| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: PUP.FunWebProducts und Adware.MyWebSearch beseitigenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
26.11.2011, 21:41
| #1 |
 |  PUP.FunWebProducts und Adware.MyWebSearch beseitigen Hallo Zusammen, cosinus - Arne hat mir super geholfen, meinen Laptop zu entseuchen. Nun habe ich den meiner Frau gecheckt. Und wieder was gefunden... Ich brauche also nochmal Eure Hilfe. Ich habe wieder mit Defogger gestartet, dann OTL und GMER gemacht. Habe auch gleich Malwarebytes Vollscan und Eset gemacht, so wie beim letzten Mal... Ich hoffe es hilft. Anbei die Posts:OTL Logfile: Code:
ATTFilter OTL logfile created on: 26.11.2011 21:06:47 - Run 3 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Martin\My Documents\trojaner-board Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 58,54% Memory free 3,33 Gb Paging File | 2,70 Gb Available in Paging File | 81,20% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 663,25 Gb Total Space | 577,55 Gb Free Space | 87,08% Space Free | Partition Type: NTFS Drive F: | 30,71 Gb Total Space | 30,64 Gb Free Space | 99,79% Space Free | Partition Type: NTFS Computer Name: MARTINS-DELL | User Name: Martin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.11.25 21:11:38 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Martin\My Documents\trojaner-board\OTL.exe PRC - [2011.11.10 08:45:10 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Internet\Mozilla Firefox\firefox.exe PRC - [2011.09.21 10:26:30 | 015,759,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE PRC - [2011.08.24 20:18:44 | 000,129,304 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe PRC - [2011.06.22 10:17:08 | 000,846,056 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe PRC - [2011.04.19 15:12:22 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe PRC - [2010.06.19 05:26:13 | 000,604,488 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TUProgSt.exe PRC - [2010.04.02 15:19:36 | 000,091,456 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe PRC - [2010.04.02 15:19:32 | 000,279,360 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe PRC - [2009.12.06 09:33:41 | 000,207,360 | ---- | M] (AVM Berlin) -- C:\Documents and Settings\Martin\Local Settings\Apps\2.0\C9EHGLLQ.C4N\ALC2LRRR.CLG\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\fritzbox-usb-fernanschluss.exe PRC - [2009.11.16 13:00:54 | 000,163,144 | ---- | M] (TuneUp Software GmbH) -- C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe PRC - [2008.12.20 12:50:34 | 002,656,528 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe PRC - [2008.12.20 12:46:58 | 000,558,864 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe PRC - [2008.12.17 02:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe PRC - [2008.07.21 21:54:34 | 000,169,312 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe PRC - [2008.07.21 21:53:04 | 000,193,888 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Maxtor\Sync\SyncServices.exe PRC - [2008.04.14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006.11.13 18:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\ActiveSync\wcescomm.exe PRC - [2006.11.13 18:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\ActiveSync\rapimgr.exe PRC - [2005.11.17 04:35:16 | 000,397,312 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe ========== Modules (No Company Name) ========== MOD - [2011.11.10 08:45:08 | 001,989,592 | ---- | M] () -- C:\Program Files\Internet\Mozilla Firefox\mozjs.dll MOD - [2011.10.14 02:16:15 | 000,089,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Inter#\e4ecfb1a3e829096c44c540ce05a02b6\Vodafone.Base.Internals.ni.dll MOD - [2011.10.14 02:16:15 | 000,019,968 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Facto#\a12c3f3477aae3dfd7bfb61d75e0c5c7\Vodafone.Base.Factory.ni.dll MOD - [2011.10.14 02:16:05 | 000,080,384 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.SmsProfile#\10951a1e27cab7664bf4b602fdcf3903\Vodafone.SmsProfileManager.ni.dll MOD - [2011.10.14 02:16:05 | 000,056,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.SettingsMa#\18e3ac2ead3b694e53768e163ac90e06\Vodafone.SettingsManager.ni.dll MOD - [2011.10.14 02:16:04 | 000,327,168 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.DataAccess#\972b82c5ef1f7a4326db2221b86e7334\Vodafone.DataAccessor.ni.dll MOD - [2011.10.14 02:16:03 | 000,074,240 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.NtServiceM#\21f6c34c32d7bfaef7bde711fbae6cf1\Vodafone.NtServiceMessaging.ni.dll MOD - [2011.10.14 02:16:02 | 002,002,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\MobileBroadbandReso#\84416f6d8785323ced68168e300ef24e\MobileBroadbandResources.ni.dll MOD - [2011.10.14 02:16:01 | 000,321,024 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Win32\0171b99272bbf05b8aa4fa0579d8e2e3\Vodafone.Base.Win32.ni.dll MOD - [2011.10.14 02:16:01 | 000,181,248 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.Common\a2ae04e3ccc0f4da0c8c32300e8710e4\Vodafone.Common.ni.dll MOD - [2011.10.14 02:16:00 