\SystemRoot\system32\DRIVERS\serial.sys"
.\debug.cpp(256) : 0xba59c000 0x00004000 "\SystemRoot\system32\DRIVERS\serenum.sys"
.\debug.cpp(256) : 0xba1b8000 0x0000b000 "\SystemRoot\system32\DRIVERS\imapi.sys"
.\debug.cpp(256) : 0xba448000 0x00008000 "\SystemRoot\system32\drivers\Afc.sys"
.\debug.cpp(256) : 0xba1c8000 0x00010000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0xba1d8000 0x0000f000 "\SystemRoot\system32\DRIVERS\redbook.sys"
.\debug.cpp(256) : 0xb82c5000 0x00023000 "\SystemRoot\system32\DRIVERS\ks.sys"
.\debug.cpp(256) : 0xba1e8000 0x0000a000 "\SystemRoot\System32\Drivers\GEARAspiWDM.sys"
.\debug.cpp(256) : 0xba5a4000 0x00004000 "\SystemRoot\system32\DRIVERS\CmBatt.sys"
.\debug.cpp(256) : 0xb9da6000 0x00003000 "\SystemRoot\system32\DRIVERS\wmiacpi.sys"
.\debug.cpp(256) : 0xba1f8000 0x00010000 "\SystemRoot\System32\Drivers\tosrfcom.sys"
.\debug.cpp(256) : 0xba6bf000 0x00001000 "\SystemRoot\system32\DRIVERS\audstub.sys"
.\debug.cpp(256) : 0xba208000 0x0000d000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0xb9da2000 0x00003000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0xb82ae000 0x00017000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0xba218000 0x0000b000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0xba228000 0x0000c000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0xba450000 0x00005000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0xb829d000 0x00011000 "\SystemRoot\system32\DRIVERS\psched.sys"
.\debug.cpp(256) : 0xba238000 0x00009000 "\SystemRoot\system32\DRIVERS\msgpc.sys"
.\debug.cpp(256) : 0xba458000 0x00005000 "\SystemRoot\system32\DRIVERS\ptilink.sys"
.\debug.cpp(256) : 0xba460000 0x00005000 "\SystemRoot\system32\DRIVERS\raspti.sys"
.\debug.cpp(256) : 0xb826d000 0x00030000 "\SystemRoot\system32\DRIVERS\rdpdr.sys"
.\debug.cpp(256) : 0xba2d8000 0x0000a000 "\SystemRoot\system32\DRIVERS\termdd.sys"
.\debug.cpp(256) : 0xba5d6000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"
.\debug.cpp(256) : 0xb820f000 0x0005e000 "\SystemRoot\system32\DRIVERS\update.sys"
.\debug.cpp(256) : 0xb9d8a000 0x00004000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"
.\debug.cpp(256) : 0xb8ea2000 0x0000b000 "\SystemRoot\system32\DRIVERS\tosporte.sys"
.\debug.cpp(256) : 0xb8e92000 0x0000a000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0xb8e82000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0xba5da000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0xb7052000 0x0011e000 "\SystemRoot\system32\drivers\sthda.sys"
.\debug.cpp(256) : 0xb702e000 0x00024000 "\SystemRoot\system32\drivers\portcls.sys"
.\debug.cpp(256) : 0xb8e72000 0x0000f000 "\SystemRoot\system32\drivers\drmk.sys"
.\debug.cpp(256) : 0xb6ffa000 0x00034000 "\SystemRoot\system32\DRIVERS\HSFHWAZL.sys"
.\debug.cpp(256) : 0xb6f08000 0x000f2000 "\SystemRoot\system32\DRIVERS\HSF_DPV.sys"
.\debug.cpp(256) : 0xb6e55000 0x000b3000 "\SystemRoot\system32\DRIVERS\HSF_CNXT.sys"
.\debug.cpp(256) : 0xba468000 0x00008000 "\SystemRoot\System32\Drivers\Modem.SYS"
.\debug.cpp(256) : 0xba5e0000 0x00002000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS"
.\debug.cpp(256) : 0xba781000 0x00001000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0xba5e2000 0x00002000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0xba498000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"
.\debug.cpp(256) : 0xba4a0000 0x00006000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0xba5e4000 0x00002000 "\SystemRoot\System32\Drivers\mnmdd.SYS"
.\debug.cpp(256) : 0xba5e6000 0x00002000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
.\debug.cpp(256) : 0xba4a8000 0x00005000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0xba4b0000 0x00008000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0xba554000 0x00003000 "\SystemRoot\system32\DRIVERS\rasacd.sys"
.\debug.cpp(256) : 0xb6dfa000 0x00013000 "\SystemRoot\system32\DRIVERS\ipsec.sys"
.\debug.cpp(256) : 0xb6da1000 0x00059000 "\SystemRoot\system32\DRIVERS\tcpip.sys"
.\debug.cpp(256) : 0xb6d79000 0x00028000 "\SystemRoot\system32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0xb6d53000 0x00026000 "\SystemRoot\system32\DRIVERS\ipnat.sys"
.\debug.cpp(256) : 0xb8e22000 0x00009000 "\SystemRoot\system32\DRIVERS\wanarp.sys"
.\debug.cpp(256) : 0xba570000 0x00003000 "\SystemRoot\System32\drivers\ws2ifsl.sys"
.\debug.cpp(256) : 0xb6d31000 0x00022000 "\SystemRoot\System32\drivers\afd.sys"
.\debug.cpp(256) : 0xb8e12000 0x0000f000 "\SystemRoot\system32\DRIVERS\arp1394.sys"
.\debug.cpp(256) : 0xba248000 0x00009000 "\SystemRoot\system32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0xba348000 0x00006000 "\SystemRoot\system32\DRIVERS\ssmdrv.sys"
.\debug.cpp(256) : 0xb6c66000 0x0002b000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0xb6bf6000 0x00070000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0xba258000 0x0000b000 "\SystemRoot\System32\Drivers\Fips.SYS"
.\debug.cpp(256) : 0xba268000 0x0000b000 "\SystemRoot\system32\DRIVERS\tosrfusb.sys"
.\debug.cpp(256) : 0xb6bd5000 0x00021000 "\SystemRoot\system32\DRIVERS\tosrfbd.sys"
.\debug.cpp(256) : 0xb6b4a000 0x00013000 "\SystemRoot\system32\DRIVERS\Tosrfhid.sys"
.\debug.cpp(256) : 0xba278000 0x00009000 "\SystemRoot\System32\Drivers\tosrfbnp.sys"
.\debug.cpp(256) : 0xba378000 0x00005000 "\SystemRoot\system32\DRIVERS\tosrfnds.sys"
.\debug.cpp(256) : 0xb6b28000 0x00022000 "\SystemRoot\system32\DRIVERS\avipbb.sys"
.\debug.cpp(256) : 0xba5f0000 0x00002000 "\??\C:\Programme\Avira\AntiVir Desktop\avgio.sys"
.\debug.cpp(256) : 0xb6bd1000 0x00004000 "\SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS"
.\debug.cpp(256) : 0xba298000 0x00010000 "\SystemRoot\System32\Drivers\oz776.sys"
.\debug.cpp(256) : 0xb6bcd000 0x00004000 "\SystemRoot\System32\Drivers\SMCLIB.SYS"
.\debug.cpp(256) : 0xba2c8000 0x00010000 "\SystemRoot\System32\Drivers\Cdfs.SYS"
.\debug.cpp(256) : 0xb6ae8000 0x00018000 "\SystemRoot\System32\Drivers\dump_atapi.sys"
.\debug.cpp(256) : 0xba5f8000 0x00002000 "\SystemRoot\System32\Drivers\dump_WMILIB.SYS"
.\debug.cpp(256) : 0xbf800000 0x001c4000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0xb6ba9000 0x00003000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0xba380000 0x00005000 "\SystemRoot\System32\watchdog.sys"
.\debug.cpp(256) : 0xbf000000 0x00012000 "\SystemRoot\System32\drivers\dxg.sys"
.\debug.cpp(256) : 0xba6ce000 0x00001000 "\SystemRoot\System32\drivers\dxgthk.sys"
.\debug.cpp(256) : 0xbf012000 0x00537000 "\SystemRoot\System32\nv4_disp.dll"
.\debug.cpp(256) : 0xbffa0000 0x00046000 "\SystemRoot\System32\ATMFD.DLL"
.\debug.cpp(256) : 0xb4693000 0x00015000 "\SystemRoot\system32\DRIVERS\avgntflt.sys"
.\debug.cpp(256) : 0xb46ac000 0x00004000 "\SystemRoot\system32\DRIVERS\ndisuio.sys"
.\debug.cpp(256) : 0xb46a8000 0x00003000 "\SystemRoot\system32\DRIVERS\s24trans.sys"
.\debug.cpp(256) : 0xb4114000 0x00057000 "\SystemRoot\system32\DRIVERS\srv.sys"
.\debug.cpp(256) : 0xb4307000 0x00004000 "\SystemRoot\system32\DRIVERS\mdmxsdk.sys"
.\debug.cpp(256) : 0xb405f000 0x00015000 "\SystemRoot\system32\drivers\wdmaud.sys"
.\debug.cpp(256) : 0xb43cb000 0x0000f000 "\SystemRoot\system32\drivers\sysaudio.sys"
.\debug.cpp(256) : 0xb3690000 0x00041000 "\SystemRoot\System32\Drivers\HTTP.sys"
.\debug.cpp(256) : 0xb2585000 0x00004000 "\SystemRoot\system32\DRIVERS\asyncmac.sys"
.\debug.cpp(256) : 0x7c910000 0x000b9000 "\WINDOWS\system32\ntdll.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) :              Destination="\Device\Video0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_0b97&Pid_7772#6&2c06fa4b&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-9"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi3:"
.\debug.cpp(400) :              Destination="\Device\Ide\IdePort3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WUDFLpcDevice"
.\debug.cpp(400) :              Destination="\Device\WUDFLpcDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) :              Destination="\Device\Ndis"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM12"
.\debug.cpp(400) :              Destination="\Device\porte12"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) :              Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0004#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000036"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{057570c3-1cf9-11dd-9f43-806d6172696f}"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) :              Destination="\Device\00000049"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{71985f4a-1ca1-11d3-9cc8-00c04f7971e0}"
