| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Umleitung Ergebnis Googlesuche in IE & FF / XP update wird permanent angebotenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
08.04.2012, 21:00
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Umleitung Ergebnis Googlesuche in IE & FF / XP update wird permanent angeboten Ok, dann lass es mal, ich seh das Ding nur häufiger im Zusammenhang mit dubiosen Stremingseiten, die Haupteinfallstore für Erpresserschädlinge  Für HTML5 braucht man normalerweise kein DivX...der FF kann das von allein! Deinstallier DivX mal und mach wie o.g. ein neues OTL_log
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
08.04.2012, 21:24
| #17 |
 | Umleitung Ergebnis Googlesuche in IE & FF / XP update wird permanent angeboten Danke für die schnelle Antwort.
__________________DivX deinstalliert. Wollte am Ende ein IE-Fenster öffnen, war sehr langsam und es war keine Zieladresse eingetragen. Auch systemsteuerung Software war nicht ansprechbar. Noch zur Info: Autostart DivX-updater wurde auch von mir ausgestellt. OTL mit selben Code wie im obigen Post ausgeführt. Diesmal kam kein extra.txt Log OTL kommt hier. Code:
ATTFilter OTL logfile created on: 08.04.2012 22:13:22 - Run 2 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Dokumente und Einstellungen\userXXX\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,40 Gb Available Physical Memory | 80,07% Memory free 7,34 Gb Paging File | 6,52 Gb Available in Paging File | 88,79% Paging File free Paging file location(s): C:\pagefile.sys 4605 11513 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 100,00 Gb Total Space | 70,44 Gb Free Space | 70,44% Space Free | Partition Type: NTFS Drive E: | 100,00 Gb Total Space | 83,36 Gb Free Space | 83,37% Space Free | Partition Type: NTFS Drive F: | 32,89 Gb Total Space | 32,82 Gb Free Space | 99,81% Space Free | Partition Type: NTFS Computer Name: NAME | User Name: userXXX | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.04.08 20:03:09 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\userXXX\Desktop\OTL.exe PRC - [2012.03.05 14:49:22 | 000,160,840 | ---- | M] (Geek Software GmbH) -- C:\Programme\PDF24\pdf24.exe PRC - [2012.01.31 09:56:34 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.01.31 09:56:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.01.31 09:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.01.31 09:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.01.18 15:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2012.01.04 14:32:36 | 000,718,888 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe PRC - [2012.01.04 14:32:18 | 000,173,096 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe PRC - [2012.01.04 14:32:10 | 000,126,504 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe PRC - [2011.03.02 17:26:12 | 000,264,704 | ---- | M] () -- C:\Programme\GNU\GnuPG\gpg-agent.exe PRC - [2011.03.02 17:20:58 | 000,224,256 | ---- | M] () -- C:\Programme\GNU\GnuPG\dirmngr.exe PRC - [2010.11.16 19:49:42 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) -- C:\Programme\Gemeinsame Dateien\Nuance\dgnsvc.exe PRC - [2010.03.25 21:45:36 | 000,031,144 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe PRC - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE PRC - [2008.07.12 17:13:18 | 000,326,688 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Home Server\WHSConnector.exe PRC - [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (No Company Name) ========== MOD - [2012.01.31 09:56:07 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2012.01.08 15:41:12 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll MOD - [2011.06.06 12:55:32 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2011.03.02 17:26:12 | 000,264,704 | ---- | M] () -- C:\Programme\GNU\GnuPG\gpg-agent.exe MOD - [2011.03.02 17:20:58 | 000,224,256 | ---- | M] () -- C:\Programme\GNU\GnuPG\dirmngr.exe MOD - [2011.03.02 17:17:18 | 000,603,136 | ---- | M] () -- C:\Programme\GNU\GnuPG\libgcrypt-11.dll MOD - [2011.03.02 17:16:20 | 000,208,384 | ---- | M] () -- C:\Programme\GNU\GnuPG\libksba-8.dll MOD - [2011.03.02 17:16:08 | 000,073,216 | ---- | M] () -- C:\Programme\GNU\GnuPG\libassuan-0.dll MOD - [2011.03.02 17:13:52 | 000,048,640 | ---- | M] () -- C:\Programme\GNU\GnuPG\libgpg-error-0.dll MOD - [2011.03.02 17:11:52 | 000,038,400 | ---- | M] () -- C:\Programme\GNU\GnuPG\libw32pth-0.dll MOD - [2008.11.26 12:39:24 | 000,143,360 | ---- | M] () -- C:\WINDOWS\system32\preflib.dll MOD - [2008.09.16 21:18:06 | 000,132,608 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2008.06.09 08:23:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2012.03.30 11:37:21 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.01.31 09:56:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.01.31 09:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.01.04 14:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2011.06.12 12:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2011.03.02 17:20:58 | 000,224,256 | ---- | M] () [Auto | Running] -- C:\Programme\GNU\GnuPG\dirmngr.exe -- (DirMngr) SRV - [2010.11.16 19:49:42 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Nuance\dgnsvc.exe -- (DragonSvc) SRV - [2010.03.25 21:45:36 | 000,031,144 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2008.07.12 17:13:18 | 000,326,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Home Server\WHSConnector.exe -- (WHSConnector) SRV - [2007.07.11 09:33:28 | 000,069,632 | R--- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe -- (stllssvr) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOKUME~1\userXXX\LOKALE~1\Temp\pxriypog.sys -- (pxriypog) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\NABTSFEC.sys -- (NABTSFEC) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOKUME~1\userXXX\LOKALE~1\Temp\mbr.sys -- (mbr) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [File_System | Auto | Stopped] -- System32\Drivers\DRVNDDM.SYS -- (DRVNDDM) DRV - File not found [File_System | Auto | Stopped] -- System32\Drivers\DLAUDFAM.SYS -- (DLAUDFAM) DRV - File not found [File_System | System | Stopped] -- System32\Drivers\DLARTL_M.SYS -- (DLARTL_M) DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\DLACDBHM.SYS -- (DLACDBHM) DRV - File not found [File_System | Auto | Stopped] -- System32\Drivers\DLABMFSM.SYS -- (DLABMFSM) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | Boot | Stopped] -- -- (cerc6) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\userXXX\LOKALE~1\Temp\catchme.sys -- (catchme) DRV - [2012.01.31 09:56:33 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2012.01.31 09:56:33 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.11.01 11:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2011.11.01 11:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2011.11.01 11:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2011.11.01 11:07:24 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - [2011.11.01 11:07:24 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2011.11.01 11:07:24 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc) DRV - [2011.09.16 17:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.07.15 09:44:20 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv) DRV - [2010.07.15 09:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv) DRV - [2009.10.08 17:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.03.30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0103.sys -- (RsFx0103) DRV - [2008.11.26 12:39:24 | 001,391,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.07.12 17:20:14 | 000,046,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BackupReader.sys -- (BackupReader) DRV - [2008.02.14 19:45:00 | 000,105,856 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2007.11.14 18:14:02 | 004,625,408 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007.07.23 15:05:18 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM) DRV - [2007.07.23 15:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M) DRV - [2007.07.23 15:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM) DRV - [2007.07.23 15:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM) DRV - [2007.07.23 15:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM) DRV - [2007.07.23 15:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M) DRV - [2005.08.12 16:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV) DRV - [2005.07.25 10:04:08 | 000,048,640 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1417001333-602609370-682003330-1003\..\SearchScopes,DefaultScope = {7197C51F-1FAB-4A69-8C8D-42EC44BB43A4} IE - HKU\S-1-5-21-1417001333-602609370-682003330-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-1417001333-602609370-682003330-1003\..\SearchScopes\{7197C51F-1FAB-4A69-8C8D-42EC44BB43A4}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-1417001333-602609370-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.76 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.02.08 02:01:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.12.10 14:24:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2011.12.14 14:47:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2011.06.17 09:26:35 | 000,000,000 | ---D | M] [2011.09.24 10:02:11 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\userXXX\Anwendungsdaten\Mozilla\Extensions [2011.09.24 10:02:11 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\userXXX\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.02.25 18:49:40 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\userXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\w4scfdmv.default\extensions [2011.03.28 21:32:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\userXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\w4scfdmv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.02.19 00:25:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.02.19 00:25:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\userXXX\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\W4SCFDMV.DEFAULT\EXTENSIONS\{966762EB-7132-4081-AC70-20D20161AD96}.XPI () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\userXXX\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\W4SCFDMV.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI [2012.02.19 00:25:18 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2012.02.08 02:01:14 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.02.19 00:25:16 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2011.12.22 15:43:21 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.12.22 15:43:21 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2011.12.22 15:43:21 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2011.12.22 15:43:21 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2011.12.22 15:43:21 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2011.12.22 15:43:21 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.04.04 01:10:54 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (BrowserHelper Class) - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Programme\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Programme\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BCSSync] C:\Programme\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [Dell QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.) O4 - HKLM..\Run: [DNS7reminder] C:\Programme\Nuance\NaturallySpeaking11\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKU\S-1-5-21-1417001333-602609370-682003330-1003..\Run: [PC Suite Tray] C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Windows Home Server.lnk = C:\WINDOWS\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe (Microsoft Corporation) O4 - Startup: C:\Dokumente und Einstellungen\userXXX\Startmenü\Programme\Autostart\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1417001333-602609370-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1417001333-602609370-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-1417001333-602609370-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-1417001333-602609370-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.) O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.) O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab (DLM Control) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{31A3F5F1-FE4D-4E83-94EC-A9625D81E4B3}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.02.21 10:58:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpReg: DivXUpdate - hkey= - key= - File not found MsConfig - StartUpReg: NokiaSuite.exe - hkey= - key= - C:\Programme\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) MsConfig - StartUpReg: PC Suite Tray - hkey= - key= - C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) MsConfig - StartUpReg: VoipStunt - hkey= - key= - C:\Programme\VoipStunt.com\VoipStunt\VoipStunt.exe (VoipStunt) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler) Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (hxxp://www.mp3dev.org/) Drivers32: msacm.pspgru - C:\WINDOWS\System32\PSPGRU.acm (Philips Austria GmbH - Speech Processing) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll () Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation) Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll () Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.04.08 20:06:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\nView_Profiles [2012.04.08 20:03:05 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\userXXX\Desktop\OTL.exe [2012.04.08 16:55:17 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2012.04.08 16:54:53 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\userXXX\Desktop\esetsmartinstaller_enu.exe [2012.04.07 02:01:11 | 000,607,260 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\userXXX\Desktop\dds.com [2012.04.04 01:33:10 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2012.04.04 01:04:01 | 000,000,000 | RHSD | C] -- C:\cmdcons [2012.04.04 01:01:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2012.04.04 01:01:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2012.04.04 01:01:58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2012.04.04 01:01:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2012.04.04 01:01:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2012.04.04 01:01:46 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.04.03 23:24:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.04.03 23:24:54 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.04.03 14:50:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\userXXX\Lokale Einstellungen\Anwendungsdaten\PCHealth [2012.04.03 08:07:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2012.04.02 23:16:43 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC [2012.04.02 18:07:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCDr [2012.04.02 18:06:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Dell Support Center [2012.04.02 18:06:34 | 000,000,000 | ---D | C] -- C:\Programme\Dell Support Center [2012.04.02 18:04:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\userXXX\Anwendungsdaten\PCDr [2012.03.30 10:40:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt [2012.03.29 16:40:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\userXXX\Lokale Einstellungen\Anwendungsdaten\Temp [2012.03.29 01:35:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Adobe [2012.03.29 00:55:02 | 000,000,000 | ---D | C] -- C:\found.000 [2012.03.21 23:31:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\userXXX\Lokale Einstellungen\Anwendungsdaten\Wisco [2012.03.21 23:31:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\userXXX\Lokale Einstellungen\Anwendungsdaten\Microsoft_Corporation [2012.03.21 23:31:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\userXXX\Lokale Einstellungen\Anwendungsdaten\assembly [2012.03.21 23:31:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\userXXX\Eigene Dateien\Add-in Express [2012.03.21 11:11:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\userXXX\Anwendungsdaten\Avira [2012.03.21 11:05:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira [2012.03.21 11:05:41 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2012.03.21 11:05:39 | 000,137,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2012.03.21 11:05:39 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2012.03.21 11:05:39 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys [2012.03.21 11:05:36 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2012.03.21 11:05:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\Dokumente und Einstellungen\userXXX\Lokale Einstellungen\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\userXXX\Lokale Einstellungen\Anwendungsdaten\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.04.08 21:37:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.04.08 21:33:20 | 000,002,235 | ---- | M] () -- C:\Dokumente und Einstellungen\userXXX\Desktop\Skype.lnk [2012.04.08 20:06:04 | 000,207,700 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001 [2012.04.08 20:03:09 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\userXXX\Desktop\OTL.exe [2012.04.08 16:55:00 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\userXXX\Desktop\esetsmartinstaller_enu.exe [2012.04.07 02:47:25 | 000,005,685 | ---- | M] () -- C:\Dokumente und Einstellungen\userXXX\Desktop\Logs.zip [2012.04.07 02:10:34 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\userXXX\Desktop\r4t6qr06.exe [2012.04.07 02:01:15 | 000,607,260 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\userXXX\Desktop\dds.com [2012.04.07 02:00:39 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\userXXX\defogger_reenable [2012.04.07 01:58:52 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\userXXX\Desktop\Defogger.exe [2012.04.06 17:01:11 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\userXXX\Startmenü\Programme\Autostart\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2012.04.06 16:55:06 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.04.06 16:49:28 | 000,000,021 | ---- | M] () -- C:\WINDOWS\S.dirmngr [2012.04.06 16:49:27 | 000,183,753 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2012.04.06 16:49:27 | 000,002,275 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Windows Home Server.lnk [2012.04.06 16:49:15 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\VYTKJO.job [2012.04.06 16:49:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.04.06 16:49:11 | 3219,574,784 | -HS- | M] () -- C:\hiberfil.sys [2012.04.06 14:01:22 | 000,611,660 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.04.06 14:01:22 | 000,562,574 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.04.06 14:01:22 | 000,137,180 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.04.06 14:01:22 | 000,109,988 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.04.06 12:48:10 | 002,206,557 | ---- | M] () -- C:\Dokumente und Einstellungen\userXXX\Desktop\download.pdf [2012.04.04 23:27:08 | 002,266,097 | ---- | M] ( ) -- C:\Dokumente und Einstellungen\userXXX\Desktop\setup.exe [2012.04.04 01:10:54 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012.04.04 01:04:05 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2012.04.03 19:42:45 | 000,117,248 | RHS- | M] () -- C:\WINDOWS\System32\winstrm7.dll [2012.04.03 14:47:26 | 000,000,211 | ---- | M] () -- C:\Boot.bak [2012.04.03 14:42:29 | 000,000,165 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf [2012.04.03 14:37:10 | 002,257,848 | ---- | M] () -- C:\Dokumente und Einstellungen\userXXX\Desktop\EzidoesitEnterprise_1_2_121_2010_x86.exe [2012.04.03 09:00:38 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.04.02 23:52:08 | 000,002,515 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Dragon NaturallySpeaking 11.0.lnk [2012.04.02 23:16:37 | 000,391,184 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.04.02 18:07:07 | 000,000,548 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job [2012.04.02 17:57:12 | 000,000,005 | ---- | M] () -- C:\WINDOWS\System32\drivers\DELL_XPS_Vostro1510.MRK [2012.04.02 17:57:12 | 000,000,005 | ---- | M] () -- C:\WINDOWS\System32\drivers\1028_DELL_XPS_Vostro1510.MRK [2012.04.02 17:54:30 | 000,207,700 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat [2012.03.21 11:05:50 | 000,001,671 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk [2012.03.19 22:24:53 | 003,239,638 | ---- | M] () -- C:\Dokumente und Einstellungen\userXXX\Desktop\Anatomy of a Debt Crisis 03-18-2012.pdf [2012.03.18 13:37:01 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI [2012.03.18 12:10:37 | 000,000,279 | ---- | M] () -- C:\Dokumente und Einstellungen\userXXX\Desktop\Verknüpfung mit DATA (E).lnk [2012.03.14 10:16:31 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.03.13 23:37:02 | 000,001,717 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Nokia Suite.lnk [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\Dokumente und Einstellungen\userXXX\Lokale Einstellungen\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\userXXX\Lokale Einstellungen\Anwendungsdaten\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.04.07 02:33:18 | 000,005,685 | ---- | C] () -- C:\Dokumente und Einstellungen\userXXX\Desktop\Logs.zip [2012.04.07 02:10:34 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\userXXX\Desktop\r4t6qr06.exe [2012.04.07 02:00:39 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\userXXX\defogger_reenable [2012.04.07 01:58:52 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\userXXX\Desktop\Defogger.exe [2012.04.06 16:49:28 | 000,000,021 | ---- | C] () -- C:\WINDOWS\S.dirmngr [2012.04.06 12:48:08 | 002,206,557 | ---- | C] () -- C:\Dokumente und Einstellungen\userXXX\Desktop\download.pdf [2012.04.04 23:27:08 | 002,266,097 | ---- | C] ( ) -- C:\Dokumente und Einstellungen\userXXX\Desktop\setup.exe [2012.04.04 01:04:05 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2012.04.04 01:04:02 | 000,262,448 | RHS- | C] () -- C:\cmldr [2012.04.04 01:01:58 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012.04.04 01:01:58 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012.04.04 01:01:58 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012.04.04 01:01:58 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012.04.04 01:01:58 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012.04.03 19:42:45 | 000,117,248 | RHS- | C] () -- C:\WINDOWS\System32\winstrm7.dll [2012.04.03 19:42:45 | 000,000,314 | ---- | C] () -- C:\WINDOWS\tasks\VYTKJO.job [2012.04.03 14:42:29 | 000,000,165 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf [2012.04.03 14:37:10 | 002,257,848 | ---- | C] () -- C:\Dokumente und Einstellungen\userXXX\Desktop\EzidoesitEnterprise_1_2_121_2010_x86.exe [2012.04.02 23:43:38 | 3219,574,784 | -HS- | C] () -- C:\hiberfil.sys [2012.04.02 18:07:06 | 000,000,548 | ---- | C] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job [2012.04.02 17:50:02 | 000,000,005 | ---- | C] () -- C:\WINDOWS\System32\drivers\DELL_XPS_Vostro1510.MRK [2012.04.02 17:50:02 | 000,000,005 | ---- | C] () -- C:\WINDOWS\System32\drivers\1028_DELL_XPS_Vostro1510.MRK [2012.04.02 17:49:47 | 000,000,666 | ---- | C] () -- C:\WINDOWS\speed.reg [2012.03.30 11:19:10 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.03.21 11:05:50 | 000,001,671 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk [2012.03.19 22:24:53 | 003,239,638 | ---- | C] () -- C:\Dokumente und Einstellungen\userXXX\Desktop\Anatomy of a Debt Crisis 03-18-2012.pdf [2012.03.18 12:10:37 | 000,000,279 | ---- | C] () -- C:\Dokumente und Einstellungen\userXXX\Desktop\Verknüpfung mit DATA (E).lnk [2012.02.15 10:10:02 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.09.18 10:59:41 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011.08.20 00:33:05 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2011.08.20 00:33:03 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2011.08.20 00:33:03 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2011.08.20 00:33:02 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2011.06.10 12:14:35 | 000,175,470 | ---- | C] () -- C:\WINDOWS\hphins26.dat [2011.06.10 12:14:35 | 000,000,787 | ---- | C] () -- C:\WINDOWS\hphmdl26.dat [2011.04.18 17:55:24 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2011.04.11 22:19:15 | 000,000,234 | ---- | C] () -- C:\WINDOWS\wininit.ini [2011.03.15 15:47:17 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2011.03.02 20:47:26 | 001,862,568 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2011.02.21 13:33:47 | 000,020,992 | ---- | C] () -- C:\Dokumente und Einstellungen\userXXX\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.02.21 12:20:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2011.02.21 12:07:42 | 002,336,384 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe [2011.02.21 12:07:42 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe [2011.02.21 12:07:42 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll [2011.02.21 12:07:42 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys [2011.02.21 12:07:42 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys [2011.02.21 11:15:46 | 000,207,700 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat [2011.02.21 11:12:16 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2011.02.21 11:08:38 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll [2011.02.21 11:08:38 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll [2011.02.21 11:08:38 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE [2011.02.21 11:06:49 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe [2011.02.21 11:06:48 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2011.02.21 11:06:48 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe [2011.02.21 11:06:48 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2011.02.21 11:06:48 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe [2011.02.21 11:06:48 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe [2011.02.21 11:06:47 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2011.02.21 11:06:45 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2011.02.21 11:00:17 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2011.02.21 10:56:01 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2011.02.21 10:44:29 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2011.02.21 10:43:32 | 000,391,184 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT ========== LOP Check ========== [2011.06.05 16:36:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GNU [2011.07.03 00:41:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations [2012.02.08 11:39:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia [2012.03.13 23:36:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NokiaInstallerCache [2011.05.17 09:28:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nuance [2011.07.03 00:44:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2012.04.02 18:07:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCDr [2011.04.11 22:20:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Uninstall [2011.03.06 12:23:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Windows Home Server [2012.03.23 11:22:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\userXXX\Anwendungsdaten\FileZilla [2011.05.17 09:23:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\userXXX\Anwendungsdaten\GetRightToGo [2012.04.06 17:05:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\userXXX\Anwendungsdaten\gnupg [2012.02.08 11:40:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\userXXX\Anwendungsdaten\Nokia [2011.11.09 22:20:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\userXXX\Anwendungsdaten\Nokia Ovi Suite [2011.05.17 11:13:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\userXXX\Anwendungsdaten\Nuance [2011.07.03 00:44:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\userXXX\Anwendungsdaten\PC Suite [2012.04.02 18:04:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\userXXX\Anwendungsdaten\PCDr [2011.09.24 10:02:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\userXXX\Anwendungsdaten\Thunderbird [2012.03.15 19:09:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\userXXX\Anwendungsdaten\VoipStunt [2012.02.21 02:44:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\userXXX\Anwendungsdaten\Windows Desktop Search [2011.02.21 13:32:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\userXXX\Anwendungsdaten\Windows Home Server [2012.01.30 21:29:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\userXXX\Anwendungsdaten\Windows Live Writer [2012.02.21 13:51:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\userXXX\Anwendungsdaten\Windows Search [2011.08.21 12:37:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Iceventure\Anwendungsdaten\PC Suite [2011.06.05 23:38:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\gnupg [2011.06.05 16:36:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\gnupg [2012.04.02 18:07:07 | 000,000,548 | ---- | M] () -- C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job [2012.04.06 16:49:15 | 000,000,314 | ---- | M] () -- C:\WINDOWS\Tasks\VYTKJO.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.03.29 16:40:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\userXXX\Anwendungsdaten\Adobe [2012.03.21 11:11:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\userXXX\Anwendungsdaten\Avira [2012.04.02 18:07:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\userXXX\Anwendungsdaten\Dell [2011.04.04 00:12:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\userXXX\Anwendungsdaten\DivX [2011.07.30 18:54:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\userXXX\Anwendungsdaten\Download Manager [2012.03.23 11:22:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\userXXX\Anwendungsdaten\FileZilla [2011.05.17 09:34:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\userXXX\Anwendungsdaten\FLEXnet [2011.05.17 09:23:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\userXXX\Anwendungsdaten\GetRightToGo [2012.04.06 17:05:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\userXXX\Anwendungsdaten\gnupg [2011.02.21 11:02:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\userXXX\Anwendungsdaten\Identities [2011.04.11 22:17:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\userXXX\Anwendungsdaten\InstallShield [2011.02.21 13:24:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\userXXX\Anwendungsdaten\Macromedia [2011.07.25 22:40:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\userXXX\Anwendungsdaten\Malwarebytes [2012.04.04 11:41:38 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\userXXX\Anwendungsdaten\Microsoft [2011.02.21 13:05:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\userXXX\Anwendungsdaten\Mozilla [2012.02.08 11:40:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\userXXX\Anwendungsdaten\Nokia [2011.11.09 22:20:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\userXXX\Anwendungsdaten\Nokia Ovi Suite [2011.05.17 11:13:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\userXXX\Anwendungsdaten\Nuance [2011.07.03 00:44:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\userXXX\Anwendungsdaten\PC Suite [2012.04.02 18:04:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\userXXX\Anwendungsdaten\PCDr [2011.04.11 22:41:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\userXXX\Anwendungsdaten\Roxio [2012.04.08 22:12:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\userXXX\Anwendungsdaten\Skype [2012.03.16 17:09:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\userXXX\Anwendungsdaten\skypePM [2011.03.24 01:02:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\userXXX\Anwendungsdaten\Sun [2011.02.21 14:12:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\userXXX\Anwendungsdaten\Talkback [2011.09.24 10:02:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\userXXX\Anwendungsdaten\Thunderbird [2012.03.15 19:09:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\userXXX\Anwendungsdaten\VoipStunt [2012.02.21 02:44:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\userXXX\Anwendungsdaten\Windows Desktop Search [2011.02.21 13:32:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\userXXX\Anwendungsdaten\Windows Home Server [2012.01.30 21:29:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\userXXX\Anwendungsdaten\Windows Live Writer [2012.02.21 13:51:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\userXXX\Anwendungsdaten\Windows Search [2011.02.25 11:38:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\userXXX\Anwendungsdaten\WinRAR < %APPDATA%\*.exe /s > [2011.02.21 11:03:57 | 000,010,134 | R--- | M] () -- C:\Dokumente und Einstellungen\userXXX\Anwendungsdaten\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\ARPPRODUCTICON.exe [2011.02.21 11:03:57 | 000,045,056 | R--- | M] (Macrovision Corporation) -- C:\Dokumente und Einstellungen\userXXX\Anwendungsdaten\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe [2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Dokumente und Einstellungen\userXXX\Anwendungsdaten\PCDr\Update\Rules\73beeb48-dc41-449d-97b8-676affa38a15\au_5899_rules\AddCertificate.exe [2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Dokumente und Einstellungen\userXXX\Anwendungsdaten\PCDr\Update\Rules\bf5d211d-4906-4b54-8f5a-9eee673eb013\au_5899_rules\AddCertificate.exe [2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Dokumente und Einstellungen\userXXX\Anwendungsdaten\PCDr\Update\Rules\dfdfd2cd-9fba-4ba1-83b3-9a37d6ef3aee\au_5899_rules\AddCertificate.exe [2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Dokumente und Einstellungen\userXXX\Anwendungsdaten\PCDr\Update\Rules\f52cdde0-a8f2-4f57-8757-852ca5361a61\au_5899_rules\AddCertificate.exe [2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Dokumente und Einstellungen\userXXX\Anwendungsdaten\PCDr\Update\Rules\fd99fb67-2ac9-4bdb-bb77-bda6a906e5a7\au_5899_rules\AddCertificate.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.04.14 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys < MD5 for: ATAPI.SYS > [2008.04.14 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008.04.14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys [2008.04.14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ERDNT\cache\eventlog.dll [2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\dllcache\eventlog.dll [2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2009.12.20 01:00:00 | 000,037,520 | ---- | M] (perl.org) MD5=2852D57385C4709EAAE2F9DB01AD3672 -- C:\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll < MD5 for: IASTOR.SYS > [2008.01.10 12:47:00 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\DELL\drivers\R179638\iastor.sys [2008.05.08 00:40:02 | 000,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\WINDOWS\Dell\Intel\IaStor.sys [2008.05.08 00:40:02 | 000,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\WINDOWS\system32\drivers\iaStor.sys < MD5 for: NETLOGON.DLL > [2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ERDNT\cache\netlogon.dll [2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\dllcache\netlogon.dll [2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll < MD5 for: NVGTS.SYS > [2008.01.21 20:15:22 | 000,102,400 | ---- | M] (NVIDIA Corporation) MD5=A0B3F3A5049931657164F0FFCF0B208E -- C:\WINDOWS\Dell\NVidia\nvgts.sys < MD5 for: SCECLI.DLL > [2008.04.14 14:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ERDNT\cache\scecli.dll [2008.04.14 14:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\dllcache\scecli.dll [2008.04.14 14:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll < MD5 for: USER32.DLL > [2008.04.14 14:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ERDNT\cache\user32.dll [2008.04.14 14:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\dllcache\user32.dll [2008.04.14 14:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 14:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ERDNT\cache\userinit.exe [2008.04.14 14:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe [2008.04.14 14:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008.04.14 14:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ERDNT\cache\winlogon.exe [2008.04.14 14:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe [2008.04.14 14:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.04.14 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2008.04.14 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2011.02.21 11:42:39 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2011.02.21 11:42:39 | 001,093,632 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2011.02.21 11:42:39 | 000,466,944 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2012.04.03 19:42:45 | 000,117,248 | RHS- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\winstrm7.dll [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < End of report > |
|
08.04.2012, 21:51
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Umleitung Ergebnis Googlesuche in IE & FF / XP update wird permanent angeboten Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
__________________Code:
ATTFilter :OTL
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1417001333-602609370-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1417001333-602609370-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1417001333-602609370-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1417001333-602609370-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.02.21 10:58:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
[2012.03.29 00:55:02 | 000,000,000 | ---D | C] -- C:\found.000
[2012.04.06 16:49:28 | 000,000,021 | ---- | M] () -- C:\WINDOWS\S.dirmngr
[2012.04.06 16:49:15 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\VYTKJO.job
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ |
|
08.04.2012, 22:06
| #19 |
| | Umleitung Ergebnis Googlesuche in IE & FF / XP update wird permanent angeboten Vielen Dank, der Support ist echt super! Auch noch am Ostersonntag!! Alles ausgeführt. Anbei neues Log Code:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1417001333-602609370-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1417001333-602609370-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1417001333-602609370-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1417001333-602609370-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
C:\found.000\dir0061.chk\sgr folder moved successfully.
C:\found.000\dir0061.chk\grm folder moved successfully.
C:\found.000\dir0061.chk\all folder moved successfully.
C:\found.000\dir0061.chk folder moved successfully.
