| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: PUP.FunWebProducts und Adware.MyWebSearch beseitigenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
26.11.2011, 21:41
| #1 |
 |  PUP.FunWebProducts und Adware.MyWebSearch beseitigen Hallo Zusammen, cosinus - Arne hat mir super geholfen, meinen Laptop zu entseuchen. Nun habe ich den meiner Frau gecheckt. Und wieder was gefunden... Ich brauche also nochmal Eure Hilfe. Ich habe wieder mit Defogger gestartet, dann OTL und GMER gemacht. Habe auch gleich Malwarebytes Vollscan und Eset gemacht, so wie beim letzten Mal... Ich hoffe es hilft. Anbei die Posts:OTL Logfile: Code:
ATTFilter OTL logfile created on: 26.11.2011 21:06:47 - Run 3 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Martin\My Documents\trojaner-board Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 58,54% Memory free 3,33 Gb Paging File | 2,70 Gb Available in Paging File | 81,20% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 663,25 Gb Total Space | 577,55 Gb Free Space | 87,08% Space Free | Partition Type: NTFS Drive F: | 30,71 Gb Total Space | 30,64 Gb Free Space | 99,79% Space Free | Partition Type: NTFS Computer Name: MARTINS-DELL | User Name: Martin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.11.25 21:11:38 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Martin\My Documents\trojaner-board\OTL.exe PRC - [2011.11.10 08:45:10 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Internet\Mozilla Firefox\firefox.exe PRC - [2011.09.21 10:26:30 | 015,759,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE PRC - [2011.08.24 20:18:44 | 000,129,304 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe PRC - [2011.06.22 10:17:08 | 000,846,056 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe PRC - [2011.04.19 15:12:22 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe PRC - [2010.06.19 05:26:13 | 000,604,488 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TUProgSt.exe PRC - [2010.04.02 15:19:36 | 000,091,456 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe PRC - [2010.04.02 15:19:32 | 000,279,360 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe PRC - [2009.12.06 09:33:41 | 000,207,360 | ---- | M] (AVM Berlin) -- C:\Documents and Settings\Martin\Local Settings\Apps\2.0\C9EHGLLQ.C4N\ALC2LRRR.CLG\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\fritzbox-usb-fernanschluss.exe PRC - [2009.11.16 13:00:54 | 000,163,144 | ---- | M] (TuneUp Software GmbH) -- C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe PRC - [2008.12.20 12:50:34 | 002,656,528 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe PRC - [2008.12.20 12:46:58 | 000,558,864 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe PRC - [2008.12.17 02:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe PRC - [2008.07.21 21:54:34 | 000,169,312 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe PRC - [2008.07.21 21:53:04 | 000,193,888 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Maxtor\Sync\SyncServices.exe PRC - [2008.04.14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006.11.13 18:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\ActiveSync\wcescomm.exe PRC - [2006.11.13 18:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\ActiveSync\rapimgr.exe PRC - [2005.11.17 04:35:16 | 000,397,312 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe ========== Modules (No Company Name) ========== MOD - [2011.11.10 08:45:08 | 001,989,592 | ---- | M] () -- C:\Program Files\Internet\Mozilla Firefox\mozjs.dll MOD - [2011.10.14 02:16:15 | 000,089,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Inter#\e4ecfb1a3e829096c44c540ce05a02b6\Vodafone.Base.Internals.ni.dll MOD - [2011.10.14 02:16:15 | 000,019,968 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Facto#\a12c3f3477aae3dfd7bfb61d75e0c5c7\Vodafone.Base.Factory.ni.dll MOD - [2011.10.14 02:16:05 | 000,080,384 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.SmsProfile#\10951a1e27cab7664bf4b602fdcf3903\Vodafone.SmsProfileManager.ni.dll MOD - [2011.10.14 02:16:05 | 000,056,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.SettingsMa#\18e3ac2ead3b694e53768e163ac90e06\Vodafone.SettingsManager.ni.dll MOD - [2011.10.14 02:16:04 | 000,327,168 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.DataAccess#\972b82c5ef1f7a4326db2221b86e7334\Vodafone.DataAccessor.ni.dll MOD - [2011.10.14 02:16:03 | 000,074,240 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.NtServiceM#\21f6c34c32d7bfaef7bde711fbae6cf1\Vodafone.NtServiceMessaging.ni.dll MOD - [2011.10.14 02:16:02 | 002,002,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\MobileBroadbandReso#\84416f6d8785323ced68168e300ef24e\MobileBroadbandResources.ni.dll MOD - [2011.10.14 02:16:01 | 000,321,024 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Win32\0171b99272bbf05b8aa4fa0579d8e2e3\Vodafone.Base.Win32.ni.dll MOD - [2011.10.14 02:16:01 | 000,181,248 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.Common\a2ae04e3ccc0f4da0c8c32300e8710e4\Vodafone.Common.ni.dll MOD - [2011.10.14 02:16:00 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll MOD - [2011.10.14 02:15:40 | 000,019,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.MobileBroa#\6f65a852f367748d2d1f12acc67b0c71\Vodafone.MobileBroadband.CallbackHandler.ni.dll MOD - [2011.10.14 02:15:36 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll MOD - [2011.10.14 02:15:35 | 000,158,208 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Contr#\afe812e99282bac2e3b8b5016ef0e2b1\Vodafone.Base.Contracts.ni.dll MOD - [2011.10.14 02:15:34 | 000,673,280 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.Data\0c93ac096f16afd41c31254cab43f3e7\Vodafone.Data.ni.dll MOD - [2011.10.14 02:15:33 | 001,368,064 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.Platform\84fdff774b00359bca0374d1bd162472\Vodafone.Platform.ni.dll MOD - [2011.10.14 02:15:31 | 000,094,720 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.LogEngine\d9f26a4527ccbaad91d7f9e60aff06ae\Vodafone.LogEngine.ni.dll MOD - [2011.10.14 02:15:30 | 001,801,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\cc5ac99e8af2738e85cda5525fdd944f\System.Deployment.ni.dll MOD - [2011.10.14 02:15:24 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll MOD - [2011.10.14 02:13:02 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll MOD - [2011.10.14 02:12:56 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll MOD - [2011.10.14 02:12:41 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll MOD - [2011.10.14 02:12:07 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\23c5852ff8ed973ff9b63ce9ba7f91f0\PresentationFramework.Royale.ni.dll MOD - [2011.10.14 02:12:00 | 014,328,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\054488924fcc579cce9fa0209dafe28b\PresentationFramework.ni.dll MOD - [2011.10.14 02:11:33 | 012,215,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\b2f0318713eca304eaa9d86fc17edb96\PresentationCore.ni.dll MOD - [2011.10.14 02:11:15 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\1adc4ae51a5ac63e896a1402749ca495\WindowsBase.ni.dll MOD - [2011.10.14 02:11:02 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll MOD - [2011.10.14 02:10:51 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll MOD - [2011.08.24 20:17:56 | 000,057,344 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_36.dll MOD - [2011.08.24 20:17:56 | 000,049,152 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_36.dll MOD - [2011.03.15 06:13:46 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2011.02.04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll MOD - [2010.09.22 20:12:20 | 000,016,832 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\ViewerPS.dll MOD - [2010.04.02 15:19:36 | 000,091,456 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe MOD - [2010.02.28 02:55:42 | 001,040,736 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll MOD - [2010.02.05 19:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll MOD - [2009.12.06 09:33:32 | 000,368,640 | ---- | M] () -- C:\Documents and Settings\Martin\Local Settings\Apps\2.0\C9EHGLLQ.C4N\ALC2LRRR.CLG\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\managedupnp.dll MOD - [2009.02.27 16:41:26 | 000,311,296 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.DEU MOD - [2008.12.20 12:50:34 | 002,656,528 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe MOD - [2008.12.20 12:46:58 | 000,558,864 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe MOD - [2008.04.14 01:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2008.04.14 01:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll MOD - [2005.12.19 22:08:30 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll MOD - [2003.07.30 02:27:40 | 000,078,336 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\DLBCPP5C.DLL MOD - [2002.11.26 19:43:18 | 000,106,496 | ---- | M] () -- C:\WINDOWS\system32\BrMuSNMP.dll ========== Win32 Services (SafeList) ========== SRV - [2011.08.24 20:17:56 | 000,200,632 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe -- (Amsp) SRV - [2011.06.22 10:17:08 | 000,846,056 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2011.06.12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2011.04.19 15:12:22 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService) SRV - [2010.06.19 05:26:13 | 000,604,488 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc) SRV - [2010.06.19 05:26:09 | 000,361,288 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2010.04.02 15:19:36 | 000,091,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service) SRV - [2009.11.16 12:25:48 | 000,029,000 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp) SRV - [2008.12.17 02:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2008.07.21 21:53:04 | 000,193,888 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service) SRV - [2007.03.07 20:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService) ========== Driver Services (SafeList) ========== DRV - [2011.08.24 20:18:04 | 000,205,072 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm) DRV - [2011.08.24 20:18:04 | 000,171,280 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tmnciesc.sys -- (tmnciesc) DRV - [2011.08.24 20:18:04 | 000,092,432 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi) DRV - [2011.08.24 20:18:04 | 000,084,752 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmeext.sys -- (tmeext) DRV - [2011.08.24 20:18:04 | 000,081,168 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon) DRV - [2011.08.24 20:18:04 | 000,068,368 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr) DRV - [2011.08.18 18:00:36 | 000,601,408 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter) DRV - [2011.08.18 18:00:26 | 000,125,472 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vididr.sys -- (vididr) DRV - [2011.08.18 18:00:22 | 000,083,392 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vsflt53.sys -- (vidsflt53) Acronis Disk Storage Filter (53) DRV - [2011.08.18 18:00:07 | 000,169,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman) DRV - [2011.04.18 14:43:36 | 000,114,688 | R--- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys -- (ZTEusbnet) DRV - [2011.04.18 14:43:36 | 000,105,856 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zteusbvoice.sys -- (ZTEusbvoice) DRV - [2011.04.18 14:43:36 | 000,105,856 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2011.04.18 14:43:36 | 000,105,856 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2011.04.18 14:43:36 | 000,105,856 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2011.04.18 14:43:36 | 000,009,216 | R--- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter) DRV - [2011.04.18 14:43:26 | 000,072,832 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV - [2010.09.01 13:33:12 | 000,080,000 | ---- | M] (Vodafone) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vodafone_K3805-z_dc_enum.sys -- (vodafone_K3805-z_dc_enum) DRV - [2010.07.20 17:59:06 | 000,044,928 | ---- | M] (Fengtao Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dvdfab.sys -- (dvdfab) DRV - [2010.03.11 08:36:26 | 000,024,192 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\tcpipBM.sys -- (tcpipBM) DRV - [2010.03.11 08:36:24 | 000,013,184 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\BMLoad.sys -- (BMLoad) DRV - [2010.03.10 16:25:58 | 000,020,968 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz133_x32.sys -- (cpuz133) DRV - [2009.12.18 10:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv) DRV - [2009.12.06 09:33:32 | 000,101,248 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avmaura.sys -- (avmaura) DRV - [2009.11.18 20:41:08 | 000,024,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NinjaUSB.sys -- (NinjaUSB) DRV - [2009.10.27 11:02:14 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem) DRV - [2008.12.17 07:02:06 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService) DRV - [2008.12.17 07:01:42 | 006,364,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) QuickCam Pro for Notebooks(UVC) DRV - [2008.12.17 07:01:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2008.12.17 07:00:12 | 000,768,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS) DRV - [2008.12.17 02:58:54 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2007.11.02 20:51:28 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motswch.sys -- (MotoSwitchService) DRV - [2007.10.12 02:59:12 | 001,920,920 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt) DRV - [2007.07.23 10:34:12 | 000,069,776 | ---- | M] (FarStone Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fvxscsi.sys -- (FVXSCSI) DRV - [2007.05.03 18:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD) DRV - [2007.03.02 12:48:42 | 000,017,840 | ---- | M] (FarStone Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fcdabus.sys -- (fcdabus) DRV - [2007.02.25 17:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv) DRV - [2006.10.05 21:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct) DRV - [2005.11.17 04:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2005.11.03 02:24:34 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2005.10.14 22:40:18 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2005.10.14 22:40:18 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2005.10.14 22:40:18 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2005.08.12 23:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV) DRV - [2005.08.05 23:32:16 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2005.07.22 10:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV) DRV - [2005.07.22 10:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL) DRV - [2005.07.22 10:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2004.02.13 23:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci) DRV - [2002.08.07 15:00:10 | 000,083,360 | ---- | M] (Generic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\stlth317.sys -- (Stlth317) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = hxxp://www.google.com/ig/dell?hl=en&client=dell IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ask.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (MyWebSearch.com) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.ask.com" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}:0.9.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPWMDRMWrapper: C:\Program Files\Videoload Manager\NPWMDRMWrapper.dll ( ) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files\Common Files\mpDRM\NPMPDRM.dll ( ) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\ff-bmboc@bytemobile.com: C:\Program Files\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon\ [2011.07.06 07:44:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1086\7.0.1086\firefoxextension [2011.10.25 11:50:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ [2011.10.25 11:50:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2011.09.10 12:24:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Internet\Mozilla Firefox\components [2011.11.10 08:45:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Internet\Mozilla Firefox\plugins [2011.06.16 21:08:27 | 000,000,000 | ---D | M] [2008.08.28 12:34:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Martin\Application Data\Mozilla\Extensions [2011.10.16 06:26:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\7fe24t93.default\extensions [2010.07.10 22:53:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\7fe24t93.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} () (No name found) -- C:\DOCUMENTS AND SETTINGS\MARTIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7FE24T93.DEFAULT\EXTENSIONS\{6D96BB5E-1175-4EBF-8AB5-5F56F1C79F65}.XPI () (No name found) -- C:\DOCUMENTS AND SETTINGS\MARTIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7FE24T93.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\DOCUMENTS AND SETTINGS\MARTIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7FE24T93.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI O1 HOSTS File: ([2004.08.10 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (MyWebSearch.com) O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1072\TmIEPlg.dll (Trend Micro Inc.) O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.) O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found. O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.0.1086\7.0.1086\TmBpIe32.dll (Trend Micro Inc.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll (Google) O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe () O4 - HKLM..\Run: [mxomssmenu] C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.) O4 - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.) O4 - HKCU..\Run: [AVMUSBRemoteConnection] C:\Documents and Settings\Martin\Local Settings\Apps\2.0\C9EHGLLQ.C4N\ALC2LRRR.CLG\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\AVMAutoStart.exe (AVM Berlin) O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft Office\ActiveSync\wcescomm.exe (Microsoft Corporation) O4 - HKCU..\Run: [TuneUp MemOptimizer] C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe (TuneUp Software GmbH) O4 - HKLM..