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll MOD - [2011.10.14 02:15:40 | 000,019,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.MobileBroa#\6f65a852f367748d2d1f12acc67b0c71\Vodafone.MobileBroadband.CallbackHandler.ni.dll MOD - [2011.10.14 02:15:36 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll MOD - [2011.10.14 02:15:35 | 000,158,208 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Contr#\afe812e99282bac2e3b8b5016ef0e2b1\Vodafone.Base.Contracts.ni.dll MOD - [2011.10.14 02:15:34 | 000,673,280 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.Data\0c93ac096f16afd41c31254cab43f3e7\Vodafone.Data.ni.dll MOD - [2011.10.14 02:15:33 | 001,368,064 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.Platform\84fdff774b00359bca0374d1bd162472\Vodafone.Platform.ni.dll MOD - [2011.10.14 02:15:31 | 000,094,720 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.LogEngine\d9f26a4527ccbaad91d7f9e60aff06ae\Vodafone.LogEngine.ni.dll MOD - [2011.10.14 02:15:30 | 001,801,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\cc5ac99e8af2738e85cda5525fdd944f\System.Deployment.ni.dll MOD - [2011.10.14 02:15:24 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll MOD - [2011.10.14 02:13:02 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll MOD - [2011.10.14 02:12:56 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll MOD - [2011.10.14 02:12:41 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll MOD - [2011.10.14 02:12:07 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\23c5852ff8ed973ff9b63ce9ba7f91f0\PresentationFramework.Royale.ni.dll MOD - [2011.10.14 02:12:00 | 014,328,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\054488924fcc579cce9fa0209dafe28b\PresentationFramework.ni.dll MOD - [2011.10.14 02:11:33 | 012,215,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\b2f0318713eca304eaa9d86fc17edb96\PresentationCore.ni.dll MOD - [2011.10.14 02:11:15 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\1adc4ae51a5ac63e896a1402749ca495\WindowsBase.ni.dll MOD - [2011.10.14 02:11:02 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll MOD - [2011.10.14 02:10:51 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll MOD - [2011.08.24 20:17:56 | 000,057,344 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_36.dll MOD - [2011.08.24 20:17:56 | 000,049,152 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_36.dll MOD - [2011.03.15 06:13:46 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2011.02.04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll MOD - [2010.09.22 20:12:20 | 000,016,832 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\ViewerPS.dll MOD - [2010.04.02 15:19:36 | 000,091,456 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe MOD - [2010.02.28 02:55:42 | 001,040,736 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll MOD - [2010.02.05 19:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll MOD - [2009.12.06 09:33:32 | 000,368,640 | ---- | M] () -- C:\Documents and Settings\Martin\Local Settings\Apps\2.0\C9EHGLLQ.C4N\ALC2LRRR.CLG\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\managedupnp.dll MOD - [2009.02.27 16:41:26 | 000,311,296 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.DEU MOD - [2008.12.20 12:50:34 | 002,656,528 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe MOD - [2008.12.20 12:46:58 | 000,558,864 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe MOD - [2008.04.14 01:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2008.04.14 01:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll MOD - [2005.12.19 22:08:30 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll MOD - [2003.07.30 02:27:40 | 000,078,336 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\DLBCPP5C.DLL MOD - [2002.11.26 19:43:18 | 000,106,496 | ---- | M] () -- C:\WINDOWS\system32\BrMuSNMP.dll ========== Win32 Services (SafeList) ========== SRV - [2011.08.24 20:17:56 | 000,200,632 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe -- (Amsp) SRV - [2011.06.22 10:17:08 | 000,846,056 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2011.06.12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2011.04.19 15:12:22 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService) SRV - [2010.06.19 05:26:13 | 000,604,488 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc) SRV - [2010.06.19 05:26:09 | 000,361,288 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2010.04.02 15:19:36 | 000,091,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service) SRV - [2009.11.16 12:25:48 | 000,029,000 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp) SRV - [2008.12.17 02:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2008.07.21 21:53:04 | 000,193,888 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service) SRV - [2007.03.07 20:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService) ========== Driver Services (SafeList) ========== DRV - [2011.08.24 20:18:04 | 000,205,072 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm) DRV - [2011.08.24 20:18:04 | 000,171,280 