| |
| |||||||
Log-Analyse und Auswertung: Spyware - Google Suche wird weitergeleitetWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
04.10.2011, 09:13
| #1 |
 |  Spyware - Google Suche wird weitergeleitet Wenn ich bei der Google Suche auf einen beliebigen Treffer klicke, werde ich zu irgendwelchen anderen Seiten weitergeleitet, aber niemals zu der Seite zu der ich möchte. Erst durch manuelles neuladen der Seite komme ich auf die gewünschte Seite. Bei der Weiterleitung der Suchanfragen werde ich zuerst auf die Seite greatsearchsystem.com weitergeleitet. Danach öffnet sich in einem Frame innerhalb der Seite greatsearchsystem.com eine zufällige andere Seite. Außerdem habe ich in allen Browsern eine Babylon-Suche als eingetragene Suchmaschine. Hier mein Logfile von HijackThis: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 09:34:41, on 04.10.2011 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\Skype\Phone\Skype.exe J:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe C:\Users\*****\AppData\Local\Google\Update\1.3.21.69\GoogleCrashHandler.exe C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\devenv.exe C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\IIS Express\iisexpress.exe C:\Program Files (x86)\Common Files\Microsoft Shared\DevServer\10.0\WebDev.WebServer40.exe C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\TraceDebugger Tools\IntelliTrace.exe C:\Program Files (x86)\IIS Express\iisexpresstray.exe C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\rundll32.exe C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\*****\Downloads\HiJackThis204.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll O3 - Toolbar: Corsair Add-on - {B4FBA8C3-2083-4ED8-A35B-148478739826} - C:\Program Files (x86)\Corsair Addon\corsair.DLL O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Google Update] "C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [smtp4dev] J:\smtp4dev.exe O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10w_ActiveX.exe -update activex O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - Global Startup: Google Calendar Sync.lnk = J:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000 O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Identity Foundation\v3.5\c2wtsres.dll,-1000 (c2wts) - Unknown owner - C:\Program Files (x86)\Windows Identity Foundation\v3.5\c2wtshost.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9072 bytes Geändert von Skipper17 (04.10.2011 um 09:52 Uhr) |
|
04.10.2011, 10:00
| #2 |
| /// Malware-holic   | Spyware - Google Suche wird weitergeleitet hi,
__________________1. wollen wir keine hjt logs mehr sehen. 2. kennst du: J:\smtp4dev.exe falls nein, trotzdem vorläufig nicht löschen. 3. Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
__________________ |
|
04.10.2011, 10:36
| #3 | |||
| | Spyware - Google Suche wird weitergeleitet Vielen Dank schon mal für die Antwort.
__________________Zitat:
Zitat:
Zitat:
Code:
ATTFilter OTL logfile created on: 04.10.2011 11:04:16 - Run 1 OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\*****\Desktop 64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,98 Gb Total Physical Memory | 0,99 Gb Available Physical Memory | 24,86% Memory free 7,96 Gb Paging File | 4,51 Gb Available in Paging File | 56,68% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 107,03 Gb Total Space | 61,63 Gb Free Space | 57,58% Space Free | Partition Type: NTFS Drive J: | 931,51 Gb Total Space | 931,32 Gb Free Space | 99,98% Space Free | Partition Type: NTFS Drive U: | 109,90 Gb Total Space | 79,58 Gb Free Space | 72,41% Space Free | Partition Type: NTFS Drive X: | 698,60 Gb Total Space | 375,61 Gb Free Space | 53,77% Space Free | Partition Type: NTFS Drive Z: | 698,60 Gb Total Space | 375,61 Gb Free Space | 53,77% Space Free | Partition Type: NTFS Computer Name: ***** | User Name: ***** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\*****\AppData\Local\Google\Update\1.3.21.69\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - J:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google) PRC - C:\Program Files (x86)\IIS Express\iisexpresstray.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\IIS Express\iisexpress.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\HistoricalDebuggerM#\01e57cbe42c0eb197c378388c6b3097b\HistoricalDebuggerMargin.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\8bd0bb7822eb2d50cb4c1a82a7f934e8\CustomMarshalers.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build\d8824d6c40ba5bbd062a261151ed841d\Microsoft.Build.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\a379d1c0aa86653222103da84ca8af03\Microsoft.VisualStudio.ComponentModelHost.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\5c659e2195f712d6638b8536da384cda\System.Runtime.DurableInstancing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\0f5813c19bc6dc46e87c6beafb97d525\System.Xml.Linq.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\33b886ae33f78b046f90bda3dde2688e\System.Runtime.Serialization.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ef32e2d63c908a8e4b21b30b2debcd03\SMDiagnostics.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\7a2a83b1625f100331691f44b6e9c3ab\System.Configuration.Install.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Tas#\e4077b048089c2f0d59be7672489f58f\Microsoft.Build.Tasks.v4.0.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Uti#\03c96a7a85a19f01e803addb1895389b\Microsoft.Build.Utilities.v4.0.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.RegularE#\af4b18836c5b4e2678e08924f213f072\System.Web.RegularExpressions.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.OracleC#\4946e8bb272baa775fb26ff95c369f81\System.Data.OracleClient.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\92e03c0c449ccacc9d819207642047b3\System.Web.Services.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\be3d47a08a8e4118e75e31a402259409\System.DirectoryServices.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\3c81550255199caad42b6927e52cbe20\System.EnterpriseServices.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\3c81550255199caad42b6927e52cbe20\System.EnterpriseServices.Wrapper.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\3be20b4f9e9df41aaea426041f4f410a\System.Web.ApplicationServices.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\cadbfd56dbffb78f67b92027bd56862e\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\5314989a2066877016eaac44f927092c\System.Transactions.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Cach#\1113d00ba5944ffe741f6ff82a38e545\System.Runtime.Caching.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Fra#\48580b920520db0686fc349cd2d8ac50\Microsoft.Build.Framework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\26e3e55c9a32842d97d2a52e9b3e6161\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\40503b7443cd265e3d9e6f08c1aae33b\Microsoft.VisualStudio.IntelliTrace.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\9c75c9bbe13787e1c8e6aad0f4a8e1aa\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\IntelliTrace\f23755302ce36fdf390ecf5454335771\IntelliTrace.ni.exe () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\790909ab629a92fedbe48a271c6c4598\Microsoft.VisualStudio.Debugger.PdtDebug.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\07dd0a2384f2416046310840261d323a\Microsoft.VisualStudio.Diagnostics.Measurement.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\950b5b880e8d8af1709f06b6a1a854a0\Accessibility.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cea5d9b8e3d6ff3bf3be32cf5fcbcd02\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\901f7f350afb8716763086861b481fcb\IAStorCommon.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\d1e2dc0832d212ad50eae7ac068af6c3\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\456d5e9d3a0a37697ab28c150e9ac5b7\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad9c2f4737e1e07fa774af31a7d74235\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eba4ec48e3f7f16864c6d96f510fafd9\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\155679a9c8991cc33f90d6b27bac1977\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\610374fef100556da252243e673ac64b\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\0bddc91cbf37d143f08f6684b2919566\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\23bc3936180ff789f44259a211dfc7fc\mscorlib.ni.dll () MOD - C:\Users\*****\AppData\Local\Google\Chrome\Application\14.0.835.186\ppGoogleNaClPluginChrome.dll () MOD - C:\Users\*****\AppData\Local\Google\Chrome\Application\14.0.835.186\pdf.dll () MOD - C:\Users\*****\AppData\Local\Google\Chrome\Application\14.0.835.186\avutil-51.dll () MOD - C:\Users\*****\AppData\Local\Google\Chrome\Application\14.0.835.186\avformat-53.dll () MOD - C:\Users\*****\AppData\Local\Google\Chrome\Application\14.0.835.186\avcodec-53.dll () MOD - C:\Users\*****\AppData\Local\Google\Chrome\Application\14.0.835.186\gcswf32.dll () MOD - C:\Users\ASPRIN~1\AppData\Local\Google\Chrome\APPLIC~1\140835~1.186\gcswf32.