C:\found.000\dir0060.chk folder moved successfully.
C:\found.000\dir0059.chk folder moved successfully.
C:\found.000\dir0058.chk folder moved successfully.
C:\found.000\dir0057.chk folder moved successfully.
C:\found.000\dir0056.chk\Synchronizer\resources folder moved successfully.
C:\found.000\dir0056.chk\Synchronizer\metadata folder moved successfully.
C:\found.000\dir0056.chk\Synchronizer\inprogress folder moved successfully.
C:\found.000\dir0056.chk\Synchronizer folder moved successfully.
C:\found.000\dir0056.chk\Security\CRLCache folder moved successfully.
C:\found.000\dir0056.chk\Security folder moved successfully.
C:\found.000\dir0056.chk\JavaScripts folder moved successfully.
C:\found.000\dir0056.chk\Forms folder moved successfully.
C:\found.000\dir0056.chk\Collab folder moved successfully.
C:\found.000\dir0056.chk folder moved successfully.
C:\found.000\dir0055.chk\10.0 folder moved successfully.
C:\found.000\dir0055.chk folder moved successfully.
C:\found.000\dir0054.chk folder moved successfully.
C:\found.000\dir0053.chk folder moved successfully.
C:\found.000\dir0052.chk folder moved successfully.
C:\found.000\dir0051.chk folder moved successfully.
C:\found.000\dir0050.chk folder moved successfully.
C:\found.000\dir0049.chk folder moved successfully.
C:\found.000\dir0048.chk folder moved successfully.
C:\found.000\dir0047.chk folder moved successfully.
C:\found.000\dir0046.chk folder moved successfully.
C:\found.000\dir0045.chk folder moved successfully.
C:\found.000\dir0044.chk folder moved successfully.
C:\found.000\dir0043.chk folder moved successfully.
C:\found.000\dir0042.chk folder moved successfully.
C:\found.000\dir0041.chk\vxgs54we.kj4 folder moved successfully.
C:\found.000\dir0041.chk\v1sw1o0k.9hi folder moved successfully.
C:\found.000\dir0041.chk\refn04mk.ve6 folder moved successfully.
C:\found.000\dir0041.chk\policies\m3oqdoe3.l2 folder moved successfully.
C:\found.000\dir0041.chk\policies folder moved successfully.
C:\found.000\dir0041.chk\pefn04mk.ve6 folder moved successfully.
C:\found.000\dir0041.chk\n3oqdoe3.l2 folder moved successfully.
C:\found.000\dir0041.chk\j4auwzcy.rsh folder moved successfully.
C:\found.000\dir0041.chk\92rg91xw.1p4 folder moved successfully.
C:\found.000\dir0041.chk\7z1v718o.6n8 folder moved successfully.
C:\found.000\dir0041.chk\53t3z6j5.7ag folder moved successfully.
C:\found.000\dir0041.chk folder moved successfully.
C:\found.000\dir0040.chk folder moved successfully.
C:\found.000\dir0039.chk folder moved successfully.
C:\found.000\dir0038.chk folder moved successfully.
C:\found.000\dir0037.chk\update folder moved successfully.
C:\found.000\dir0037.chk\SP3QFE folder moved successfully.
C:\found.000\dir0037.chk folder moved successfully.
C:\found.000\dir0036.chk folder moved successfully.
C:\found.000\dir0035.chk\js folder moved successfully.
C:\found.000\dir0035.chk\install folder moved successfully.
C:\found.000\dir0035.chk\images folder moved successfully.
C:\found.000\dir0035.chk folder moved successfully.
C:\found.000\dir0034.chk\Cache folder moved successfully.
C:\found.000\dir0034.chk folder moved successfully.
C:\found.000\dir0033.chk\ARM folder moved successfully.
C:\found.000\dir0033.chk\Acrobat\10.0\Replicate\Security folder moved successfully.
C:\found.000\dir0033.chk\Acrobat\10.0\Replicate folder moved successfully.
C:\found.000\dir0033.chk\Acrobat\10.0 folder moved successfully.
C:\found.000\dir0033.chk\Acrobat folder moved successfully.
C:\found.000\dir0033.chk folder moved successfully.
C:\found.000\dir0032.chk\Theme Fonts folder moved successfully.
C:\found.000\dir0032.chk\Theme Effects folder moved successfully.
C:\found.000\dir0032.chk\Theme Colors folder moved successfully.
C:\found.000\dir0032.chk folder moved successfully.
C:\found.000\dir0031.chk\820acb71782d9cd006800b3ac7e1ca53 folder moved successfully.
C:\found.000\dir0031.chk\5b30652a7b802199984f93b5e414260f folder moved successfully.
C:\found.000\dir0031.chk folder moved successfully.
C:\found.000\dir0030.chk\Install folder moved successfully.
C:\found.000\dir0030.chk folder moved successfully.
C:\found.000\dir0029.chk folder moved successfully.
C:\found.000\dir0028.chk folder moved successfully.
C:\found.000\dir0027.chk folder moved successfully.
C:\found.000\dir0026.chk folder moved successfully.
C:\found.000\dir0025.chk folder moved successfully.
C:\found.000\dir0024.chk\Template folder moved successfully.
C:\found.000\dir0024.chk\Backgrnd\Stretchable\All folder moved successfully.
C:\found.000\dir0024.chk\Backgrnd\Stretchable folder moved successfully.
C:\found.000\dir0024.chk\Backgrnd\LightScribe folder moved successfully.
C:\found.000\dir0024.chk\Backgrnd folder moved successfully.
C:\found.000\dir0024.chk folder moved successfully.
C:\found.000\dir0023.chk folder moved successfully.
C:\found.000\dir0022.chk folder moved successfully.
C:\found.000\dir0021.chk folder moved successfully.
C:\found.000\dir0020.chk folder moved successfully.
C:\found.000\dir0019.chk folder moved successfully.
C:\found.000\dir0018.chk folder moved successfully.
C:\found.000\dir0017.chk folder moved successfully.
C:\found.000\dir0016.chk\Skins folder moved successfully.
C:\found.000\dir0016.chk folder moved successfully.
C:\found.000\dir0015.chk\Skins folder moved successfully.
C:\found.000\dir0015.chk folder moved successfully.
C:\found.000\dir0014.chk folder moved successfully.
C:\found.000\dir0013.chk\Skins folder moved successfully.
C:\found.000\dir0013.chk folder moved successfully.
C:\found.000\dir0012.chk\Engine folder moved successfully.
C:\found.000\dir0012.chk\Copy\Skins folder moved successfully.
C:\found.000\dir0012.chk\Copy folder moved successfully.
C:\found.000\dir0012.chk folder moved successfully.
C:\found.000\dir0011.chk\Tutorial\Graphics folder moved successfully.
C:\found.000\dir0011.chk\Tutorial folder moved successfully.
C:\found.000\dir0011.chk\DLLShared folder moved successfully.
C:\found.000\dir0011.chk folder moved successfully.
C:\found.000\dir0010.chk folder moved successfully.
C:\found.000\dir0009.chk folder moved successfully.
C:\found.000\dir0008.chk\web folder moved successfully.
C:\found.000\dir0008.chk folder moved successfully.
C:\found.000\dir0007.chk folder moved successfully.
C:\found.000\dir0006.chk\lang folder moved successfully.
C:\found.000\dir0006.chk folder moved successfully.
C:\found.000\dir0005.chk folder moved successfully.
C:\found.000\dir0004.chk folder moved successfully.
C:\found.000\dir0003.chk\Stiftung für Island folder moved successfully.
C:\found.000\dir0003.chk\Recherche folder moved successfully.
C:\found.000\dir0003.chk\Energy folder moved successfully.
C:\found.000\dir0003.chk folder moved successfully.
C:\found.000\dir0002.chk folder moved successfully.
C:\found.000\dir0001.chk\AE@Ice Follow-up-Dateien folder moved successfully.
C:\found.000\dir0001.chk folder moved successfully.
C:\found.000\dir0000.chk folder moved successfully.
C:\found.000 folder moved successfully.
C:\WINDOWS\S.dirmngr moved successfully.
C:\WINDOWS\tasks\VYTKJO.job moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: All Users
User: userXXX
->Temp folder emptied: 3707224 bytes
->Temporary Internet Files folder emptied: 34310664 bytes
->Java cache emptied: 1 bytes
->FireFox cache emptied: 49507018 bytes
->Flash cache emptied: 4225 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: userXXX2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 27203965 bytes
->Flash cache emptied: 1868 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 456 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2352202 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
RecycleBin emptied: 15097616 bytes
Total Files Cleaned = 126,00 mb
[EMPTYFLASH]
User: Administrator
User: All Users
User: userXXX
->Flash cache emptied: 0 bytes
User: Default User
User: userXXX2
->Flash cache emptied: 0 bytes
User: LocalService
->Flash cache emptied: 0 bytes
User: NetworkService
Total Flash Files Cleaned = 0,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.39.2 log created on 04082012_225759
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
08.04.2012, 22:41
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Umleitung Ergebnis Googlesuche in IE & FF / XP update wird permanent angeboten Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.04.2012, 22:52
| #21 |
| | Umleitung Ergebnis Googlesuche in IE & FF / XP update wird permanent angeboten Scan ausgeführt - hier das Log Code:
ATTFilter 23:46:42.0406 0460 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
23:46:42.0609 0460 ============================================================
23:46:42.0609 0460 Current date / time: 2012/04/08 23:46:42.0609
23:46:42.0609 0460 SystemInfo:
23:46:42.0609 0460
23:46:42.0609 0460 OS Version: 5.1.2600 ServicePack: 3.0
23:46:42.0609 0460 Product type: Workstation
23:46:42.0609 0460 ComputerName: NAME
23:46:42.0609 0460 UserName: userXXX
23:46:42.0609 0460 Windows directory: C:\WINDOWS
23:46:42.0609 0460 System windows directory: C:\WINDOWS
23:46:42.0609 0460 Processor architecture: Intel x86
23:46:42.0609 0460 Number of processors: 2
23:46:42.0609 0460 Page size: 0x1000
23:46:42.0609 0460 Boot type: Normal boot
23:46:42.0609 0460 ============================================================
23:46:42.0906 0460 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:46:42.0906 0460 \Device\Harddisk0\DR0:
23:46:42.0906 0460 MBR used
23:46:42.0906 0460 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC7FF53F
23:46:42.0937 0460 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC7FF5BD, BlocksNum 0xC7FF53F
23:46:42.0953 0460 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x18FFEB3B, BlocksNum 0x41C5A46
23:46:43.0046 0460 Initialize success
23:46:43.0046 0460 ============================================================
23:47:17.0578 4072 ============================================================
23:47:17.0578 4072 Scan started
23:47:17.0578 4072 Mode: Manual; SigCheck; TDLFS;
23:47:17.0578 4072 ============================================================
23:47:17.0796 4072 Abiosdsk - ok
23:47:17.0812 4072 abp480n5 - ok
23:47:17.0843 4072 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:47:19.0250 4072 ACPI - ok
23:47:19.0312 4072 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
23:47:19.0421 4072 ACPIEC - ok
23:47:19.0500 4072 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:47:19.0500 4072 AdobeFlashPlayerUpdateSvc - ok
23:47:19.0515 4072 adpu160m - ok
23:47:19.0546 4072 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
23:47:19.0625 4072 aec - ok
23:47:19.0656 4072 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
23:47:19.0687 4072 AFD - ok
23:47:19.0687 4072 Aha154x - ok
23:47:19.0703 4072 aic78u2 - ok
23:47:19.0703 4072 aic78xx - ok
23:47:19.0750 4072 Alerter (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
23:47:19.0828 4072 Alerter - ok
23:47:19.0890 4072 ALG (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
23:47:19.0937 4072 ALG - ok
23:47:19.0968 4072 AliIde - ok
23:47:19.0968 4072 amsint - ok
23:47:20.0046 4072 AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Programme\Avira\AntiVir Desktop\sched.exe
23:47:20.0062 4072 AntiVirSchedulerService - ok
23:47:20.0093 4072 AntiVirService (2fe359edeb34efcf42574752f8aebd3f) C:\Programme\Avira\AntiVir Desktop\avguard.exe
23:47:20.0109 4072 AntiVirService - ok
23:47:20.0140 4072 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
23:47:20.0140 4072 APPDRV ( UnsignedFile.Multi.Generic ) - wuserXXXng
23:47:20.0140 4072 APPDRV - detected UnsignedFile.Multi.Generic (1)
23:47:20.0171 4072 AppMgmt (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
23:47:20.0250 4072 AppMgmt - ok
23:47:20.0265 4072 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
23:47:20.0359 4072 Arp1394 - ok
23:47:20.0406 4072 asc - ok
23:47:20.0421 4072 asc3350p - ok
23:47:20.0421 4072 asc3550 - ok
23:47:20.0484 4072 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
23:47:20.0531 4072 aspnet_state - ok
23:47:20.0562 4072 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:47:20.0687 4072 AsyncMac - ok
23:47:20.0734 4072 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:47:20.0859 4072 atapi - ok
23:47:20.0875 4072 Atdisk - ok
23:47:20.0906 4072 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:47:21.0046 4072 Atmarpc - ok
23:47:21.0093 4072 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
23:47:21.0218 4072 AudioSrv - ok
23:47:21.0250 4072 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:47:21.0312 4072 audstub - ok
23:47:21.0343 4072 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
23:47:21.0359 4072 avgntflt - ok
23:47:21.0390 4072 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\WINDOWS\system32\DRIVERS\avipbb.sys
23:47:21.0390 4072 avipbb - ok
23:47:21.0406 4072 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
23:47:21.0406 4072 avkmgr - ok
23:47:21.0437 4072 BackupReader (9afdcc38279b61c27b1f4a1b134d4f8a) C:\WINDOWS\system32\DRIVERS\BackupReader.sys
23:47:21.0453 4072 BackupReader - ok
23:47:21.0500 4072 BCM43XX (37f385a93c620cbe0f89c17e45f697a1) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
23:47:21.0609 4072 BCM43XX - ok
23:47:21.0671 4072 BcmSqlStartupSvc (2e552b658273b90251e0441631de2ca3) C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
23:47:21.0671 4072 BcmSqlStartupSvc - ok
23:47:21.0750 4072 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:47:21.0812 4072 Beep - ok
23:47:21.0875 4072 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
23:47:22.0078 4072 BITS - ok
23:47:22.0109 4072 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
23:47:22.0187 4072 Browser - ok
23:47:22.0359 4072 catchme - ok
23:47:22.0437 4072 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:47:22.0500 4072 cbidf2k - ok
23:47:22.0515 4072 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:47:22.0609 4072 CCDECODE - ok
23:47:22.0609 4072 cd20xrnt - ok
23:47:22.0625 4072 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:47:22.0765 4072 Cdaudio - ok
23:47:22.0796 4072 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
23:47:22.0937 4072 Cdfs - ok
23:47:22.0968 4072 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:47:23.0031 4072 Cdrom - ok
23:47:23.0046 4072 cerc6 - ok
23:47:23.0046 4072 Changer - ok
23:47:23.0078 4072 CiSvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
23:47:23.0140 4072 CiSvc - ok
23:47:23.0156 4072 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
23:47:23.0218 4072 ClipSrv - ok
23:47:23.0281 4072 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:47:23.0296 4072 clr_optimization_v2.0.50727_32 - ok
23:47:23.0406 4072 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:47:23.0453 4072 clr_optimization_v4.0.30319_32 - ok
23:47:23.0515 4072 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
23:47:23.0609 4072 CmBatt - ok
23:47:23.0625 4072 CmdIde - ok
23:47:23.0640 4072 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
23:47:23.0734 4072 Compbatt - ok
23:47:23.0734 4072 COMSysApp - ok
23:47:23.0750 4072 Cpqarray - ok
23:47:23.0796 4072 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
23:47:23.0890 4072 CryptSvc - ok