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tmnciesc.sys -- (tmnciesc) DRV - [2011.08.24 20:18:04 | 000,092,432 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi) DRV - [2011.08.24 20:18:04 | 000,084,752 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmeext.sys -- (tmeext) DRV - [2011.08.24 20:18:04 | 000,081,168 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon) DRV - [2011.08.24 20:18:04 | 000,068,368 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr) DRV - [2011.08.18 18:00:36 | 000,601,408 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter) DRV - [2011.08.18 18:00:26 | 000,125,472 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vididr.sys -- (vididr) DRV - [2011.08.18 18:00:22 | 000,083,392 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vsflt53.sys -- (vidsflt53) Acronis Disk Storage Filter (53) DRV - [2011.08.18 18:00:07 | 000,169,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman) DRV - [2011.04.18 14:43:36 | 000,114,688 | R--- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys -- (ZTEusbnet) DRV - [2011.04.18 14:43:36 | 000,105,856 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zteusbvoice.sys -- (ZTEusbvoice) DRV - [2011.04.18 14:43:36 | 000,105,856 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2011.04.18 14:43:36 | 000,105,856 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2011.04.18 14:43:36 | 000,105,856 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2011.04.18 14:43:36 | 000,009,216 | R--- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter) DRV - [2011.04.18 14:43:26 | 000,072,832 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV - [2010.09.01 13:33:12 | 000,080,000 | ---- | M] (Vodafone) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vodafone_K3805-z_dc_enum.sys -- (vodafone_K3805-z_dc_enum) DRV - [2010.07.20 17:59:06 | 000,044,928 | ---- | M] (Fengtao Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dvdfab.sys -- (dvdfab) DRV - [2010.03.11 08:36:26 | 000,024,192 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\tcpipBM.sys -- (tcpipBM) DRV - [2010.03.11 08:36:24 | 000,013,184 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\BMLoad.sys -- (BMLoad) DRV - [2010.03.10 16:25:58 | 000,020,968 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz133_x32.sys -- (cpuz133) DRV - [2009.12.18 10:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv) DRV - [2009.12.06 09:33:32 | 000,101,248 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avmaura.sys -- (avmaura) DRV - [2009.11.18 20:41:08 | 000,024,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NinjaUSB.sys -- (NinjaUSB) DRV - [2009.10.27 11:02:14 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem) DRV - [2008.12.17 07:02:06 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService) DRV - [2008.12.17 07:01:42 | 006,364,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) QuickCam Pro for Notebooks(UVC) DRV - [2008.12.17 07:01:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2008.12.17 07:00:12 | 000,768,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS) DRV - [2008.12.17 02:58:54 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2007.11.02 20:51:28 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motswch.sys -- (MotoSwitchService) DRV - [2007.10.12 02:59:12 | 001,920,920 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt) DRV - [2007.07.23 10:34:12 | 000,069,776 | ---- | M] (FarStone Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fvxscsi.sys -- (FVXSCSI) DRV - [2007.05.03 18:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD) DRV - [2007.03.02 12:48:42 | 000,017,840 | ---- | M] (FarStone Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fcdabus.sys -- (fcdabus) DRV - [2007.02.25 17:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv) DRV - [2006.10.05 21:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct) DRV - [2005.11.17 04:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2005.11.03 02:24:34 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2005.10.14 22:40:18 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2005.10.14 22:40:18 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2005.10.14 22:40:18 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2005.08.12 23:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV) DRV - [2005.08.05 23:32:16 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2005.07.22 10:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV) DRV - [2005.07.22 10:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL) DRV - [2005.07.22 10:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2004.02.13 23:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci) DRV - [2002.08.07 15:00:10 | 000,083,360 | ---- | M] (Generic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\stlth317.sys -- (Stlth317) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = hxxp://www.google.com/ig/dell?hl=en&client=dell IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ask.