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d23889e1eceadc97a6f227dbb392cb60\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Design\90e7beb065665ea19999ca5eda044c99\System.Design.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\0e3eea502999efc06079a0f40a795731\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\55b41158ada67f5b5a132e120e7de269\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\80bdabbd69127228408b96ca23460389\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing.Desi#\3f18dbd73b16d5a377d8a87acbd92909\System.Drawing.Design.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\113a314e9f32a5efc41f409118a71063\Microsoft.CSharp.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\8a671058b35f625fb958ff2228fbc9cf\System.Data.Linq.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\2721a63758cab451543e8a58dc4ffeeb\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\eb22b58fc80ef55a2879bd6f121e9989\System.ComponentModel.Composition.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\a0ced4a2cbd6aa8f9cf2a28b641e0300\System.Dynamic.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\ec8c58572e78fa5fc63bb8b29ed7481a\System.Data.SqlXml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\6cf9069b4b5feb38824a79009ed9c7b4\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\ea0f339fb15935f1878e115be1c04f8f\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\6c4a0cae96fe506534d1ed4b8e905d04\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\64d84a18bdebd88f137f11ec220748ff\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ffc825af968e2afbdd0d894b475331f3\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\786df9adb3752f8f67b90dedb60dc2a1\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\68dd8aa8c376dd3c44f8e56c3767ac1d\System.Security.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\21335cc2e54f4995b582cfa9d1efbcaa\System.Numerics.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\93e7df09dacd5fef442cc22d28efec83\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC\VSLangProj80\8.0.0.0__b03f5f7f11d50a3a\VSLangProj80.dll () MOD - \\?\C:\Windows\Microsoft.NET\Framework\v4.0.30319\webengine.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - \\?\globalroot\systemroot\syswow64\mswsock.DLL () ========== Win32 Services (SafeList) ========== SRV:64bit: - (MsDepSvc) -- C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe (Microsoft Corporation) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (STacSV) -- C:\Programme\IDT\WDM\stacsv64.exe (IDT, Inc.) SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (c2wts) -- C:\Programme\Windows Identity Foundation\v3.5\c2wtshost.exe (Microsoft Corporation) SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (AESTFilters) -- C:\Programme\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (tixhci) -- C:\Windows\SysNative\drivers\tixhci.sys (Texas Instruments Incorporated) DRV:64bit: - (tihub3) -- C:\Windows\SysNative\drivers\tihub3.sys (Texas Instruments Incorporated) DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (RsFx0102) -- C:\Windows\SysNative\drivers\RsFx0102.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D6 2A 3B 58 EE 67 CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..keyword.URL: "hxxp://zinkwink.com/?clid=496a857882734ef5adb4ef6f34c86cfc&prt=corsairzwbho&tmp=nemo_results&keywords=" FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: J:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\*****\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\*****\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.08.31 10:55:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.08.31 17:02:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions [2011.09.30 14:25:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\c80nnp19.default\extensions [2011.09.30 08:13:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.09.13 17:05:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} [2011.09.30 08:13:17 | 000,000,000 | ---D | M] (Corsair Extension) -- C:\Program Files (x86)\mozilla firefox\extensions\corsair@corsair.com [2011.08.31 01:15:09 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.08.30 22:35:55 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.09.30 08:13:21 | 000,002,336 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2011.08.30 22:29:49 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.08.30 22:35:55 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.08.30 22:35:55 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.08.30 22:35:55 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.08.30 22:35:55 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\*****\AppData\Local\Google\Chrome\Application\14.0.835.186\gcswf32.dll CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U27 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\*****\AppData\Local\Google\Chrome\Application\14.0.835.186\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\*****\AppData\Local\Google\Chrome\Application\14.0.835.186\pdf.dll CHR - plugin: WPI Detector 1.4 (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll CHR - plugin: Google Update (Enabled) = C:\Users\*****\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = J:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: MagicScroll eBook Reader = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgnmgfdoiplfmhgghbmlphanpfmjble\2.6.3_0\ CHR - Extension: AdBlock = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.4.28_0\ CHR - Extension: Desktop Wallpaper Tool = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcfhbpblckhcihdkoogjmgfpkpnfndel\1.0_0\ CHR - Extension: Resolution Test = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhfcdbheobinplaamokffboaccidbal\2.0_0\ CHR - Extension: InvisibleHand = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko\3.3.10_0\ CHR - Extension: Google Mail-Checker = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\3.2_0\ CHR - Extension: Google Books = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb\0.0.0.5_0\ CHR - Extension: Erweiterung \RSS-Abonnement\ (von Google) = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd\2.1.3_0\ CHR - Extension: Docs Viewer f\u00FCr PDF/PowerPoint (von Google) = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn\3.5_0\ CHR - Extension: Google Calendar Checker = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\ookhcbgokankfmjafalglpofmolfopek\1.2.2_0\ CHR - Extension: Clip an Evernote = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.1.17.5511_0\ CHR - Extension: We Are Hunted = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmgdicpfcekegalffnnbhkjkkoapppga\1.0.0.0_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Corsair Add-on) - {B4FBA8C3-2083-4ED8-A35B-148478739826} - C:\Program Files (x86)\Corsair Addon\corsair.DLL () O3 - HKCU\..\Toolbar\WebBrowser: (Corsair Add-on) - {B4FBA8C3-2083-4ED8-A35B-148478739826} - C:\Program Files (x86)\Corsair Addon\corsair.DLL () O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKCU..\Run: [smtp4dev] J:\smtp4dev.exe (Robert N Wood <rob@rnwood.co.uk>) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10w_ActiveX.exe (Adobe Systems, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - mmswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\pnrpnsp.dll File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab (DLC Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.222.10 192.168.222.250 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ***** O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{715F3621-1E73-46BD-B581-DE6461B4455D}: DhcpNameServer = 192.168.222.10 192.168.222.250 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.10.04 11:02:54 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe [2011.10.04 08:36:00 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\f-secure [2011.10.04 08:35:55 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure [2011.09.30 14:31:45 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Malwarebytes [2011.09.30 14:31:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.09.30 14:31:38 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.09.30 12:12:43 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CleanUp! [2011.09.30 12:12:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CleanUp! [2011.09.30 12:12:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CleanUp! [2011.09.30 10:29:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011.09.30 10:29:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2011.09.30 10:26:09 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.09.30 09:45:46 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys [2011.09.30 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2011.09.30 09:43:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft [2011.09.30 09:43:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2011.09.30 09:23:16 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2011.09.30 09:13:42 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt [2011.09.30 08:13:21 | 000,000,000 | ---D | C] -- C:\ProgramData\BabylonUpdater [2011.09.30 08:13:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Corsair Addon [2011.09.30 08:00:43 | 000,000,000 | ---D | C] -- C:\Windows\system64 [2011.09.29 14:04:52 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Babylon [2011.09.29 14:04:52 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Babylon [2011.09.29 14:04:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2011.09.29 13:49:46 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\SQL Anywhere 12 [2011.09.29 13:49:11 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DBISQL 12.0.1 [2011.09.29 13:48:57 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Sybase Central 6.1.0 [2011.09.29 13:48:57 | 000,000,000 | ---D | C] -- C:\Users\*****\sybase [2011.09.29 13:47:43 | 000,000,000 | ---D | C] -- C:\ProgramData\SQL Anywhere 12 [2011.09.27 13:12:25 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\***** KV [2011.09.27 12:42:06 | 000,000,000 | ---D | C] -- C:\Rechnungen [2011.09.27 12:37:32 | 000,000,000 | ---D | C] -- C:\Projektverwaltung [2011.09.22 09:59:23 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\History [2011.09.22 09:54:22 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Macrovision [2011.09.22 09:49:35 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Programs [2011.09.22 09:48:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SAP BusinessObjects [2011.09.22 09:48:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Macrovision [2011.09.19 08:11:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Identity Foundation SDK v4.0 [2011.09.19 08:11:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Identity Foundation SDK [2011.09.19 08:10:27 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Identity Foundation [2011.09.19 08:10:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Identity Foundation [2011.09.16 15:07:53 | 000,000,000 | ---D | C] -- C:\Data [2011.09.14 14:21:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\T4 Toolbox [2011.09.14 14:02:59 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\tangible T4 Editor 2010 [2011.09.14 14:00:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\tangible engineering [2011.09.13 17:05:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2011.09.13 17:05:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2011.09.13 17:05:08 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2011.09.13 17:05:08 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2011.09.13 17:05:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2011.09.13 17:05:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2011.09.13 17:05:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2011.09.13 09:14:34 | 000,000,000 | ---D | C] -- C:\Program Files\XING Connector [2011.09.12 12:42:52 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Foxit Software [2011.09.12 10:53:01 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Sentinel [2011.09.12 10:53:00 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ray Hayes [2011.09.12 10:52:51 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Deployment [2011.09.12 10:52:51 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Apps [2011.09.09 13:10:05 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Microsoft Games [2011.09.09 11:17:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games [2011.09.07 10:48:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SubMain [2011.09.07 10:48:18 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\SubMain [2011.09.06 09:40:08 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft Corporation [2011.09.06 09:38:31 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft FxCop [2011.09.06 08:19:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Calendar Sync [2011.09.05 10:17:13 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ [2011.09.05 10:17:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ [2011.09.05 10:17:12 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Notepad++ [2011.09.05 08:25:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader 5.0 [1 C:\Users\*****\*.tmp files -> C:\Users\*****\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.10.04 11:03:59 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4156446721-3000611855-1053913913-1240UA.job [2011.10.04 11:02:54 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe [2011.10.04 08:14:24 | 000,018,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.10.04 08:14:24 | 000,018,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.10.04 08:11:30 | 002,156,692 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.10.04 08:11:30 | 000,898,324 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.10.04 08:11:30 | 000,841,406 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.10.04 08:11:30 | 000,221,386 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.10.04 08:11:30 | 000,189,490 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.10.04 08:07:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.10.04 08:07:15 | 3205,750,784 | -HS- | M] () -- C:\hiberfil.sys [2011.09.30 17:23:20 | 000,002,026 | -H-- | M] () -- C:\Users\*****\Documents\Default.rdp [2011.09.30 17:04:00 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4156446721-3000611855-1053913913-1240Core.job [2011.09.30 09:45:46 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys [2011.09.30 09:15:00 | 000,000,028 | ---- | M] () -- C:\Windows\ODBC.INI [2011.09.29 17:21:04 | 000,026,748 | ---- | M] () -- C:\Users\*****\Desktop\domains_2011-09-29.csv [2011.09.29 13:50:31 | 000,348,160 | ---- | M] () -- C:\Users\*****\Documents\Database3.accdb [2011.09.29 13:10:20 | 000,348,160 | ---- | M] () -- C:\Users\*****\Documents\Database2.accdb [2011.09.29 13:09:49 | 000,352,256 | ---- | M] () -- C:\Users\*****\Documents\Database1.accdb [2011.09.26 07:58:03 | 000,340,824 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.09.19 17:26:19 | 002,133,650 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.09.19 17:18:02 | 008,382,336 | ---- | M] () -- C:\Users\*****\Desktop\kv-data-export.sql [2011.09.13 17:05:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2011.09.13 17:05:06 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2011.09.13 17:05:06 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2011.09.13 17:05:06 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2011.09.13 09:10:36 | 000,038,400 | ---- | M] () -- C:\Users\*****\Documents\Mirko Schlepper.msg [2011.09.06 08:19:46 | 000,001,056 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk [1 C:\Users\*****\*.tmp files -> C:\Users\*****\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.09.29 13:50:09 | 000,348,160 | ---- | C] () -- C:\Users\*****\Documents\Database3.accdb [2011.09.29 13:48:55 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI [2011.09.29 13:09:54 | 000,348,160 | ---- | C] () -- C:\Users\*****\Documents\Database2.accdb [2011.09.29 13:07:03 | 000,352,256 | ---- | C] () -- C:\Users\*****\Documents\Database1.accdb [2011.09.29 12:53:58 | 000,026,748 | ---- | C] () -- C:\Users\*****\Desktop\domains_2011-09-29.csv [2011.09.19 15:43:08 | 008,382,336 | ---- | C] () -- C:\Users\*****\Desktop\kv-data-export.sql [2011.09.15 09:46:15 | 000,002,661 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2007 Content Control Toolkit.lnk [2011.09.13 09:10:36 | 000,038,400 | ---- | C] () -- C:\Users\*****\Documents\Mirko Schlepper.msg [2011.09.06 08:19:46 | 000,001,056 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk [2011.08.31 14:07:08 | 002,133,650 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.08.31 11:57:35 | 000,002,958 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011.08.31 11:57:28 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.05.31 22:06:38 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.03.18 01:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat < End of report > Code:
ATTFilter OTL Extras logfile created on: 04.10.2011 11:04:16 - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\*****\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,98 Gb Total Physical Memory | 0,99 Gb Available Physical Memory | 24,86% Memory free
7,96 Gb Paging File | 4,51 Gb Available in Paging File | 56,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 107,03 Gb Total Space | 61,63 Gb Free Space | 57,58% Space Free | Partition Type: NTFS
Drive J: | 931,51 Gb Total Space | 931,32 Gb Free Space | 99,98% Space Free | Partition Type: NTFS
Drive U: | 109,90 Gb Total Space | 79,58 Gb Free Space | 72,41% Space Free | Partition Type: NTFS
Drive X: | 698,60 Gb Total Space | 375,61 Gb Free Space | 53,77% Space Free | Partition Type: NTFS
Drive Z: | 698,60 Gb Total Space | 375,61 Gb Free Space | 53,77% Space Free | Partition Type: NTFS
Computer Name: ***** | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)
"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
"{0C6C4C8A-3B96-4681-90BA-0E15CDE96298}" = Microsoft SQL Server 2008 Management Studio
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{108C8C1D-DA02-4A6C-94CD-5603F6A6FC72}" = Microsoft SQL Server 2008 Management Studio
"{11538652-E5E4-37F1-86D7-418871E45292}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
"{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
"{1DD03A94-C815-46EF-A43A-B36694002A7C}" = TortoiseSVN 1.6.16.21511 (64 bit)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{3CD25975-A787-4E44-9990-DBE887266DF9}" = SAP Crystal Reports runtime engine for .NET Framework 4 (64-bit)
"{471AAD2C-9078-4DAC-BD43-FA10FB7C3FCE}" = Microsoft SQL Server 2008 R2 Native Client
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5134B35A-B559-4762-94A4-FD4918977953}" = Microsoft Web Deploy 2.0
"{5318020E-E32C-4A33-BC8D-EEF5CC2F6CA1}" = Microsoft SQL Server 2008 Database Engine Services
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{5D8C383D-D98F-1022-AD2A-FA8611EFFB9A}" = ATI Catalyst Install Manager
"{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
"{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
"{81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x64
"{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)
"{88BAE373-00F4-3E33-828F-96E89E5E0CB9}" = Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
"{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8FF0ACBD-17A5-3637-95F4-D7C69723E2BF}" = Microsoft Visual Studio 2010 Performance Collection Tools SP1 - ENU
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{92D1DBE7-E604-4287-AE3F-12F1B9E9A6FF}" = PostSharp 2.1 [2.1.3.3]
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9FFAE13C-6160-4DD0-A67A-DAC5994F81BD}" = Microsoft SQL Server 2008 Database Engine Services
"{C9F697B9-FAC8-4B76-9D3D-40FA3BFA4F9E}" = Microsoft SQL Server System CLR Types (x64)
"{CC4878C0-4A6A-49CD-AAA7-DD3FCB06CC84}" = Microsoft Web Platform Installer 3.0
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{CCBF4FD7-F4D2-4DB0-BC0E-F4EC42220EFF}" = Microsoft SQL Server Compact 4.0 x64 DEU
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{D57519D3-2E37-3E34-94AF-4D59BFAB87E6}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
"{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared
"{E016AA48-A21B-4728-9BD0-E3AAE23BEE5F}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
"{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"{FC17405E-5192-4092-90A6-6054527682E8}" = Microsoft SQL Server 2008 Setup Support Files
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"XING Connector" = XING Connector 1.2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01C5A10F-AD9B-405B-853A-6659841A1242}" = Microsoft SQL Server 2008 Policies
"{05855322-BE43-41FE-B583-D3AE0C326D58}" = Microsoft Silverlight 4 SDK
"{07AC2D83-E795-4AD5-970D-B9BD14A1E411}" = Microsoft ASP.NET MVC 3 - DEU
"{07FDF5D7-26D6-4EAD-843A-8E0EF6A9C4CA}" = SAP Crystal Reports, version for Visual Studio 2010
"{09C52940-A4D1-4409-A7CC-1AAE630CF578}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{0BD0F49E-C5B3-4FE0-A792-DCD61AEE93CF}" = Windows Identity Foundation SDK 4.0
"{0BE273CD-AAB9-361B-8C32-D955EAC929E3}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1
"{0FDCF6BC-AB79-4CEF-9A7D-01FD838A6C61}" = JetBrains ReSharper 6.0
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{134A5765-D59B-4160-8C70-B84BF9F53DF9}" = GhostDoc
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{171D8D76-3F05-455A-A8AF-C561C2679905}" = Open XML SDK 2.0 for Microsoft Office
"{17C1E9D2-E0AF-8C9B-3B21-F004E9439C92}" = HydraVision
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{1AA5BD63-6614-44B2-88A7-605191EDB835}" = Dotfuscator Software Services - Community Edition
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27
"{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3AF095EF-23B3-4C6A-BBA1-4C1EB663DAF8}" = TI USB3 Host Driver
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{433E2032-D3E0-46FF-BAA4-0976F333C1E4}" = IIS 7.5 Express
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
"{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}" = Microsoft ASP.NET Web Pages
"{64CDE8F2-3791-46F5-BAD2-72FFF5252FAB}" = Microsoft SQL Server Compact 3.5 SP1 Query Tools English
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}" = Microsoft SQL Server 2008 R2 Management Objects
"{796B123F-6F7D-4E2D-BF9F-C7DB4310F2AF}" = Microsoft Visual Studio 2010 Moles (x86) 0.94.51023.0
"{7A56D81D-6406-40E7-9184-8AC1769C4D69}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{8358BF83-1D14-48B5-B13C-B72AD3F5DB48}" = T4 Toolbox
"{850DA431-7258-4517-8FD1-6B3949EDB5DA}" = Microsoft ASP.NET MVC 3 - Visual Studio 2010 Tools Update - DEU
"{85467CBC-7A39-33C9-8940-D72D9269B84F}" = Microsoft Visual F# 2.0 Runtime
"{877B76B2-F83F-4F5A-B28D-3F398641ADB6}" = Microsoft SQL Server System CLR Types
"{889559E3-6A1B-4504-88D4-31B848E89153}" = tangible T4 editor plus modeling tools 2010
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{93EEC4E9-EEFE-4027-ACD3-6E8C1D085975}" = Microsoft ASP.NET Web Pages - DEU
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A5630CB0-6D3C-4C93-9A51-03BEB835A982}" = NuGet
"{A879B90E-B62C-4DA4-9C3F-79A1A6CFAAF9}" = Microsoft ASP.NET Web Pages - Visual Studio 2010 Tools
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{BC0464FA-A0BA-3E38-85BF-DC5B3A401F48}" = Microsoft Visual Studio 2010 Ultimate - ENU
"{BC537AE0-88AF-47ED-B762-33B0D62B5188}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{CE0BC6F4-51E1-43EF-9D4B-CC7859F53B3E}" = Microsoft ASP.NET Web Pages - Visual Studio 2010 Tools - DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D1DC6950-AB46-4EA0-B9B6-6778E9A7F6AE}" = Visual Studio 2010 SP1 Tools für SQL Server Compact 4.0 DEU
"{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}" = WCF RIA Services V1.0 SP1
"{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}" = Microsoft ASP.NET MVC 3
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E9BA84A4-77A2-E8E7-8CB8-1CAA190CAD93}" = Catalyst Control Center InstallProxy
"{ED780CA9-0687-3C12-B439-3369F224941F}" = Microsoft Visual Studio 2010 Service Pack 1
"{EFCDC354-00BA-4D01-A6AF-AF3311DA9F44}" = Word 2007 Content Control Toolkit
"{FC909837-27D0-4FB4-8653-00F63EB70D74}" = Microsoft ASP.NET MVC 3 - Visual Studio 2010 Tools Update
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"CleanUp!" = CleanUp!