23:47:23.0906 4072 dac2w2k - ok
23:47:23.0906 4072 dac960nt - ok
23:47:23.0953 4072 DcomLaunch (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
23:47:24.0000 4072 DcomLaunch - ok
23:47:24.0062 4072 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
23:47:24.0125 4072 Dhcp - ok
23:47:24.0203 4072 DirMngr (4f26bb00747d41e7c0fe8ebb2900f862) C:\Programme\GNU\GnuPG\dirmngr.exe
23:47:24.0203 4072 DirMngr ( UnsignedFile.Multi.Generic ) - wuserXXXng
23:47:24.0203 4072 DirMngr - detected UnsignedFile.Multi.Generic (1)
23:47:24.0218 4072 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
23:47:24.0296 4072 Disk - ok
23:47:24.0296 4072 DLABMFSM - ok
23:47:24.0343 4072 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
23:47:24.0359 4072 DLABOIOM - ok
23:47:24.0359 4072 DLACDBHM - ok
23:47:24.0359 4072 DLADResM (f8b70d38845c4694b28adc4768676fd0) C:\WINDOWS\system32\Drivers\DLADResM.SYS
23:47:24.0375 4072 DLADResM - ok
23:47:24.0375 4072 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
23:47:24.0390 4072 DLAIFS_M - ok
23:47:24.0390 4072 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
23:47:24.0390 4072 DLAOPIOM - ok
23:47:24.0406 4072 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
23:47:24.0406 4072 DLAPoolM - ok
23:47:24.0406 4072 DLARTL_M - ok
23:47:24.0421 4072 DLAUDFAM - ok
23:47:24.0421 4072 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
23:47:24.0437 4072 DLAUDF_M - ok
23:47:24.0453 4072 dmadmin - ok
23:47:24.0500 4072 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
23:47:24.0640 4072 dmboot - ok
23:47:24.0718 4072 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
23:47:24.0859 4072 dmio - ok
23:47:24.0875 4072 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:47:25.0000 4072 dmload - ok
23:47:25.0031 4072 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
23:47:25.0156 4072 dmserver - ok
23:47:25.0203 4072 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
23:47:25.0343 4072 DMusic - ok
23:47:25.0375 4072 Dnscache (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
23:47:25.0453 4072 Dnscache - ok
23:47:25.0500 4072 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
23:47:25.0625 4072 Dot3svc - ok
23:47:25.0671 4072 dpti2o - ok
23:47:25.0750 4072 DragonSvc (80a655d3a38a53c567e809d6ad4faa8c) C:\Programme\Gemeinsame Dateien\Nuance\dgnsvc.exe
23:47:25.0765 4072 DragonSvc - ok
23:47:25.0781 4072 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
23:47:25.0906 4072 drmkaud - ok
23:47:25.0953 4072 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
23:47:25.0968 4072 DRVMCDB - ok
23:47:25.0968 4072 DRVNDDM - ok
23:47:26.0000 4072 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
23:47:26.0140 4072 EapHost - ok
23:47:26.0171 4072 epmntdrv (f07ba56b0235f15eff8f10dc6389c42e) C:\WINDOWS\system32\epmntdrv.sys
23:47:26.0203 4072 epmntdrv ( UnsignedFile.Multi.Generic ) - wuserXXXng
23:47:26.0203 4072 epmntdrv - detected UnsignedFile.Multi.Generic (1)
23:47:26.0234 4072 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
23:47:26.0375 4072 ERSvc - ok
23:47:26.0468 4072 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\WINDOWS\system32\EuGdiDrv.sys
23:47:26.0500 4072 EuGdiDrv ( UnsignedFile.Multi.Generic ) - wuserXXXng
23:47:26.0500 4072 EuGdiDrv - detected UnsignedFile.Multi.Generic (1)
23:47:26.0546 4072 Eventlog (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
23:47:26.0562 4072 Eventlog - ok
23:47:26.0609 4072 EventSystem (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
23:47:26.0656 4072 EventSystem - ok
23:47:26.0703 4072 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
23:47:26.0843 4072 Fastfat - ok
23:47:26.0890 4072 FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
23:47:26.0968 4072 FastUserSwitchingCompatibility - ok
23:47:27.0046 4072 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
23:47:27.0203 4072 Fdc - ok
23:47:27.0250 4072 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
23:47:27.0312 4072 Fips - ok
23:47:27.0312 4072 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
23:47:27.0375 4072 Flpydisk - ok
23:47:27.0421 4072 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
23:47:27.0484 4072 FltMgr - ok
23:47:27.0578 4072 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:47:27.0578 4072 FontCache3.0.0.0 - ok
23:47:27.0609 4072 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:47:27.0671 4072 Fs_Rec - ok
23:47:27.0687 4072 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:47:27.0750 4072 Ftdisk - ok
23:47:27.0765 4072 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:47:27.0875 4072 Gpc - ok
23:47:27.0953 4072 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:47:28.0062 4072 HDAudBus - ok
23:47:28.0093 4072 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:47:28.0203 4072 helpsvc - ok
23:47:28.0203 4072 HidServ - ok
23:47:28.0250 4072 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:47:28.0343 4072 hidusb - ok
23:47:28.0375 4072 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
23:47:28.0468 4072 hkmsvc - ok
23:47:28.0468 4072 hpn - ok
23:47:28.0515 4072 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
23:47:28.0562 4072 HTTP - ok
23:47:28.0593 4072 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
23:47:28.0703 4072 HTTPFilter - ok
23:47:28.0750 4072 i2omgmt - ok
23:47:28.0765 4072 i2omp - ok
23:47:28.0781 4072 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:47:28.0906 4072 i8042prt - ok
23:47:28.0937 4072 iastor (80c633722da72e97f3f5b3b11325696d) C:\WINDOWS\system32\drivers\iastor.sys
23:47:28.0953 4072 iastor - ok
23:47:29.0031 4072 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:47:29.0062 4072 idsvc - ok
23:47:29.0140 4072 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:47:29.0281 4072 Imapi - ok
23:47:29.0359 4072 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
23:47:29.0500 4072 ImapiService - ok
23:47:29.0515 4072 ini910u - ok
23:47:29.0640 4072 IntcAzAudAddService (613a2b00da1d4a80de1ec8cfb52c0d89) C:\WINDOWS\system32\drivers\RtkHDAud.sys
23:47:29.0812 4072 IntcAzAudAddService - ok
23:47:29.0859 4072 IntelIde - ok
23:47:29.0906 4072 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:47:30.0015 4072 intelppm - ok
23:47:30.0031 4072 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
23:47:30.0093 4072 Ip6Fw - ok
23:47:30.0125 4072 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:47:30.0187 4072 IpFilterDriver - ok
23:47:30.0203 4072 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:47:30.0250 4072 IpInIp - ok
23:47:30.0281 4072 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:47:30.0359 4072 IpNat - ok
23:47:30.0390 4072 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:47:30.0453 4072 IPSec - ok
23:47:30.0484 4072 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:47:30.0515 4072 IRENUM - ok
23:47:30.0546 4072 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:47:30.0609 4072 isapnp - ok
23:47:30.0734 4072 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Programme\Java\jre6\bin\jqs.exe
23:47:30.0734 4072 JavaQuickStarterService - ok
23:47:30.0828 4072 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:47:30.0890 4072 Kbdclass - ok
23:47:30.0937 4072 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
23:47:31.0000 4072 kmixer - ok
23:47:31.0015 4072 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
23:47:31.0078 4072 KSecDD - ok
23:47:31.0109 4072 LanmanServer (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
23:47:31.0171 4072 LanmanServer - ok
23:47:31.0218 4072 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
23:47:31.0265 4072 lanmanworkstation - ok
23:47:31.0296 4072 lbrtfdc - ok
23:47:31.0359 4072 LmHosts (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
23:47:31.0515 4072 LmHosts - ok
23:47:31.0546 4072 Messenger (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
23:47:31.0625 4072 Messenger - ok
23:47:31.0718 4072 Microsoft SharePoint Workspace Audit Service - ok
23:47:31.0765 4072 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:47:31.0812 4072 mnmdd - ok
23:47:31.0843 4072 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
23:47:31.0921 4072 mnmsrvc - ok
23:47:32.0000 4072 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
23:47:32.0062 4072 Modem - ok
23:47:32.0093 4072 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:47:32.0187 4072 Mouclass - ok
23:47:32.0187 4072 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:47:32.0281 4072 mouhid - ok
23:47:32.0296 4072 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
23:47:32.0343 4072 MountMgr - ok
23:47:32.0359 4072 mraid35x - ok
23:47:32.0359 4072 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:47:32.0421 4072 MRxDAV - ok
23:47:32.0468 4072 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:47:32.0500 4072 MRxSmb - ok
23:47:32.0562 4072 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
23:47:32.0625 4072 MSDTC - ok
23:47:32.0625 4072 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
23:47:32.0703 4072 Msfs - ok
23:47:32.0703 4072 MSIServer - ok
23:47:32.0734 4072 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:47:32.0812 4072 MSKSSRV - ok
23:47:32.0890 4072 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:47:32.0953 4072 MSPCLOCK - ok
23:47:32.0968 4072 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
23:47:33.0046 4072 MSPQM - ok
23:47:33.0093 4072 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:47:33.0156 4072 mssmbios - ok
23:47:33.0250 4072 MSSQL$MSSMLBIZ - ok
23:47:33.0281 4072 MSSQLServerADHelper100 (f1761c8fb2b25a32c6d63e36bb88c3ae) C:\Programme\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
23:47:33.0281 4072 MSSQLServerADHelper100 - ok
23:47:33.0312 4072 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
23:47:33.0421 4072 MSTEE - ok
23:47:33.0500 4072 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
23:47:33.0750 4072 Mup ( UnsignedFile.Multi.Generic ) - wuserXXXng
23:47:33.0750 4072 Mup - detected UnsignedFile.Multi.Generic (1)
23:47:33.0750 4072 NABTSFEC - ok
23:47:33.0781 4072 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
23:47:33.0921 4072 napagent - ok
23:47:33.0984 4072 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
23:47:34.0156 4072 NDIS - ok
23:47:34.0203 4072 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:47:34.0265 4072 NdisIP - ok
23:47:34.0296 4072 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:47:34.0375 4072 NdisTapi - ok
23:47:34.0390 4072 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:47:34.0453 4072 Ndisuio - ok
23:47:34.0453 4072 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:47:34.0515 4072 NdisWan - ok
23:47:34.0562 4072 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
23:47:34.0593 4072 NDProxy - ok
23:47:34.0625 4072 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:47:34.0687 4072 NetBIOS - ok
23:47:34.0765 4072 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:47:34.0843 4072 NetBT - ok
23:47:34.0890 4072 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
23:47:34.0968 4072 NetDDE - ok
23:47:34.0968 4072 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
23:47:35.0046 4072 NetDDEdsdm - ok
23:47:35.0078 4072 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
23:47:35.0156 4072 Netlogon - ok
23:47:35.0187 4072 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
23:47:35.0296 4072 Netman - ok
23:47:35.0343 4072 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:47:35.0359 4072 NetTcpPortSharing - ok
23:47:35.0390 4072 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
23:47:35.0484 4072 NIC1394 - ok
23:47:35.0578 4072 Nla (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
23:47:35.0593 4072 Nla - ok
23:47:35.0640 4072 nmwcd (f6c40e0a565ee3ce5aeeb325e10054f2) C:\WINDOWS\system32\drivers\ccdcmb.sys
23:47:35.0828 4072 nmwcd - ok
23:47:35.0906 4072 nmwcdc (2a394e9e1fa3565e4b2fea470ffe4d6b) C:\WINDOWS\system32\drivers\ccdcmbo.sys
23:47:36.0062 4072 nmwcdc - ok
23:47:36.0093 4072 nmwcdnsu (99b224f8026cb534724aa3c408561e45) C:\WINDOWS\system32\drivers\nmwcdnsu.sys
23:47:36.0234 4072 nmwcdnsu - ok
23:47:36.0250 4072 nmwcdnsuc (d23257682d349a5e2e4507ed33decc16) C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
23:47:36.0312 4072 nmwcdnsuc - ok
23:47:36.0359 4072 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
23:47:36.0406 4072 Npfs - ok
23:47:36.0437 4072 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
23:47:36.0515 4072 Ntfs - ok
23:47:36.0531 4072 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
23:47:36.0593 4072 NtLmSsp - ok
23:47:36.0609 4072 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
23:47:36.0687 4072 NtmsSvc - ok
23:47:36.0750 4072 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:47:36.0812 4072 Null - ok
23:47:36.0953 4072 nv (c116d2b008a1640c4484a1dcd1abe12c) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
23:47:37.0140 4072 nv - ok
23:47:37.0203 4072 NVSvc (bc6f6d569a0848ba9d38158ae4734a9c) C:\WINDOWS\system32\nvsvc32.exe
23:47:37.0218 4072 NVSvc - ok
23:47:37.0250 4072 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:47:37.0312 4072 NwlnkFlt - ok
23:47:37.0343 4072 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:47:37.0406 4072 NwlnkFwd - ok
23:47:37.0437 4072 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
23:47:37.0500 4072 ohci1394 - ok
23:47:37.0500 4072 OMCI - ok
23:47:37.0562 4072 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
23:47:37.0578 4072 ose - ok
23:47:37.0734 4072 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:47:37.0859 4072 osppsvc - ok
23:47:37.0921 4072 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
23:47:38.0000 4072 Parport - ok
23:47:38.0015 4072 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
23:47:38.0078 4072 PartMgr - ok
23:47:38.0109 4072 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
23:47:38.0187 4072 ParVdm - ok
23:47:38.0218 4072 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
23:47:38.0250 4072 pccsmcfd - ok
23:47:38.0265 4072 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
23:47:38.0328 4072 PCI - ok
23:47:38.0328 4072 PCIDump - ok
23:47:38.0343 4072 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:47:38.0406 4072 PCIIde - ok
23:47:38.0421 4072 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
23:47:38.0484 4072 Pcmcia - ok
23:47:38.0484 4072 PDCOMP - ok
23:47:38.0500 4072 PDFRAME - ok
23:47:38.0500 4072 PDRELI - ok
23:47:38.0500 4072 PDRFRAME - ok
23:47:38.0515 4072 perc2 - ok
23:47:38.0515 4072 perc2hib - ok
23:47:38.0562 4072 PlugPlay (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
23:47:38.0562 4072 PlugPlay - ok
23:47:38.0609 4072 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
23:47:38.0656 4072 PolicyAgent - ok
23:47:38.0703 4072 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:47:38.0765 4072 PptpMiniport - ok
23:47:38.0781 4072 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
23:47:38.0843 4072 ProtectedStorage - ok
23:47:38.0843 4072 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
23:47:38.0906 4072 PSched - ok
23:47:38.0921 4072 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:47:39.0000 4072 Ptilink - ok