.\debug.cpp(400) :              Destination="\Device\0000003e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) :              Destination="\Device\Video1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Bluetooth#0004&0002#13#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) :              Destination="\Device\00000089"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Bluetooth#0004&0002#20#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) :              Destination="\Device\0000008b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) :              Destination="\Device\0000003e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM13"
.\debug.cpp(400) :              Destination="\Device\porte13"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Bluetooth#0004&0007#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\000000a7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000030"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
.\debug.cpp(400) :              Destination="\Device\Video2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM20"
.\debug.cpp(400) :              Destination="\Device\porte20"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM14"
.\debug.cpp(400) :              Destination="\Device\porte14"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ip"
.\debug.cpp(400) :              Destination="\Device\Ip"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0D#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) :              Destination="\Device\00000048"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
.\debug.cpp(400) :              Destination="\Device\Video3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avgio"
.\debug.cpp(400) :              Destination="\Device\avgio"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVD+-RW_GSA-T21N_______________A102____#5a4b38314b31304d343520392020202020202020#{1186654d-47b8-48b9-beb9-7df113ae3c67}"
.\debug.cpp(400) :              Destination="\Device\Ide\IdeDeviceP2T0L0-7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDev"
.\debug.cpp(400) :              Destination="\Device\IPSEC"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM21"
.\debug.cpp(400) :              Destination="\Device\porte21"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Bluetooth#tosrfbd#6&f52f389&0&tosrfbd#{90b11c7a-f14e-4093-9163-c5bc79c5d6b9}"
.\debug.cpp(400) :              Destination="\Device\000000a3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000002f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{DB7B8EA7-AAD9-4C9A-B024-704C19265FAD}"
.\debug.cpp(400) :              Destination="\Device\{DB7B8EA7-AAD9-4C9A-B024-704C19265FAD}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CDR4_XP"
.\debug.cpp(400) :              Destination="\Device\PxHelperDevice0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9aa4a2cc-81e0-4cfd-802f-0f74526d2bd3}"
.\debug.cpp(400) :              Destination="\Device\0000003e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"
.\debug.cpp(400) :              Destination="\Device\Video4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ProcessManagement"
.\debug.cpp(400) :              Destination="\Device\ProcessManagement"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDPROXY"
.\debug.cpp(400) :              Destination="\Device\NDProxy"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM22"
.\debug.cpp(400) :              Destination="\Device\porte22"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{eeab7790-c514-11d1-b42b-00805fc1270e}#asyncmac#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\KSENUM#0000000b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\RdpDrDvMgr"
.\debug.cpp(400) :              Destination="\Device\RdpDrDvMgr"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{2357FD16-F5AD-4780-B03A-26BF9B4A38F6}"
.\debug.cpp(400) :              Destination="\Device\{2357FD16-F5AD-4780-B03A-26BF9B4A38F6}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{fd0a5af4-b41d-11d2-9c95-00c04f7971e0}"
.\debug.cpp(400) :              Destination="\Device\0000003e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\0000003e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\INTELPRO_{6D806538-48B5-454E-B1DC-B8B23A07AC12}"
.\debug.cpp(400) :              Destination="\Device\INTELPRO_{6D806538-48B5-454E-B1DC-B8B23A07AC12}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#4&327208f&0#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) :              Destination="\Device\0000006e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_413c&Pid_8140#5&20fc7865&0&2#{2f5831d5-96ca-461f-8012-4132f56feba3}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_76A0&SUBSYS_102801F9&REV_1002#4&310387c9&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\00000095"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CompositeBattery"
.\debug.cpp(400) :              Destination="\Device\CompositeBattery"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\TosRFCOM"
.\debug.cpp(400) :              Destination="\Device\RFCOMM"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#1#{72631e54-78a4-11d0-bcf7-00aa00b7b32a}"
.\debug.cpp(400) :              Destination="\Device\0000004c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Bluetooth#0004&0002#14#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) :              Destination="\Device\0000008a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Bluetooth#0004&0002#21#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) :              Destination="\Device\0000008c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_02&VEN_14F1&DEV_2C06&SUBSYS_14F1000F&REV_1000#4&310387c9&0&0102#{adb44c00-1b8d-11d4-8d5e-00a0c90d1c42}"
.\debug.cpp(400) :              Destination="\Device\00000096"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_0b97&Pid_7772#6&2c06fa4b&0&2#{50dd5230-ba8a-11d1-bf5d-0000f805f530}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-9"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Bluetooth#0004&0002#11#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) :              Destination="\Device\00000087"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM1"
.\debug.cpp(400) :              Destination="\Device\Serial0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_76A0&SUBSYS_102801F9&REV_1002#4&310387c9&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\00000095"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) :              Destination="\Device\WMIDataDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Bluetooth#0004&0002#22#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) :              Destination="\Device\0000008d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2832&SUBSYS_01F91028&REV_03#3&61aaa01&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0014"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\0000003e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avgntflt"
.\debug.cpp(400) :              Destination="\FileSystem\Filters\avgntflt"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) :              Destination="\Device\NamedPipe"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_15#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) :              Destination="\Device\00000043"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{DA68FB66-4A64-4ABD-9269-F905665E3CAB}"
.\debug.cpp(400) :              Destination="\Device\{DA68FB66-4A64-4ABD-9269-F905665E3CAB}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM40"
.\debug.cpp(400) :              Destination="\Device\porte40"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM3"
.\debug.cpp(400) :              Destination="\Device\Winachsf0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) :              Destination="\Device\0000003e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c5066e-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) :              Destination="\Device\KSENUM#00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_1049&SUBSYS_02321028&REV_03#3&61aaa01&0&C8#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0005"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) :              Destination="\Device\Mup"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GEARAspiWDMDevice"
.\debug.cpp(400) :              Destination="\Device\GEARAspiWDMDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) :              Destination="\Device\0000003e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_042B&SUBSYS_01F91028&REV_A1#4&15f4a1be&0&0008#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0023"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&1158b5&1#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Conexant HDA D330 MDC V.92 Modem"