"Corsair Addon" = Corsair Addon
"Foxit Reader_is1" = Foxit Reader 5.0
"Google Calendar Sync" = Google Calendar Sync
"InstallShield_{3AF095EF-23B3-4C6A-BBA1-4C1EB663DAF8}" = TI USB 3.0 Host Controller Driver
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Microsoft Visual Studio 2010 Ultimate - ENU" = Microsoft Visual Studio 2010 Ultimate - ENU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Mozilla Firefox 6.0.1 (x86 de)" = Mozilla Firefox 6.0.1 (x86 de)
"Notepad++" = Notepad++
"Opera 11.51.1087" = Opera 11.51
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"34e04426584e5a35" = Sentinel
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 28.09.2011 10:45:44 | Computer Name = *****.***** | Source = VSTTExecution | ID = 0
Description =
Error - 29.09.2011 02:03:02 | Computer Name = *****.***** | Source = Chrome | ID = 1
Description =
Error - 29.09.2011 02:26:31 | Computer Name = *****.***** | Source = IIS Express | ID = 2269
Description = Der Arbeitsprozess für Anwendungspool "Clr4IntegratedAppPool", PID="5992",
konnte für die Verarbeitung von HTTP-Anforderungen keine http.sys-Kommunikation
initialisieren. Er wird daher von W3SVC als fehlerhaft eingestuft und beendet.
Das Datenfeld enthält die Fehlernummer.
Error - 29.09.2011 02:26:32 | Computer Name = *****.***** | Source = IIS Express | ID = 2276
Description = Der Arbeitsprozess wurde nicht ordnungsgemäß initialisiert und konnte
daher nicht gestartet werden. Die Daten enthalten Fehlerinformationen.
Error - 29.09.2011 02:27:55 | Computer Name = *****.***** | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 30.09.2011 06:18:58 | Computer Name = *****.***** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: devenv.exe, Version: 10.0.40219.1,
Zeitstempel: 0x4d5f2a73 Name des fehlerhaften Moduls: clr.dll, Version: 4.0.30319.237,
Zeitstempel: 0x4dd234a8 Ausnahmecode: 0xc0000409 Fehleroffset: 0x0052cc81 ID des fehlerhaften
Prozesses: 0x1a8c Startzeit der fehlerhaften Anwendung: 0x01cc7f5a58508c0a Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\devenv.exe
Pfad
des fehlerhaften Moduls: C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll Berichtskennung:
9b958e5c-eb4d-11e0-92e4-e06995d107cf
Error - 30.09.2011 06:19:51 | Computer Name = *****.***** | Source = Application Hang | ID = 1002
Description = Programm devenv.exe, Version 10.0.40219.1 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1304 Startzeit:
01cc7f5775268e9a Endzeit: 230 Anwendungspfad: C:\Program Files (x86)\Microsoft Visual
Studio 10.0\Common7\IDE\devenv.exe Berichts-ID:
Error - 30.09.2011 09:32:05 | Computer Name = *****.***** | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 30.09.2011 10:07:57 | Computer Name = *****.***** | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 04.10.2011 02:29:26 | Computer Name = *****.***** | Source = Customer Experience Improvement Program | ID = 1008
Description =
[ System Events ]
Error - 04.10.2011 02:07:19 | Computer Name = *****.***** | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem Domänencontroller
in der Domäne ***** aufgrund der folgenden Ursache nicht einrichten: %%1311 Dies
kann zu Authentifizierungsproblemen führen. Stellen Sie sicher, dass der Computer
mit dem Netzwerk verbunden ist. Wenden Sie sich an den Domänenadministrator, wenn
das Problem weiterhin besteht. ZUSÄTZLICHE INFORMATIONEN Wenn dieser Computer ein
Domänencontroller der bestimmten Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator
in der bestimmten Domäne eingerichtet. Andernfalls richtet dieser Computer eine
sichere Sitzung zu einem beliebigen Domänencontroller in der bestimmten Domäne ein.
Error - 04.10.2011 02:07:18 | Computer Name = *****.***** | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 04.10.2011 02:07:18 | Computer Name = *****.***** | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 04.10.2011 02:07:19 | Computer Name = *****.***** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows-Firewallautorisierungstreiber" wurde aufgrund
folgenden Fehlers nicht gestartet: %%183
Error - 04.10.2011 02:07:19 | Computer Name = *****.***** | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows-Firewall" ist vom Dienst "Windows-Firewallautorisierungstreiber"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%183
Error - 04.10.2011 02:07:22 | Computer Name = *****.***** | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
Error - 04.10.2011 02:07:41 | Computer Name = *****.***** | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
Error - 04.10.2011 02:36:01 | Computer Name = *****.***** | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\ASPRIN~1\AppData\Local\Temp\OnlineScanner\Anti-Vir
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 04.10.2011 02:45:54 | Computer Name = *****.***** | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\ASPRIN~1\AppData\Local\Temp\OnlineScanner\Anti-Vir
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 04.10.2011 03:53:27 | Computer Name = *****.***** | Source = Microsoft-Windows-GroupPolicy | ID = 1030
Description = Fehler bei der Verarbeitung der Gruppenrichtlinie. Es wurde versucht,
neue Gruppenrichtlinieneinstellungen für diesen Benutzer oder Computer abzurufen.
Den Fehlercode und eine Beschreibung finden Sie auf der Registerkarte "Details".
Dieser Vorgang wird automatisch beim nächsten Aktualisierungszyklus wiederholt.
Computer, die der Domäne beigetreten sind, müssen über eine geeignete Namensauflösung
sowie über eine Netzwerkverbindung zu einem Domänencontroller zum Ermitteln von
neuen Gruppenrichtlinienobjekten und -einstellungen verfügen. Wenn die Gruppenrichtlinie
erfolgreich ist, wird ein Ereignis protokolliert.