23:47:39.0031 4072 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:47:39.0046 4072 PxHelp20 - ok
23:47:39.0046 4072 ql1080 - ok
23:47:39.0046 4072 Ql10wnt - ok
23:47:39.0062 4072 ql12160 - ok
23:47:39.0062 4072 ql1240 - ok
23:47:39.0078 4072 ql1280 - ok
23:47:39.0078 4072 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:47:39.0140 4072 RasAcd - ok
23:47:39.0171 4072 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
23:47:39.0234 4072 RasAuto - ok
23:47:39.0250 4072 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:47:39.0312 4072 Rasl2tp - ok
23:47:39.0375 4072 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
23:47:39.0437 4072 RasMan - ok
23:47:39.0468 4072 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:47:39.0515 4072 RasPppoe - ok
23:47:39.0546 4072 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:47:39.0609 4072 Raspti - ok
23:47:39.0625 4072 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:47:39.0687 4072 Rdbss - ok
23:47:39.0687 4072 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:47:39.0765 4072 RDPCDD - ok
23:47:39.0781 4072 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:47:39.0859 4072 rdpdr - ok
23:47:39.0906 4072 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
23:47:39.0953 4072 RDPWD - ok
23:47:40.0000 4072 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
23:47:40.0078 4072 RDSessMgr - ok
23:47:40.0125 4072 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:47:40.0187 4072 redbook - ok
23:47:40.0234 4072 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
23:47:40.0296 4072 RemoteAccess - ok
23:47:40.0328 4072 RemoteRegistry (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
23:47:40.0390 4072 RemoteRegistry - ok
23:47:40.0406 4072 RpcLocator (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
23:47:40.0484 4072 RpcLocator - ok
23:47:40.0515 4072 RpcSs (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\System32\rpcss.dll
23:47:40.0531 4072 RpcSs - ok
23:47:40.0562 4072 RsFx0103 (fd692c6ffade58f7c4c3c3c9a0ec35bd) C:\WINDOWS\system32\DRIVERS\RsFx0103.sys
23:47:40.0578 4072 RsFx0103 - ok
23:47:40.0625 4072 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
23:47:40.0703 4072 RSVP - ok
23:47:40.0781 4072 RTLE8023xp (89619ef503f949fae09252a8b883ee11) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
23:47:40.0812 4072 RTLE8023xp - ok
23:47:40.0859 4072 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
23:47:40.0921 4072 SamSs - ok
23:47:40.0937 4072 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
23:47:41.0031 4072 SCardSvr - ok
23:47:41.0078 4072 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
23:47:41.0140 4072 Schedule - ok
23:47:41.0156 4072 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
23:47:41.0218 4072 sdbus - ok
23:47:41.0250 4072 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:47:41.0281 4072 Secdrv - ok
23:47:41.0312 4072 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
23:47:41.0375 4072 seclogon - ok
23:47:41.0375 4072 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
23:47:41.0453 4072 SENS - ok
23:47:41.0484 4072 Ser2pl (2ec41a96d0dc98bd119bf325e0b9f392) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
23:47:41.0531 4072 Ser2pl - ok
23:47:41.0546 4072 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
23:47:41.0625 4072 Serenum - ok
23:47:41.0640 4072 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
23:47:41.0703 4072 Serial - ok
23:47:41.0812 4072 ServiceLayer (f31e9531af225ca25350d5e87e999b31) C:\Programme\PC Connectivity Solution\ServiceLayer.exe
23:47:41.0828 4072 ServiceLayer - ok
23:47:42.0046 4072 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
23:47:42.0125 4072 sffdisk - ok
23:47:42.0125 4072 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
23:47:42.0203 4072 sffp_sd - ok
23:47:42.0250 4072 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:47:42.0312 4072 Sfloppy - ok
23:47:42.0359 4072 SharedAccess (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
23:47:42.0453 4072 SharedAccess - ok
23:47:42.0531 4072 ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
23:47:42.0546 4072 ShellHWDetection - ok
23:47:42.0546 4072 Simbad - ok
23:47:42.0578 4072 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
23:47:42.0640 4072 SLIP - ok
23:47:42.0656 4072 Sparrow - ok
23:47:42.0671 4072 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
23:47:42.0734 4072 splitter - ok
23:47:42.0781 4072 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
23:47:42.0812 4072 Spooler - ok
23:47:42.0921 4072 SQLAgent$MSSMLBIZ (a687b5b326afcfcf182c4931d1ff9771) C:\Programme\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE
23:47:42.0937 4072 SQLAgent$MSSMLBIZ - ok
23:47:43.0031 4072 SQLBrowser (b54b48f6d92423440c264e91225c5ff1) C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
23:47:43.0031 4072 SQLBrowser - ok
23:47:43.0062 4072 SQLWriter (637a0f23f9012358e92e6f99835494d1) C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
23:47:43.0062 4072 SQLWriter - ok
23:47:43.0156 4072 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
23:47:43.0187 4072 sr - ok
23:47:43.0218 4072 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
23:47:43.0250 4072 srservice - ok
23:47:43.0265 4072 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
23:47:43.0312 4072 Srv - ok
23:47:43.0359 4072 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
23:47:43.0390 4072 SSDPSRV - ok
23:47:43.0421 4072 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
23:47:43.0421 4072 ssmdrv - ok
23:47:43.0437 4072 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
23:47:43.0500 4072 stisvc - ok
23:47:43.0562 4072 stllssvr (de3e7a2345ebaa3ce8e6957dfb55fb15) C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe
23:47:43.0593 4072 stllssvr ( UnsignedFile.Multi.Generic ) - wuserXXXng
23:47:43.0593 4072 stllssvr - detected UnsignedFile.Multi.Generic (1)
23:47:43.0656 4072 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:47:43.0718 4072 streamip - ok
23:47:43.0750 4072 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:47:43.0828 4072 swenum - ok
23:47:43.0875 4072 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
23:47:43.0937 4072 swmidi - ok
23:47:43.0953 4072 SwPrv - ok
23:47:43.0953 4072 symc810 - ok
23:47:43.0953 4072 symc8xx - ok
23:47:43.0968 4072 sym_hi - ok
23:47:43.0968 4072 sym_u3 - ok
23:47:44.0000 4072 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
23:47:44.0078 4072 sysaudio - ok
23:47:44.0125 4072 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
23:47:44.0187 4072 SysmonLog - ok
23:47:44.0203 4072 TapiSrv (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
23:47:44.0265 4072 TapiSrv - ok
23:47:44.0312 4072 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:47:44.0328 4072 Tcpip - ok
23:47:44.0390 4072 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:47:44.0453 4072 TDPIPE - ok
23:47:44.0468 4072 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
23:47:44.0531 4072 TDTCP - ok
23:47:44.0546 4072 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:47:44.0625 4072 TermDD - ok
23:47:44.0671 4072 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
23:47:44.0734 4072 TermService - ok
23:47:44.0781 4072 Themes (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
23:47:44.0796 4072 Themes - ok
23:47:44.0843 4072 TlntSvr (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe
23:47:44.0890 4072 TlntSvr - ok
23:47:44.0906 4072 TosIde - ok
23:47:44.0937 4072 TrkWks (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
23:47:45.0000 4072 TrkWks - ok
23:47:45.0015 4072 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
23:47:45.0078 4072 Udfs - ok
23:47:45.0093 4072 ultra - ok
23:47:45.0125 4072 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
23:47:45.0218 4072 Update - ok
23:47:45.0250 4072 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
23:47:45.0312 4072 upnphost - ok
23:47:45.0343 4072 upperdev (47f5f9d837d80ffd5882a14db9da0a67) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
23:47:45.0390 4072 upperdev - ok
23:47:45.0421 4072 UPS (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
23:47:45.0468 4072 UPS - ok
23:47:45.0531 4072 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
23:47:45.0593 4072 usbaudio - ok
23:47:45.0625 4072 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:47:45.0687 4072 usbccgp - ok
23:47:45.0734 4072 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:47:45.0812 4072 usbehci - ok
23:47:45.0859 4072 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:47:45.0921 4072 usbhub - ok
23:47:46.0015 4072 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:47:46.0093 4072 usbprint - ok
23:47:46.0125 4072 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
23:47:46.0187 4072 usbser - ok
23:47:46.0218 4072 UsbserFilt (e44f0d17be0908b58dcc99ccb99c6c32) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
23:47:46.0250 4072 UsbserFilt - ok
23:47:46.0281 4072 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:47:46.0343 4072 USBSTOR - ok
23:47:46.0343 4072 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:47:46.0406 4072 usbuhci - ok
23:47:46.0437 4072 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
23:47:46.0500 4072 usbvideo - ok
23:47:46.0515 4072 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
23:47:46.0578 4072 VgaSave - ok
23:47:46.0593 4072 ViaIde - ok
23:47:46.0593 4072 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
23:47:46.0656 4072 VolSnap - ok
23:47:46.0703 4072 VSS (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
23:47:46.0750 4072 VSS - ok
23:47:46.0828 4072 W32Time (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
23:47:46.0890 4072 W32Time - ok
23:47:46.0921 4072 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:47:47.0000 4072 Wanarp - ok
23:47:47.0046 4072 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
23:47:47.0062 4072 Wdf01000 - ok
23:47:47.0062 4072 WDICA - ok
23:47:47.0125 4072 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
23:47:47.0171 4072 wdmaud - ok
23:47:47.0203 4072 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
23:47:47.0265 4072 WebClient - ok
23:47:47.0343 4072 WHSConnector (423fea8d79a08b49061e87f82c9a3a19) C:\Programme\Windows Home Server\WHSConnector.exe
23:47:47.0359 4072 WHSConnector - ok
23:47:47.0437 4072 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
23:47:47.0500 4072 winmgmt - ok
23:47:47.0515 4072 wltrysvc - ok
23:47:47.0546 4072 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
23:47:47.0609 4072 WmdmPmSN - ok
23:47:47.0656 4072 Wmi (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
23:47:47.0671 4072 Wmi - ok
23:47:47.0750 4072 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
23:47:47.0812 4072 WmiAcpi - ok
23:47:47.0875 4072 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
23:47:47.0953 4072 WmiApSrv - ok
23:47:48.0031 4072 WMPNetworkSvc (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe
23:47:48.0078 4072 WMPNetworkSvc - ok
23:47:48.0125 4072 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
23:47:48.0140 4072 WpdUsb - ok
23:47:48.0312 4072 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:47:48.0343 4072 WPFFontCache_v0400 - ok
23:47:48.0437 4072 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:47:48.0500 4072 WS2IFSL - ok
23:47:48.0562 4072 wscsvc (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
23:47:48.0625 4072 wscsvc - ok
23:47:48.0640 4072 WSearch - ok
23:47:48.0671 4072 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:47:48.0734 4072 WSTCODEC - ok
23:47:48.0765 4072 wuauserv (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
23:47:48.0828 4072 wuauserv - ok
23:47:48.0890 4072 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:47:48.0953 4072 WudfPf - ok
23:47:49.0000 4072 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:47:49.0000 4072 WudfRd - ok
23:47:49.0062 4072 WudfSvc (575a4190d989f64732119e4114045a4f) C:\WINDOWS\System32\WUDFSvc.dll
23:47:49.0078 4072 WudfSvc - ok
23:47:49.0125 4072 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
23:47:49.0187 4072 WZCSVC - ok
23:47:49.0203 4072 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
23:47:49.0296 4072 xmlprov - ok
23:47:49.0312 4072 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
23:47:49.0578 4072 \Device\Harddisk0\DR0 - ok
23:47:49.0578 4072 Boot (0x1200) (d94d30bc40cc97bf2f9f7ebf128b5746) \Device\Harddisk0\DR0\Partition0
23:47:49.0578 4072 \Device\Harddisk0\DR0\Partition0 - ok
23:47:49.0578 4072 Boot (0x1200) (ceea6b538942a170cd9b45b76ef8135b) \Device\Harddisk0\DR0\Partition1
23:47:49.0578 4072 \Device\Harddisk0\DR0\Partition1 - ok
23:47:49.0593 4072 Boot (0x1200) (9a9ca0d57c0b5a9c0b2b21511dd3c481) \Device\Harddisk0\DR0\Partition2
23:47:49.0593 4072 \Device\Harddisk0\DR0\Partition2 - ok
23:47:49.0593 4072 ============================================================
23:47:49.0593 4072 Scan finished
23:47:49.0593 4072 ============================================================
23:47:49.0703 3012 Detected object count: 6
23:47:49.0703 3012 Actual detected object count: 6
23:48:14.0765 3012 APPDRV ( UnsignedFile.Multi.Generic ) - skipped by user
23:48:14.0765 3012 APPDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:48:14.0765 3012 DirMngr ( UnsignedFile.Multi.Generic ) - skipped by user
23:48:14.0765 3012 DirMngr ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:48:14.0765 3012 epmntdrv ( UnsignedFile.Multi.Generic ) - skipped by user
23:48:14.0765 3012 epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:48:14.0765 3012 EuGdiDrv ( UnsignedFile.Multi.Generic ) - skipped by user
23:48:14.0765 3012 EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:48:14.0781 3012 Mup ( UnsignedFile.Multi.Generic ) - skipped by user
23:48:14.0781 3012 Mup ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:48:14.0781 3012 stllssvr ( UnsignedFile.Multi.Generic ) - skipped by user
23:48:14.0781 3012 stllssvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
08.04.2012, 23:00
| #22 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Umleitung Ergebnis Googlesuche in IE & FF / XP update wird permanent angeboten Dann bitte jetzt CF ausführen, aber richtig  ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.04.2012, 23:23
| #23 |
| | Umleitung Ergebnis Googlesuche in IE & FF / XP update wird permanent angeboten ComboFix, diesmal aber richtig ausgeführt.  Log hier - habe bemerkt, dass es Setup.exe vom desktop gelöscht hat. Heißt das die war infiziert oder nur aus Vorsicht??? War nämlich Add-on für Emailprogramm von einem Hersteller. ComboFix hat noch gemeldet, dass Avira aktiv sei. Nachdem ich es extraui auch Echzeitscann deaktiviert gestellt hatte, habe ich CF trotzdem ausgeführt. War hoffentlich OK!? Code:
ATTFilter ComboFix 12-04-08.01 - userXXX 09.04.2012 0:11.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.3070.2485 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\userXXX\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\userXXX\Desktop\Setup.exe
c:\dokumente und einstellungen\userXXX\Lokale Einstellungen\Anwendungsdaten\assembly\tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-03-08 bis 2012-04-08 ))))))))))))))))))))))))))))))
.
.