.\debug.cpp(400) :              Destination="\Device\00000096"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_76A0&SUBSYS_102801F9&REV_1002#4&310387c9&0&0001#{ba0afe40-6d0a-4d2c-954f-6f7b82187a14}"
.\debug.cpp(400) :              Destination="\Device\00000095"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPNAT"
.\debug.cpp(400) :              Destination="\Device\IPNAT"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSched"
.\debug.cpp(400) :              Destination="\Device\PSched"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#BLUETOOTH#0000#{aa83bdcf-92fa-41ac-96d3-5e92b59c9b9d}"
.\debug.cpp(400) :              Destination="\Device\00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) :              Destination="\Device\Tcp"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_413c&Pid_8140#5&20fc7865&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) :              Destination="\FileSystem\Filters\FltMgrMsg"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) :              Destination="\Device\USBFDO-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\0000003e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM6"
.\debug.cpp(400) :              Destination="\Device\porte6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) :              Destination="\Device\USBFDO-1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_76A0&SUBSYS_102801F9&REV_1002#4&310387c9&0&0001#{cb0b7def-63d0-44d6-bcd7-a5e6d1f8b362}"
.\debug.cpp(400) :              Destination="\Device\00000095"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD"
.\debug.cpp(400) :              Destination="\Device\VideoPdo0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000003a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) :              Destination="\Device\Harddisk0\DR0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) :              Destination="\Device\0000003e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\0000003e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM7"
.\debug.cpp(400) :              Destination="\Device\porte7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
.\debug.cpp(400) :              Destination="\Device\USBFDO-2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&10e1e3b&1#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) :              Destination="\DosDevices\LPT1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&327208f&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :              Destination="\Device\00000065"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ConexantDiagnosticsServer"
.\debug.cpp(400) :              Destination="\Device\ConexantDiagnosticsServer"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000033"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) :              Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C10C3F46-556E-4CC4-87F9-1D8B767BBA05}"
.\debug.cpp(400) :              Destination="\Device\{C10C3F46-556E-4CC4-87F9-1D8B767BBA05}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\0000003e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Bluetooth#0004&0002#40#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) :              Destination="\Device\0000008e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
.\debug.cpp(400) :              Destination="\Device\USBFDO-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) :              Destination="\Device\FsWrap"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0F13#4&327208f&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :              Destination="\Device\00000064"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\sysaudio"
.\debug.cpp(400) :              Destination="\Device\sysaudio"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_76A0&SUBSYS_102801F9&REV_1002#4&310387c9&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\00000095"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000032"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000034"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&SignatureACC6ACC6Offset7E00Length1BF26F0400#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4"
.\debug.cpp(400) :              Destination="\Device\USBFDO-4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Bluetooth#0004&0006#0#{c0230c1b-cb9e-4d6d-bb9c-4738236134f9}"
.\debug.cpp(400) :              Destination="\Device\000000a6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{681F9171-3D92-4436-81BB-3ABD41644196}"
.\debug.cpp(400) :              Destination="\Device\{681F9171-3D92-4436-81BB-3ABD41644196}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#2#{72631e54-78a4-11d0-bcf7-00aa00b7b32a}"
.\debug.cpp(400) :              Destination="\Device\0000004d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2835&SUBSYS_01F91028&REV_03#3&61aaa01&0&D1#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0007"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&f20bb36&1#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD5"
.\debug.cpp(400) :              Destination="\Device\USBFDO-5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Bluetooth#0004&0007#0000#{ccd0eae7-8e65-4804-a58e-55324eec8c38}"
.\debug.cpp(400) :              Destination="\Device\000000a7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{3050C9A5-FE80-4261-BE15-46C95FE7BB7A}"
.\debug.cpp(400) :              Destination="\Device\{3050C9A5-FE80-4261-BE15-46C95FE7BB7A}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) :              Destination="\GLOBAL??"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\S24TRANS_S24TRANS.SYS"
.\debug.cpp(400) :              Destination="\Device\S24Trans.sys"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Apfiltr"
.\debug.cpp(400) :              Destination="\Device\Apfiltr"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Pcmcia0"
.\debug.cpp(400) :              Destination="\Device\Pcmcia0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PxHelperDevice0"
.\debug.cpp(400) :              Destination="\Device\PxHelperDevice0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Bluetooth#0004&0002#6#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) :              Destination="\Device\00000084"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD6"
.\debug.cpp(400) :              Destination="\Device\USBFDO-6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#THM_#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) :              Destination="\Device\00000045"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Bluetooth#0004&0002#10#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) :              Destination="\Device\00000086"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&2845d132&1#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50671-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) :              Destination="\Device\KSENUM#00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{F552D726-6422-4FC1-AB0A-CE632055C268}"
.\debug.cpp(400) :              Destination="\Device\{F552D726-6422-4FC1-AB0A-CE632055C268}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HSF_MDMDevice0"
.\debug.cpp(400) :              Destination="\Device\HSF_MDMDevice0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde}"
.\debug.cpp(400) :              Destination="\Device\0000003e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) :              Destination="\Device\0000003e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Bluetooth#0004&0004#0#{243fa756-dcae-40c1-9077-8ed898da9f7f}"
.\debug.cpp(400) :              Destination="\Device\000000a5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}"
.\debug.cpp(400) :              Destination="\Device\0000003e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{07dad660-22f1-11d1-a9f4-00c04fbbde8f}"
.\debug.cpp(400) :              Destination="\Device\0000003e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ARP1394"
.\debug.cpp(400) :              Destination="\Device\ARP1394"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\S24TRANS_S24TRANS_{DB7B8EA7-AAD9-4C9A-B024-704C19265FAD}"
.\debug.cpp(400) :              Destination="\Device\s24trans_{DB7B8EA7-AAD9-4C9A-B024-704C19265FAD}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_15#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) :              Destination="\Device\00000044"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0E#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) :              Destination="\Device\0000004a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MbDlDp32"
