| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: PUP.FunWebProducts und Adware.MyWebSearch beseitigenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
26.11.2011, 23:29
| #3 |
 |  PUP.FunWebProducts und Adware.MyWebSearch beseitigen Hallo Daniel,
__________________ Danke, dass Du übernimmst! Schritt 1 - done Schritt 2 - done beides über Windows - Software hinzufügen/entfernen Schritt 3 - ich habe 2 posts, denn ich hatte schon einen Vollscan mit Entfernen am Laufen. Ich habe noch den Qick-Scan nachgeschoben - also hast Du 2x mbam. Mbam hat beim 2. Mal nichts mehr gefunden. Schritt 4 - done Anbei die Posts. Viele Grüße MartinOTL Logfile: Code:
ATTFilter OTL logfile created on: 26.11.2011 23:08:14 - Run 4 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Martin\My Documents\trojaner-board Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,18 Gb Available Physical Memory | 59,38% Memory free 3,33 Gb Paging File | 2,67 Gb Available in Paging File | 80,37% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 663,25 Gb Total Space | 577,53 Gb Free Space | 87,08% Space Free | Partition Type: NTFS Drive F: | 30,71 Gb Total Space | 30,64 Gb Free Space | 99,79% Space Free | Partition Type: NTFS Computer Name: MARTINS-DELL | User Name: Martin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.11.25 21:11:38 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Martin\My Documents\trojaner-board\OTL.exe PRC - [2011.11.10 08:45:10 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Internet\Mozilla Firefox\firefox.exe PRC - [2011.08.24 20:18:44 | 001,006,864 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe PRC - [2011.08.24 20:18:44 | 000,129,304 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe PRC - [2011.08.24 20:17:56 | 000,200,632 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe PRC - [2011.08.24 20:17:56 | 000,142,952 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe PRC - [2011.06.22 10:17:08 | 000,846,056 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe PRC - [2011.04.19 15:12:22 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe PRC - [2010.04.02 15:19:36 | 000,091,456 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe PRC - [2010.04.02 15:19:32 | 000,279,360 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe PRC - [2009.12.06 09:33:41 | 000,207,360 | ---- | M] (AVM Berlin) -- C:\Documents and Settings\Martin\Local Settings\Apps\2.0\C9EHGLLQ.C4N\ALC2LRRR.CLG\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\fritzbox-usb-fernanschluss.exe PRC - [2008.12.20 12:50:34 | 002,656,528 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe PRC - [2008.12.20 12:46:58 | 000,558,864 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe PRC - [2008.12.17 02:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe PRC - [2008.07.21 21:54:34 | 000,169,312 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe PRC - [2008.07.21 21:53:04 | 000,193,888 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Maxtor\Sync\SyncServices.exe PRC - [2008.04.14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006.11.13 18:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\ActiveSync\wcescomm.exe PRC - [2006.11.13 18:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\ActiveSync\rapimgr.exe PRC - [2005.11.17 04:35:16 | 000,397,312 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe ========== Modules (No Company Name) ========== MOD - [2011.11.10 08:45:08 | 001,989,592 | ---- | M] () -- C:\Program Files\Internet\Mozilla Firefox\mozjs.dll MOD - [2011.10.14 02:16:15 | 000,089,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Inter#\e4ecfb1a3e829096c44c540ce05a02b6\Vodafone.Base.Internals.ni.dll MOD - [2011.10.14 02:16:15 | 000,019,968 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Facto#\a12c3f3477aae3dfd7bfb61d75e0c5c7\Vodafone.Base.Factory.ni.dll MOD - [2011.10.14 02:16:05 | 000,080,384 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.SmsProfile#\10951a1e27cab7664bf4b602fdcf3903\Vodafone.SmsProfileManager.ni.dll MOD - [2011.10.14 02:16:05 | 000,056,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.SettingsMa#\18e3ac2ead3b694e53768e163ac90e06\Vodafone.SettingsManager.ni.dll MOD - [2011.10.14 02:16:04 | 000,327,168 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.DataAccess#\972b82c5ef1f7a4326db2221b86e7334\Vodafone.DataAccessor.ni.dll MOD - [2011.10.14 02:16:03 | 000,074,240 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.NtServiceM#\21f6c34c32d7bfaef7bde711fbae6cf1\Vodafone.NtServiceMessaging.ni.dll MOD - [2011.10.14 02:16:02 | 002,002,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\MobileBroadbandReso#\84416f6d8785323ced68168e300ef24e\MobileBroadbandResources.ni.dll MOD - [2011.10.14 02:16:01 | 000,321,024 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Win32\0171b99272bbf05b8aa4fa0579d8e2e3\Vodafone.Base.Win32.ni.dll MOD - [2011.10.14 02:16:01 | 000,181,248 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.Common\a2ae04e3ccc0f4da0c8c32300e8710e4\Vodafone.Common.ni.dll MOD - [2011.10.14 02:16:00 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll MOD - [2011.10.14 02:15:40 | 000,019,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.MobileBroa#\6f65a852f367748d2d1f12acc67b0c71\Vodafone.MobileBroadband.CallbackHandler.ni.dll MOD - [2011.10.14 02:15:36 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll MOD - [2011.10.14 02:15:35 | 000,158,208 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Contr#\afe812e99282bac2e3b8b5016ef0e2b1\Vodafone.Base.Contracts.ni.dll MOD - [2011.10.14 02:15:34 | 000,673,280 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.Data\0c93ac096f16afd41c31254cab43f3e7\Vodafone.Data.ni.dll MOD - [2011.10.14 02:15:33 | 001,368,064 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.Platform\84fdff774b00359bca0374d1bd162472\Vodafone.Platform.ni.dll MOD - [2011.10.14 02:15:31 | 000,094,720 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.LogEngine\d9f26a4527ccbaad91d7f9e60aff06ae\Vodafone.LogEngine.ni.dll MOD - [2011.10.14 02:15:30 | 001,801,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\cc5ac99e8af2738e85cda5525fdd944f\System.Deployment.ni.dll MOD - [2011.10.14 02:15:24 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll MOD - [2011.10.14 02:13:02 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll MOD - [2011.10.14 02:12:56 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll MOD - [2011.10.14 02:12:41 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll MOD - [2011.10.14 02:12:07 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\23c5852ff8ed973ff9b63ce9ba7f91f0\PresentationFramework.Royale.ni.dll MOD - [2011.10.14 02:12:00 | 014,328,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\054488924fcc579cce9fa0209dafe28b\PresentationFramework.ni.dll MOD - [2011.10.14 02:11:33 | 012,215,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\b2f0318713eca304eaa9d86fc17edb96\PresentationCore.ni.dll MOD - [2011.10.14 02:11:15 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\1adc4ae51a5ac63e896a1402749ca495\WindowsBase.ni.dll MOD - [2011.10.14 02:11:02 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll MOD - [2011.10.14 02:10:51 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll MOD - [2011.08.24 20:18:45 | 000,174,624 | ---- | M] () -- C:\Program Files\Trend Micro\UniClient\plugins\LUADLL.dll MOD - [2011.08.24 20:18:02 | 000,442,368 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\sqlite3.dll MOD - [2011.08.24 20:17:58 | 001,081,344 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\libprotobuf.dll MOD - [2011.08.24 20:17:56 | 000,057,344 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_36.dll MOD - [2011.08.24 20:17:56 | 000,049,152 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_36.dll MOD - [2011.08.24 20:17:56 | 000,012,288 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\boost_system-vc80-mt-1_36.dll MOD - [2011.03.15 06:13:46 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2011.02.04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll MOD - [2010.04.02 15:19:36 | 000,091,456 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe MOD - [2010.02.05 19:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll MOD - [2009.12.06 09:33:32 | 000,368,640 | ---- | M] () -- C:\Documents and Settings\Martin\Local Settings\Apps\2.0\C9EHGLLQ.C4N\ALC2LRRR.CLG\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\managedupnp.dll MOD - [2009.02.27 16:41:26 | 000,311,296 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.DEU MOD - [2008.12.20 12:50:34 | 002,656,528 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe MOD - [2008.12.20 12:46:58 | 000,558,864 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe MOD - [2008.04.14 01:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2008.04.14 01:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll MOD - [2005.12.19 22:08:30 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll MOD - [2003.07.30 02:27:40 | 000,078,336 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\DLBCPP5C.DLL MOD - [2002.11.26 19:43:18 | 000,106,496 | ---- | M] () -- C:\WINDOWS\system32\BrMuSNMP.dll ========== Win32 Services (SafeList) ========== SRV - [2011.08.24 20:17:56 | 000,200,632 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe -- (Amsp) SRV - [2011.06.22 10:17:08 | 000,846,056 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2011.06.12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2011.04.19 15:12:22 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService) SRV - [2010.04.02 15:19:36 | 000,091,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service) SRV - [2008.12.17 02:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2008.07.21 21:53:04 | 000,193,888 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service) SRV - [2007.03.07 20:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService) ========== Driver Services (SafeList) ========== DRV - [2011.08.24 20:18:04 | 000,205,072 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm) DRV - [2011.08.24 20:18:04 | 000,171,280 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tmnciesc.sys -- (tmnciesc) DRV - [2011.08.24 20:18:04 | 000,092,432 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi) DRV - [2011.08.24 20:18:04 | 000,084,752 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmeext.sys -- (tmeext) DRV - [2011.08.24 20:18:04 | 000,081,168 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon) DRV - [2011.08.24 20:18:04 | 000,068,368 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr) DRV - [2011.08.18 18:00:36 | 