Hilfe mein Yahoo verschickt automatische Dinge wobei ich nicht online bin

  • #1
K

kleinehexe69x

Bekanntes Mitglied
Themenersteller
Dabei seit
04.05.2004
Beiträge
46
Reaktionspunkte
0
Ort
Viersen
Hallo,

mein Yahoo verschickt Würmer oder Trojaner wie kann ich das beheben?




Liebe Grüsse Pat :-SS

Edit bei PCDCharly: Links entfernt

[br][blue]*PCDCharly: Verschoben aus "Sonstiges rund ums Internet"*[/blue]
 
  • #3
Hi,

ja da war ich auch schon drauf aber wie bekomme ich den wurm oder sonstiges runter, mein Antivir findet nichts und der yahoo verschickt munter weiter ? :| :| :|
 
  • #4
Was soll das ?



Wird dieses Forum jetzt zum verteilen von Viren benutzt ?

Ich schlage vor die Links zu entfernen !

Edit by PCDCharly: done
 
  • #5
Ich habe die links eingefügt, damit man sieht wie es aussieht und was der yahoo automatisch verschickt, bin bestimmt nicht hier um viren zu verteilen, sondern versuche hilfe zu bekommen.... :'(
 
  • #7
:engel1:

naja nun ist der link gelöscht keiner kann es mehr anklicken aber ich habe immer noch das problem... :'(
 
  • #9
Code: 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\xampp\apache\bin\httpd.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cjpcsc.exe
C:\Programme\Avira\AntiVir Desktop\avshadow.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\xampp\mysql\bin\mysqld.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\xampp\apache\bin\httpd.exe
C:\Programme\Avira\AntiVir Desktop\avmailc.exe
C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\vsnpstd3.exe
C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Outlook Express\msimn.exe
C:\xampp\xampp-control.exe
C:\Programme\Yahoo!\Messenger\YahooMessenger.exe
C:\Programme\Microsoft Office\Office12\EXCEL.EXE
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\system32\logon.scr
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.google.de/[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe /min
O4 - HKLM\..\Run: [openvpn-gui] C:\Programme\OpenVPN\bin\openvpn-gui.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Programme\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\Programme\QuickTime\qttask.exe -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User->LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User->NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User->SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User->Default user')
O4 - Startup: hamachi.lnk = C:\Programme\Hamachi\hamachi.exe
O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra->Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - C:\Programme\Magic NetTrace\MTIE.exe
O9 - Extra->Tools' menuitem: &Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - C:\Programme\Magic NetTrace\MTIE.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra->Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: [url]http://www.google.de[/url]
O15 - Trusted Zone: [url]http://www.schichtplan.motion-business.com[/url]
O15 - Trusted IP range: [url]http://194.64.77.22[/url]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url]http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263667761578[/url]
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [url]http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab[/url]
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FEB9FD2-F903-4A38-93D4-FD9C7C082E46}: NameServer = 192.168.2.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira Firewall (AntiVirFirewallService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\httpd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: cyberJack PC/SC COM Service (cjpcsc) - REINER SCT - C:\WINDOWS\system32\cjpcsc.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: MySQL - Unknown owner - C:\xampp\mysql\bin\mysqld.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Programme\OpenVPN\bin\openvpnserv.exe
O23 - Service: StarMoney 7.0 OnlineUpdate - Star Finanz - Software Entwicklung und Vertriebs GmbH - C:\Programme\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10996 bytes
 