.\debug.cpp(400) :              Destination="\Device\PxHelperDevice0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&9c88270&1#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ssmctl"
.\debug.cpp(400) :              Destination="\Device\ssmctl"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{4C6E9FD5-C18F-442C-B0D1-6EAD78A24FA0}"
.\debug.cpp(400) :              Destination="\Device\{4C6E9FD5-C18F-442C-B0D1-6EAD78A24FA0}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50674-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) :              Destination="\Device\KSENUM#00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000002e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) :              Destination="\Device\MountPointManager"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\00000004"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\s24trans_{DB7B8EA7-AAD9-4C9A-B024-704C19265FAD}"
.\debug.cpp(400) :              Destination="\Device\s24trans_{DB7B8EA7-AAD9-4C9A-B024-704C19265FAD}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
.\debug.cpp(400) :              Destination="\Device\WANARP"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\tosrfbnep"
.\debug.cpp(400) :              Destination="\Device\tosrfbnep"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6D806538-48B5-454E-B1DC-B8B23A07AC12}"
.\debug.cpp(400) :              Destination="\Device\{6D806538-48B5-454E-B1DC-B8B23A07AC12}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2836&SUBSYS_01F91028&REV_03#3&61aaa01&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0015"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) :              Destination="\Device\NdisWanIp"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000003e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\V1394#NIC1394#57b4870344fc000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000070"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_283A&SUBSYS_01F91028&REV_03#3&61aaa01&0&D7#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0008"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_0b97&Pid_7761#5&a6a3c17&0&1#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-8"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) :              Destination="\Device\Ide\IdePort0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVD+-RW_GSA-T21N_______________A102____#5a4b38314b31304d343520392020202020202020#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\Ide\IdeDeviceP2T0L0-7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1}"
.\debug.cpp(400) :              Destination="\Device\0000003e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{fbf6f530-07b9-11d2-a71e-0000f8004788}"
.\debug.cpp(400) :              Destination="\Device\KSENUM#00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{95B1C006-D16F-47DA-B7A0-8CA50FB40E82}"
.\debug.cpp(400) :              Destination="\Device\{95B1C006-D16F-47DA-B7A0-8CA50FB40E82}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASYNCMAC"
.\debug.cpp(400) :              Destination="\Device\ASYNCMAC"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\1394BUS0"
.\debug.cpp(400) :              Destination="\Device\1394BUS0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_4229&SUBSYS_11218086&REV_61#4&2473bb23&0&00E1#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0024"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK1"
.\debug.cpp(400) :              Destination="\Device\ParTechInc0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) :              Destination="\Device\0000003e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2834&SUBSYS_01F91028&REV_03#3&61aaa01&0&D0#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0006"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2831&SUBSYS_01F91028&REV_03#3&61aaa01&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0013"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#4&327208f&0#{4d36e978-e325-11ce-bfc1-08002be10318}"
.\debug.cpp(400) :              Destination="\Device\0000006e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\APPDRV"
.\debug.cpp(400) :              Destination="\Device\APPDRV"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000031"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK2"
.\debug.cpp(400) :              Destination="\Device\ParTechInc1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MICH_AZ0"
.\debug.cpp(400) :              Destination="\Device\MICH_AZ0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_76A0&SUBSYS_102801F9&REV_1002#4&310387c9&0&0001#{5f6b13e4-6814-4fb4-bf50-84cbb4297800}"
.\debug.cpp(400) :              Destination="\Device\00000095"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2830&SUBSYS_01F91028&REV_03#3&61aaa01&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0012"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPMULTICAST"
.\debug.cpp(400) :              Destination="\Device\IPMULTICAST"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
.\debug.cpp(400) :              Destination="\Device\Ide\IdePort1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\S24Trans.sys"
.\debug.cpp(400) :              Destination="\Device\S24Trans.sys"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) :              Destination="\Device\NdisWan"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISTAPI"
.\debug.cpp(400) :              Destination="\Device\NdisTapi"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}"
.\debug.cpp(400) :              Destination="\Device\0000003e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK3"
.\debug.cpp(400) :              Destination="\Device\ParTechInc2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6D49AE29-CC59-4893-8DE6-BB0083801B86}"
.\debug.cpp(400) :              Destination="\Device\{6D49AE29-CC59-4893-8DE6-BB0083801B86}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Bluetooth#0004&0002#12#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) :              Destination="\Device\00000088"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&e5fa2ef&1#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Shadow"
.\debug.cpp(400) :              Destination="\Device\LanmanRedirector"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) :              Destination="\Device\FtControl"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_76A0&SUBSYS_102801F9&REV_1002#4&310387c9&0&0001#{f6c58c1f-7d44-4dd1-b240-dee24d44fd91}"
.\debug.cpp(400) :              Destination="\Device\00000095"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) :              Destination="\FileSystem\Filters\FltMgr"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) :              Destination="\Device\MailSlot"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_02&VEN_14F1&DEV_2C06&SUBSYS_14F1000F&REV_1000#4&310387c9&0&0102#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4}"
.\debug.cpp(400) :              Destination="\Device\00000096"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{61A255E5-6A50-4447-AD84-D820F1C0065D}"
.\debug.cpp(400) :              Destination="\Device\{61A255E5-6A50-4447-AD84-D820F1C0065D}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&34f623d7&1#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) :              Destination="\DosDevices\COM1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_76A0&SUBSYS_102801F9&REV_1002#4&310387c9&0&0001#{ac7e9cf6-d199-450d-bedf-8a35b000442d}"
.\debug.cpp(400) :              Destination="\Device\00000095"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1217&DEV_00F7&SUBSYS_02321028&REV_02#4&c61801&0&0CF0#{6bdd1fc1-810f-11d0-bec7-08002be2092f}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0022"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Aaspi0"
.\debug.cpp(400) :              Destination="\Device\Aaspi0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{14A12EA6-7438-4DB5-B8BE-F5733E69E5B4}"
.\debug.cpp(400) :              Destination="\Device\{14A12EA6-7438-4DB5-B8BE-F5733E69E5B4}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:"
.\debug.cpp(400) :              Destination="\Device\Ide\IdePort2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :              Destination="\Device\0000003d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
.\debug.cpp(400) :              Destination="\Device\Ndisuio"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) :              Destination=""