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (MyWebSearch.com) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.ask.com" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}:0.9.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPWMDRMWrapper: C:\Program Files\Videoload Manager\NPWMDRMWrapper.dll ( ) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files\Common Files\mpDRM\NPMPDRM.dll ( ) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\ff-bmboc@bytemobile.com: C:\Program Files\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon\ [2011.07.06 07:44:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1086\7.0.1086\firefoxextension [2011.10.25 11:50:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ [2011.10.25 11:50:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2011.09.10 12:24:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Internet\Mozilla Firefox\components [2011.11.10 08:45:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Internet\Mozilla Firefox\plugins [2011.06.16 21:08:27 | 000,000,000 | ---D | M] [2008.08.28 12:34:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Martin\Application Data\Mozilla\Extensions [2011.10.16 06:26:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\7fe24t93.default\extensions [2010.07.10 22:53:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\7fe24t93.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} () (No name found) -- C:\DOCUMENTS AND SETTINGS\MARTIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7FE24T93.DEFAULT\EXTENSIONS\{6D96BB5E-1175-4EBF-8AB5-5F56F1C79F65}.XPI () (No name found) -- C:\DOCUMENTS AND SETTINGS\MARTIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7FE24T93.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\DOCUMENTS AND SETTINGS\MARTIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7FE24T93.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI O1 HOSTS File: ([2004.08.10 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (MyWebSearch.com) O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1072\TmIEPlg.dll (Trend Micro Inc.) O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.) O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found. O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.0.1086\7.0.1086\TmBpIe32.dll (Trend Micro Inc.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll (Google) O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe () O4 - HKLM..\Run: [mxomssmenu] C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.) O4 - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.) O4 - HKCU..\Run: [AVMUSBRemoteConnection] C:\Documents and Settings\Martin\Local Settings\Apps\2.0\C9EHGLLQ.C4N\ALC2LRRR.CLG\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\AVMAutoStart.exe (AVM Berlin) O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft Office\ActiveSync\wcescomm.exe (Microsoft Corporation) O4 - HKCU..\Run: [TuneUp MemOptimizer] C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe (TuneUp Software GmbH) O4 - HKLM..\RunOnceEx: [] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An OneNote s&enden - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft Office\ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft Office\ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} hxxp://www.creative.com/su/ocx/15026/CTSUEng.cab (Creative Software AutoUpdate) O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner) O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class) O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate) O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} hxxp://www.kodakgallery.de/downloads/BUM/BUM_WIN_IE_2/axofupld.cab (Kodak Gallery Easy Upload Manager Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{22584E28-E4A5-486D-B1A5-3F42A6176450}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax () O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax () O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.0.1086\7.0.1086\TmBpIe32.dll (Trend Micro Inc.) O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1072\TmIEPlg.dll (Trend Micro Inc.) O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.) O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\WgaLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found O24 - Desktop WallPaper: C:\Documents and Settings\Martin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Dell.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005.08.16 11:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\##fritz.box#Maxtor-OneTouch-01\Shell - "" = AutoRun O33 - MountPoints2\##fritz.box#Maxtor-OneTouch-01\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\##fritz.box#Maxtor-OneTouch-01\Shell\AutoRun\command - "" = .