  • #11
Okay ich schau mal wieviel passt... :-D

Code: 
OTL logfile created on: 02.05.2010 21:45:18 - Run 1
OTL by OldTimer - Version 3.2.4.0   Folder = C:\Hijack This
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 37,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 465,75 Gb Total Space | 448,35 Gb Free Space | 96,26% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 128,00 Gb Total Space | 121,43 Gb Free Space | 94,87% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: CORAZONM-A9D753
Current User Name: Corazonmedia
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2010.05.02 21:41:41 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Hijack This\OTL.exe
PRC - [2010.04.19 12:26:51 | 000,536,232 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe
PRC - [2010.04.19 12:26:51 | 000,405,672 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2010.04.19 12:26:51 | 000,337,064 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe
PRC - [2010.04.19 12:26:51 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.04.12 17:29:25 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Java\jre6\bin\java.exe
PRC - [2010.04.12 11:10:33 | 000,541,192 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) -- C:\Programme\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
PRC - [2010.04.03 09:12:17 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2010.03.24 18:14:50 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.03.24 18:14:49 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.03.24 18:14:49 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010.02.18 11:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2010.01.15 01:57:10 | 018,343,272 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\EXCEL.EXE
PRC - [2009.11.10 16:39:26 | 005,244,216 | ---- | M] (Yahoo! Inc.) -- C:\Programme\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2009.08.28 20:42:54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009.08.06 00:00:00 | 005,497,856 | ---- | M] () -- C:\xampp\mysql\bin\mysqld.exe
PRC - [2009.08.06 00:00:00 | 000,143,360 | ---- | M] (Apache Friends) -- C:\xampp\xampp-control.exe
PRC - [2009.08.06 00:00:00 | 000,024,640 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe
PRC - [2009.04.15 16:37:32 | 000,654,640 | ---- | M] (REINER SCT) -- C:\WINDOWS\system32\cjpcsc.exe
PRC - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008.04.23 03:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2008.04.14 04:23:07 | 000,220,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logon.scr
PRC - [2008.04.14 04:22:58 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rdpclip.exe
PRC - [2008.04.14 04:22:53 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Programme\Outlook Express\msimn.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.05.10 14:18:26 | 000,835,584 | ---- | M] () -- C:\WINDOWS\vsnpstd3.exe
 
 [color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - [2010.05.02 21:41:41 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Hijack This\OTL.exe
MOD - [2009.07.12 02:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009.07.11 20:41:02 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
MOD - [2009.03.06 05:33:26 | 000,961,888 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveUtil.dll
MOD - [2009.02.12 16:19:38 | 000,178,040 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll
MOD - [2009.02.12 16:19:32 | 002,217,848 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
MOD - [2008.10.25 12:44:34 | 000,022,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveNew.dll
MOD - [2008.04.14 04:22:32 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll
MOD - [2008.04.14 04:21:06 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2008.04.13 19:37:57 | 000,208,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsaenh.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2010.04.19 12:26:51 | 000,536,232 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2010.04.19 12:26:51 | 000,405,672 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2010.04.19 12:26:51 | 000,337,064 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2010.04.19 12:26:51 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.04.12 11:10:33 | 000,541,192 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Running] -- C:\Programme\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 7.0 OnlineUpdate)
SRV - [2010.03.24 18:14:50 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.01.16 18:39:18 | 000,069,632 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2009.08.28 20:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009.08.06 00:00:00 | 005,497,856 | ---- | M] () [Auto | Running] -- C:\xampp\mysql\bin\mysqld.exe -- (MySQL)
SRV - [2009.08.06 00:00:00 | 000,024,640 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\xampp\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2009.04.15 16:37:32 | 000,654,640 | ---- | M] (REINER SCT) [Auto | Running] -- C:\WINDOWS\system32\cjpcsc.exe -- (cjpcsc)
SRV - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008.11.04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.04.05 10:14:04 | 000,016,384 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2010.03.24 18:14:50 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.03.24 18:14:50 | 000,102,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avfwot.sys -- (avfwot)
DRV - [2010.03.24 18:14:50 | 000,079,432 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avfwim.sys -- (avfwim)
DRV - [2010.03.24 18:14:50 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.01.16 19:08:04 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2010.01.16 18:39:11 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.01.16 18:38:26 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.05.08 12:22:28 | 001,358,720 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009.04.14 02:03:00 | 006,308,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009.01.19 20:31:56 | 000,277,544 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2008.08.18 12:54:24 | 000,145,952 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2008.04.13 20:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB-Audiotreiber (WDM)
DRV - [2008.04.13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008.03.25 05:48:08 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008.03.25 05:48:06 | 000,054,400 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008.02.14 15:12:00 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2007.07.25 18:23:14 | 010,375,552 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2007.05.31 09:38:18 | 000,023,040 | ---- | M] (REINER SCT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cjusb.sys -- (cjusb)
DRV - [2007.05.31 09:38:16 | 000,014,949 | ---- | M] (franson.biz) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\bizVSerialNT.sys -- (bizVSerial)
DRV - [2006.07.02 00:30:28 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004.06.24 03:54:12 | 000,023,552 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0801.sys -- (tap0801)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.google.de/[/url]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: ProxyEnable = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: ProxyOverride = *.local
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.param.yahoo-fr: chrf-ytbm
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: chrf-ytbm
FF - prefs.js..browser.search.param.yahoo-type: ${8}
FF - prefs.js..browser.startup.homepage: [url]http://www.google.de/[/url]
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.4
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.3
FF - prefs.js..extensions.enabledItems: [email][email protected][/email]:1.0
FF - prefs.js..extensions.enabledItems: [email][email protected][/email]d:1.5.3
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
FF - prefs.js..extensions.enabledItems: {9815d32d-08c2-42ca-a8c6-43e501a4512f}:0.3.3
FF - prefs.js..extensions.enabledItems: [email][email protected][/email]:20100306
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {d62e0de0-401b-11dd-ae16-0800200c9a66}:4.5.4
FF - prefs.js..extensions.enabledItems: {3ffb7be0-8bde-11de-8a39-0800200c9a66}:3.6.05.02.10
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.04.03 09:12:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.04.17 19:45:08 | 000,000,000 | ---D | M]
 