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) :              Destination="\Device\Null"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{057570c1-1cf9-11dd-9f43-806d6172696f}"
.\debug.cpp(400) :              Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Bluetooth#0004&0002#7#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) :              Destination="\Device\00000085"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :              Destination="\Device\0000003c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_76A0&SUBSYS_102801F9&REV_1002#4&310387c9&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) :              Destination="\Device\00000095"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM10"
.\debug.cpp(400) :              Destination="\Device\porte10"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\tosrfnds"
.\debug.cpp(400) :              Destination="\Device\tosrfnds"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avipbb"
.\debug.cpp(400) :              Destination="\Device\avipbb"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskWDC_WD1200BEVS-75UST0___________________01.01A01#5&1450bde5&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\Ide\IdeDeviceP3T0L0-12"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM11"
.\debug.cpp(400) :              Destination="\Device\porte11"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVD+-RW_GSA-T21N_______________A102____#5a4b38314b31304d343520392020202020202020#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\Ide\IdeDeviceP2T0L0-7"

.\debug.cpp(451) : **********************************************
.\boot_cleaner.cpp(1077) : System volume is \\.\C:
.\boot_cleaner.cpp(1113) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
.\boot_cleaner.cpp(424) : Boot sector MD5 is: 5ddc20efcc4d1dab37c348c7db7289cf
.\boot_cleaner.cpp(1151) :
.\boot_cleaner.cpp(1152) :      Size  Device Name          MBR Status
.\boot_cleaner.cpp(1153) :  --------------------------------------------
.\boot_cleaner.cpp(1197) :    111 GB  \\.\PhysicalDrive0  Unknown boot code
.\boot_cleaner.cpp(1203) :
.\boot_cleaner.cpp(1209) : Unknown boot code has been found on some of your physical disks.
.\boot_cleaner.cpp(1211) : To inspect the boot code manually, dump the master boot sector:
.\boot_cleaner.cpp(1212) : remover.exe dump <device_name> [output_file]
.\boot_cleaner.cpp(1216) : To disinfect the master boot sector, use the following command:
.\boot_cleaner.cpp(1217) : remover.exe fix <device_name>
.\boot_cleaner.cpp(1220) :
.\boot_cleaner.cpp(1242) : Done;