2012-04-08 20:57 . 2012-04-08 20:57 -------- d-----w- C:\_OTL
2012-04-08 18:06 . 2012-04-08 18:06 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\nView_Profiles
2012-04-08 14:55 . 2012-04-08 14:55 -------- d-----w- c:\programme\ESET
2012-04-03 21:24 . 2011-12-10 13:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 17:42 . 2012-04-03 17:42 117248 --sha-r- c:\windows\system32\winstrm7.dll
2012-04-03 15:54 . 2008-04-14 05:53 91648 ----a-w- c:\windows\system32\kswdmcap.ax
2012-04-03 15:54 . 2008-04-14 05:53 43008 ----a-w- c:\windows\system32\ksxbar.ax
2012-04-03 15:54 . 2008-04-14 05:53 20992 ----a-w- c:\windows\system32\dshowext.ax
2012-04-03 15:54 . 2008-04-13 22:16 121984 -c--a-w- c:\windows\system32\dllcache\usbvideo.sys
2012-04-03 15:54 . 2008-04-13 22:16 121984 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2012-04-03 15:54 . 2008-04-13 22:15 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2012-04-03 15:54 . 2008-04-13 22:15 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2012-04-03 12:50 . 2012-04-03 12:50 -------- d-----w- c:\dokumente und einstellungen\userXXX\Lokale Einstellungen\Anwendungsdaten\PCHealth
2012-04-02 21:17 . 2012-04-02 21:17 -------- d-----w- c:\dokumente und einstellungen\Administrator
2012-04-02 16:07 . 2012-04-02 16:07 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\PCDr
2012-04-02 16:06 . 2012-04-02 16:06 -------- d-----w- c:\programme\Dell Support Center
2012-04-02 16:04 . 2012-04-02 16:04 -------- d-----w- c:\dokumente und einstellungen\userXXX\Anwendungsdaten\PCDr
2012-04-02 15:49 . 2005-07-08 12:19 666 ----a-w- c:\windows\speed.reg
2012-03-30 09:19 . 2012-03-30 09:37 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-29 14:40 . 2012-03-29 14:40 -------- d-----w- c:\dokumente und einstellungen\userXXX\Lokale Einstellungen\Anwendungsdaten\Temp
2012-03-28 23:35 . 2012-03-28 23:35 -------- d-----w- c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Adobe
2012-03-21 21:31 . 2012-04-03 13:14 -------- d-----w- c:\dokumente und einstellungen\userXXX\Lokale Einstellungen\Anwendungsdaten\Microsoft_Corporation
2012-03-21 21:31 . 2012-03-21 21:31 -------- d-----w- c:\dokumente und einstellungen\userXXX\Lokale Einstellungen\Anwendungsdaten\Wisco
2012-03-21 21:31 . 2012-04-08 22:16 -------- d-----w- c:\dokumente und einstellungen\userXXX\Lokale Einstellungen\Anwendungsdaten\assembly
2012-03-21 09:11 . 2012-03-21 09:11 -------- d-----w- c:\dokumente und einstellungen\userXXX\Anwendungsdaten\Avira
2012-03-21 09:05 . 2012-01-31 07:56 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-03-21 09:05 . 2012-01-31 07:56 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-03-21 09:05 . 2011-09-16 15:08 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-03-21 09:05 . 2012-03-21 09:05 -------- d-----w- c:\programme\Avira
2012-03-21 09:05 . 2012-03-21 09:05 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-30 09:37 . 2011-05-15 11:28 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-18 22:25 . 2012-02-18 22:25 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-18 22:25 . 2011-03-23 23:02 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-03 09:57 . 2008-04-14 12:00 1860224 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-15 08:10 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-08 00:01 . 2011-12-10 12:24 134104 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-03_23.11.00 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-04-03 12:57 . 2012-04-03 12:57 21880 c:\windows\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5\Microsoft.Workflow.Compiler.exe
+ 2012-04-06 12:01 . 2012-04-06 12:01 21880 c:\windows\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5\Microsoft.Workflow.Compiler.exe
+ 2012-04-08 20:59 . 2012-04-08 20:59 16384 c:\windows\Temp\Perflib_Perfdata_258.dat
+ 2012-04-06 12:01 . 2012-04-06 12:01 97624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\XamlBuildTask\v4.0_4.0.0.0__31bf3856ad364e35\XamlBuildTask.dll
- 2012-04-03 12:58 . 2012-04-03 12:58 97624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\XamlBuildTask\v4.0_4.0.0.0__31bf3856ad364e35\XamlBuildTask.dll
- 2012-04-03 12:58 . 2012-04-03 12:58 29544 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml.Hosting\v4.0_4.0.0.0__31bf3856ad364e35\System.Xaml.Hosting.dll
+ 2012-04-06 12:01 . 2012-04-06 12:01 29544 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml.Hosting\v4.0_4.0.0.0__31bf3856ad364e35\System.Xaml.Hosting.dll
- 2012-04-03 12:57 . 2012-04-03 12:57 70040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.Design.dll
+ 2012-04-06 12:01 . 2012-04-06 12:01 70040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.Design.dll
+ 2012-04-06 12:01 . 2012-04-06 12:01 24928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Routing.dll
- 2012-04-03 12:57 . 2012-04-03 12:57 24928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Routing.dll
+ 2012-04-06 12:01 . 2012-04-06 12:01 81272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.RegularExpressions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2012-04-03 12:57 . 2012-04-03 12:57 81272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.RegularExpressions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2012-04-03 12:57 . 2012-04-03 12:57 33144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
+ 2012-04-06 12:01 . 2012-04-06 12:01 33144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
- 2012-04-03 12:57 . 2012-04-03 12:57 93576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.Design.dll
+ 2012-04-06 12:01 . 2012-04-06 12:01 93576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.Design.dll
+ 2012-04-06 12:01 . 2012-04-06 12:01 24944 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Abstractions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
- 2012-04-03 12:57 . 2012-04-03 12:57 24944 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Abstractions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
- 2012-04-03 12:57 . 2012-04-03 12:57 28024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.WasHosting\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2012-04-06 12:01 . 2012-04-06 12:01 28024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.WasHosting\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2012-04-06 12:01 . 2012-04-06 12:01 12168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.ServiceMoniker40\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.ServiceMoniker40.dll
- 2012-04-03 12:57 . 2012-04-03 12:57 12168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.ServiceMoniker40\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.ServiceMoniker40.dll
+ 2012-04-06 12:01 . 2012-04-06 12:01 95592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Caching\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Caching.dll
- 2012-04-03 12:57 . 2012-04-03 12:57 95592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Caching\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Caching.dll
- 2012-04-03 12:57 . 2012-04-03 12:57 86888 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-04-06 12:01 . 2012-04-06 12:01 86888 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-04-06 12:01 . 2012-04-06 12:01 21880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Workflow.Compiler.exe
- 2012-04-03 12:57 . 2012-04-03 12:57 21880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Workflow.Compiler.exe
- 2012-04-03 12:57 . 2012-04-03 12:57 40304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\v4.0_2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
+ 2012-04-06 12:01 . 2012-04-06 12:01 40304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\v4.0_2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
+ 2012-04-06 12:01 . 2012-04-06 12:01 67968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Conversion.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v4.0.dll
- 2012-04-03 12:57 . 2012-04-03 12:57 67968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Conversion.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v4.0.dll
- 2008-04-14 12:00 . 2012-04-03 12:58 562574 c:\windows\system32\perfh009.dat
+ 2008-04-14 12:00 . 2012-04-08 20:58 562574 c:\windows\system32\perfh009.dat
- 2008-04-14 12:00 . 2012-04-03 12:58 611660 c:\windows\system32\perfh007.dat
+ 2008-04-14 12:00 . 2012-04-08 20:58 611660 c:\windows\system32\perfh007.dat
- 2008-04-14 12:00 . 2012-04-03 12:58 109988 c:\windows\system32\perfc009.dat
+ 2008-04-14 12:00 . 2012-04-08 20:58 109988 c:\windows\system32\perfc009.dat
- 2008-04-14 12:00 . 2012-04-03 12:58 137180 c:\windows\system32\perfc007.dat
+ 2008-04-14 12:00 . 2012-04-08 20:58 137180 c:\windows\system32\perfc007.dat
+ 2012-04-06 12:01 . 2012-04-06 12:01 431984 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.WorkflowServices\v4.0_4.0.0.0__31bf3856ad364e35\System.WorkflowServices.dll
- 2012-04-03 12:58 . 2012-04-03 12:58 431984 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.WorkflowServices\v4.0_4.0.0.0__31bf3856ad364e35\System.WorkflowServices.dll
- 2012-04-03 12:58 . 2012-04-03 12:58 511344 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Runtime\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
+ 2012-04-06 12:01 . 2012-04-06 12:01 511344 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Runtime\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
- 2012-04-03 12:57 . 2012-04-03 12:57 826208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Mobile\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-04-06 12:01 . 2012-04-06 12:01 826208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Mobile\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-04-06 12:01 . 2012-04-06 12:01 321912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
- 2012-04-03 12:57 . 2012-04-03 12:57 321912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
+ 2012-04-06 12:01 . 2012-04-06 12:01 137568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.dll
- 2012-04-03 12:57 . 2012-04-03 12:57 137568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.dll
+ 2012-04-06 12:01 . 2012-04-06 12:01 132464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
- 2012-04-03 12:57 . 2012-04-03 12:57 132464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
- 2012-04-03 12:57 . 2012-04-03 12:57 237928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
+ 2012-04-06 12:01 . 2012-04-06 12:01 237928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
- 2012-04-03 12:57 . 2012-04-03 12:57 316272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Web\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
+ 2012-04-06 12:01 . 2012-04-06 12:01 316272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Web\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
+ 2012-04-06 12:01 . 2012-04-06 12:01 170872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activation\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activation.dll
- 2012-04-03 12:57 . 2012-04-03 12:57 170872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activation\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activation.dll
+ 2012-04-06 12:01 . 2012-04-06 12:01 683368 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.dll
- 2012-04-03 12:57 . 2012-04-03 12:57 683368 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.dll
+ 2012-04-06 12:01 . 2012-04-06 12:01 178040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Design.dll
- 2012-04-03 12:57 . 2012-04-03 12:57 178040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Design.dll
+ 2012-04-06 12:01 . 2012-04-06 12:01 804720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
- 2012-04-03 12:57 . 2012-04-03 12:57 804720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
- 2012-04-03 12:58 . 2012-04-03 12:58 587624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationBuildTasks\v4.0_4.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
+ 2012-04-06 12:01 . 2012-04-06 12:01 587624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationBuildTasks\v4.0_4.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
+ 2012-04-06 12:01 . 2012-04-06 12:01 220024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Utilities.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v4.0.dll
- 2012-04-03 12:57 . 2012-04-03 12:57 220024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Utilities.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v4.0.dll
+ 2012-04-06 12:01 . 2012-04-06 12:01 107376 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Framework\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2012-04-03 12:57 . 2012-04-03 12:57 107376 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Framework\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2012-04-03 12:57 . 2012-04-03 12:57 714600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Engine\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-04-06 12:01 . 2012-04-06 12:01 714600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Engine\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2012-04-03 12:57 . 2012-04-03 12:57 498520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\AspNetMMCExt\v4.0_4.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-04-06 12:01 . 2012-04-06 12:01 498520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\AspNetMMCExt\v4.0_4.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2012-04-03 12:57 . 2012-04-03 12:57 495984 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-04-06 12:01 . 2012-04-06 12:01 495984 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-04-06 12:20 . 2012-04-06 12:20 260096 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\ef1f49de0f7db7644d2c32fd40147339\System.Web.DataVisualization.Design.ni.dll
+ 2008-03-20 17:06 . 2009-06-25 11:20 1485176 c:\windows\system32\LegitCheckControl.DLL
+ 2011-04-28 09:06 . 2011-04-28 09:06 1749880 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.DataVisualization.dll
+ 2012-04-06 12:01 . 2012-04-06 12:01 1587064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.ComponentModel\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
- 2012-04-03 12:57 . 2012-04-03 12:57 1587064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.ComponentModel\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
+ 2012-04-06 12:01 . 2012-04-06 12:01 1070960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
- 2012-04-03 12:57 . 2012-04-03 12:57 1070960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
- 2012-04-03 12:57 . 2012-04-03 12:57 1863464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2012-04-06 12:01 . 2012-04-06 12:01 1863464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2012-04-06 12:01 . 2012-04-06 12:01 1749880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.dll
+ 2012-04-06 12:01 . 2012-04-06 12:01 5078360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2012-04-03 12:57 . 2012-04-03 12:57 5078360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2012-04-03 12:57 . 2012-04-03 12:57 1327968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.dll
+ 2012-04-06 12:01 . 2012-04-06 12:01 1327968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.dll
+ 2012-04-06 12:01 . 2012-04-06 12:01 1064816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Tasks.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v4.0.dll
- 2012-04-03 12:57 . 2012-04-03 12:57 1064816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Tasks.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v4.0.dll
- 2012-04-03 12:57 . 2012-04-03 12:57 5230864 c:\windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-04-06 12:01 . 2012-04-06 12:01 5230864 c:\windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2011-04-28 15:51 . 2011-04-28 15:51 1375744 c:\windows\Installer\e9fdfba.msp
+ 2012-04-06 12:20 . 2012-04-06 12:20 4535808 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\c18257390b26f04ab49544c32eb8d474\System.Web.DataVisualization.ni.dll
.
-- Snapshot auf jetziges Datum zurückgesetzt --
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\programme\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-09 13537280]
"nwiz"="nwiz.exe" [2008-06-09 1630208]
"NVHotkey"="nvHotkey.dll" [2008-06-09 90112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-09 86016]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-26 2289664]
"RTHDCPL"="RTHDCPL.EXE" [2007-11-06 16855552]
"Dell QuickSet"="c:\programme\Dell\QuickSet\quickset.exe" [2008-02-22 1245184]
"DNS7reminder"="c:\programme\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" [2010-10-27 328992]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"BCSSync"="c:\programme\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-01-18 254696]
"PDFPrint"="c:\programme\PDF24\pdf24.exe" [2012-03-05 160840]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\userXXX\Startmenü\Programme\Autostart\
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\programme\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2011-2-21 559648]
Windows Search.lnk - c:\programme\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programme\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]
2012-02-01 07:11 1083264 ----a-w- c:\programme\Nokia\Nokia Suite\NokiaSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 08:57 1451520 ----a-w- c:\programme\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipStunt]
2012-03-21 08:53 17855864 ----a-w- c:\programme\VoipStunt.com\VoipStunt\voipstunt.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Windows Home Server\\Discovery.exe"=
"c:\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\xampp\\apache\\bin\\httpd.exe"=
"c:\\Programme\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"=
"c:\\Programme\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Programme\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Programme\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"51001:TCP"= 51001:TCP:Dragon Smart Phone Server
"33267:TCP"= 33267:TCP:Windows Core Service
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [21.03.2012 11:05 36000]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [21.03.2012 11:05 86224]
R2 DragonSvc;Dragon Service;c:\programme\Gemeinsame Dateien\Nuance\dgnsvc.exe [16.11.2010 19:49 296808]
R2 WHSConnector;Windows Home Server-Connectordienst;c:\programme\Windows Home Server\WHSConnector.exe [12.07.2008 17:13 326688]
R3 osppsvc;Office Software Protection Platform;c:\programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09.01.2010 21:37 4640000]
S0 cerc6;cerc6; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.03.2010 13:16 130384]
S2 DirMngr;DirMngr;c:\programme\GNU\GnuPG\dirmngr.exe [02.03.2011 17:20 224256]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [30.03.2012 11:19 253600]
S3 BackupReader;BackupReader;c:\windows\system32\drivers\BackupReader.sys [12.07.2008 17:20 46368]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [21.02.2011 12:07 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [21.02.2011 12:07 8456]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\programme\Microsoft Office\Office14\GROOVE.EXE [12.06.2011 12:15 31125880]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [08.02.2012 11:38 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [08.02.2012 11:38 8576]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.03.2010 13:16 753504]
S4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\programme\Microsoft SQL Server\100\Shared\sqladhlp.exe [31.03.2009 06:55 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [30.03.2009 03:09 239336]
S4 SQLAgent$MSSMLBIZ;SQL Server-Agent (MSSMLBIZ);c:\programme\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [30.03.2009 03:23 366936]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 36613400
*Deregistered* - 36613400
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 09:37]
.