  • #12
Code: 
[2010.01.16 20:19:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Corazonmedia\Anwendungsdaten\Mozilla\Extensions
[2010.01.16 20:19:36 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Corazonmedia\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.05.02 13:56:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Corazonmedia\Anwendungsdaten\Mozilla\Firefox\Profiles\4509fbqt.default\extensions
[2010.04.29 07:19:32 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Corazonmedia\Anwendungsdaten\Mozilla\Firefox\Profiles\4509fbqt.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010.04.29 07:19:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Corazonmedia\Anwendungsdaten\Mozilla\Firefox\Profiles\4509fbqt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.02.10 09:38:01 | 000,000,000 | ---D | M] (Purple Fox) -- C:\Dokumente und Einstellungen\Corazonmedia\Anwendungsdaten\Mozilla\Firefox\Profiles\4509fbqt.default\extensions\{3ffb7be0-8bde-11de-8a39-0800200c9a66}
[2010.01.16 19:05:33 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\Corazonmedia\Anwendungsdaten\Mozilla\Firefox\Profiles\4509fbqt.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.04.14 07:04:04 | 000,000,000 | ---D | M] (Tor-Proxy.NET Toolbar) -- C:\Dokumente und Einstellungen\Corazonmedia\Anwendungsdaten\Mozilla\Firefox\Profiles\4509fbqt.default\extensions\{9815d32d-08c2-42ca-a8c6-43e501a4512f}
[2010.01.16 20:16:18 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Dokumente und Einstellungen\Corazonmedia\Anwendungsdaten\Mozilla\Firefox\Profiles\4509fbqt.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2010.02.13 11:23:32 | 000,000,000 | ---D | M] (AvantGarde Skylight) -- C:\Dokumente und Einstellungen\Corazonmedia\Anwendungsdaten\Mozilla\Firefox\Profiles\4509fbqt.default\extensions\{d62e0de0-401b-11dd-ae16-0800200c9a66}
[2010.04.20 22:51:43 | 000,000,000 | ---D | M] (Torbutton) -- C:\Dokumente und Einstellungen\Corazonmedia\Anwendungsdaten\Mozilla\Firefox\Profiles\4509fbqt.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010.03.12 09:30:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Corazonmedia\Anwendungsdaten\Mozilla\Firefox\Profiles\4509fbqt.default\extensions\[email protected]
[2010.04.14 07:04:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Corazonmedia\Anwendungsdaten\Mozilla\Firefox\Profiles\4509fbqt.default\extensions\[email protected]
[2010.05.02 13:56:55 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.04.16 18:25:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2008.02.22 17:24:06 | 000,095,832 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPPDLicenseHelper.dll
[2009.10.23 15:01:34 | 000,102,400 | ---- | M] (Zylom) -- C:\Programme\Mozilla Firefox\plugins\npzylomgamesplayer.dll
[2010.03.10 00:07:19 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.10 00:07:19 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.10 00:07:19 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.10 00:07:19 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.10 00:07:19 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.02.28 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [openvpn-gui] C:\Programme\OpenVPN\bin\openvpn-gui.exe ()
O4 - HKLM..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\Corazonmedia\Startmenü\Programme\Autostart\hamachi.lnk = C:\Programme\Hamachi\hamachi.exe (LogMeIn Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\Corazonmedia\Startmenü\Programme\Autostart\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra->Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - C:\Programme\Magic NetTrace\MTIE.exe (TialSoft software)
O9 - Extra->Tools' menuitem : &Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - C:\Programme\Magic NetTrace\MTIE.exe (TialSoft software)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O15 - HKCU\..Trusted Domains: google.de ([www] http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: motion-business.com ([[url]www.schichtplan][/url] http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Vertrauenswürdige Sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [url]http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263667761578[/url] (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url]http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab[/url] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} [url]http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab[/url] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [url]http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab[/url] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url]http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab[/url] (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [url]http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab[/url] (Reg Error: Key error.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.01.17 00:49:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{773d82aa-02e7-11df-b000-806d6172696f}\Shell -  = AutoRun