cosinus 22.07.2010 19:49
Zuerst mal bitte - falls noch nicht getan - die Datei remover.exe (vom BootkitRemover) vom Desktop nach c:\windows\system32 kopieren!
Danach die Konsole starten über Start, Ausführen, cmd eintippen, ok.

Den Text im folgenden Codefeld eintippen und mit Enter/Return ausführen:
Code:
remover.exe dump \\.\PhysicalDrive0 c:\mbr.dat
Lad danach die neu erstellte Datei c:\mbr.dat bitte bei uns hoch => http://www.trojaner-board.de/54791-a...ner-board.html

314you 22.07.2010 20:05
c:mbr.dat ist hochgeladen

314you 22.07.2010 20:12
ich soll bei osam alle zitate von dir wegklicken.
Allerdings sind da keine. Soll ich osam einfach so dann beenden?

cosinus 22.07.2010 20:20
Ja, OSAM bitte beenden.
Danach die Konsole starten über Start, Ausführen, cmd eintippen, ok.

Den Text im folgenden Codefeld eintippen und mit Enter/Return ausführen:
Code:
remover.exe fix \\.\PhysicalDrive0

314you 22.07.2010 20:25
Restoring boot code at ....
OK
Soll ich dir das hochladen?

cosinus 22.07.2010 20:29
Nein, zur Kontrolle machst Du bitte nochmal einen Doppelklick auf die remover.exe und postest die Ausgabe

314you 22.07.2010 20:37
Liste der Anhänge anzeigen (Anzahl: 1)
Das Ergebnis habe ich dir als jpeg angehängt.
Ich hoffe das ist ok.

cosinus 22.07.2010 20:52
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

314you 22.07.2010 23:28
So jetzt noch die Zwei Protokolle. :-)
Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4339

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

22.07.2010 23:11:06
mbam-log-2010-07-22 (23-11-06).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 261749
Laufzeit: 1 Stunde(n), 6 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\TG0PTF86JH (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 07/22/2010 at 11:54 PM

Application Version : 4.40.1002

Core Rules Database Version : 5249
Trace Rules Database Version: 3061

Scan type      : Complete Scan
Total Scan Time : 00:39:22

Memory items scanned      : 672
Memory threats detected  : 0
Registry items scanned    : 7553
Registry threats detected : 0
File items scanned        : 23989
File threats detected    : 89

Adware.Tracking Cookie
        C:\Dokumente und Einstellungen\hrvoje\Cookies\hrvoje@ad.yieldmanager[1].txt
        C:\Dokumente und Einstellungen\hrvoje\Cookies\hrvoje@content.yieldmanager[1].txt
        C:\Dokumente und Einstellungen\hrvoje\Cookies\hrvoje@doubleclick[1].txt
        C:\Dokumente und Einstellungen\Admin\Cookies\admin@msnportal.112.2o7[1].txt
        C:\Dokumente und Einstellungen\Admin\Cookies\admin@atdmt[1].txt
        C:\Dokumente und Einstellungen\Admin\Cookies\sirovina@msnportal.112.2o7[1].txt
        C:\Dokumente und Einstellungen\Admin\Cookies\sirovina@www.zanox-affiliate[1].txt
        C:\Dokumente und Einstellungen\Admin\Cookies\sirovina@ad.zanox[2].txt
        C:\Dokumente und Einstellungen\Admin\Cookies\sirovina@avsmedia[2].txt
        C:\Dokumente und Einstellungen\Admin\Cookies\sirovina@atdmt[1].txt
        C:\Dokumente und Einstellungen\Admin\Cookies\sirovina@motricitymobile2daydeprod.122.2o7[1].txt
        C:\Dokumente und Einstellungen\Admin\Cookies\sirovina@banner.vecernji[2].txt
        C:\Dokumente und Einstellungen\Admin\Cookies\sirovina@axelspringer.122.2o7[1].txt
        C:\Dokumente und Einstellungen\Admin\Cookies\sirovina@apmebf[2].txt
        C:\Dokumente und Einstellungen\Admin\Cookies\sirovina@adtech[1].txt
        C:\Dokumente und Einstellungen\Admin\Cookies\sirovina@2o7[1].txt
        C:\Dokumente und Einstellungen\Admin\Cookies\sirovina@fastclick[1].txt
        C:\Dokumente und Einstellungen\Admin\Cookies\sirovina@softonic.112.2o7[1].txt
        C:\Dokumente und Einstellungen\Admin\Cookies\sirovina@overture[1].txt
        C:\Dokumente und Einstellungen\Admin\Cookies\sirovina@www.3dstats[1].txt
        C:\Dokumente und Einstellungen\Admin\Cookies\sirovina@tradedoubler[2].txt
        C:\Dokumente und Einstellungen\Admin\Cookies\sirovina@adfarm1.adition[2].txt
        C:\Dokumente und Einstellungen\Admin\Cookies\sirovina@imrworldwide[2].txt
        C:\Dokumente und Einstellungen\Admin\Cookies\sirovina@doubleclick[2].txt
        C:\Dokumente und Einstellungen\Admin\Cookies\sirovina@www.googleadservices[2].txt
        imagesrv.adition.com [ C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\C8B2ENED ]
        C:\Dokumente und Einstellungen\hrvoje.GASPERSLOUIS-AG\Cookies\hrvoje@advertising[2].txt
        C:\Dokumente und Einstellungen\hrvoje.GASPERSLOUIS-AG\Cookies\hrvoje@imrworldwide[2].txt
        C:\Dokumente und Einstellungen\hrvoje.GASPERSLOUIS-AG\Cookies\hrvoje@zbox.zanox[1].txt
        C:\Dokumente und Einstellungen\hrvoje.GASPERSLOUIS-AG\Cookies\hrvoje@adfarm1.adition[1].txt
        C:\Dokumente und Einstellungen\hrvoje.GASPERSLOUIS-AG\Cookies\hrvoje@doubleclick[2].txt
        C:\Dokumente und Einstellungen\hrvoje.GASPERSLOUIS-AG\Cookies\hrvoje@eas.apm.emediate[1].txt