\RunOnceEx: [] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An OneNote s&enden - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft Office\ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft Office\ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} hxxp://www.creative.com/su/ocx/15026/CTSUEng.cab (Creative Software AutoUpdate) O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner) O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class) O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate) O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} hxxp://www.kodakgallery.de/downloads/BUM/BUM_WIN_IE_2/axofupld.cab (Kodak Gallery Easy Upload Manager Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{22584E28-E4A5-486D-B1A5-3F42A6176450}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax () O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax () O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.0.1086\7.0.1086\TmBpIe32.dll (Trend Micro Inc.) O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1072\TmIEPlg.dll (Trend Micro Inc.) O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.) O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\WgaLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found O24 - Desktop WallPaper: C:\Documents and Settings\Martin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Dell.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005.08.16 11:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\##fritz.box#Maxtor-OneTouch-01\Shell - "" = AutoRun O33 - MountPoints2\##fritz.box#Maxtor-OneTouch-01\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\##fritz.box#Maxtor-OneTouch-01\Shell\AutoRun\command - "" = .\Encryption Tool\MaxtorEncryption.exe O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe O33 - MountPoints2\{7cb2e07a-cb02-11df-94cc-0015c50001a0}\Shell\AutoRun\command - "" = F1\X1\trx.exe O33 - MountPoints2\{7cb2e07a-cb02-11df-94cc-0015c50001a0}\Shell\open\command - "" = F1\X1\trx.exe O33 - MountPoints2\{b837b4e3-a7a3-11e0-951a-0015c50001a0}\Shell - "" = AutoRun O33 - MountPoints2\{b837b4e3-a7a3-11e0-951a-0015c50001a0}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{b837b4e3-a7a3-11e0-951a-0015c50001a0}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML) ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904) ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4F00D11B-8327-4C55-B7DA-B8D8C10F28A8} - Microsoft .NET Framework 1.0 Hotfix (KB2572066) ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494) ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295) ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3 ActiveX: {EFCE7BE0-510E-4932-9475-F44CD90DE16A} - Microsoft .NET Framework 1.1 Security Update (KB2572067) ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software) NetSvcs: WmdmPmSp - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.11.26 10:12:31 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2011.11.26 06:52:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin\Application Data\Malwarebytes [2011.11.26 06:51:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.11.26 06:51:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2011.11.26 06:51:39 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011.11.26 06:51:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.11.25 21:28:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin\My Documents\trojaner-board [10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.11.26 21:00:01 | 000,000,502 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job [2011.11.26 20:46:14 | 000,001,098 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011.11.26 12:08:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs [2011.11.26 08:44:51 | 009,699,328 | ---- | M] () -- C:\Documents and Settings\Martin\NTUSER.DAT [2011.11.26 08:21:28 | 000,001,094 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011.11.26 08:21:24 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2011.11.26 08:21:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.11.26 08:21:14 | 2137,456,640 | -HS- | M] () -- C:\hiberfil.sys [2011.11.26 08:21:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad [2011.11.26 08:20:35 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Martin\ntuser.ini [2011.11.26 06:51:45 | 000,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011.11.25 21:10:53 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Martin\defogger_reenable [2011.11.20 20:22:24 | 000,000,564 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job [2011.11.15 08:08:33 | 000,544,700 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2011.11.15 08:08:33 | 000,457,672 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011.11.15 08:08:33 | 000,077,218 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011.11.10 07:50:41 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011.11.07 13:10:04 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Martin\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk [10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.11.26 06:51:45 | 000,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011.11.25 21:10:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Martin\defogger_reenable [2011.08.30 20:39:37 | 006,525,994 | -H-- | C] () -- C:\Documents and Settings\Martin\Local Settings\Application Data\IconCache.db [2011.08.30 20:34:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\dvdcreator.INI [2011.08.24 20:21:23 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\SupportTool.exe.bat [2011.04.18 14:39:56 | 000,226,364 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceManager.xml.rc4 [2010.10.02 20:10:32 | 000,015,873 | ---- | C] () -- C:\WINDOWS\System32\Inetde.dll [2010.09.16 21:27:54 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini [2010.08.08 10:22:43 | 000,014,496 | ---- | C] () -- C:\WINDOWS\System32\VDI08X.dat [2010.08.08 09:39:48 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\DVC.dll [2010.06.24 10:09:16 | 002,393,200 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2009.12.06 09:36:35 | 000,000,438 | ---- | C] () -- C:\WINDOWS\dellstat.ini [2009.11.18 20:41:08 | 000,024,704 | ---- | C] () -- C:\WINDOWS\System32\drivers\NinjaUSB.sys [2009.10.12 05:04:04 | 000,004,876 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2009.04.04 06:47:12 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2009.03.28 20:47:14 | 000,081,110 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2009.01.18 00:37:06 | 000,038,457 | ---- | C] () -- C:\Documents and Settings\Martin\Application Data\Microsoft Excel.ADR [2009.01.05 05:22:41 | 000,000,619 | ---- | C] () -- C:\WINDOWS\SIERRA.INI [2008.12.17 02:58:54 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys [2008.12.17 02:50:56 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLgFT.dll [2008.04.03 02:16:41 | 000,000,099 | ---- | C] () -- C:\WINDOWS\Quicken.ini [2007.07.28 21:50:17 | 000,284,160 | ---- | C] () -- C:\WINDOWS\unin0407.exe [2007.06.04 02:01:15 | 000,000,918 | ---- | C] () -- C:\WINDOWS\cPVAS.INI [2007.04.09 01:24:26 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\BD7820N.dat [2007.04.09 01:23:59 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL [2007.04.09 01:23:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat [2007.04.09 01:19:14 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini [2007.03.17 08:01:03 | 000,000,227 | ---- | C] () -- C:\WINDOWS\system.ini [2007.03.11 16:56:30 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Martin\Application Data\$_hpcst$.hpc [2007.03.11 00:30:40 | 000,000,055 | ---- | C] () -- C:\WINDOWS\brmx2001.ini [2007.03.11 00:30:40 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini [2007.03.03 13:33:53 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\Martin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.03.03 05:34:19 | 000,081,272 | ---- | C] () -- C:\Documents and Settings\Martin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2007.03.03 05:33:55 | 000,006,580 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2007.03.03 05:33:55 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\7EF6AC01EC.sys [2007.03.02 12:48:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\OpenExplor.exe [2007.03.02 03:47:28 | 000,003,069 | ---- | C] () -- C:\WINDOWS\mozver.dat [2007.03.02 03:08:10 | 000,001,158 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini [2007.03.02 03:08:10 | 000,000,825 | ---- | C] () -- C:\WINDOWS\brwmark.ini [2007.03.02 03:08:10 | 000,000,152 | ---- | C] () -- C:\WINDOWS\brpcfx.ini [2007.03.02 03:08:10 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2007.03.02 03:07:39 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll [2007.02.28 20:05:59 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2007.02.28 17:41:46 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Martin\Local Settings\Application Data\fusioncache.dat [2006.09.18 13:20:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\VDExt800.dll [2006.09.18 13:20:58 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\VDExt712.dll [2006.09.18 13:20:50 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\GDExt800.dll [2006.09.15 12:55:04 | 000,016,384 | ---- | C] () -- C:\WINDOWS\FSRunCmd.exe [2006.08.07 17:03:20 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\GDExt712.dll [2006.03.11 17:58:08 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006.03.11 17:50:44 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE [2006.03.11 17:47:39 | 000,000,452 | ---- | C] () -- C:\WINDOWS\wininit.ini [2006.03.11 17:46:23 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2006.03.11 17:43:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006.03.11 17:40:08 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare [2006.03.11 17:16:00 | 000,000,200 | ---- | C] () -- C:\WINDOWS\System32\dlbcplc.ini [2006.03.11 17:15:58 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbcvs.dll [2006.03.11 17:15:58 | 000,000,373 | ---- | C] () -- C:\WINDOWS\System32\dlbccoin.ini [2006.03.11 17:15:40 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe [2006.03.11 17:15:34 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll [2006.03.11 17:15:22 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll [2006.03.11 17:15:22 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE [2006.03.11 17:15:18 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll [2006.03.11 17:15:12 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2005.08.16 11:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2005.08.16 11:43:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\control.ini [2005.08.16 11:40:59 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest [2005.08.16 11:40:51 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest [2005.08.16 11:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2005.08.16 11:38:33 | 000,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini [2005.08.16 11:38:33 | 000,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini [2005.08.16 11:37:25 | 000,013,223 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini [2005.08.16 11:37:25 | 000,001,931 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini [2005.08.16 11:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2005.08.16 11:33:39 | 000,544,700 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2005.08.16 11:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2005.08.16 11:27:59 | 003,610,592 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2005.08.16 11:19:02 | 000,498,742 | ---- | C] () -- C:\WINDOWS\System32\dxmasf.dll [2005.08.16 11:19:02 | 000,004,126 | ---- | C] () -- C:\WINDOWS\System32\msdxmlc.dll [2005.08.16 11:18:50 | 000,069,886 | ---- | C] () -- C:\WINDOWS\System32\edit.com [2005.08.16 11:18:44 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll [2005.08.16 11:18:43 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\vwipxspx.exe [2005.08.16 11:18:43 | 000,000,603 | ---- | C] () -- C:\WINDOWS\win.ini [2005.08.16 11:18:41 | 000,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini [2005.08.16 11:18:41 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll [2005.08.16 11:18:36 | 000,011,753 | ---- | C] () -- C:\WINDOWS\System32\setver.exe [2005.08.16 11:18:36 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\share.exe [2005.08.16 11:18:35 | 000,291,840 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll [2005.08.16 11:18:35 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\scriptpw.dll [2005.08.16 11:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2005.08.16 11:18:34 | 000,012,082 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini [2005.08.16 11:18:34 | 000,003,338 | ---- | C] () -- C:\WINDOWS\System32\redir.exe [2005.08.16 11:18:33 | 001,291,776 | ---- | C] () -- C:\WINDOWS\System32\quartz.dll [2005.08.16 11:18:33 | 000,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll [2005.08.16 11:18:33 | 000,562,176 | ---- | C] () -- C:\WINDOWS\System32\qedit.dll [2005.08.16 11:18:33 | 000,457,672 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2005.08.16 11:18:33 | 000,386,048 | ---- | C] () -- C:\WINDOWS\System32\qdvd.dll [2005.08.16 11:18:33 | 000,279,040 | ---- | C] () -- C:\WINDOWS\System32\qdv.dll [2005.08.16 11:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2005.08.16 11:18:33 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\qcap.dll [2005.08.16 11:18:33 | 000,077,218 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2005.08.16 11:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2005.08.16 11:18:33 | 000,006,877 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini [2005.08.16 11:18:33 | 000,003,458 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini [2005.08.16 11:18:33 | 000,002,891 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini [2005.08.16 11:18:33 | 000,002,732 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini [2005.08.16 11:18:33 | 000,001,152 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini [2005.08.16 11:18:33 | 000,000,343 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini [2005.08.16 11:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2005.08.16 11:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2005.08.16 11:18:30 | 000,003,252 | ---- | C] () -- C:\WINDOWS\System32\nw16.exe [2005.08.16 11:18:29 | 000,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys [2005.08.16 11:18:29 | 000,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys [2005.08.16 11:18:29 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys [2005.08.16 11:18:29 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys [2005.08.16 11:18:29 | 000,033,840 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys [2005.08.16 11:18:29 | 000,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys [2005.08.16 11:18:29 | 000,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys [2005.08.16 11:18:29 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys [2005.08.16 11:18:29 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys [2005.08.16 11:18:29 | 000,027,866 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys [2005.08.16 11:18:28 | 000,007,052 | ---- | C] () -- C:\WINDOWS\System32\nlsfunc.exe [2005.08.16 11:18:28 | 000,002,656 | ---- | C] () -- C:\WINDOWS\System32\netware.drv [2005.08.16 11:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2005.08.16 11:18:25 | 000,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll [2005.08.16 11:18:25 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll [2005.08.16 11:18:25 | 000,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini [2005.08.16 11:18:25 | 000,000,817 | ---- | C] () -- C:\WINDOWS\System32\mscdexnt.exe [2005.08.16 11:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2005.08.16 11:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2005.08.16 11:18:23 | 000,010,110 | ---- | C] () -- C:\WINDOWS\System32\mqperf.ini [2005.08.16 11:18:22 | 000,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys [2005.08.16 11:18:22 | 000,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys [2005.08.16 11:18:22 | 000,039,274 | ---- | C] () -- C:\WINDOWS\System32\mem.exe [2005.08.16 11:18:22 | 000,035,328 | ---- | C] () -- C:\WINDOWS\System32\mciqtz32.dll [2005.08.16 11:18:22 | 000,001,131 | ---- | C] () -- C:\WINDOWS\System32\loadfix.com [2005.08.16 11:18:20 | 000,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll [2005.08.16 11:18:20 | 000,014,710 | ---- | C] () -- C:\WINDOWS\System32\kb16.com [2005.08.16 11:18:19 | 000,004,768 | ---- | C] () -- C:\WINDOWS\System32\himem.sys [2005.08.16 11:18:18 | 000,019,694 | ---- | C] () -- C:\WINDOWS\System32\graphics.com [2005.08.16 11:18:17 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\fastopen.exe [2005.08.16 11:18:16 | 001,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini [2005.08.16 11:18:16 | 000,456,192 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll [2005.08.16 11:18:16 | 000,012,642 | ---- | C] () -- C:\WINDOWS\System32\edlin.exe [2005.08.16 11:18:16 | 000,008,424 | ---- | C] () -- C:\WINDOWS\System32\exe2bin.exe [2005.08.16 11:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2005.08.16 11:18:08 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum.dll [2005.08.16 11:18:08 | 000,053,840 | ---- | C] () -- C:\WINDOWS\System32\dosx.exe [2005.08.16 11:18:08 | 000,020,634 | ---- | C] () -- C:\WINDOWS\System32\debug.exe [2005.08.16 11:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2005.08.16 11:18:07 | 000,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys [2005.08.16 11:18:05 | 000,252,928 | ---- | C] () -- C:\WINDOWS\System32\compatui.dll [2005.08.16 11:18:05 | 000,050,620 | ---- | C] () -- C:\WINDOWS\System32\command.com [2005.08.16 11:18:04 | 000,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll [2005.08.16 11:18:04 | 000,012,498 | ---- | C] () -- C:\WINDOWS\System32\append.exe [2005.08.16 11:18:03 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll [2005.08.16 11:18:03 | 000,009,029 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys [2005.08.05 21:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2005.05.12 13:25:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2002.03.19 16:30:00 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\PowerCalc.exe [2002.03.04 15:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll [2001.08.18 05:36:42 | 000,055,296 | ---- | C] () -- C:\WINDOWS\System32\dvdplay.exe [2001.08.18 05:36:28 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2007.03.09 04:05:06 | 000,000,000 | ---D | M] -- C:\2579ec4595d0905378ce3436aae6 [2009.05.01 10:48:16 | 000,000,000 | ---D | M] -- C:\a532cce3b92c59136bcc1e7b9dc1 [2011.08.18 19:38:06 | 000,000,000 | RHSD | M] -- C:\acroldr [2007.07.28 22:11:20 | 000,000,000 | ---D | M] -- C:\BlueByte [2007.04.09 01:23:52 | 000,000,000 | ---D | M] -- C:\Brother [2007.03.02 03:38:33 | 000,000,000 | ---D | M] -- C:\CNYSELPHYCP [2011.11.10 08:06:24 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2007.02.28 19:22:15 | 000,000,000 | ---D | M] -- C:\ddf82f6c36ebce02e9af81f67f6e [2010.08.12 14:10:19 | 000,000,000 | ---D | M] -- C:\dell [2007.02.28 17:41:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings [2006.03.11 17:15:58 | 000,000,000 | ---D | M] -- C:\drivers [2010.09.16 21:26:19 | 000,000,000 | ---D | M] -- C:\gs [2007.03.02 03:26:18 | 000,000,000 | ---D | M] -- C:\i386 [2010.08.08 09:17:36 | 000,000,000 | ---D | M] -- C:\MediaphorAG [2011.01.27 20:10:10 | 000,000,000 | RH-D | M] -- C:\MSOCache [2011.11.26 10:12:31 | 000,000,000 | ---D | M] -- C:\Program Files [2007.02.28 17:54:21 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2011.09.16 21:40:13 | 000,000,000 | ---D | M] -- C:\SIERRA [2007.02.28 17:41:27 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.08.16 21:04:37 | 000,000,000 | ---D | M] -- C:\temp [2011.11.26 08:22:22 | 000,000,000 | ---D | M] -- C:\WINDOWS < %PROGRAMFILES%\*.exe > Invalid Environment Variable: LOCALAPPDATA < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > [10 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < MD5 for: EXPLORER.EXE > [2008.04.14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe [2008.04.14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe [2008.04.14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe [2007.06.13 12:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe [2007.06.13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe [2004.08.10 12:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe < MD5 for: REGEDIT.EXE > [2008.04.14 01:12:32 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\regedit.exe [2008.04.14 01:12:32 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\ServicePackFiles\i386\regedit.exe [2008.04.14 01:12:32 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\system32\dllcache\regedit.exe [2004.08.10 12:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=783AFC80383C176B22DBF8333343992D -- C:\i386\REGEDIT.EXE [2004.08.10 12:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=783AFC80383C176B22DBF8333343992D -- C:\WINDOWS\$NtServicePackUninstall$\regedit.exe < MD5 for: USERINIT.EXE > [2004.08.10 12:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\i386\userinit.exe [2004.08.10 12:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe [2008.04.14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe [2008.04.14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2004.08.10 12:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\i386\winlogon.exe [2004.08.10 12:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe [2008.04.14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2011.09.06 14:20:51 | 001,858,944 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-11-12 07:59:40 < End of report > Vielen Dank! Martin Geändert von Larusso (26.11.2011 um 21:49 Uhr) |
|
26.11.2011, 21:53
| #2 |
| /// Selecta Jahrusso   | PUP.FunWebProducts und Adware.MyWebSearch beseitigen Mein Name ist Daniel und ich werde dir mit deinem Malware Relvanten Problemen helfen. Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Schritt 1 Deinstalliere bitte TuneUp. Dieses Ding hat schon mehr geschrottet als wieder zum laufen gebracht. Schritt 2 Viewpoint wird als Foistware eingestuft. Es installiert sich ohne deinem Wissen. Es macht zwar nichts böses, würde dir aber denoch raten die Finger davon zu lassen und folgendes zu deinstallieren (falls vorhanden) Viewpoint, Viewpoint Manager, Viewpoint Media Player. Schritt 3 Lass bitte Malwarebytes erneut laufen ( Quick Scan ). Gehe sicher, dass alle Funde angehakt sind und drücke auf Entferne Auswahl Schritt 4 Starte bitte OTL.exe und drücke den Quick Scan Button. Poste die OTL.txt hier in deinen Thread. Bitte poste in deiner nächsten Antwort MBAM Log OTL.txt
__________________ |
|
26.11.2011, 23:29
| #3 |
| | PUP.FunWebProducts und Adware.MyWebSearch beseitigen Hallo Daniel,
__________________ Danke, dass Du übernimmst! Schritt 1 - done Schritt 2 - done beides über Windows - Software hinzufügen/entfernen Schritt 3 - ich habe 2 posts, denn ich hatte schon einen Vollscan mit Entfernen am Laufen. Ich habe noch den Qick-Scan nachgeschoben - also hast Du 2x mbam. Mbam hat beim 2. Mal nichts mehr gefunden. Schritt 4 - done Anbei die Posts. Viele Grüße MartinOTL Logfile: Code:
ATTFilter OTL logfile created on: 26.11.2011 23:08:14 - Run 4 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Martin\My Documents\trojaner-board Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,18 Gb Available Physical Memory | 59,38% Memory free 3,33 Gb Paging File | 2,67 Gb Available in Paging File | 80,37% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 663,25 Gb Total Space | 577,53 Gb Free Space | 87,08% Space Free | Partition Type: NTFS Drive F: | 30,71 Gb Total Space | 30,64 Gb Free Space | 99,79% Space Free | Partition Type: NTFS Computer Name: MARTINS-DELL | User Name: Martin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.11.25 21:11:38 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Martin\My Documents\trojaner-board\OTL.exe PRC - [2011.11.10 08:45:10 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Internet\Mozilla Firefox\firefox.exe PRC - [2011.08.24 20:18:44 | 001,006,864 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe PRC - [2011.08.24 20:18:44 | 000,129,304 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe PRC - [2011.08.24 20:17:56 | 000,200,632 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe PRC - [2011.08.24 20:17:56 | 000,142,952 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe PRC - [2011.06.22 10:17:08 | 000,846,056 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe PRC - [2011.04.19 15:12:22 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe PRC - [2010.04.02 15:19:36 | 000,091,456 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe PRC - [2010.04.02 15:19:32 | 000,279,360 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe PRC - [2009.12.06 09:33:41 | 000,207,360 | ---- | M] (AVM Berlin) -- C:\Documents and Settings\Martin\Local Settings\Apps\2.0\C9EHGLLQ.C4N\ALC2LRRR.CLG\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\fritzbox-usb-fernanschluss.exe PRC - [2008.12.20 12:50:34 | 002,656,528 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe PRC - [2008.12.20 12:46:58 | 000,558,864 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe PRC - [2008.12.17 02:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe PRC - [2008.07.21 21:54:34 | 000,169,312 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe PRC - [2008.07.21 21:53:04 | 000,193,888 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Maxtor\Sync\SyncServices.exe PRC - [2008.04.14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006.11.13 18:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\ActiveSync\wcescomm.exe PRC - [2006.11.13 18:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\ActiveSync\rapimgr.exe PRC - [2005.11.17 04:35:16 | 000,397,312 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe ========== Modules (No Company Name) ========== MOD - [2011.11.10 08:45:08 | 001,989,592 | ---- | M] () -- C:\Program Files\Internet\Mozilla Firefox\mozjs.dll MOD - [2011.10.14 02:16:15 | 000,089,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Inter#\e4ecfb1a3e829096c44c540ce05a02b6\Vodafone.Base.Internals.ni.dll MOD - [2011.10.14 02:16:15 | 000,019,968 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Facto#\a12c3f3477aae3dfd7bfb61d75e0c5c7\Vodafone.Base.Factory.ni.dll MOD - [2011.10.14 02:16:05 | 000,080,384 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.SmsProfile#\10951a1e27cab7664bf4b602fdcf3903\Vodafone.SmsProfileManager.ni.dll MOD - [2011.10.14 02:16:05 | 000,056,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.SettingsMa#\18e3ac2ead3b694e53768e163ac90e06\Vodafone.SettingsManager.ni.dll MOD - [2011.10.14 02:16:04 | 000,327,168 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.DataAccess#\972b82c5ef1f7a4326db2221b86e7334\Vodafone.DataAccessor.ni.dll MOD - [2011.10.14 02:16:03 | 000,074,240 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.NtServiceM#\21f6c34c32d7bfaef7bde711fbae6cf1\Vodafone.NtServiceMessaging.ni.dll MOD - [2011.10.14 02:16:02 | 002,002,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\MobileBroadbandReso#\84416f6d8785323ced68168e300ef24e\MobileBroadbandResources.ni.dll MOD - [2011.10.14 02:16:01 | 000,321,024 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Win32\0171b99272bbf05b8aa4fa0579d8e2e3\Vodafone.Base.Win32.ni.dll MOD - [2011.10.14 02:16:01 | 000,181,248 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.Common\a2ae04e3ccc0f4da0c8c32300e8710e4\Vodafone.Common.ni.dll MOD - [2011.10.14 02:16:00 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll MOD - [2011.10.14 02:15:40 | 000,019,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.MobileBroa#\6f65a852f367748d2d1f12acc67b0c71\Vodafone.MobileBroadband.CallbackHandler.ni.dll MOD - [2011.10.14 02:15:36 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll MOD - [2011.10.14 02:15:35 | 000,158,208 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Contr#\afe812e99282bac2e3b8b5016ef0e2b1\Vodafone.Base.Contracts.ni.dll MOD - [2011.10.14 02:15:34 | 000,673,280 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.Data\0c93ac096f16afd41c31254cab43f3e7\Vodafone.Data.ni.dll MOD - [2011.10.14 02:15:33 | 001,368,064 