O33 - MountPoints2\{773d82aa-02e7-11df-b000-806d6172696f}\Shell\AutoRun -  = Auto&Play
O33 - MountPoints2\{773d82aa-02e7-11df-b000-806d6172696f}\Shell\AutoRun\command -  = E:\Bin\assetup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- %1 %*
O35 - HKLM\..exefile [open] -- %1 %*
O37 - HKLM\...com [@ = comfile] -- %1 %*
O37 - HKLM\...exe [@ = exefile] -- %1 %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010.05.02 21:28:36 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2010.05.02 21:28:16 | 000,000,000 | ---D | C] -- C:\Hijack This
[2010.05.02 00:38:48 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Corazonmedia\Recent
[2010.04.30 21:46:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Corazonmedia\Anwendungsdaten\YoudaGames
[2010.04.30 21:45:46 | 000,000,000 | ---D | C] -- C:\Programme\OXXOGames
[2010.04.30 21:45:26 | 000,000,000 | ---D | C] -- C:\Spiel Farm
[2010.04.25 20:39:01 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010.04.17 19:44:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.04.16 18:25:52 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010.04.14 12:43:56 | 000,000,000 | ---D | C] -- C:\Spiele
[2010.04.11 15:02:14 | 000,000,000 | ---D | C] -- C:\xampp
[2010.01.16 19:50:06 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd3.dll
[2010.01.16 19:50:06 | 000,057,344 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll
[2010.01.16 19:50:06 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll
[2010.01.16 19:50:06 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\csnpstd3.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010.05.02 21:39:50 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.05.02 21:28:36 | 000,001,741 | ---- | M] () -- C:\Dokumente und Einstellungen\Corazonmedia\Desktop\HijackThis.lnk
[2010.05.02 15:55:30 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010.05.02 15:55:26 | 000,212,973 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010.05.02 15:55:24 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.05.02 15:54:21 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.05.02 15:54:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.05.02 15:53:06 | 004,718,592 | -H-- | M] () -- C:\Dokumente und Einstellungen\Corazonmedia\NTUSER.DAT
[2010.05.02 15:53:06 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Corazonmedia\ntuser.ini
[2010.05.02 00:40:54 | 001,578,550 | -H-- | M] () -- C:\Dokumente und Einstellungen\Corazonmedia\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2010.05.01 20:59:01 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.04.19 12:19:36 | 000,064,367 | ---- | M] () -- C:\Dokumente und Einstellungen\Corazonmedia\Eigene Dateien\Deckblatt Patricia 2010.pdf
[2010.04.17 19:45:08 | 000,001,752 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2010.04.12 17:29:27 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.04.12 17:29:26 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.04.12 17:29:25 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010.04.12 15:19:02 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010.04.11 00:31:20 | 000,253,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Setup1.exe
[2010.04.11 00:31:19 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ST6UNST.EXE
[2010.04.09 20:12:04 | 001,050,654 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.04.09 20:12:04 | 000,452,310 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.04.09 20:12:04 | 000,435,396 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.04.09 20:12:04 | 000,081,118 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.04.09 20:12:04 | 000,068,292 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.04.08 09:26:58 | 000,009,728 | ---- | M] () -- C:\Dokumente und Einstellungen\Corazonmedia\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
  • #13
und der rest? :)
 