\Encryption Tool\MaxtorEncryption.exe O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe O33 - MountPoints2\{7cb2e07a-cb02-11df-94cc-0015c50001a0}\Shell\AutoRun\command - "" = F1\X1\trx.exe O33 - MountPoints2\{7cb2e07a-cb02-11df-94cc-0015c50001a0}\Shell\open\command - "" = F1\X1\trx.exe O33 - MountPoints2\{b837b4e3-a7a3-11e0-951a-0015c50001a0}\Shell - "" = AutoRun O33 - MountPoints2\{b837b4e3-a7a3-11e0-951a-0015c50001a0}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{b837b4e3-a7a3-11e0-951a-0015c50001a0}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML) ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904) ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4F00D11B-8327-4C55-B7DA-B8D8C10F28A8} - Microsoft .NET Framework 1.0 Hotfix (KB2572066) ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494) ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295) ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3 ActiveX: {EFCE7BE0-510E-4932-9475-F44CD90DE16A} - Microsoft .NET Framework 1.1 Security Update (KB2572067) ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software) NetSvcs: WmdmPmSp - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.11.26 10:12:31 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2011.11.26 06:52:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin\Application Data\Malwarebytes [2011.11.26 06:51:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.11.26 06:51:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2011.11.26 06:51:39 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011.11.26 06:51:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.11.25 21:28:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin\My Documents\trojaner-board [10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.11.26 21:00:01 | 000,000,502 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job [2011.11.26 20:46:14 | 000,001,098 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011.11.26 12:08:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs [2011.11.26 08:44:51 | 009,699,328 | ---- | M] () -- C:\Documents and Settings\Martin\NTUSER.DAT [2011.11.26 08:21:28 | 000,001,094 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011.11.26 08:21:24 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2011.11.26 08:21:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.11.26 08:21:14 | 2137,456,640 | -HS- | M] () -- C:\hiberfil.sys [2011.11.26 08:21:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad [2011.11.26 08:20:35 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Martin\ntuser.ini [2011.11.26 06:51:45 | 000,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011.11.25 21:10:53 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Martin\defogger_reenable [2011.11.20 20:22:24 | 000,000,564 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job [2011.11.15 08:08:33 | 000,544,700 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2011.11.15 08:08:33 | 000,457,672 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011.11.15 08:08:33 | 000,077,218 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011.11.10 07:50:41 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011.11.07 13:10:04 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Martin\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk [10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.11.26 06:51:45 | 000,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011.11.25 21:10:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Martin\defogger_reenable [2011.08.30 20:39:37 | 006,525,994 | -H-- | C] () -- C:\Documents and Settings\Martin\Local Settings\Application Data\IconCache.db [2011.08.30 20:34:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\dvdcreator.INI [2011.08.24 20:21:23 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\SupportTool.exe.bat [2011.04.18 14:39:56 | 000,226,364 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceManager.xml.rc4 [2010.10.02 20:10:32 | 000,015,873 | ---- | C] () -- C:\WINDOWS\System32\Inetde.dll [2010.09.16 21:27:54 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini [2010.08.08 10:22:43 | 000,014,496 | ---- | C] () -- C:\WINDOWS\System32\VDI08X.dat [2010.08.08 09:39:48 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\DVC.dll [2010.06.24 10:09:16 | 002,393,200 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2009.12.06 09:36:35 | 000,000,438 | ---- | C] () -- C:\WINDOWS\dellstat.ini [2009.11.18 20:41:08 | 000,024,704 | ---- | C] () -- C:\WINDOWS\System32\drivers\NinjaUSB.sys [2009.10.12 05:04:04 | 000,004,876 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2009.04.04 06:47:12 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2009.03.28 20:47:14 | 000,081,110 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2009.01.18 00:37:06 | 000,038,457 | ---- | C] () -- C:\Documents and Settings\Martin\Application Data\Microsoft Excel.ADR [2009.01.05 05:22:41 | 000,000,619 | ---- | C] () -- C:\WINDOWS\SIERRA.INI [2008.12.17 02:58:54 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys [2008.12.17 02:50:56 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLgFT.dll [2008.04.03 02:16:41 | 000,000,099 | ---- | C] () -- C:\WINDOWS\Quicken.ini [2007.07.28 21:50:17 | 000,284,160 | ---- | C] () -- C:\WINDOWS\unin0407.exe [2007.06.04 02:01:15 | 000,000,918 | ---- | C] () -- C:\WINDOWS\cPVAS.INI [2007.04.09 01:24:26 