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.Platform\84fdff774b00359bca0374d1bd162472\Vodafone.Platform.ni.dll MOD - [2011.10.14 02:15:31 | 000,094,720 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.LogEngine\d9f26a4527ccbaad91d7f9e60aff06ae\Vodafone.LogEngine.ni.dll MOD - [2011.10.14 02:15:30 | 001,801,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\cc5ac99e8af2738e85cda5525fdd944f\System.Deployment.ni.dll MOD - [2011.10.14 02:15:24 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll MOD - [2011.10.14 02:13:02 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll MOD - [2011.10.14 02:12:56 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll MOD - [2011.10.14 02:12:41 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll MOD - [2011.10.14 02:12:07 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\23c5852ff8ed973ff9b63ce9ba7f91f0\PresentationFramework.Royale.ni.dll MOD - [2011.10.14 02:12:00 | 014,328,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\054488924fcc579cce9fa0209dafe28b\PresentationFramework.ni.dll MOD - [2011.10.14 02:11:33 | 012,215,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\b2f0318713eca304eaa9d86fc17edb96\PresentationCore.ni.dll MOD - [2011.10.14 02:11:15 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\1adc4ae51a5ac63e896a1402749ca495\WindowsBase.ni.dll MOD - [2011.10.14 02:11:02 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll MOD - [2011.10.14 02:10:51 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll MOD - [2011.08.24 20:18:45 | 000,174,624 | ---- | M] () -- C:\Program Files\Trend Micro\UniClient\plugins\LUADLL.dll MOD - [2011.08.24 20:18:02 | 000,442,368 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\sqlite3.dll MOD - [2011.08.24 20:17:58 | 001,081,344 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\libprotobuf.dll MOD - [2011.08.24 20:17:56 | 000,057,344 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_36.dll MOD - [2011.08.24 20:17:56 | 000,049,152 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_36.dll MOD - [2011.08.24 20:17:56 | 000,012,288 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\boost_system-vc80-mt-1_36.dll MOD - [2011.03.15 06:13:46 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2011.02.04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll MOD - [2010.04.02 15:19:36 | 000,091,456 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe MOD - [2010.02.05 19:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll MOD - [2009.12.06 09:33:32 | 000,368,640 | ---- | M] () -- C:\Documents and Settings\Martin\Local Settings\Apps\2.0\C9EHGLLQ.C4N\ALC2LRRR.CLG\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\managedupnp.dll MOD - [2009.02.27 16:41:26 | 000,311,296 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.DEU MOD - [2008.12.20 12:50:34 | 002,656,528 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe MOD - [2008.12.20 12:46:58 | 000,558,864 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe MOD - [2008.04.14 01:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2008.04.14 01:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll MOD - [2005.12.19 22:08:30 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll MOD - [2003.07.30 02:27:40 | 000,078,336 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\DLBCPP5C.DLL MOD - [2002.11.26 19:43:18 | 000,106,496 | ---- | M] () -- C:\WINDOWS\system32\BrMuSNMP.dll ========== Win32 Services (SafeList) ========== SRV - [2011.08.24 20:17:56 | 000,200,632 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe -- (Amsp) SRV - [2011.06.22 10:17:08 | 000,846,056 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2011.06.12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2011.04.19 15:12:22 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService) SRV - [2010.04.02 15:19:36 | 000,091,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service) SRV - [2008.12.17 02:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2008.07.21 21:53:04 | 000,193,888 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service) SRV - [2007.03.07 20:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService) ========== Driver Services (SafeList) ========== DRV - [2011.08.24 20:18:04 | 000,205,072 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm) DRV - [2011.08.24 20:18:04 | 000,171,280 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tmnciesc.sys -- (tmnciesc) DRV - [2011.08.24 20:18:04 | 000,092,432 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi) DRV - [2011.08.24 20:18:04 | 000,084,752 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmeext.sys -- (tmeext) DRV - [2011.08.24 20:18:04 | 000,081,168 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon) DRV - [2011.08.24 20:18:04 | 000,068,368 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr) DRV - [2011.08.18 18:00:36 | 000,601,408 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter) DRV - [2011.08.18 18:00:26 | 000,125,472 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vididr.sys -- (vididr) DRV - [2011.08.18 18:00:22 | 000,083,392 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vsflt53.sys -- (vidsflt53) Acronis Disk Storage Filter (53) DRV - [2011.08.18 18:00:07 | 000,169,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman) DRV - [2011.04.18 14:43:36 | 000,114,688 | R--- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys -- (ZTEusbnet) DRV - [2011.04.18 14:43:36 | 000,105,856 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zteusbvoice.sys -- (ZTEusbvoice) DRV - [2011.04.18 14:43:36 | 000,105,856 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2011.04.18 14:43:36 | 000,105,856 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2011.04.18 14:43:36 | 000,105,856 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2011.04.18 14:43:36 | 000,009,216 | R--- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter) DRV - [2011.04.18 14:43:26 | 000,072,832 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV - [2010.09.01 13:33:12 | 000,080,000 | ---- | M] (Vodafone) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vodafone_K3805-z_dc_enum.sys -- (vodafone_K3805-z_dc_enum) DRV - [2010.07.20 17:59:06 | 000,044,928 | ---- | M] (Fengtao Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dvdfab.sys -- (dvdfab) DRV - [2010.03.11 08:36:26 | 000,024,192 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\tcpipBM.sys -- (tcpipBM) DRV - [2010.03.11 08:36:24 | 000,013,184 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\BMLoad.sys -- (BMLoad) DRV - [2010.03.10 16:25:58 | 000,020,968 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz133_x32.sys -- (cpuz133) DRV - [2009.12.18 10:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv) DRV - [2009.12.06 09:33:32 | 000,101,248 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avmaura.sys -- (avmaura) DRV - [2009.11.18 20:41:08 | 000,024,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NinjaUSB.sys -- (NinjaUSB) DRV - [2009.10.27 11:02:14 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem) DRV - [2008.12.17 07:02:06 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService) DRV - [2008.12.17 07:01:42 | 006,364,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) QuickCam Pro for Notebooks(UVC) DRV - [2008.12.17 07:01:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2008.12.17 07:00:12 | 000,768,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS) DRV - [2008.12.17 02:58:54 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2007.11.02 20:51:28 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motswch.sys -- (MotoSwitchService) DRV - [2007.10.12 02:59:12 | 001,920,920 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt) DRV - [2007.07.23 10:34:12 | 000,069,776 | ---- | M] (FarStone Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fvxscsi.sys -- (FVXSCSI) DRV - [2007.05.03 18:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD) DRV - [2007.03.02 12:48:42 | 000,017,840 | ---- | M] (FarStone Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fcdabus.sys -- (fcdabus) DRV - [2007.02.25 17:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv) DRV - [2006.10.05 21:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct) DRV - [2005.11.17 04:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2005.11.03 02:24:34 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2005.10.14 22:40:18 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2005.10.14 22:40:18 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2005.10.14 22:40:18 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2005.08.12 23:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV) DRV - [2005.08.05 23:32:16 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2005.07.22 10:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV) DRV - [2005.07.22 10:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL) DRV - [2005.07.22 10:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2004.02.13 23:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci) DRV - [2002.08.07 15:00:10 | 000,083,360 | ---- | M] (Generic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\stlth317.sys -- (Stlth317) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = hxxp://www.google.com/ig/dell?hl=en&client=dell IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ask.