  • #14
Oh hat er den rest nicht genommen :mad: mache es gleich nochmal :-(
 
  • #15
Code: 
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 70,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 465,75 Gb Total Space | 448,28 Gb Free Space | 96,25% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 128,00 Gb Total Space | 121,43 Gb Free Space | 94,87% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: CORAZONM-A9D753
Current User Name: Corazonmedia
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2010.05.02 21:41:41 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Hijack This\OTL.exe
PRC - [2010.04.19 12:26:51 | 000,536,232 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe
PRC - [2010.04.19 12:26:51 | 000,405,672 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2010.04.19 12:26:51 | 000,337,064 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe
PRC - [2010.04.19 12:26:51 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.04.12 11:10:33 | 000,541,192 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) -- C:\Programme\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
PRC - [2010.04.03 09:12:17 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2010.03.24 18:14:50 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.03.24 18:14:49 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.03.24 18:14:49 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010.02.18 11:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2010.01.15 01:57:10 | 018,343,272 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\EXCEL.EXE
PRC - [2009.11.10 16:39:26 | 005,244,216 | ---- | M] (Yahoo! Inc.) -- C:\Programme\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2009.08.28 20:42:54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009.08.06 00:00:00 | 005,497,856 | ---- | M] () -- C:\xampp\mysql\bin\mysqld.exe
PRC - [2009.08.06 00:00:00 | 000,143,360 | ---- | M] (Apache Friends) -- C:\xampp\xampp-control.exe
PRC - [2009.08.06 00:00:00 | 000,024,640 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe
PRC - [2009.04.15 16:37:32 | 000,673,072 | ---- | M] (REINER SCT) -- C:\WINDOWS\system32\cjpcscui.exe
PRC - [2009.04.15 16:37:32 | 000,654,640 | ---- | M] (REINER SCT) -- C:\WINDOWS\system32\cjpcsc.exe
PRC - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008.04.23 03:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2008.04.14 04:23:07 | 000,220,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logon.scr
PRC - [2008.04.14 04:22:58 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rdpclip.exe
PRC - [2008.04.14 04:22:53 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Programme\Outlook Express\msimn.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.05.10 14:18:26 | 000,835,584 | ---- | M] () -- C:\WINDOWS\vsnpstd3.exe
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - [2010.05.02 21:41:41 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Hijack This\OTL.exe
MOD - [2008.04.14 04:22:32 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll
MOD - [2008.04.14 04:21:06 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]SRV - [2010.04.19 12:26:51 | 000,536,232 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2010.04.19 12:26:51 | 000,405,672 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2010.04.19 12:26:51 | 000,337,064 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2010.04.19 12:26:51 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.04.12 11:10:33 | 000,541,192 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Running] -- C:\Programme\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 7.0 OnlineUpdate)
SRV - [2010.03.24 18:14:50 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.01.16 18:39:18 | 000,069,632 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2009.08.28 20:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009.08.06 00:00:00 | 005,497,856 | ---- | M] () [Auto | Running] -- C:\xampp\mysql\bin\mysqld.exe -- (MySQL)
SRV - [2009.08.06 00:00:00 | 000,024,640 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\xampp\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2009.04.15 16:37:32 | 000,654,640 | ---- | M] (REINER SCT) [Auto | Running] -- C:\WINDOWS\system32\cjpcsc.exe -- (cjpcsc)
SRV - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008.11.04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.04.05 10:14:04 | 000,016,384 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
 
 [code]
[/code]
 