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\BD7820N.dat [2007.04.09 01:23:59 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL [2007.04.09 01:23:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat [2007.04.09 01:19:14 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini [2007.03.17 08:01:03 | 000,000,227 | ---- | C] () -- C:\WINDOWS\system.ini [2007.03.11 16:56:30 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Martin\Application Data\$_hpcst$.hpc [2007.03.11 00:30:40 | 000,000,055 | ---- | C] () -- C:\WINDOWS\brmx2001.ini [2007.03.11 00:30:40 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini [2007.03.03 13:33:53 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\Martin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.03.03 05:34:19 | 000,081,272 | ---- | C] () -- C:\Documents and Settings\Martin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2007.03.03 05:33:55 | 000,006,580 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2007.03.03 05:33:55 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\7EF6AC01EC.sys [2007.03.02 12:48:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\OpenExplor.exe [2007.03.02 03:47:28 | 000,003,069 | ---- | C] () -- C:\WINDOWS\mozver.dat [2007.03.02 03:08:10 | 000,001,158 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini [2007.03.02 03:08:10 | 000,000,825 | ---- | C] () -- C:\WINDOWS\brwmark.ini [2007.03.02 03:08:10 | 000,000,152 | ---- | C] () -- C:\WINDOWS\brpcfx.ini [2007.03.02 03:08:10 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2007.03.02 03:07:39 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll [2007.02.28 20:05:59 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2007.02.28 17:41:46 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Martin\Local Settings\Application Data\fusioncache.dat [2006.09.18 13:20:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\VDExt800.dll [2006.09.18 13:20:58 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\VDExt712.dll [2006.09.18 13:20:50 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\GDExt800.dll [2006.09.15 12:55:04 | 000,016,384 | ---- | C] () -- C:\WINDOWS\FSRunCmd.exe [2006.08.07 17:03:20 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\GDExt712.dll [2006.03.11 17:58:08 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006.03.11 17:50:44 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE [2006.03.11 17:47:39 | 000,000,452 | ---- | C] () -- C:\WINDOWS\wininit.ini [2006.03.11 17:46:23 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2006.03.11 17:43:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006.03.11 17:40:08 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare [2006.03.11 17:16:00 | 000,000,200 | ---- | C] () -- C:\WINDOWS\System32\dlbcplc.ini [2006.03.11 17:15:58 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbcvs.dll [2006.03.11 17:15:58 | 000,000,373 | ---- | C] () -- C:\WINDOWS\System32\dlbccoin.ini [2006.03.11 17:15:40 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe [2006.03.11 17:15:34 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll [2006.03.11 17:15:22 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll [2006.03.11 17:15:22 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE [2006.03.11 17:15:18 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll [2006.03.11 17:15:12 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2005.08.16 11:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2005.08.16 11:43:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\control.ini [2005.08.16 11:40:59 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest [2005.08.16 11:40:51 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest [2005.08.16 11:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2005.08.16 11:38:33 | 000,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini [2005.08.16 11:38:33 | 000,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini [2005.08.16 11:37:25 | 000,013,223 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini [2005.08.16 11:37:25 | 000,001,931 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini [2005.08.16 11:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2005.08.16 11:33:39 | 000,544,700 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2005.08.16 11:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2005.08.16 11:27:59 | 003,610,592 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2005.08.16 11:19:02 | 000,498,742 | ---- | C] () -- C:\WINDOWS\System32\dxmasf.dll [2005.08.16 11:19:02 | 000,004,126 | ---- | C] () -- C:\WINDOWS\System32\msdxmlc.dll [2005.08.16 11:18:50 | 000,069,886 | ---- | C] () -- C:\WINDOWS\System32\edit.com [2005.08.16 11:18:44 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll [2005.08.16 11:18:43 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\vwipxspx.exe [2005.08.16 11:18:43 | 000,000,603 | ---- | C] () -- C:\WINDOWS\win.ini [2005.08.16 11:18:41 | 000,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini [2005.08.16 11:18:41 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll [2005.08.16 11:18:36 | 000,011,753 | ---- | C] () -- C:\WINDOWS\System32\setver.exe [2005.08.16 11:18:36 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\share.exe [2005.08.16 11:18:35 | 000,291,840 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll [2005.08.16 11:18:35 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\scriptpw.dll [2005.08.16 11:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2005.08.16 11:18:34 | 000,012,082 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini [2005.08.16 11:18:34 | 000,003,338 | ---- | C] () -- C:\WINDOWS\System32\redir.exe [2005.08.16 11:18:33 | 001,291,776 | ---- | C] () -- C:\WINDOWS\System32\quartz.dll [2005.08.16 11:18:33 | 000,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll [2005.08.16 11:18:33 | 000,562,176 | ---- | C] () -- C:\WINDOWS\System32\qedit.dll [2005.08.16 11:18:33 | 000,457,672 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2005.08.16 11:18:33 | 000,386,048 | ---- | C] () -- C:\WINDOWS\System32\qdvd.dll [2005.08.16 11:18:33 | 000,279,040 | ---- | C] () -- C:\WINDOWS\System32\qdv.dll [2005.08.16 11:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2005.08.16 11:18:33 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\qcap.dll [2005.08.16 11:18:33 | 000,077,218 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2005.08.16 11:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2005.08.16 11:18:33 | 000,006,877 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini [2005.08.16 11:18:33 | 000,003,458 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini [2005.08.16 11:18:33 | 000,002,891 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini [2005.08.16 11:18:33 | 000,002,732 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini [2005.08.16 11:18:33 | 000,001,152 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini [2005.08.16 11:18:33 | 000,000,343 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini [2005.08.16 11:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2005.08.16 11:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2005.08.16 11:18:30 | 000,003,252 | ---- | C] () -- C:\WINDOWS\System32\nw16.exe [2005.08.16 11:18:29 | 000,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys [2005.08.16 11:18:29 | 000,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys [2005.08.16 11:18:29 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys [2005.08.16 11:18:29 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys [2005.08.16 11:18:29 | 000,033,840 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys [2005.08.16 11:18:29 | 000,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys [2005.08.16 11:18:29 | 000,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys [2005.08.16 11:18:29 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys [2005.08.16 11:18:29 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys [2005.08.16 11:18:29 | 000,027,866 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys [2005.08.16 11:18:28 | 000,007,052 | ---- | C] () -- C:\WINDOWS\System32\nlsfunc.exe [2005.08.16 11:18:28 | 000,002,656 | ---- | C] () -- C:\WINDOWS\System32\netware.drv [2005.08.16 11:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2005.08.16 11:18:25 | 000,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll [2005.08.16 11:18:25 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll [2005.08.16 11:18:25 | 000,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini [2005.08.16 11:18:25 | 000,000,817 | ---- | C] () -- C:\WINDOWS\System32\mscdexnt.exe [2005.08.16 11:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2005.08.16 11:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2005.08.16 11:18:23 | 000,010,110 | ---- | C] () -- C:\WINDOWS\System32\mqperf.ini [2005.08.16 11:18:22 | 000,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys [2005.08.16 11:18:22 | 000,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys [2005.08.16 11:18:22 | 000,039,274 | ---- | C] () -- C:\WINDOWS\System32\mem.exe [2005.08.16 11:18:22 | 000,035,328 | ---- | C] () -- C:\WINDOWS\System32\mciqtz32.dll [2005.08.16 11:18:22 | 000,001,131 | ---- | C] () -- C:\WINDOWS\System32\loadfix.com [2005.08.16 11:18:20 | 000,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll [2005.08.16 11:18:20 | 000,014,710 | ---- | C] () -- C:\WINDOWS\System32\kb16.com [2005.08.16 11:18:19 | 000,004,768 | ---- | C] () -- C:\WINDOWS\System32\himem.sys [2005.08.16 11:18:18 | 000,019,694 | ---- | C] () -- C:\WINDOWS\System32\graphics.com [2005.08.16 11:18:17 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\fastopen.exe [2005.08.16 11:18:16 | 001,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini [2005.08.16 11:18:16 | 000,456,192 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll [2005.08.16 11:18:16 | 000,012,642 | ---- | C] () -- C:\WINDOWS\System32\edlin.exe [2005.08.16 11:18:16 | 000,008,424 | ---- | C] () -- C:\WINDOWS\System32\exe2bin.exe [2005.08.16 11:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2005.08.16 11:18:08 