        C:\Dokumente und Einstellungen\hrvoje.GASPERSLOUIS-AG\Cookies\hrvoje@bs.serving-sys[1].txt
        C:\Dokumente und Einstellungen\hrvoje.GASPERSLOUIS-AG\Cookies\hrvoje@2o7[1].txt
        C:\Dokumente und Einstellungen\hrvoje.GASPERSLOUIS-AG\Cookies\hrvoje@zanox[2].txt
        C:\Dokumente und Einstellungen\hrvoje.GASPERSLOUIS-AG\Cookies\hrvoje@windowsmedia[1].txt
        C:\Dokumente und Einstellungen\hrvoje.GASPERSLOUIS-AG\Cookies\hrvoje@ads.heias[1].txt
        C:\Dokumente und Einstellungen\hrvoje.GASPERSLOUIS-AG\Cookies\hrvoje@zanox-affiliate[2].txt
        C:\Dokumente und Einstellungen\hrvoje.GASPERSLOUIS-AG\Cookies\hrvoje@statcounter[1].txt
        C:\Dokumente und Einstellungen\hrvoje.GASPERSLOUIS-AG\Cookies\hrvoje@adopt.euroclick[2].txt
        C:\Dokumente und Einstellungen\hrvoje.GASPERSLOUIS-AG\Cookies\hrvoje@ad.adnet[2].txt
        C:\Dokumente und Einstellungen\hrvoje.GASPERSLOUIS-AG\Cookies\hrvoje@ilead.itrack[1].txt
        C:\Dokumente und Einstellungen\hrvoje.GASPERSLOUIS-AG\Cookies\hrvoje@overture[1].txt
        C:\Dokumente und Einstellungen\hrvoje.GASPERSLOUIS-AG\Cookies\hrvoje@e-2dj6wdloahc5aep.stats.esomniture[2].txt
        C:\Dokumente und Einstellungen\hrvoje.GASPERSLOUIS-AG\Cookies\hrvoje@specificclick[2].txt
        C:\Dokumente und Einstellungen\hrvoje.GASPERSLOUIS-AG\Cookies\hrvoje@www.zanox-affiliate[2].txt
        C:\Dokumente und Einstellungen\hrvoje.GASPERSLOUIS-AG\Cookies\hrvoje@questionmarket[1].txt
        C:\Dokumente und Einstellungen\hrvoje.GASPERSLOUIS-AG\Cookies\hrvoje@ads.quartermedia[2].txt
        C:\Dokumente und Einstellungen\hrvoje.GASPERSLOUIS-AG\Cookies\hrvoje@motricitymobile2daydeprod.122.2o7[1].txt
        C:\Dokumente und Einstellungen\hrvoje.GASPERSLOUIS-AG\Cookies\hrvoje@komtrack[1].txt
        C:\Dokumente und Einstellungen\hrvoje.GASPERSLOUIS-AG\Cookies\hrvoje@www.traffictrack[1].txt
        C:\Dokumente und Einstellungen\hrvoje.GASPERSLOUIS-AG\Cookies\hrvoje@statse.webtrendslive[1].txt
        C:\Dokumente und Einstellungen\hrvoje.GASPERSLOUIS-AG\Cookies\hrvoje@www.etracker[2].txt
        C:\Dokumente und Einstellungen\hrvoje.GASPERSLOUIS-AG\Cookies\hrvoje@casalemedia[1].txt
        C:\Dokumente und Einstellungen\hrvoje.GASPERSLOUIS-AG\Cookies\hrvoje@ads.vecernji[1].txt
        C:\Dokumente und Einstellungen\hrvoje.GASPERSLOUIS-AG\Cookies\hrvoje@bluestreak[2].txt
        C:\Dokumente und Einstellungen\hrvoje.GASPERSLOUIS-AG\Cookies\hrvoje@de2.komtrack[2].txt
        C:\Dokumente und Einstellungen\hrvoje.GASPERSLOUIS-AG\Cookies\hrvoje@ads.nba[1].txt
        C:\Dokumente und Einstellungen\hrvoje.GASPERSLOUIS-AG\Cookies\hrvoje@mediaplex[2].txt
        C:\Dokumente und Einstellungen\hrvoje.GASPERSLOUIS-AG\Cookies\hrvoje@stats.paypal[2].txt
        C:\Dokumente und Einstellungen\hrvoje.GASPERSLOUIS-AG\Cookies\hrvoje@adbrite[1].txt
        C:\Dokumente und Einstellungen\hrvoje.GASPERSLOUIS-AG\Cookies\hrvoje@atdmt[2].txt
        C:\Dokumente und Einstellungen\hrvoje.GASPERSLOUIS-AG\Cookies\hrvoje@msnportal.112.2o7[1].txt
        C:\Dokumente und Einstellungen\hrvoje.GASPERSLOUIS-AG\Cookies\hrvoje@ad.boreus[2].txt
        C:\Dokumente und Einstellungen\hrvoje.GASPERSLOUIS-AG\Cookies\hrvoje@tto2.traffictrack[1].txt
        C:\Dokumente und Einstellungen\hrvoje.GASPERSLOUIS-AG\Cookies\hrvoje@adtech[1].txt
        C:\Dokumente und Einstellungen\hrvoje.GASPERSLOUIS-AG\Cookies\hrvoje@apmebf[2].txt
        C:\Dokumente und Einstellungen\hrvoje.GASPERSLOUIS-AG\Cookies\hrvoje@ad.zanox[1].txt
        C:\Dokumente und Einstellungen\hrvoje.GASPERSLOUIS-AG\Cookies\hrvoje@tribalfusion[1].txt
        C:\Dokumente und Einstellungen\hrvoje.GASPERSLOUIS-AG\Cookies\hrvoje@fastclick[1].txt
        C:\Dokumente und Einstellungen\hrvoje.GASPERSLOUIS-AG\Cookies\hrvoje@ads.fastclick24[2].txt
        C:\Dokumente und Einstellungen\hrvoje.GASPERSLOUIS-AG\Cookies\hrvoje@webmasterplan[1].txt
        C:\Dokumente und Einstellungen\hrvoje.GASPERSLOUIS-AG\Cookies\hrvoje@serving-sys[1].txt
        C:\Dokumente und Einstellungen\hrvoje.GASPERSLOUIS-AG\Cookies\hrvoje@euros4click[1].txt
        C:\Dokumente und Einstellungen\hrvoje.GASPERSLOUIS-AG\Cookies\hrvoje@indextools[2].txt
        C:\Dokumente und Einstellungen\hrvoje.GASPERSLOUIS-AG\Cookies\hrvoje@ad.yieldmanager[1].txt
        C:\Dokumente und Einstellungen\hrvoje.GASPERSLOUIS-AG\Cookies\hrvoje@microsoftmachinetranslation.112.2o7[1].txt
        C:\Dokumente und Einstellungen\hrvoje.GASPERSLOUIS-AG\Cookies\hrvoje@tracking.mlsat02[1].txt
        C:\Dokumente und Einstellungen\hrvoje.GASPERSLOUIS-AG\Cookies\hrvoje@traffictrack[2].txt
        C:\Dokumente und Einstellungen\hrvoje.GASPERSLOUIS-AG\Cookies\hrvoje@paypal.112.2o7[1].txt
        C:\Dokumente und Einstellungen\hrvoje.GASPERSLOUIS-AG\Cookies\hrvoje@tradedoubler[1].txt
        C:\Dokumente und Einstellungen\hrvoje.GASPERSLOUIS-AG\Cookies\hrvoje@doubleclick[1].txt