  • #16
Code: 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2010.03.24 18:14:50 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.03.24 18:14:50 | 000,102,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avfwot.sys -- (avfwot)
DRV - [2010.03.24 18:14:50 | 000,079,432 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avfwim.sys -- (avfwim)
DRV - [2010.03.24 18:14:50 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.01.16 19:08:04 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2010.01.16 18:39:11 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.01.16 18:38:26 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.05.08 12:22:28 | 001,358,720 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009.04.14 02:03:00 | 006,308,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009.01.19 20:31:56 | 000,277,544 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2008.08.18 12:54:24 | 000,145,952 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2008.04.13 20:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB-Audiotreiber (WDM)
DRV - [2008.04.13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008.03.25 05:48:08 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008.03.25 05:48:06 | 000,054,400 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008.02.14 15:12:00 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2007.07.25 18:23:14 | 010,375,552 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2007.05.31 09:38:18 | 000,023,040 | ---- | M] (REINER SCT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cjusb.sys -- (cjusb)
DRV - [2007.05.31 09:38:16 | 000,014,949 | ---- | M] (franson.biz) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\bizVSerialNT.sys -- (bizVSerial)
DRV - [2006.07.02 00:30:28 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004.06.24 03:54:12 | 000,023,552 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0801.sys -- (tap0801)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.google.de/[/url]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: ProxyEnable = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: ProxyOverride = *.local
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.param.yahoo-fr: chrf-ytbm
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: chrf-ytbm
FF - prefs.js..browser.search.param.yahoo-type: ${8}
FF - prefs.js..browser.startup.homepage: [url]http://www.google.de/[/url]
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.4
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.3
FF - prefs.js..extensions.enabledItems: [email][email protected][/email]:1.0
FF - prefs.js..extensions.enabledItems: [email][email protected][/email]d:1.5.3
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
FF - prefs.js..extensions.enabledItems: {9815d32d-08c2-42ca-a8c6-43e501a4512f}:0.3.3
FF - prefs.js..extensions.enabledItems: [email][email protected][/email]:20100306
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {d62e0de0-401b-11dd-ae16-0800200c9a66}:4.5.4FF - prefs.js..extensions.enabledItems: {3ffb7be0-8bde-11de-8a39-0800200c9a66}:3.6.05.02.10
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.04.03 09:12:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.04.17 19:45:08 | 000,000,000 | ---D | M]
 
[2010.01.16 20:19:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Corazonmedia\Anwendungsdaten\Mozilla\Extensions
[2010.01.16 20:19:36 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Corazonmedia\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.05.03 14:07:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Corazonmedia\Anwendungsdaten\Mozilla\Firefox\Profiles\4509fbqt.default\extensions
[2010.04.29 07:19:32 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Corazonmedia\Anwendungsdaten\Mozilla\Firefox\Profiles\4509fbqt.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010.04.29 07:19:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Corazonmedia\Anwendungsdaten\Mozilla\Firefox\Profiles\4509fbqt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.02.10 09:38:01 | 000,000,000 | ---D | M] (Purple Fox) -- C:\Dokumente und Einstellungen\Corazonmedia\Anwendungsdaten\Mozilla\Firefox\Profiles\4509fbqt.default\extensions\{3ffb7be0-8bde-11de-8a39-0800200c9a66}
[2010.01.16 19:05:33 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\Corazonmedia\Anwendungsdaten\Mozilla\Firefox\Profiles\4509fbqt.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.04.14 07:04:04 | 000,000,000 | ---D | M] (Tor-Proxy.NET Toolbar) -- C:\Dokumente und Einstellungen\Corazonmedia\Anwendungsdaten\Mozilla\Firefox\Profiles\4509fbqt.default\extensions\{9815d32d-08c2-42ca-a8c6-43e501a4512f}
[2010.01.16 20:16:18 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Dokumente und Einstellungen\Corazonmedia\Anwendungsdaten\Mozilla\Firefox\Profiles\4509fbqt.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2010.02.13 11:23:32 | 000,000,000 | ---D | M] (AvantGarde Skylight) -- C:\Dokumente und Einstellungen\Corazonmedia\Anwendungsdaten\Mozilla\Firefox\Profiles\4509fbqt.default\extensions\{d62e0de0-401b-11dd-ae16-0800200c9a66}
[2010.04.20 22:51:43 | 000,000,000 | ---D | M] (Torbutton) -- C:\Dokumente und Einstellungen\Corazonmedia\Anwendungsdaten\Mozilla\Firefox\Profiles\4509fbqt.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010.03.12 09:30:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Corazonmedia\Anwendungsdaten\Mozilla\Firefox\Profiles\4509fbqt.default\extensions\[email protected]
[2010.04.14 07:04:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Corazonmedia\Anwendungsdaten\Mozilla\Firefox\Profiles\4509fbqt.default\extensions\[email protected]
[2010.05.03 14:07:12 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.04.16 18:25:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2008.02.22 17:24:06 | 000,095,832 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPPDLicenseHelper.dll
[2009.10.23 15:01:34 | 000,102,400 | ---- | M] (Zylom) -- C:\Programme\Mozilla Firefox\plugins\npzylomgamesplayer.dll
[2010.03.10 00:07:19 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.10 00:07:19 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.10 00:07:19 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.10 00:07:19 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.10 00:07:19 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
  • #17
Code: 
O1 HOSTS File: ([2006.02.28 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [openvpn-gui] C:\Programme\OpenVPN\bin\openvpn-gui.exe ()
O4 - HKLM..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\Corazonmedia\Startmenü\Programme\Autostart\hamachi.lnk = C:\Programme\Hamachi\hamachi.exe (LogMeIn Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\Corazonmedia\Startmenü\Programme\Autostart\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra->Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - C:\Programme\Magic NetTrace\MTIE.exe (TialSoft software)
O9 - Extra->Tools' menuitem : &Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - C:\Programme\Magic NetTrace\MTIE.exe (TialSoft software)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O15 - HKCU\..Trusted Domains: google.de ([www] http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: motion-business.com ([[url]www.schichtplan][/url] http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Vertrauenswürdige Sites)
 