< End of report >
|
|
04.10.2011, 10:52
| #4 |
| /// Malware-holic | Spyware - Google Suche wird weitergeleitet hiho na man kann ja nicht alle programme kennen :-) versuche mal über software die babylon toolbar zu instalieren. öffne malwarebytes, poste alle logs. führe keine programme mehr auf eigene faust aus, sonst wird mir die arbeit nur unnötig schwerer gemacht achtung! dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..keyword.URL: "hxxp://zinkwink.com/?clid=496a857882734ef5adb4ef6f34c86cfcprt=corsairzwbhotmp=nemo_resultskeywords="
:Files
:Commands
[purity]
[EMPTYFLASH]
[resethosts]
[emptytemp]
[Reboot]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.10.2011, 11:18
| #5 |
| | Spyware - Google Suche wird weitergeleitet Ich habe dein Script gerade ausgeführt. Nachdem OLT.exe den Computer neustarten wollte, habe ich dies zugelassen. Beim Versuch Windows zu starten, ist der Computer allerdings stehen geblieben und hat sich einfach neu gestartet (Noch bevor man sich einloggen konnte). Durch die Wiederherstellungs- Funktion habe ich den Rechner wieder auf den Stand von heute morgen gebracht. Jetzt lässt er sich wieder starten, dass Problem, mit der Google-Suche weiterleitung, besteht allerdings immernoch. Die Textdatei die ich hier reinkopieren sollte, existiert daher nicht. |
|
04.10.2011, 11:23
| #6 |
| /// Malware-holic | Spyware - Google Suche wird weitergeleitet ok. dann folgendes: bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________ --> Spyware - Google Suche wird weitergeleitet |
|
04.10.2011, 11:47
| #7 |
| | Spyware - Google Suche wird weitergeleitet Ich habe combofix jetzt ausgeführt und habe folgende LogFile erhalten Code:
ATTFilter ComboFix 11-10-04.02 - ***** 04.10.2011 12:40:27.1.4 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.4076.2811 [GMT 2:00]
ausgeführt von:: c:\users\*****\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Virenschutz *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\consrv.dll
c:\windows\System64
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-09-04 bis 2011-10-04 ))))))))))))))))))))))))))))))
.
.
2011-10-04 10:42 . 2011-10-04 10:42 -------- d-----w- c:\users\jhellmeier\AppData\Local\temp
2011-10-04 10:08 . 2011-09-13 00:26 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{89914BF0-99CA-4FD5-8328-58B6E9B15827}\mpengine.dll
2011-10-04 10:01 . 2011-10-04 10:01 -------- d-----w- C:\_OTL
2011-10-04 06:36 . 2011-10-04 06:36 -------- d-----w- c:\users\*****\AppData\Roaming\f-secure
2011-09-30 12:31 . 2011-09-30 12:31 -------- d-----w- c:\users\*****\AppData\Roaming\Malwarebytes
2011-09-30 12:31 . 2011-09-30 12:31 -------- d-----w- c:\programdata\Malwarebytes
2011-09-30 10:12 . 2011-10-04 11:05 -------- d-----w- c:\program files (x86)\CleanUp!
2011-09-30 08:29 . 2011-10-04 11:05 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-09-30 08:29 . 2011-09-30 09:59 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-09-30 08:17 . 2011-09-30 07:45 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-09-30 07:45 . 2011-09-30 07:45 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-09-30 07:43 . 2011-10-04 11:05 -------- dc----w- c:\windows\system32\DRVSTORE
2011-09-30 07:43 . 2011-08-18 13:25 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-09-30 07:43 . 2011-09-30 07:43 -------- d-----w- c:\program files (x86)\Lavasoft
2011-09-30 07:43 . 2011-10-04 11:05 -------- d-----w- c:\programdata\Lavasoft
2011-09-30 07:13 . 2011-09-30 07:13 -------- d-----w- c:\windows\system32\appmgmt
2011-09-30 06:13 . 2011-09-30 06:13 -------- d-----w- c:\program files (x86)\Corsair Addon
2011-09-29 12:04 . 2011-09-29 12:04 -------- d-----w- c:\users\*****\AppData\Roaming\Babylon
2011-09-29 12:04 . 2011-09-29 12:04 -------- d-----w- c:\users\*****\AppData\Local\Babylon
2011-09-29 12:04 . 2011-09-29 12:04 -------- d-----w- c:\programdata\Babylon
2011-09-29 11:49 . 2011-09-29 11:49 -------- d-----w- c:\users\*****\AppData\Roaming\SQL Anywhere 12
2011-09-29 11:48 . 2011-09-30 07:14 -------- d-----w- c:\users\*****\sybase
2011-09-29 11:47 . 2011-09-30 07:15 -------- d-----w- c:\programdata\SQL Anywhere 12
2011-09-27 10:42 . 2011-09-27 11:11 -------- d-----w- C:\Rechnungen
2011-09-27 10:37 . 2011-09-27 10:37 -------- d-----w- C:\Projektverwaltung
2011-09-22 07:54 . 2011-09-22 07:54 -------- d-----w- c:\users\*****\AppData\Roaming\Macrovision
2011-09-22 07:49 . 2011-09-22 07:49 -------- d-sh--we c:\windows\SysWow64\config\systemprofile\Lokale Einstellungen
2011-09-22 07:49 . 2011-09-22 07:49 -------- d-sh--we c:\windows\SysWow64\config\systemprofile\Anwendungsdaten
2011-09-22 07:49 . 2011-09-22 07:49 -------- d-----w- c:\users\*****\AppData\Local\Programs
2011-09-22 07:48 . 2011-09-22 07:49 -------- d-----w- c:\program files (x86)\SAP BusinessObjects
2011-09-22 07:48 . 2011-09-22 07:48 -------- d-----w- c:\programdata\Macrovision
2011-09-19 06:11 . 2011-09-19 06:11 -------- d-----w- c:\program files (x86)\Windows Identity Foundation SDK
2011-09-19 06:10 . 2011-09-19 06:10 -------- d-----w- c:\program files\Windows Identity Foundation
2011-09-19 06:10 . 2011-09-19 06:10 -------- d-----w- c:\program files (x86)\Windows Identity Foundation
2011-09-16 13:07 . 2011-09-19 06:20 -------- d-----w- C:\Data
2011-09-14 12:21 . 2011-09-14 12:21 -------- d-----w- c:\program files (x86)\T4 Toolbox
2011-09-14 12:02 . 2011-09-14 12:02 -------- d-----w- c:\users\*****\AppData\Local\tangible T4 Editor 2010
2011-09-14 12:00 . 2011-09-14 12:00 -------- d-----w- c:\program files (x86)\tangible engineering
2011-09-13 15:05 . 2011-09-13 15:05 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-09-13 15:05 . 2011-09-13 15:05 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-13 15:05 . 2011-09-13 15:05 -------- d-----w- c:\program files (x86)\Java
2011-09-13 12:58 . 2011-09-13 12:58 -------- d-----w- c:\users\*****\51FB15F4AD2743BCAD4BDD0354FB6BBD.TMP
2011-09-13 07:14 . 2011-09-13 07:14 -------- d-----w- c:\program files\XING Connector
2011-09-12 10:42 . 2011-09-12 10:42 -------- d-----w- c:\users\*****\AppData\Roaming\Foxit Software
2011-09-12 08:53 . 2011-09-12 09:11 -------- d-----w- c:\users\*****\AppData\Roaming\Sentinel
2011-09-12 08:52 . 2011-09-16 11:13 -------- d-----w- c:\users\*****\AppData\Local\Deployment
2011-09-12 08:52 . 2011-09-12 08:52 -------- d-----w- c:\users\*****\AppData\Local\Apps
2011-09-09 11:10 . 2011-09-09 11:14 -------- d-----w- c:\users\*****\AppData\Local\Microsoft Games
2011-09-09 09:17 . 2011-09-09 09:17 -------- d-----w- c:\program files\Microsoft Games
2011-09-07 08:48 . 2011-09-07 08:48 -------- d-----w- c:\program files (x86)\SubMain
2011-09-06 07:40 . 2011-09-06 07:40 -------- d-----w- c:\users\*****\AppData\Roaming\Microsoft Corporation
2011-09-06 07:38 . 2011-09-06 07:38 -------- d-----w- c:\users\*****\AppData\Roaming\Microsoft FxCop
2011-09-05 08:17 . 2011-09-15 09:44 -------- d-----w- c:\users\*****\AppData\Roaming\Notepad++
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-19 06:12 . 2011-08-31 12:09 2495264 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2011-08-31 12:53 . 2011-08-31 12:53 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-08-31 12:53 . 2011-08-31 12:53 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-08-31 12:53 . 2011-08-31 12:53 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-08-31 12:53 . 2011-08-31 12:53 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-08-31 12:53 . 2011-08-31 12:53 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-08-31 12:53 . 2011-08-31 12:53 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-08-31 12:53 . 2011-08-31 12:53 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-08-31 12:53 . 2011-08-31 12:53 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-08-31 12:53 . 2011-08-31 12:53 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-08-31 12:53 . 2011-08-31 12:53 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-08-31 12:53 . 2011-08-31 12:53 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-08-31 12:53 . 2011-08-31 12:53 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-08-31 12:53 . 2011-08-31 12:53 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-08-31 12:53 . 2011-08-31 12:53 448512 ----a-w- c:\windows\system32\html.iec