000,601,408 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter) DRV - [2011.08.18 18:00:26 | 000,125,472 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vididr.sys -- (vididr) DRV - [2011.08.18 18:00:22 | 000,083,392 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vsflt53.sys -- (vidsflt53) Acronis Disk Storage Filter (53) DRV - [2011.08.18 18:00:07 | 000,169,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman) DRV - [2011.04.18 14:43:36 | 000,114,688 | R--- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys -- (ZTEusbnet) DRV - [2011.04.18 14:43:36 | 000,105,856 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zteusbvoice.sys -- (ZTEusbvoice) DRV - [2011.04.18 14:43:36 | 000,105,856 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2011.04.18 14:43:36 | 000,105,856 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2011.04.18 14:43:36 | 000,105,856 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2011.04.18 14:43:36 | 000,009,216 | R--- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter) DRV - [2011.04.18 14:43:26 | 000,072,832 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV - [2010.09.01 13:33:12 | 000,080,000 | ---- | M] (Vodafone) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vodafone_K3805-z_dc_enum.sys -- (vodafone_K3805-z_dc_enum) DRV - [2010.07.20 17:59:06 | 000,044,928 | ---- | M] (Fengtao Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dvdfab.sys -- (dvdfab) DRV - [2010.03.11 08:36:26 | 000,024,192 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\tcpipBM.sys -- (tcpipBM) DRV - [2010.03.11 08:36:24 | 000,013,184 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\BMLoad.sys -- (BMLoad) DRV - [2010.03.10 16:25:58 | 000,020,968 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz133_x32.sys -- (cpuz133) DRV - [2009.12.18 10:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv) DRV - [2009.12.06 09:33:32 | 000,101,248 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avmaura.sys -- (avmaura) DRV - [2009.11.18 20:41:08 | 000,024,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NinjaUSB.sys -- (NinjaUSB) DRV - [2009.10.27 11:02:14 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem) DRV - [2008.12.17 07:02:06 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService) DRV - [2008.12.17 07:01:42 | 006,364,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) QuickCam Pro for Notebooks(UVC) DRV - [2008.12.17 07:01:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2008.12.17 07:00:12 | 000,768,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS) DRV - [2008.12.17 02:58:54 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2007.11.02 20:51:28 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motswch.sys -- (MotoSwitchService) DRV - [2007.10.12 02:59:12 | 001,920,920 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt) DRV - [2007.07.23 10:34:12 | 000,069,776 | ---- | M] (FarStone Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fvxscsi.sys -- (FVXSCSI) DRV - [2007.05.03 18:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD) DRV - [2007.03.02 12:48:42 | 000,017,840 | ---- | M] (FarStone Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fcdabus.sys -- (fcdabus) DRV - [2007.02.25 17:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv) DRV - [2006.10.05 21:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct) DRV - [2005.11.17 04:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2005.11.03 02:24:34 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2005.10.14 22:40:18 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2005.10.14 22:40:18 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2005.10.14 22:40:18 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2005.08.12 23:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV) DRV - [2005.08.05 23:32:16 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2005.07.22 10:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV) DRV - [2005.07.22 10:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL) DRV - [2005.07.22 10:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2004.02.13 23:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci) DRV - [2002.08.07 15:00:10 | 000,083,360 | ---- | M] (Generic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\stlth317.sys -- (Stlth317) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = hxxp://www.google.com/ig/dell?hl=en&client=dell IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ask.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.ask.com" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}:0.9.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPWMDRMWrapper: C:\Program Files\Videoload Manager\NPWMDRMWrapper.dll ( ) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files\Common Files\mpDRM\NPMPDRM.dll ( ) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\ff-bmboc@bytemobile.com: C:\Program Files\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon\ [2011.07.06 07:44:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1086\7.0.1086\firefoxextension [2011.10.25 11:50:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ [2011.10.25 11:50:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2011.09.10 12:24:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Internet\Mozilla Firefox\components [2011.11.10 08:45:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Internet\Mozilla Firefox\plugins [2011.06.16 21:08:27 | 000,000,000 | ---D | M] [2008.08.28 12:34:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Martin\Application Data\Mozilla\Extensions [2011.10.16 06:26:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\7fe24t93.default\extensions [2010.07.10 22:53:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\7fe24t93.