  • #18
Code: 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2010.03.24 18:14:50 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.03.24 18:14:50 | 000,102,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avfwot.sys -- (avfwot)
DRV - [2010.03.24 18:14:50 | 000,079,432 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avfwim.sys -- (avfwim)
DRV - [2010.03.24 18:14:50 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.01.16 19:08:04 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2010.01.16 18:39:11 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.01.16 18:38:26 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.05.08 12:22:28 | 001,358,720 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009.04.14 02:03:00 | 006,308,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009.01.19 20:31:56 | 000,277,544 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2008.08.18 12:54:24 | 000,145,952 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2008.04.13 20:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB-Audiotreiber (WDM)
DRV - [2008.04.13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008.03.25 05:48:08 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008.03.25 05:48:06 | 000,054,400 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008.02.14 15:12:00 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2007.07.25 18:23:14 | 010,375,552 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2007.05.31 09:38:18 | 000,023,040 | ---- | M] (REINER SCT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cjusb.sys -- (cjusb)
DRV - [2007.05.31 09:38:16 | 000,014,949 | ---- | M] (franson.biz) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\bizVSerialNT.sys -- (bizVSerial)
DRV - [2006.07.02 00:30:28 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004.06.24 03:54:12 | 000,023,552 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0801.sys -- (tap0801)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.google.de/[/url]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: ProxyEnable = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: ProxyOverride = *.local
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.param.yahoo-fr: chrf-ytbm
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: chrf-ytbm
FF - prefs.js..browser.search.param.yahoo-type: ${8}
FF - prefs.js..browser.startup.homepage: [url]http://www.google.de/[/url]
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.4
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.3
FF - prefs.js..extensions.enabledItems: [email][email protected][/email]:1.0
FF - prefs.js..extensions.enabledItems: [email][email protected][/email]d:1.5.3
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
FF - prefs.js..extensions.enabledItems: {9815d32d-08c2-42ca-a8c6-43e501a4512f}:0.3.3
FF - prefs.js..extensions.enabledItems: [email][email protected][/email]:20100306
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {d62e0de0-401b-11dd-ae16-0800200c9a66}:4.5.4
FF - prefs.js..extensions.enabledItems: {3ffb7be0-8bde-11de-8a39-0800200c9a66}:3.6.05.02.10 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.04.03 09:12:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.04.17 19:45:08 | 000,000,000 | ---D | M]
 