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum.dll [2005.08.16 11:18:08 | 000,053,840 | ---- | C] () -- C:\WINDOWS\System32\dosx.exe [2005.08.16 11:18:08 | 000,020,634 | ---- | C] () -- C:\WINDOWS\System32\debug.exe [2005.08.16 11:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2005.08.16 11:18:07 | 000,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys [2005.08.16 11:18:05 | 000,252,928 | ---- | C] () -- C:\WINDOWS\System32\compatui.dll [2005.08.16 11:18:05 | 000,050,620 | ---- | C] () -- C:\WINDOWS\System32\command.com [2005.08.16 11:18:04 | 000,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll [2005.08.16 11:18:04 | 000,012,498 | ---- | C] () -- C:\WINDOWS\System32\append.exe [2005.08.16 11:18:03 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll [2005.08.16 11:18:03 | 000,009,029 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys [2005.08.05 21:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2005.05.12 13:25:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2002.03.19 16:30:00 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\PowerCalc.exe [2002.03.04 15:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll [2001.08.18 05:36:42 | 000,055,296 | ---- | C] () -- C:\WINDOWS\System32\dvdplay.exe [2001.08.18 05:36:28 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2007.03.09 04:05:06 | 000,000,000 | ---D | M] -- C:\2579ec4595d0905378ce3436aae6 [2009.05.01 10:48:16 | 000,000,000 | ---D | M] -- C:\a532cce3b92c59136bcc1e7b9dc1 [2011.08.18 19:38:06 | 000,000,000 | RHSD | M] -- C:\acroldr [2007.07.28 22:11:20 | 000,000,000 | ---D | M] -- C:\BlueByte [2007.04.09 01:23:52 | 000,000,000 | ---D | M] -- C:\Brother [2007.03.02 03:38:33 | 000,000,000 | ---D | M] -- C:\CNYSELPHYCP [2011.11.10 08:06:24 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2007.02.28 19:22:15 | 000,000,000 | ---D | M] -- C:\ddf82f6c36ebce02e9af81f67f6e [2010.08.12 14:10:19 | 000,000,000 | ---D | M] -- C:\dell [2007.02.28 17:41:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings [2006.03.11 17:15:58 | 000,000,000 | ---D | M] -- C:\drivers [2010.09.16 21:26:19 | 000,000,000 | ---D | M] -- C:\gs [2007.03.02 03:26:18 | 000,000,000 | ---D | M] -- C:\i386 [2010.08.08 09:17:36 | 000,000,000 | ---D | M] -- C:\MediaphorAG [2011.01.27 20:10:10 | 000,000,000 | RH-D | M] -- C:\MSOCache [2011.11.26 10:12:31 | 000,000,000 | ---D | M] -- C:\Program Files [2007.02.28 17:54:21 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2011.09.16 21:40:13 | 000,000,000 | ---D | M] -- C:\SIERRA [2007.02.28 17:41:27 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.08.16 21:04:37 | 000,000,000 | ---D | M] -- C:\temp [2011.11.26 08:22:22 | 000,000,000 | ---D | M] -- C:\WINDOWS < %PROGRAMFILES%\*.exe > Invalid Environment Variable: LOCALAPPDATA < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > [10 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < MD5 for: EXPLORER.EXE > [2008.04.14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe [2008.04.14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe [2008.04.14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe [2007.06.13 12:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe [2007.06.13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe [2004.08.10 12:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe < MD5 for: REGEDIT.EXE > [2008.04.14 01:12:32 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\regedit.exe [2008.04.14 01:12:32 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\ServicePackFiles\i386\regedit.exe [2008.04.14 01:12:32 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\system32\dllcache\regedit.exe [2004.08.10 12:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=783AFC80383C176B22DBF8333343992D -- C:\i386\REGEDIT.EXE [2004.08.10 12:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=783AFC80383C176B22DBF8333343992D -- C:\WINDOWS\$NtServicePackUninstall$\regedit.exe < MD5 for: USERINIT.EXE > [2004.08.10 12:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\i386\userinit.exe [2004.08.10 12:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe [2008.04.14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe [2008.04.14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2004.08.10 12:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\i386\winlogon.exe [2004.08.10 12:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe [2008.04.14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2011.09.06 14:20:51 | 001,858,944 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-11-12 07:59:40 < End of report > Vielen Dank! Martin Geändert von Larusso (26.11.2011 um 21:49 Uhr) |
| Themen zu PUP.FunWebProducts und Adware.MyWebSearch beseitigen |
| adware.mywebsearch, beseitigen, brauche, c:\windows\system32\rundll32.exe, defogger, eset, fontcache, gefunde, geholfen, gestartet, gmer, hallo zusammen, hoffe, laptop, malwarebytes, microsoft office word, plug-in, posts, pup.funwebproducts, required, security update, seuche, super, version=1.0, vodafone, win32k.sys, zusammen |
Baum-Darstellung