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.ask.com" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}:0.9.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPWMDRMWrapper: C:\Program Files\Videoload Manager\NPWMDRMWrapper.dll ( ) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files\Common Files\mpDRM\NPMPDRM.dll ( ) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\ff-bmboc@bytemobile.com: C:\Program Files\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon\ [2011.07.06 07:44:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1086\7.0.1086\firefoxextension [2011.10.25 11:50:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ [2011.10.25 11:50:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2011.09.10 12:24:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Internet\Mozilla Firefox\components [2011.11.10 08:45:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Internet\Mozilla Firefox\plugins [2011.06.16 21:08:27 | 000,000,000 | ---D | M] [2008.08.28 12:34:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Martin\Application Data\Mozilla\Extensions [2011.10.16 06:26:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\7fe24t93.default\extensions [2010.07.10 22:53:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\7fe24t93.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} () (No name found) -- C:\DOCUMENTS AND SETTINGS\MARTIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7FE24T93.DEFAULT\EXTENSIONS\{6D96BB5E-1175-4EBF-8AB5-5F56F1C79F65}.XPI () (No name found) -- C:\DOCUMENTS AND SETTINGS\MARTIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7FE24T93.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\DOCUMENTS AND SETTINGS\MARTIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7FE24T93.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI O1 HOSTS File: ([2004.08.10 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1072\TmIEPlg.dll (Trend Micro Inc.) O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.) O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found. O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.0.1086\7.0.1086\TmBpIe32.dll (Trend Micro Inc.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll (Google) O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe () O4 - HKLM..\Run: [mxomssmenu] C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.) O4 - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.) O4 - HKCU..\Run: [AVMUSBRemoteConnection] C:\Documents and Settings\Martin\Local Settings\Apps\2.0\C9EHGLLQ.C4N\ALC2LRRR.CLG\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\AVMAutoStart.exe (AVM Berlin) O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft Office\ActiveSync\wcescomm.exe (Microsoft Corporation) O4 - HKCU..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe" autostart File not found O4 - HKLM..\RunOnceEx: [] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An OneNote s&enden - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft Office\ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft Office\ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} hxxp://www.creative.com/su/ocx/15026/CTSUEng.cab (Creative Software AutoUpdate) O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner) O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class) O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate) O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} hxxp://www.kodakgallery.de/downloads/BUM/BUM_WIN_IE_2/axofupld.cab (Kodak Gallery Easy Upload Manager Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{22584E28-E4A5-486D-B1A5-3F42A6176450}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax () O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax () O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.0.1086\7.0.1086\TmBpIe32.dll (Trend Micro Inc.) O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1072\TmIEPlg.dll (Trend Micro Inc.) O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.) O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\WgaLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found O24 - Desktop WallPaper: C:\Documents and Settings\Martin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Dell.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005.08.16 11:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\##fritz.box#Maxtor-OneTouch-01\Shell - "" = AutoRun O33 - MountPoints2\##fritz.box#Maxtor-OneTouch-01\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\##fritz.box#Maxtor-OneTouch-01\Shell\AutoRun\command - "" = .\Encryption Tool\MaxtorEncryption.exe O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe O33 - MountPoints2\{7cb2e07a-cb02-11df-94cc-0015c50001a0}\Shell\AutoRun\command - "" = F1\X1\trx.exe O33 - MountPoints2\{7cb2e07a-cb02-11df-94cc-0015c50001a0}\Shell\open\command - "" = F1\X1\trx.exe O33 - MountPoints2\{b837b4e3-a7a3-11e0-951a-0015c50001a0}\Shell - "" = AutoRun O33 - MountPoints2\{b837b4e3-a7a3-11e0-951a-0015c50001a0}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{b837b4e3-a7a3-11e0-951a-0015c50001a0}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.11.26 10:12:31 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2011.11.26 06:52:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin\Application Data\Malwarebytes [2011.11.26 06:51:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.11.26 06:51:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2011.11.26 06:51:39 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011.11.26 06:51:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.11.25 21:28:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin\My Documents\trojaner-board [10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.11.26 22:51:19 | 000,001,094 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011.11.26 22:51:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.11.26 22:51:05 | 2137,456,640 | -HS- | M] () -- C:\hiberfil.sys [2011.11.26 22:46:01 | 000,001,098 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011.11.26 12:08:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs [2011.11.26 08:21:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad [2011.11.26 06:51:45 | 000,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011.11.25 21:10:53 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Martin\defogger_reenable [2011.11.20 20:22:24 | 000,000,564 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job [2011.11.15 08:08:33 | 000,457,672 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011.11.15 08:08:33 | 000,077,218 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011.11.10 07:50:41 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011.11.07 13:10:04 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Martin\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk [10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.11.26 06:51:45 | 000,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011.11.25 21:10:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Martin\defogger_reenable [2011.08.30 20:34:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\dvdcreator.INI [2011.08.24 20:21:23 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\SupportTool.exe.bat [2011.04.18 14:39:56 | 000,226,364 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceManager.xml.rc4 [2010.10.02 20:10:32 | 000,015,873 | ---- | C] () -- C:\WINDOWS\System32\Inetde.dll [2010.09.16 21:27:54 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini [2010.08.08 10:22:43 | 000,014,496 | ---- | C] () -- C:\WINDOWS\System32\VDI08X.dat [2010.08.08 09:39:48 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\DVC.dll [2010.06.24 10:09:16 | 002,393,200 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2009.12.06 09:36:35 | 000,000,438 | ---- | C] () -- C:\WINDOWS\dellstat.ini [2009.11.18 20:41:08 | 000,024,704 | ---- | C] () -- C:\WINDOWS\System32\drivers\NinjaUSB.sys [2009.10.12 05:04:04 | 000,004,876 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2009.04.04 06:47:12 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2009.03.28 20:47:14 | 000,081,110 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2009.01.18 00:37:06 | 000,038,457 | ---- | C] () -- C:\Documents and Settings\Martin\Application Data\Microsoft Excel.ADR [2009.01.05 05:22:41 | 000,000,619 | ---- | C] () -- C:\WINDOWS\SIERRA.INI [2008.12.17 02:58:54 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys [2008.12.17 02:50:56 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLgFT.dll [2008.04.03 02:16:41 | 000,000,099 | ---- | C] () -- C:\WINDOWS\Quicken.ini [2007.07.28 21:50:17 | 000,284,160 | ---- | C] () -- C:\WINDOWS\unin0407.exe [2007.06.04 02:01:15 | 000,000,918 | ---- | C] () -- C:\WINDOWS\cPVAS.INI [2007.04.09 01:24:26 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\BD7820N.dat [2007.04.09 01:23:59 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL [2007.04.09 01:23:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat [2007.04.09 01:19:14 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini [2007.03.11 16:56:30 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Martin\Application Data\$_hpcst$.hpc [2007.03.11 00:30:40 | 000,000,055 | ---- | C] () -- C:\WINDOWS\brmx2001.ini [2007.03.11 00:30:40 