[2010.01.16 20:19:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Corazonmedia\Anwendungsdaten\Mozilla\Extensions
[2010.01.16 20:19:36 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Corazonmedia\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.05.03 14:07:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Corazonmedia\Anwendungsdaten\Mozilla\Firefox\Profiles\4509fbqt.default\extensions
[2010.04.29 07:19:32 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Corazonmedia\Anwendungsdaten\Mozilla\Firefox\Profiles\4509fbqt.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
 
  • #19
Code: 
[2010.04.29 07:19:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Corazonmedia\Anwendungsdaten\Mozilla\Firefox\Profiles\4509fbqt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.02.10 09:38:01 | 000,000,000 | ---D | M] (Purple Fox) -- C:\Dokumente und Einstellungen\Corazonmedia\Anwendungsdaten\Mozilla\Firefox\Profiles\4509fbqt.default\extensions\{3ffb7be0-8bde-11de-8a39-0800200c9a66}
[2010.01.16 19:05:33 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\Corazonmedia\Anwendungsdaten\Mozilla\Firefox\Profiles\4509fbqt.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.04.14 07:04:04 | 000,000,000 | ---D | M] (Tor-Proxy.NET Toolbar) -- C:\Dokumente und Einstellungen\Corazonmedia\Anwendungsdaten\Mozilla\Firefox\Profiles\4509fbqt.default\extensions\{9815d32d-08c2-42ca-a8c6-43e501a4512f}
[2010.01.16 20:16:18 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Dokumente und Einstellungen\Corazonmedia\Anwendungsdaten\Mozilla\Firefox\Profiles\4509fbqt.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2010.02.13 11:23:32 | 000,000,000 | ---D | M] (AvantGarde Skylight) -- C:\Dokumente und Einstellungen\Corazonmedia\Anwendungsdaten\Mozilla\Firefox\Profiles\4509fbqt.default\extensions\{d62e0de0-401b-11dd-ae16-0800200c9a66}
[2010.04.20 22:51:43 | 000,000,000 | ---D | M] (Torbutton) -- C:\Dokumente und Einstellungen\Corazonmedia\Anwendungsdaten\Mozilla\Firefox\Profiles\4509fbqt.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010.03.12 09:30:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Corazonmedia\Anwendungsdaten\Mozilla\Firefox\Profiles\4509fbqt.default\extensions\[email protected]
[2010.04.14 07:04:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Corazonmedia\Anwendungsdaten\Mozilla\Firefox\Profiles\4509fbqt.default\extensions\[email protected]
[2010.05.03 14:07:12 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.04.16 18:25:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2008.02.22 17:24:06 | 000,095,832 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPPDLicenseHelper.dll
[2009.10.23 15:01:34 | 000,102,400 | ---- | M] (Zylom) -- C:\Programme\Mozilla Firefox\plugins\npzylomgamesplayer.dll
[2010.03.10 00:07:19 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.10 00:07:19 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.10 00:07:19 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.10 00:07:19 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.10 00:07:19 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.02.28 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelpe
 
  • #20
Code: 
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [openvpn-gui] C:\Programme\OpenVPN\bin\openvpn-gui.exe ()
O4 - HKLM..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\Corazonmedia\Startmenü\Programme\Autostart\hamachi.lnk = C:\Programme\Hamachi\hamachi.exe (LogMeIn Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\Corazonmedia\Startmenü\Programme\Autostart\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra->Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - C:\Programme\Magic NetTrace\MTIE.exe (TialSoft software)
O9 - Extra->Tools' menuitem : &Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - C:\Programme\Magic NetTrace\MTIE.exe (TialSoft software)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O15 - HKCU\..Trusted Domains: google.de ([www] http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: motion-business.com ([[url]www.schichtplan][/url] http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Vertrauenswürdige Sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [url]http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263667761578[/url] (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url]http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab[/url] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} [url]http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab[/url] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [url]http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab[/url] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url]http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab[/url] (Java Plug-i
 
Thema:

Hilfe mein Yahoo verschickt automatische Dinge wobei ich nicht online bin

ANGEBOTE & SPONSOREN

Neueste Themen

Statistik des Forums

Themen
113.840
Beiträge
707.963
Mitglieder
51.494
Neuestes Mitglied
Flensburg45
Oben