2012-04-02 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\programme\Dell Support Center\uaclauncher.exe [2012-02-07 23:02]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\dokumente und einstellungen\userXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\w4scfdmv.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-DivXUpdate - c:\programme\DivX\DivX Update\DivXUpdate.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-04-09 00:16
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-04-09 00:17:41
ComboFix-quarantined-files.txt 2012-04-08 22:17
.
Vor Suchlauf: 9 Verzeichnis(se), 75.637.325.824 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 75.629.178.880 Bytes frei
.
- - End Of File - - 19D48DBC03E479852F2FD73B35F56814
|
|
09.04.2012, 15:21
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Umleitung Ergebnis Googlesuche in IE & FF / XP update wird permanent angeboten Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.04.2012, 23:48
| #25 |
| | Umleitung Ergebnis Googlesuche in IE & FF / XP update wird permanent angeboten hier die Logs ... Gmer: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-04-10 00:13:33
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.PC2O
Running: r4t6qr06.exe; Driver: C:\DOKUME~1\userXXX\LOKALE~1\Temp\pxriypog.sys
---- System - GMER 1.0.15 ----
SSDT AAA952BC ZwClose
SSDT AAA95276 ZwCreateKey
SSDT AAA952C6 ZwCreateSection
SSDT AAA9526C ZwCreateThread
SSDT AAA9527B ZwDeleteKey
SSDT AAA95285 ZwDeleteValueKey
SSDT AAA952B7 ZwDuplicateObject
SSDT AAA9528A ZwLoadKey
SSDT AAA95258 ZwOpenProcess
SSDT AAA9525D ZwOpenThread
SSDT AAA952DF ZwQueryValueKey
SSDT AAA95294 ZwReplaceKey
SSDT AAA952D0 ZwRequestWaitReplyPort
SSDT AAA9528F ZwRestoreKey
SSDT AAA952CB ZwSetContextThread
SSDT AAA952D5 ZwSetSecurityObject
SSDT AAA95280 ZwSetValueKey
SSDT AAA952DA ZwSystemDebugControl
SSDT AAA95267 ZwTerminateProcess
Code \??\C:\DOKUME~1\userXXX\LOKALE~1\Temp\catchme.sys pIofCallDriver
---- Kernel code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB82CE380, 0x37DE8D, 0xE8000020]
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. !
? C:\DOKUME~1\userXXX\LOKALE~1\Temp\catchme.sys Das System kann die angegebene Datei nicht finden. !
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\SearchIndexer.exe[1536] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 00:21:53 on 10.04.2012 OS: Windows XP Professional Service Pack 3 (Build 2600) Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe "PCDoctorBackgroundMonitorTask-Delay.job" - "PC-Doctor, Inc." - C:\Programme\Dell Support Center\uaclauncher.exe "PCDoctorBackgroundMonitorTask.job" - "PC-Doctor, Inc." - C:\Programme\Dell Support Center\uaclauncher.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "BCMWLCPL.CPL" - "Dell Inc." - C:\WINDOWS\system32\BCMWLCPL.CPL "cmdvdpak.cpl" - "Sonic Solutions" - C:\WINDOWS\system32\cmdvdpak.cpl "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl "nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\MLCFG32.CPL "NokiaConnectionManager" - "Nokia" - C:\PROGRA~1\Nokia\NOKIAP~1\CONNEC~1.CPL [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "APPDRV" (APPDRV) - "Dell Inc" - C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS "avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avkmgr.sys "BackupReader" (BackupReader) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\BackupReader.sys "catchme" (catchme) - ? - C:\DOKUME~1\userXXX\LOKALE~1\Temp\catchme.sys (File not found) "cerc6" (cerc6) - ? - C:\WINDOWS\system32\drivers\cerc6.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "DLABMFSM" (DLABMFSM) - ? - C:\WINDOWS\System32\Drivers\DLABMFSM.SYS (File not found) "DLABOIOM" (DLABOIOM) - "Roxio" - C:\WINDOWS\System32\Drivers\DLABOIOM.SYS "DLACDBHM" (DLACDBHM) - ? - C:\WINDOWS\System32\Drivers\DLACDBHM.SYS (File not found) "DLADResM" (DLADResM) - "Roxio" - C:\WINDOWS\System32\Drivers\DLADResM.SYS "DLAIFS_M" (DLAIFS_M) - "Roxio" - C:\WINDOWS\System32\Drivers\DLAIFS_M.SYS "DLAOPIOM" (DLAOPIOM) - "Roxio" - C:\WINDOWS\System32\Drivers\DLAOPIOM.SYS "DLAPoolM" (DLAPoolM) - "Roxio" - C:\WINDOWS\System32\Drivers\DLAPoolM.SYS "DLARTL_M" (DLARTL_M) - ? - C:\WINDOWS\System32\Drivers\DLARTL_M.SYS (File not found) "DLAUDFAM" (DLAUDFAM) - ? - C:\WINDOWS\System32\Drivers\DLAUDFAM.SYS (File not found) "DLAUDF_M" (DLAUDF_M) - "Roxio" - C:\WINDOWS\System32\Drivers\DLAUDF_M.SYS "DRVMCDB" (DRVMCDB) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\DRVMCDB.SYS "DRVNDDM" (DRVNDDM) - ? - C:\WINDOWS\System32\Drivers\DRVNDDM.SYS (File not found) "epmntdrv" (epmntdrv) - ? - C:\WINDOWS\system32\epmntdrv.sys (File found, but it contains no detailed information) "EuGdiDrv" (EuGdiDrv) - ? - C:\WINDOWS\system32\EuGdiDrv.sys (File found, but it contains no detailed information) "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "mbr" (mbr) - ? - C:\ComboFix\mbr.sys (Hidden registry entry, rootkit activity | File not found) "Mup" (Mup) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\Mup.sys "NABTS/FEC VBI-Codec" (NABTSFEC) - ? - C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys (File not found) "OMCI" (OMCI) - ? - C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (File not found) "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "pxriypog" (pxriypog) - ? - C:\DOKUME~1\userXXX\LOKALE~1\Temp\pxriypog.sys (Hidden registry entry, rootkit activity | File not found) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL {56F9679E-7826-4C84-81F3-532071A8BCC5} "Windows Desktop Search Namespace Manager" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} "Arbeitsbereiche" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL {9A065C65-4EE7-4DDD-9918-F129089A894A} "BrowserHelper Class" - "Microsoft Corporation" - C:\Programme\Windows Home Server\WHSDeskBands.dll {D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office14\VISSHE.DLL {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - (File not found | COM-object registry key not found) {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL {D73E76A3-F902-45BD-8FC8-95AE8E014671} "Home Server Banner" - "Microsoft Corporation" - C:\Programme\Windows Home Server\WHSDeskBands.dll {C1B5F1C3-6B6A-4890-A0CB-EAF0DF160E69} "Home Server Help Band" - "Microsoft Corporation" - C:\Programme\Windows Home Server\WHSDeskBands.dll {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office14\VISSHE.DLL {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office14\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\msoshext.dll {0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office14\ONFILTER.DLL {00020D75-0000-0000-C000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\MLSHEXT.DLL {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" - "Nokia" - C:\Programme\Nokia\Nokia PC Suite 7\PhoneBrowser.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office14\OLKFSTUB.DLL {5E44E225-A408-11CF-B581-008029601108} "Roxio DragToDisc Shell Extension" - ? - C:\Programme\Roxio\Drag-to-Disc\Shellex.dll (File not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\shlext.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL {13E7F612-F261-4391-BEA2-39DF4F3FA311} "Windows Desktop Search" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\msnlExt.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {4871A87A-BFDD-4106-8153-FFDE2BAC2967} "DLM Control" - "Akamai Technologies, Inc." - C:\WINDOWS\DOWNLO~1\DOWNLO~1.OCX / hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} "Emsisoft Web Malware Scan" - "Emsi Software GmbH" - C:\WINDOWS\DOWNLO~1\EMSISO~1.OCX / hxxp://ax.emsisoft.com/emsisoft_webscan.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash32_11_2_202_228.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab {17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\WINDOWS\system32\LegitCheckControl.DLL / hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab {31435657-9980-0010-8000-00AA00389B71} "{31435657-9980-0010-8000-00AA00389B71}" - ? - (File not found | COM-object registry key not found) / hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab {33564D57-0000-0010-8000-00AA00389B71} "{33564D57-0000-0010-8000-00AA00389B71}" - ? - (File not found | COM-object registry key not found) / hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll {77BF5300-1474-4EC7-9980-D32B190E9B07} "Skype" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll {FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Home Server Banner" - "Microsoft Corporation" - C:\Programme\Windows Home Server\WHSDeskBands.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {9A065C65-4EE7-4DDD-9918-F129089A894A} "BrowserHelper Class" - "Microsoft Corporation" - C:\Programme\Windows Home Server\WHSDeskBands.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL {22BF413B-C6D2-4d91-82A9-A0F997BA588C} "Skype add-on (mastermind)" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini "Windows Home Server.lnk" - "Microsoft Corporation" - C:\Programme\Windows Home Server\WHSTrayApp.exe (Shortcut exists | File exists) -----( %UserProfile%\Startmenü\Programme\Autostart )----- "OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Shortcut exists | File exists) "desktop.ini" - ? - C:\Dokumente und Einstellungen\userXXX\Startmenü\Programme\Autostart\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "PC Suite Tray" - "Nokia" - "C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min "BCSSync" - "Microsoft Corporation" - "C:\Programme\Microsoft Office\Office14\BCSSync.exe" /DelayServices "Broadcom Wireless Manager UI" - "Dell Inc." - C:\WINDOWS\system32\WLTRAY.exe "Dell QuickSet" - "Dell Inc." - C:\Programme\Dell\QuickSet\quickset.exe "DNS7reminder" - "Nuance Communications, Inc." - "C:\Programme\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nuance\NaturallySpeaking11\Ereg.ini" "NVHotkey" - "NVIDIA Corporation" - rundll32.exe nvHotkey.dll,Start "nwiz" - "NVIDIA Corporation" - nwiz.exe /installquiet "PDFPrint" - "Geek Software GmbH" - C:\Programme\PDF24\pdf24.exe "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [Network Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )----- "Dell Wireless WLAN Card Logon Provider" - "Dell Inc." - C:\WINDOWS\System32\BCMLogon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe "ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\sched.exe "Business Contact Manager SQL Server Startup Service" (BcmSqlStartupSvc) - "Microsoft Corporation" - C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe "DirMngr" (DirMngr) - ? - C:\Programme\GNU\GnuPG\dirmngr.exe (File found, but it contains no detailed information) "Dragon Service" (DragonSvc) - "Nuance Communications, Inc." - C:\Programme\Gemeinsame Dateien\Nuance\dgnsvc.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft SharePoint Workspace Audit Service" (Microsoft SharePoint Workspace Audit Service) - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office14\GROOVE.EXE "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE "Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE "ServiceLayer" (ServiceLayer) - "Nokia" - C:\Programme\PC Connectivity Solution\ServiceLayer.exe "SQL Server (MSSMLBIZ)" (MSSQL$MSSMLBIZ) - "Microsoft Corporation" - C:\Programme\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe "SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe "stllssvr" (stllssvr) - "MicroVision Development, Inc." - C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Home Server-Connectordienst" (WHSConnector) - "Microsoft Corporation" - C:\Programme\Windows Home Server\WHSConnector.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe "Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-10 00:40:34
-----------------------------
00:40:34.625 OS Version: Windows 5.1.2600 Service Pack 3
00:40:34.625 Number of processors: 2 586 0x1706
00:40:34.625 ComputerName: NAME UserName: userXXX
00:40:35.125 Initialize success
00:40:38.593 AVAST engine defs: 12040901
00:40:53.281 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
00:40:53.281 Disk 0 Vendor: Hitachi_ PC2O Size: 238475MB BusType: 3
00:40:53.343 Disk 0 MBR read successfully
00:40:53.343 Disk 0 MBR scan
00:40:53.343 Disk 0 Windows XP default MBR code
00:40:53.375 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 102398 MB offset 63
00:40:53.375 Disk 0 Partition - 00 0F Extended LBA 136074 MB offset 209712510
00:40:53.421 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 102398 MB offset 209712573
00:40:53.437 Disk 0 Partition - 00 05 Extended 33675 MB offset 419425020
00:40:53.500 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 33675 MB offset 419425083
00:40:53.515 Disk 0 scanning sectors +488392065
00:40:53.703 Disk 0 scanning C:\WINDOWS\system32\drivers
00:41:19.609 Service scanning
00:41:39.765 Modules scanning
00:42:12.515 Disk 0 trace - called modules:
00:42:12.546 ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll iastor.sys
00:42:12.562 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89b17ab8]
00:42:12.562 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000072[0x8a4e3710]
00:42:12.562 5 ACPI.sys[b9f7e620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x89f1b028]
00:42:12.562 Scan finished successfully
00:43:21.625 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\userXXX\Desktop\LOGS VI\MBR.dat"
00:43:21.640 The log file has been saved successfully to "C:\Dokumente und Einstellungen\userXXX\Desktop\LOGS VI\aswMBR.txt"
|
|
10.04.2012, 11:29
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Umleitung Ergebnis Googlesuche in IE & FF / XP update wird permanent angeboten Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.04.2012, 14:58
| #27 |
| | Umleitung Ergebnis Googlesuche in IE & FF / XP update wird permanent angeboten guten Nachmittag - hier die Logs Malwarebytes Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.04.10.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 userXXX :: NAME [Administrator] 10.04.2012 13:07:43 mbam-log-2012-04-10 (13-07-43).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 377551 Laufzeit: 1 Stunde(n), 4 Minute(n), 40 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 04/10/2012 at 03:52 PM
Application Version : 5.0.1146
Core Rules Database Version : 8431
Trace Rules Database Version: 6243
Scan type : Complete Scan
Total Scan Time : 00:59:44
Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator
Memory items scanned : 655
Memory threats detected : 0
Registry items scanned : 35663
Registry threats detected : 0
File items scanned : 169969
File threats detected : 125
Adware.Tracking Cookie