2011-08-31 12:53 . 2011-08-31 12:53 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-08-31 12:53 . 2011-08-31 12:53 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-08-31 12:53 . 2011-08-31 12:53 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-08-31 12:53 . 2011-08-31 12:53 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-31 12:53 . 2011-08-31 12:53 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-08-31 12:53 . 2011-08-31 12:53 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-31 12:53 . 2011-08-31 12:53 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-08-31 12:53 . 2011-08-31 12:53 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-08-31 12:53 . 2011-08-31 12:53 222208 ----a-w- c:\windows\system32\msls31.dll
2011-08-31 12:53 . 2011-08-31 12:53 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-08-31 12:53 . 2011-08-31 12:53 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-08-31 12:53 . 2011-08-31 12:53 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-08-31 12:53 . 2011-08-31 12:53 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-08-31 12:53 . 2011-08-31 12:53 160256 ----a-w- c:\windows\system32\wextract.exe
2011-08-31 12:53 . 2011-08-31 12:53 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-08-31 12:53 . 2011-08-31 12:53 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-08-31 12:53 . 2011-08-31 12:53 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-31 12:53 . 2011-08-31 12:53 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-08-31 12:53 . 2011-08-31 12:53 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-08-31 12:53 . 2011-08-31 12:53 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-08-31 12:53 . 2011-08-31 12:53 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-08-31 12:53 . 2011-08-31 12:53 12288 ----a-w- c:\windows\system32\mshta.exe
2011-08-31 12:53 . 2011-08-31 12:53 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-08-31 12:53 . 2011-08-31 12:53 114176 ----a-w- c:\windows\system32\admparse.dll
2011-08-31 12:53 . 2011-08-31 12:53 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-08-31 12:53 . 2011-08-31 12:53 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-08-31 12:53 . 2011-08-31 12:53 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-08-31 12:53 . 2011-08-31 12:53 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-08-31 11:09 . 2011-08-31 11:09 159080 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin
2011-08-31 10:43 . 2011-08-31 10:43 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-31 09:24 . 2011-08-31 09:24 405064 ----a-w- c:\windows\system32\drivers\tixhci.sys
2011-08-31 09:24 . 2011-08-31 09:24 131656 ----a-w- c:\windows\system32\drivers\tihub3.sys
2011-07-16 05:26 . 2011-08-31 10:47 362496 ----a-w- c:\windows\system32\wow64win.dll
2011-07-16 05:26 . 2011-08-31 10:47 243200 ----a-w- c:\windows\system32\wow64.dll
2011-07-16 05:26 . 2011-08-31 10:47 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2011-07-16 05:26 . 2011-08-31 10:47 214528 ----a-w- c:\windows\system32\winsrv.dll
2011-07-16 05:24 . 2011-08-31 10:47 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2011-07-16 05:21 . 2011-08-31 10:47 422400 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 05:17 . 2011-08-31 10:47 338432 ----a-w- c:\windows\system32\conhost.exe
2011-07-16 05:04 . 2011-08-31 10:47 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 05:04 . 2011-08-31 10:47 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 05:04 . 2011-08-31 10:47 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 05:04 . 2011-08-31 10:47 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 05:04 . 2011-08-31 10:47 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 05:04 . 2011-08-31 10:47 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 05:04 . 2011-08-31 10:47 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 05:04 . 2011-08-31 10:47 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 05:04 . 2011-08-31 10:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 05:04 . 2011-08-31 10:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 05:04 . 2011-08-31 10:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 05:04 . 2011-08-31 10:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 05:04 . 2011-08-31 10:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 05:04 . 2011-08-31 10:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 05:04 . 2011-08-31 10:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 05:04 . 2011-08-31 10:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 05:04 . 2011-08-31 10:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-16 05:04 . 2011-08-31 10:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 05:04 . 2011-08-31 10:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 05:04 . 2011-08-31 10:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 05:04 . 2011-08-31 10:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 05:04 . 2011-08-31 10:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 05:04 . 2011-08-31 10:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 05:04 . 2011-08-31 10:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 05:04 . 2011-08-31 10:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 05:04 . 2011-08-31 10:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 05:04 . 2011-08-31 10:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 05:04 . 2011-08-31 10:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 04:36 . 2011-08-31 10:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2011-07-16 04:32 . 2011-08-31 10:47 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-16 04:31 . 2011-08-31 10:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2011-07-16 04:30 . 2011-08-31 10:47 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2011-07-16 04:30 . 2011-08-31 10:47 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll
2011-07-16 04:19 . 2011-08-31 10:47 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:19 . 2011-08-31 10:47 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:19 . 2011-08-31 10:47 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:19 . 2011-08-31 10:47 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:19 . 2011-08-31 10:47 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:19 . 2011-08-31 10:47 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:19 . 2011-08-31 10:47 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:19 . 2011-08-31 10:47 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:19 . 2011-08-31 10:47 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:19 . 2011-08-31 10:47 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:19 . 2011-08-31 10:47 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:19 . 2011-08-31 10:47 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:19 . 2011-08-31 10:47 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{B4FBA8C3-2083-4ED8-A35B-148478739826}"= "c:\program files (x86)\Corsair Addon\corsair.DLL" [2011-09-22 797184]
.