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} () (No name found) -- C:\DOCUMENTS AND SETTINGS\MARTIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7FE24T93.DEFAULT\EXTENSIONS\{6D96BB5E-1175-4EBF-8AB5-5F56F1C79F65}.XPI () (No name found) -- C:\DOCUMENTS AND SETTINGS\MARTIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7FE24T93.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\DOCUMENTS AND SETTINGS\MARTIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7FE24T93.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI O1 HOSTS File: ([2004.08.10 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1072\TmIEPlg.dll (Trend Micro Inc.) O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.) O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found. O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.0.1086\7.0.1086\TmBpIe32.dll (Trend Micro Inc.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll (Google) O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe () O4 - HKLM..\Run: [mxomssmenu] C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.) O4 - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.) O4 - HKCU..\Run: [AVMUSBRemoteConnection] C:\Documents and Settings\Martin\Local Settings\Apps\2.0\C9EHGLLQ.C4N\ALC2LRRR.CLG\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\AVMAutoStart.exe (AVM Berlin) O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft Office\ActiveSync\wcescomm.exe (Microsoft Corporation) O4 - HKCU..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe" autostart File not found O4 - HKLM..\RunOnceEx: [] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An OneNote s&enden - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft Office\ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft Office\ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} hxxp://www.creative.com/su/ocx/15026/CTSUEng.cab (Creative Software AutoUpdate) O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner) O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class) O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate) O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} hxxp://www.kodakgallery.de/downloads/BUM/BUM_WIN_IE_2/axofupld.cab (Kodak Gallery Easy Upload Manager Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{22584E28-E4A5-486D-B1A5-3F42A6176450}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax () O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax () O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.0.1086\7.0.1086\TmBpIe32.dll (Trend Micro Inc.) O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1072\TmIEPlg.dll (Trend Micro Inc.) O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.) O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\WgaLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found O24 - Desktop WallPaper: C:\Documents and Settings\Martin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Dell.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005.08.16 11:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\##fritz.box#Maxtor-OneTouch-01\Shell - "" = AutoRun O33 - MountPoints2\##fritz.box#Maxtor-OneTouch-01\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\##fritz.box#Maxtor-OneTouch-01\Shell\AutoRun\command - "" = .\Encryption Tool\MaxtorEncryption.exe O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe O33 - MountPoints2\{7cb2e07a-cb02-11df-94cc-0015c50001a0}\Shell\AutoRun\command - "" = F1\X1\trx.exe O33 - MountPoints2\{7cb2e07a-cb02-11df-94cc-0015c50001a0}\Shell\open\command - "" = F1\X1\trx.exe O33 - MountPoints2\{b837b4e3-a7a3-11e0-951a-0015c50001a0}\Shell - "" = AutoRun O33 - MountPoints2\{b837b4e3-a7a3-11e0-951a-0015c50001a0}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{b837b4e3-a7a3-11e0-951a-0015c50001a0}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.11.26 10:12:31 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2011.11.26 06:52:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin\Application Data\Malwarebytes [2011.11.26 06:51:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.11.26 06:51:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2011.11.26 06:51:39 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011.11.26 06:51:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.11.25 21:28:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin\My Documents\trojaner-board [10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.11.26 22:51:19 | 000,001,094 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011.11.26 22:51:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.11.26 22:51:05 | 2137,456,640 | -HS- | M] () -- C:\hiberfil.sys [2011.11.26 22:46:01 | 000,001,098 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011.11.26 12:08:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs [2011.11.26 