Trojan.VXGame-Variant/D
        C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR.GASPERSLOUIS-AG\EIGENE DATEIEN\PWDUMP3V2\PWDUMP3.EXE
        C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR.GASPERSLOUIS-AG\EIGENE DATEIEN\PWDUMP3V2\PWSERVICE.EXE
        C:\DOKUMENTE UND EINSTELLUNGEN\HRVOJE.GASPERSLOUIS-AG\ANWENDUNGSDATEN\MICROSOFT\INSTALLER\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\ICON386ED4E3.EXE
        C:\DOKUMENTE UND EINSTELLUNGEN\HRVOJE.GASPERSLOUIS-AG\STARTMENü\PROGRAMME\WINDOWS INSTALL CLEAN UP.LNK

Trojan.Agent/CDesc[Generic]
        C:\PROGRAMME\GEMEINSAME DATEIEN\FLUXDVD\LIB\XEB\XEBTAG.DLL
        C:\PROGRAMME\VIDEOLOAD MANAGER\XEB\XCTFOLDER.DLL
        C:\PROGRAMME\VIDEOLOAD MANAGER\XEB\XEBTAG.DLL

314you 23.07.2010 21:52
Hallo cosinus,
ist bei mir jetzt alles in Ordnung, oder muss ich noch einige Prozesse durchlaufen?
Vielen Dank für die bisherige Mühe!

cosinus 23.07.2010 22:05
Zitat:
Trojan.VXGame-Variant/D
C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR.GASPERSLOUIS-AG\EIGENE DATEIEN\PWDUMP3V2\PWDUMP3.EXE
C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR.GASPERSLOUIS-AG\EIGENE DATEIEN\PWDUMP3V2\PWSERVICE.EXE
C:\DOKUMENTE UND EINSTELLUNGEN\HRVOJE.GASPERSLOUIS-AG\ANWENDUNGSDATEN\MICROSOFT\INSTALLER\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\ICON386ED4E3.EXE
C:\DOKUMENTE UND EINSTELLUNGEN\HRVOJE.GASPERSLOUIS-AG\STARTMENü\PROGRAMME\WINDOWS INSTALL CLEAN UP.LNK

Trojan.Agent/CDesc[Generic]
C:\PROGRAMME\GEMEINSAME DATEIEN\FLUXDVD\LIB\XEB\XEBTAG.DLL
C:\PROGRAMME\VIDEOLOAD MANAGER\XEB\XCTFOLDER.DLL
C:\PROGRAMME\VIDEOLOAD MANAGER\XEB\XEBTAG.DLL
Kannst Du diese Objekte einordnen? Achte bitte auch auf die Orndernamen!

314you 24.07.2010 10:14
Hallo Arne,
bis auf den Ordner "Videoload Manager" sind mir alle anderen unbekannt, jedoch kann ich mit den .dll Dateien in dem Ordner auch nichts anfangen.
Die ganzen .exe, .dll und .lnk Dateien finde ich im Explorer nicht oder sind für mich nicht ersichtlich, die Ordner allerdings schon.

Gruß

cosinus 26.07.2010 14:23
Dann lass alles unbekannte entfernen.
Wie verhält sich das System mittlerweile?

314you 26.07.2010 14:30
Wie lasse ich es entfernen?
Das System verhält sich eigentlich ziemlich normal. Das Hochfahren des Systems dauert jetzt etwas länger und ich finde Outlook2007 bleibt öfter hängen.

cosinus 26.07.2010 15:54
Mit SASW vllt? Du kannst die Dateien auch manuell löschen.

314you 26.07.2010 16:16
Wie bereits mitgeteilt kann ich die Dateien nicht sehen und/oder öffnen.
Soll ich sie manuell über den Explorer löschen?
Über SAS kann man nicht manuel löschen, oder?

cosinus 26.07.2010 16:21
Zitat:
Über SAS kann man nicht manuel löschen, oder?
Am Ende das Scans kannst Du bestimmen was mit den Funden passiert. Das Orinzip ist doch bei jedem vergleichbaren Programm so.

314you 26.07.2010 21:08
So, jetzt ist der Scan gelaufen und folgendes zeigt er an:
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 07/26/2010 at 06:49 PM

Application Version : 4.40.1002

Core Rules Database Version : 5266
Trace Rules Database Version: 3078

Scan type      : Complete Scan
Total Scan Time : 01:33:56

Memory items scanned      : 743
Memory threats detected  : 0
Registry items scanned    : 7537
Registry threats detected : 0
File items scanned        : 90007
File threats detected    : 7

Adware.Tracking Cookie
        cdn5.specificclick.net [ C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\C8B2ENED ]
        imagesrv.adition.com [ C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\C8B2ENED ]
        s0.2mdn.net [ C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\C8B2ENED ]
        www.c-webstats.de [ C:\Dokumente und Einstellungen\hrvoje\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\C8B2ENED ]

Trojan.Agent/CDesc[Generic]
        C:\SYSTEM VOLUME INFORMATION\_RESTORE{CAF24D36-69A3-49CF-85E2-D06A0953F077}\RP338\A0091330.DLL
        C:\SYSTEM VOLUME INFORMATION\_RESTORE{CAF24D36-69A3-49CF-85E2-D06A0953F077}\RP338\A0091331.DLL
        C:\SYSTEM VOLUME INFORMATION\_RESTORE{CAF24D36-69A3-49CF-85E2-D06A0953F077}\RP338\A0091332.DLL
Das Angezeigte wurde gelöscht.
Das habe ich beim letzten Durchlauf auch gemacht.

Nach dem zu urteilen ist mein System bereinigt, oder noch unsicher?

Vielen Dank für die Bemühungen!

cosinus 26.07.2010 23:00
Verhält sich das System denn nun wieder normal?
Da sind nur ein paar Reste in der Systemwiederherstellung, wenn Du willst, dann deaktivierst Du diese oder löscht alle bisherigen Wiederherstellungspunkte, um zu vermeiden, dass Du die Infektion wiederherstellst...

314you 27.07.2010 16:19
Ich habe diese Sachen gelöscht und das System läuft normal.
Kann ich das System wieder normal nützen? Onlinebanking etc.?

cosinus 27.07.2010 16:32
Ja, mit einem Restrisiko musst Du aber ohne format c: immer leben :rolleyes:


Bitte abschließend die Updates prüfen, hier mein Leitfaden dazu:


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update



PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

314you 27.07.2010 17:21
Hallo Arne,
habe jetzt alles so durchgeführt, wie von dir angegeben.
Ich denke, dass wir jetzt durch sind mit der Reinigung.
Hast du mir noch Tipps, wie ich mein System regelmäßig durchsuchen und was ich in Zukunft beachten soll?

Dir noch einmal einen großen Dank für die Arbeit und Mühe, die du dir gemacht hast. Vielen Dank!

cosinus 28.07.2010 19:47
Halte Dich am besten grob an diese fünf Regeln:

1) Sei misstrauisch im Internet und v.a. bei unbekannten E-Mails, sei vorsichtig bei der Herausgabe persönlicher Daten!!
2) Halte Windows und alle verwendeten Programme immer aktuell
3) Führe regelmäßig Backups auf externe Medien durch
4) Arbeite mit eingeschränkten Rechten
5) Nutze sichere Programme wie zB Opera oder Firefox zum Surfen statt den IE, zum Mailen Thunderbird statt Outlook Express - E-Mails nur als reinen text anzeigen lassen

Alles noch genauer erklärt steht hier => Kompromittierung unvermeidbar?

314you 28.07.2010 20:23
Super, vielen Dank noch einmal, hat mir sehr weiter geholfen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 02:10 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131