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini [2007.03.03 13:33:53 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\Martin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.03.03 05:33:55 | 000,006,580 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2007.03.03 05:33:55 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\7EF6AC01EC.sys [2007.03.02 12:48:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\OpenExplor.exe [2007.03.02 03:47:28 | 000,003,069 | ---- | C] () -- C:\WINDOWS\mozver.dat [2007.03.02 03:08:10 | 000,001,158 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini [2007.03.02 03:08:10 | 000,000,825 | ---- | C] () -- C:\WINDOWS\brwmark.ini [2007.03.02 03:08:10 | 000,000,152 | ---- | C] () -- C:\WINDOWS\brpcfx.ini [2007.03.02 03:08:10 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2007.03.02 03:07:39 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll [2007.02.28 20:05:59 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2007.02.28 17:41:46 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Martin\Local Settings\Application Data\fusioncache.dat [2006.09.18 13:20:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\VDExt800.dll [2006.09.18 13:20:58 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\VDExt712.dll [2006.09.18 13:20:50 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\GDExt800.dll [2006.09.15 12:55:04 | 000,016,384 | ---- | C] () -- C:\WINDOWS\FSRunCmd.exe [2006.08.07 17:03:20 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\GDExt712.dll [2006.03.11 17:58:08 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006.03.11 17:50:44 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE [2006.03.11 17:47:39 | 000,000,452 | ---- | C] () -- C:\WINDOWS\wininit.ini [2006.03.11 17:46:23 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2006.03.11 17:43:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006.03.11 17:40:08 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare [2006.03.11 17:16:00 | 000,000,200 | ---- | C] () -- C:\WINDOWS\System32\dlbcplc.ini [2006.03.11 17:15:58 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbcvs.dll [2006.03.11 17:15:58 | 000,000,373 | ---- | C] () -- C:\WINDOWS\System32\dlbccoin.ini [2006.03.11 17:15:40 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe [2006.03.11 17:15:34 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll [2006.03.11 17:15:22 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll [2006.03.11 17:15:22 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE [2006.03.11 17:15:18 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll [2006.03.11 17:15:12 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2005.08.16 11:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2005.08.16 11:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2005.08.16 11:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2005.08.16 11:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2005.08.16 11:27:59 | 003,610,592 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2005.08.16 11:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2005.08.16 11:18:33 | 000,457,672 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2005.08.16 11:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2005.08.16 11:18:33 | 000,077,218 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2005.08.16 11:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2005.08.16 11:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2005.08.16 11:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2005.08.16 11:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2005.08.16 11:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2005.08.16 11:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2005.08.16 11:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2005.08.16 11:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2005.08.05 21:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2005.05.12 13:25:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2002.03.19 16:30:00 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\PowerCalc.exe [2002.03.04 15:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll ========== LOP Check ========== [2011.08.18 19:17:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis [2008.08.27 23:31:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software [2007.10.02 02:01:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eday2day02 [2010.08.08 11:44:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\farstone [2010.03.10 20:18:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fluxDVD [2007.12.09 13:46:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor [2010.03.10 20:18:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mpDRM [2011.06.06 10:03:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr [2010.09.15 15:09:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe [2007.04.09 01:18:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft [2011.03.03 22:58:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft [2010.02.13 11:04:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software [2011.07.06 08:44:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone [2011.01.30 20:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk [2010.02.13 11:00:51 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357} [2011.08.18 19:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\Acronis [2010.12.23 20:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\Amazon [2010.10.03 09:22:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\BOM [2007.04.13 15:50:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\Bytemobile [2010.10.16 15:35:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2007.09.29 19:21:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\Cuttermaran [2011.01.30 21:37:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\DVDFab [2007.10.29 00:45:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\Eday2day02 [2010.08.08 10:27:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\FarStone [2007.05.26 00:10:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\Leadertech [2009.02.18 03:43:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\Learn2.com [2011.03.03 19:09:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\PCDr [2007.04.09 01:39:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\ScanSoft [2011.08.17 21:55:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\SystemRequirementsLab [2011.02.11 10:25:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\TeamViewer [2010.02.13 11:05:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\TuneUp Software [2011.07.06 08:36:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\Vodafone [2011.07.06 08:45:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\Vodafone Mobile Broadband [2011.11.20 20:22:24 | 000,000,564 | ---- | M] () -- C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job ========== Purity Check ========== < End of report > Geändert von Larusso (26.11.2011 um 23:36 Uhr) |
|
26.11.2011, 23:39
| #4 |
| /// Selecta Jahrusso | PUP.FunWebProducts und Adware.MyWebSearch beseitigen Noch Probleme ?
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
26.11.2011, 23:44
| #5 |
| | PUP.FunWebProducts und Adware.MyWebSearch beseitigen Im Moment nicht. Ich werde es beobachten. Gruß Martin |
|
26.11.2011, 23:45
| #6 |
| /// Selecta Jahrusso | PUP.FunWebProducts und Adware.MyWebSearch beseitigen Starte bitte OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ --> PUP.FunWebProducts und Adware.MyWebSearch beseitigen |
|
26.11.2011, 23:52
| #7 |
| | PUP.FunWebProducts und Adware.MyWebSearch beseitigen Ok, mache ich - aber nicht mehr heute Nacht. Sieht nach etwas Arbeit aus. Vielen Dank für Deine Tips. Ich hoffe, ich fange mir nicht gleich wieder was ein...  Gruß Martin |
|
27.11.2011, 00:04
| #8 |
| /// Selecta Jahrusso | PUP.FunWebProducts und Adware.MyWebSearch beseitigen Ich behalte das Thema noch 2-3 Tage in meinen Abos, falls doch noch Fragen auftreten 
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
28.11.2011, 06:40
| #9 |
| | PUP.FunWebProducts und Adware.MyWebSearch beseitigen Guten Morgen Daniel, ich bin immer noch dabei,alles etsprechend umzusetzen. Leider habe ich ein Problem mit Secunia. Es wird als tray icon angezeigt, zeigt auch den Status. Aber wenn ich es öffnen will, geht das Fenster immer gleich wieder zu, ohne dass etwas angezeigt wird. Hast Du vielleicht eine Idee, was falsch läuft? Danke und Gruß Martin |
|
28.11.2011, 15:47
| #10 |
| /// Selecta Jahrusso | PUP.FunWebProducts und Adware.MyWebSearch beseitigen Neu Installation von Secunia könnte helfen
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
01.12.2011, 16:44
| #11 |
| /// Selecta Jahrusso | PUP.FunWebProducts und Adware.MyWebSearch beseitigen Froh das wir helfen konnten  Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
| Themen zu PUP.FunWebProducts und Adware.MyWebSearch beseitigen |
| adware.mywebsearch, beseitigen, brauche, c:\windows\system32\rundll32.exe, defogger, eset, fontcache, gefunde, geholfen, gestartet, gmer, hallo zusammen, hoffe, laptop, malwarebytes, microsoft office word, plug-in, posts, pup.funwebproducts, required, security update, seuche, super, version=1.0, vodafone, win32k.sys, zusammen |
Linear-Darstellung