08:21:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad [2011.11.26 06:51:45 | 000,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011.11.25 21:10:53 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Martin\defogger_reenable [2011.11.20 20:22:24 | 000,000,564 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job [2011.11.15 08:08:33 | 000,457,672 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011.11.15 08:08:33 | 000,077,218 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011.11.10 07:50:41 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011.11.07 13:10:04 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Martin\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk [10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.11.26 06:51:45 | 000,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011.11.25 21:10:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Martin\defogger_reenable [2011.08.30 20:34:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\dvdcreator.INI [2011.08.24 20:21:23 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\SupportTool.exe.bat [2011.04.18 14:39:56 | 000,226,364 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceManager.xml.rc4 [2010.10.02 20:10:32 | 000,015,873 | ---- | C] () -- C:\WINDOWS\System32\Inetde.dll [2010.09.16 21:27:54 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini [2010.08.08 10:22:43 | 000,014,496 | ---- | C] () -- C:\WINDOWS\System32\VDI08X.dat [2010.08.08 09:39:48 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\DVC.dll [2010.06.24 10:09:16 | 002,393,200 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2009.12.06 09:36:35 | 000,000,438 | ---- | C] () -- C:\WINDOWS\dellstat.ini [2009.11.18 20:41:08 | 000,024,704 | ---- | C] () -- C:\WINDOWS\System32\drivers\NinjaUSB.sys [2009.10.12 05:04:04 | 000,004,876 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2009.04.04 06:47:12 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2009.03.28 20:47:14 | 000,081,110 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2009.01.18 00:37:06 | 000,038,457 | ---- | C] () -- C:\Documents and Settings\Martin\Application Data\Microsoft Excel.ADR [2009.01.05 05:22:41 | 000,000,619 | ---- | C] () -- C:\WINDOWS\SIERRA.INI [2008.12.17 02:58:54 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys [2008.12.17 02:50:56 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLgFT.dll [2008.04.03 02:16:41 | 000,000,099 | ---- | C] () -- C:\WINDOWS\Quicken.ini [2007.07.28 21:50:17 | 000,284,160 | ---- | C] () -- C:\WINDOWS\unin0407.exe [2007.06.04 02:01:15 | 000,000,918 | ---- | C] () -- C:\WINDOWS\cPVAS.INI [2007.04.09 01:24:26 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\BD7820N.dat [2007.04.09 01:23:59 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL [2007.04.09 01:23:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat [2007.04.09 01:19:14 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini [2007.03.11 16:56:30 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Martin\Application Data\$_hpcst$.hpc [2007.03.11 00:30:40 | 000,000,055 | ---- | C] () -- C:\WINDOWS\brmx2001.ini [2007.03.11 00:30:40 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini [2007.03.03 13:33:53 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\Martin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.03.03 05:33:55 | 000,006,580 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2007.03.03 05:33:55 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\7EF6AC01EC.sys [2007.03.02 12:48:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\OpenExplor.exe [2007.03.02 03:47:28 | 000,003,069 | ---- | C] () -- C:\WINDOWS\mozver.dat [2007.03.02 03:08:10 | 000,001,158 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini [2007.03.02 03:08:10 | 000,000,825 | ---- | C] () -- C:\WINDOWS\brwmark.ini [2007.03.02 03:08:10 | 000,000,152 | ---- | C] () -- C:\WINDOWS\brpcfx.ini [2007.03.02 03:08:10 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2007.03.02 03:07:39 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll [2007.02.28 20:05:59 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2007.02.28 17:41:46 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Martin\Local Settings\Application Data\fusioncache.dat [2006.09.18 13:20:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\VDExt800.dll [2006.09.18 13:20:58 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\VDExt712.dll [2006.09.18 13:20:50 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\GDExt800.dll [2006.09.15 12:55:04 | 000,016,384 | ---- | C] () -- C:\WINDOWS\FSRunCmd.exe [2006.08.07 17:03:20 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\GDExt712.dll [2006.03.11 17:58:08 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006.03.11 17:50:44 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE [2006.03.11 17:47:39 | 000,000,452 | ---- | C] () -- C:\WINDOWS\wininit.ini [2006.03.11 17:46:23 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2006.03.11 17:43:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006.03.11 17:40:08 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare [2006.03.11 17:16:00 | 000,000,200 | ---- | C] () -- C:\WINDOWS\System32\dlbcplc.ini [2006.03.11 17:15:58 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbcvs.dll [2006.03.11 17:15:58 | 000,000,373 | ---- | C] () -- C:\WINDOWS\System32\dlbccoin.ini [2006.03.11 17:15:40 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe [2006.03.11 17:15:34 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll [2006.03.11 17:15:22 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll [2006.03.11 17:15:22 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE [2006.03.11 17:15:18 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll [2006.03.11 17:15:12 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2005.08.16 11:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2005.08.16 11:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2005.08.16 11:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2005.08.16 11:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2005.08.16 11:27:59 | 003,610,592 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2005.08.16 11:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2005.08.16 11:18:33 | 000,457,672 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2005.08.16 11:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2005.08.16 11:18:33 | 000,077,218 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2005.08.16 11:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2005.08.16 11:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2005.08.16 11:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2005.08.16 11:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2005.08.16 11:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2005.08.16 11:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2005.08.16 11:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2005.08.16 11:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2005.08.05 21:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2005.05.12 13:25:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2002.03.19 16:30:00 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\PowerCalc.exe [2002.03.04 15:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll ========== LOP Check ========== [2011.08.18 19:17:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis [2008.08.27 23:31:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software [2007.10.02 02:01:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eday2day02 [2010.08.08 11:44:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\farstone [2010.03.10 20:18:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fluxDVD [2007.12.09 13:46:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor [2010.03.10 20:18:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mpDRM [2011.06.06 10:03:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr [2010.09.15 15:09:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe [2007.04.09 01:18:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft [2011.03.03 22:58:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft [2010.02.13 11:04:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software [2011.07.06 08:44:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone [2011.01.30 20:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk [2010.02.13 11:00:51 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357} [2011.08.18 19:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\Acronis [2010.12.23 20:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\Amazon [2010.10.03 09:22:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\BOM [2007.04.13 15:50:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\Bytemobile [2010.10.16 15:35:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2007.09.29 19:21:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\Cuttermaran [2011.01.30 21:37:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\DVDFab [2007.10.29 00:45:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\Eday2day02 [2010.08.08 10:27:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\FarStone [2007.05.26 00:10:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\Leadertech [2009.02.18 03:43:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\Learn2.com [2011.03.03 19:09:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\PCDr [2007.04.09 01:39:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\ScanSoft [2011.08.17 21:55:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\SystemRequirementsLab [2011.02.11 10:25:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\TeamViewer [2010.02.13 11:05:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\TuneUp Software [2011.07.06 08:36:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\Vodafone [2011.07.06 08:45:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\Vodafone Mobile Broadband [2011.11.20 20:22:24 | 000,000,564 | ---- | M] () -- C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job ========== Purity Check ========== < End of report > Geändert von Larusso (26.11.2011 um 23:36 Uhr) |
| Themen zu PUP.FunWebProducts und Adware.MyWebSearch beseitigen |
| adware.mywebsearch, beseitigen, brauche, c:\windows\system32\rundll32.exe, defogger, eset, fontcache, gefunde, geholfen, gestartet, gmer, hallo zusammen, hoffe, laptop, malwarebytes, microsoft office word, plug-in, posts, pup.funwebproducts, required, security update, seuche, super, version=1.0, vodafone, win32k.sys, zusammen |
Baum-Darstellung