[HKEY_CLASSES_ROOT\clsid\{b4fba8c3-2083-4ed8-a35b-148478739826}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-09-26 17353352]
"smtp4dev"="J:\smtp4dev.exe" [2011-08-11 557056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-04-29 284440]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - j:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-4156446721-3000611855-1053913913-1240\Scripts\Logon\0\0]
"Script"=login.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-4156446721-3000611855-1053913913-1305\Scripts\Logon\0\0]
"Script"=login.bat
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-29 13592]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-09-30 2151640]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 c2wts;Claims to Windows Token Service;c:\program files\Windows Identity Foundation\v3.5\c2wtshost.exe [2010-02-02 15768]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-09-30 17152]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-18 68440]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys [x]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 MsDepSvc;Webbereitstellungs-Agent-Dienst;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-04-01 67400]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 tihub3;TI USB3 Hub Service;c:\windows\system32\DRIVERS\tihub3.sys [x]
S3 tixhci;TI XHCI Service;c:\windows\system32\DRIVERS\tixhci.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Inhalt des "geplante Tasks" Ordners
.
2011-09-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4156446721-3000611855-1053913913-1240Core.job
- c:\users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-31 14:59]
.
2011-09-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4156446721-3000611855-1053913913-1240UA.job
- c:\users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-31 14:59]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-06-10 1128448]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"combofix"="c:\combofix\CF8220.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://isearch.babylon.com/?babsrc=HP_ss&affID=18474&mntrId=1e7e7adc000000000000e06995d107cf
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.222.10 192.168.222.250
FF - ProfilePath - c:\users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\c80nnp19.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
FF - prefs.js: keyword.URL - hxxp://zinkwink.com/?clid=496a857882734ef5adb4ef6f34c86cfc&prt=corsairzwbho&tmp=nemo_results&keywords=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-InstallShield_{3AF095EF-23B3-4C6A-BBA1-4C1EB663DAF8} - c:\program files (x86)\InstallShield Installation Information\{3AF095EF-23B3-4C6A-BBA1-4C1EB663DAF8}\Texas Instruments xHCI Driver v1.12.9 (
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-10-04 12:45:29 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-10-04 10:45
.
Vor Suchlauf: 15 Verzeichnis(se), 68.079.054.848 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 67.967.090.688 Bytes frei
.
- - End Of File - - B066ED732CD27EB312AEB5B24746A1D9
|
|
04.10.2011, 11:50
| #8 |
| /// Malware-holic | Spyware - Google Suche wird weitergeleitet 1. öffne computer, c: rechtsklick qoobox, mit winrar oder zip packen, und nach anleitung hochladen: http://www.trojaner-board.de/54791-a...ner-board.html 2. öffne malwarebytes, logdateien poste alle scan logs.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.10.2011, 12:22
| #9 |
| | Spyware - Google Suche wird weitergeleitet Ich habe Malwarebytes gerade noch mal scannen lassen. Folgende LogsFiles habe ich nun: protection-log-2011-09-30 Code:
ATTFilter 14:32:09 ***** MESSAGE Protection started successfully
14:32:12 ***** MESSAGE IP Protection started successfully
Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Datenbank Version: 7833
Windows 6.1.7600
Internet Explorer 9.0.8112.16421
30.09.2011 14:38:44
mbam-log-2011-09-30 (14-38-44).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|J:\|)
Durchsuchte Objekte: 400177
Laufzeit: 6 Minute(n), 19 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
mbam-log-2011-10-04 (13.17.12).txt Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Datenbank Version: 7863
Windows 6.1.7600
Internet Explorer 9.0.8112.16421
04.10.2011 13:17:12
mbam-log-2011-10-04 (13-17-12).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|J:\|)
Durchsuchte Objekte: 400502
Laufzeit: 6 Minute(n), 12 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
|
|
04.10.2011, 12:33
| #10 |
| /// Malware-holic | Spyware - Google Suche wird weitergeleitet hi, machst du onlinebanking einkäufe oder sonst was wichtiges, beruflich oder privat mit diesem pc?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.10.2011, 12:39
| #11 |
| | Spyware - Google Suche wird weitergeleitet Das ist mein "Arbeits-PC". Onlinebanking oder Einkäufe führe ich allerdings mit diesem Computer nicht durch. |
|
04.10.2011, 12:41
| #12 |
| | Spyware - Google Suche wird weitergeleitet Hi, das ist mein "Arbeits-PC". Onlinebanking oder Einkäufe führe ich allerdings nicht durch mit diesem Computer |
|
04.10.2011, 12:45
| #13 |
| /// Malware-holic | Spyware - Google Suche wird weitergeleitet dieser pc muss neu aufgesetzt werden. er hat das max++ rootkit (zero access rootkit) an board. je nach dem welche daten dort gespeichert sind, ist das sehr schlecht, da quasi alles an außenstehende gelangt sein kann. ich sehe auch keine av software, welche nutzt ihr denn?dieser pc muss neu aufgesetzt werden. er hat das max++ rootkit (zero access rootkit) an board. je nach dem welche daten dort gespeichert sind, ist das sehr schlecht, da quasi alles an außenstehende gelangt sein kann. nutzt ihr keine antimalware software, ich sehe keine. je nach dem wie sensibel eure daten sind, kundenddaten zb, wäre ein kostenpflichtiges av + evtl. firewall von nöten, kann euch da sicher beraten falls gewünscht. desweiteren kann ich weitere sicherheitsmaßnamen aufzeigen. nach dem neu aufsetzen müssen alle passwörter geendert werden
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.10.2011, 13:02
| #14 |
| | Spyware - Google Suche wird weitergeleitet Vielen Dank für die kompetente Hilfe. Ich werde den Computer wohl neu aufsetzen lassen. Welche Security-Software eingesetzt wird weiß ich gar nicht. Wurde alles von der Technik eingerichtet. Sensible Daten gibt es auf dem Rechner eigentlich keine. |
|
04.10.2011, 13:10
| #15 |
| /// Malware-holic | Spyware - Google Suche wird weitergeleitet ich sehe überhaupt keine. wenn ihr keine solche software nutzt, dann würd ich emsisoft vorschlagen. Emsisoft Anti-Malware für besten Schutz - Gratis Malware Entfernung von Viren, Bots, Spyware, Keylogger, Trojaner und Rootkits die neue version 6 kommt bald raus, und die hab ich getestet, die blocken alles an neuen rootkits und sonstiger malware was man so auf sie los lässt. http://download10.emsisoft.com/Emsis...6BetaSetup.exe ist die neue rc, dass heißt noch nicht ganz final, aber es gibt nur noch sehr wenige fehler. man hat natürlich 30 tage test version.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Spyware - Google Suche wird weitergeleitet |
| bho, browser, dll, excel, explorer, frage, frame, google, helper, hijack, hijackthis, internet, internet explorer, logfile, lsass.exe, microsoft, notification, object, plug-in, rundll, security, seiten, software, spyware, studio, suche, visual studio, windows, wmp, öffnet |
Linear-Darstellung