C:\Dokumente und Einstellungen\userXXX\Cookies\userXXX@ad.adnet[1].txt [ /ad.adnet ]
C:\Dokumente und Einstellungen\userXXX\Cookies\userXXX@ads.adshopping[1].txt [ /ads.adshopping ]
C:\Dokumente und Einstellungen\userXXX\Cookies\userXXX@adserver.webads.co[1].txt [ /adserver.webads.co ]
C:\Dokumente und Einstellungen\userXXX\Cookies\userXXX@adx.chip[2].txt [ /adx.chip ]
C:\Dokumente und Einstellungen\userXXX\Cookies\userXXX@content.yieldmanager[1].txt [ /content.yieldmanager ]
C:\Dokumente und Einstellungen\userXXX\Cookies\userXXX@guj.122.2o7[1].txt [ /guj.122.2o7 ]
C:\Dokumente und Einstellungen\userXXX\Cookies\userXXX@track.effiliation[3].txt [ /track.effiliation ]
C:\Dokumente und Einstellungen\userXXX\Cookies\userXXX@tracking.mlsat02[1].txt [ /tracking.mlsat02 ]
C:\Dokumente und Einstellungen\userXXX\Cookies\5EWXULS3.txt [ /banners.sys-con.com ]
C:\Dokumente und Einstellungen\userXXX\Cookies\4C1V2QL1.txt [ /specificclick.net ]
C:\Dokumente und Einstellungen\userXXX\Cookies\U89AVWJH.txt [ /ad1.adfarm1.adition.com ]
C:\Dokumente und Einstellungen\userXXX\Cookies\LE16OAQ1.txt [ /www.zanox-affiliate.de ]
C:\Dokumente und Einstellungen\userXXX\Cookies\MY482A96.txt [ /ad2.adfarm1.adition.com ]
C:\Dokumente und Einstellungen\userXXX\Cookies\7YAZ77GO.txt [ /imrworldwide.com ]
C:\Dokumente und Einstellungen\userXXX\Cookies\C2X5SY7S.txt [ /bs.serving-sys.com ]
C:\Dokumente und Einstellungen\userXXX\Cookies\43HNSL49.txt [ /accounts.youtube.com ]
C:\Dokumente und Einstellungen\userXXX\Cookies\OPS9KM88.txt [ /ad3.adfarm1.adition.com ]
C:\Dokumente und Einstellungen\userXXX\Cookies\PNSUVAM7.txt [ /media6degrees.com ]
C:\Dokumente und Einstellungen\userXXX\Cookies\M4TT8QJQ.txt [ /adtech.de ]
C:\Dokumente und Einstellungen\userXXX\Cookies\0MK6JQY2.txt [ /apmebf.com ]
C:\Dokumente und Einstellungen\userXXX\Cookies\0FBZR1QI.txt [ /msnportal.112.2o7.net ]
C:\Dokumente und Einstellungen\userXXX\Cookies\2F6SYRAV.txt [ /ad.ad-srv.net ]
C:\Dokumente und Einstellungen\userXXX\Cookies\N7JQ6Q0L.txt [ /ad4.adfarm1.adition.com ]
C:\Dokumente und Einstellungen\userXXX\Cookies\LNUST5V5.txt [ /2o7.net ]
C:\Dokumente und Einstellungen\userXXX\Cookies\I9VOYGVU.txt [ /at.atwola.com ]
C:\Dokumente und Einstellungen\userXXX\Cookies\LVBGMZMJ.txt [ /zanox.com ]
C:\Dokumente und Einstellungen\userXXX\Cookies\FJGKCVO1.txt [ /ad.zanox.com ]
C:\Dokumente und Einstellungen\userXXX\Cookies\QD27RLAC.txt [ /c.atdmt.com ]
C:\Dokumente und Einstellungen\userXXX\Cookies\RXY4Q0KA.txt [ /histats.com ]
C:\Dokumente und Einstellungen\userXXX\Cookies\HOJSW6XQ.txt [ /smartadserver.com ]
C:\Dokumente und Einstellungen\userXXX\Cookies\XYYOF4S7.txt [ /traffictrack.de ]
C:\Dokumente und Einstellungen\userXXX\Cookies\YNAXSCVO.txt [ /tacoda.at.atwola.com ]
C:\Dokumente und Einstellungen\userXXX\Cookies\1VHZVTX9.txt [ /lucidmedia.com ]
C:\Dokumente und Einstellungen\userXXX\Cookies\30978XOJ.txt [ /atdmt.com ]
C:\Dokumente und Einstellungen\userXXX\Cookies\HBK8XTIW.txt [ /mediaplex.com ]
C:\Dokumente und Einstellungen\userXXX\Cookies\KWUCTJJ5.txt [ /invitemedia.com ]
C:\Dokumente und Einstellungen\userXXX\Cookies\YH2HMN0X.txt [ /ar.atwola.com ]
C:\Dokumente und Einstellungen\userXXX\Cookies\78HTKPUW.txt [ /advertising.com ]
C:\Dokumente und Einstellungen\userXXX\Cookies\AJWW12VM.txt [ /atwola.com ]
C:\Dokumente und Einstellungen\userXXX\Cookies\O6NEIQ6R.txt [ /webmasterplan.com ]
C:\Dokumente und Einstellungen\userXXX\Cookies\JSKK2QQ2.txt [ /ads.undertone.com ]
C:\Dokumente und Einstellungen\userXXX\Cookies\92MQVGY4.txt [ /unitymedia.de ]
C:\Dokumente und Einstellungen\userXXX\Cookies\STH9FZT8.txt [ /perf.overture.com ]
C:\Dokumente und Einstellungen\userXXX\Cookies\3IFVYJVM.txt [ /www.etracker.de ]
C:\Dokumente und Einstellungen\userXXX\Cookies\07IDAUH4.txt [ /fastclick.net ]
C:\Dokumente und Einstellungen\userXXX\Cookies\NK9F708Q.txt [ /eas4.emediate.eu ]
C:\Dokumente und Einstellungen\userXXX\Cookies\S3JUXTA3.txt [ /adfarm1.adition.com ]
C:\Dokumente und Einstellungen\userXXX\Cookies\CITHW69C.txt [ /serving-sys.com ]
C:\Dokumente und Einstellungen\userXXX\Cookies\3OZBYJ97.txt [ /ru4.com ]
C:\Dokumente und Einstellungen\userXXX\Cookies\BL6PULFQ.txt [ /divx.112.2o7.net ]
C:\Dokumente und Einstellungen\userXXX\Cookies\H1WAHNBJ.txt [ /accounts.google.com ]
C:\Dokumente und Einstellungen\userXXX\Cookies\8NCVUIJ6.txt [ /ww251.smartadserver.com ]
C:\Dokumente und Einstellungen\userXXX\Cookies\I2E6KV3J.txt [ /doubleclick.net ]
C:\Dokumente und Einstellungen\userXXX\Cookies\DJCY245G.txt [ /adform.net ]
C:\Dokumente und Einstellungen\userXXX\Cookies\XECY6D6D.txt [ /tracking.quisma.com ]
C:\DOKUMENTE UND EINSTELLUNGEN\userXXX\Cookies\6THCIORJ.txt [ Cookie:userXXX@google.com/accounts/ ]
C:\DOKUMENTE UND EINSTELLUNGEN\userXXX2\Cookies\userXXX2@atdmt[1].txt [ Cookie:userXXX2@atdmt.com/ ]
C:\DOKUMENTE UND EINSTELLUNGEN\userXXX2\Cookies\userXXX2@2o7[1].txt [ Cookie:userXXX2@2o7.net/ ]
serving-sys.com [ C:\DOKUMENTE UND EINSTELLUNGEN\userXXX\ANWENDUNGSDATEN\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2FN3V547 ]
.im.banner.t-online.de [ C:\DOKUMENTE UND EINSTELLUNGEN\userXXX\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\W4SCFDMV.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\DOKUMENTE UND EINSTELLUNGEN\userXXX\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\W4SCFDMV.DEFAULT\COOKIES.SQLITE ]
eas4.emediate.eu [ C:\DOKUMENTE UND EINSTELLUNGEN\userXXX\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\W4SCFDMV.DEFAULT\COOKIES.SQLITE ]
adfarm1.adition.com [ C:\DOKUMENTE UND EINSTELLUNGEN\userXXX\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\W4SCFDMV.DEFAULT\COOKIES.SQLITE ]
ad3.adfarm1.adition.com [ C:\DOKUMENTE UND EINSTELLUNGEN\userXXX\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\W4SCFDMV.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\DOKUMENTE UND EINSTELLUNGEN\userXXX\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\W4SCFDMV.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\DOKUMENTE UND EINSTELLUNGEN\userXXX\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\W4SCFDMV.DEFAULT\COOKIES.SQLITE ]
.guj.122.2o7.net [ C:\DOKUMENTE UND EINSTELLUNGEN\userXXX\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\W4SCFDMV.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\DOKUMENTE UND EINSTELLUNGEN\userXXX\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\W4SCFDMV.DEFAULT\COOKIES.SQLITE ]
ad1.adfarm1.adition.com [ C:\DOKUMENTE UND EINSTELLUNGEN\userXXX\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\W4SCFDMV.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\DOKUMENTE UND EINSTELLUNGEN\userXXX\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\W4SCFDMV.DEFAULT\COOKIES.SQLITE ]
eas4.emediate.eu [ C:\DOKUMENTE UND EINSTELLUNGEN\userXXX\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\W4SCFDMV.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\DOKUMENTE UND EINSTELLUNGEN\userXXX\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\W4SCFDMV.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\DOKUMENTE UND EINSTELLUNGEN\userXXX\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\W4SCFDMV.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOKUMENTE UND EINSTELLUNGEN\userXXX\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\W4SCFDMV.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOKUMENTE UND EINSTELLUNGEN\userXXX\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\W4SCFDMV.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOKUMENTE UND EINSTELLUNGEN\userXXX\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\W4SCFDMV.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\DOKUMENTE UND EINSTELLUNGEN\userXXX\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\W4SCFDMV.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\DOKUMENTE UND EINSTELLUNGEN\userXXX\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\W4SCFDMV.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOKUMENTE UND EINSTELLUNGEN\userXXX\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\W4SCFDMV.DEFAULT\COOKIES.SQLITE ]
statse.webtrendslive.com [ C:\DOKUMENTE UND EINSTELLUNGEN\userXXX\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\W4SCFDMV.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\DOKUMENTE UND EINSTELLUNGEN\userXXX\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\W4SCFDMV.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\DOKUMENTE UND EINSTELLUNGEN\userXXX\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\W4SCFDMV.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\DOKUMENTE UND EINSTELLUNGEN\userXXX\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\W4SCFDMV.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOKUMENTE UND EINSTELLUNGEN\userXXX\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\W4SCFDMV.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\DOKUMENTE UND EINSTELLUNGEN\userXXX\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\W4SCFDMV.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\DOKUMENTE UND EINSTELLUNGEN\userXXX\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\W4SCFDMV.DEFAULT\COOKIES.SQLITE ]
.zanox.com [ C:\DOKUMENTE UND EINSTELLUNGEN\userXXX\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\W4SCFDMV.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\DOKUMENTE UND EINSTELLUNGEN\userXXX\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\W4SCFDMV.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\DOKUMENTE UND EINSTELLUNGEN\userXXX\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\W4SCFDMV.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\DOKUMENTE UND EINSTELLUNGEN\userXXX\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\W4SCFDMV.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOKUMENTE UND EINSTELLUNGEN\userXXX\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\W4SCFDMV.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOKUMENTE UND EINSTELLUNGEN\userXXX\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\W4SCFDMV.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOKUMENTE UND EINSTELLUNGEN\userXXX\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\W4SCFDMV.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\DOKUMENTE UND EINSTELLUNGEN\userXXX\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\W4SCFDMV.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\DOKUMENTE UND EINSTELLUNGEN\userXXX\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\W4SCFDMV.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\DOKUMENTE UND EINSTELLUNGEN\userXXX\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\W4SCFDMV.DEFAULT\COOKIES.SQLITE ]
ad4.adfarm1.adition.com [ C:\DOKUMENTE UND EINSTELLUNGEN\userXXX\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\W4SCFDMV.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\DOKUMENTE UND EINSTELLUNGEN\userXXX\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\W4SCFDMV.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\DOKUMENTE UND EINSTELLUNGEN\userXXX\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\W4SCFDMV.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\DOKUMENTE UND EINSTELLUNGEN\userXXX\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\W4SCFDMV.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\DOKUMENTE UND EINSTELLUNGEN\userXXX\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\W4SCFDMV.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOKUMENTE UND EINSTELLUNGEN\userXXX\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\W4SCFDMV.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\DOKUMENTE UND EINSTELLUNGEN\userXXX\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\W4SCFDMV.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\DOKUMENTE UND EINSTELLUNGEN\userXXX\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\W4SCFDMV.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\DOKUMENTE UND EINSTELLUNGEN\userXXX\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\W4SCFDMV.DEFAULT\COOKIES.SQLITE ]
ad2.adfarm1.adition.com [ C:\DOKUMENTE UND EINSTELLUNGEN\userXXX\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\W4SCFDMV.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\DOKUMENTE UND EINSTELLUNGEN\userXXX\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\W4SCFDMV.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOKUMENTE UND EINSTELLUNGEN\userXXX2\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QELIYLAI.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOKUMENTE UND EINSTELLUNGEN\userXXX2\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QELIYLAI.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOKUMENTE UND EINSTELLUNGEN\userXXX2\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QELIYLAI.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOKUMENTE UND EINSTELLUNGEN\userXXX2\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QELIYLAI.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOKUMENTE UND EINSTELLUNGEN\userXXX2\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QELIYLAI.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOKUMENTE UND EINSTELLUNGEN\userXXX2\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QELIYLAI.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOKUMENTE UND EINSTELLUNGEN\userXXX2\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QELIYLAI.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOKUMENTE UND EINSTELLUNGEN\userXXX2\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QELIYLAI.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOKUMENTE UND EINSTELLUNGEN\userXXX2\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QELIYLAI.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOKUMENTE UND EINSTELLUNGEN\userXXX2\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QELIYLAI.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOKUMENTE UND EINSTELLUNGEN\userXXX2\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QELIYLAI.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOKUMENTE UND EINSTELLUNGEN\userXXX2\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QELIYLAI.DEFAULT\COOKIES.SQLITE ]
.content.yieldmanager.com [ C:\DOKUMENTE UND EINSTELLUNGEN\userXXX2\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QELIYLAI.DEFAULT\COOKIES.SQLITE ]
.adxpose.com [ C:\DOKUMENTE UND EINSTELLUNGEN\userXXX2\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QELIYLAI.DEFAULT\COOKIES.SQLITE ]
Trojan.Agent/Gen-FakeAV
C:\PROGRAMME\WINRAR\DEFAULT.SFX
|
|
10.04.2012, 15:31
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Umleitung Ergebnis Googlesuche in IE & FF / XP update wird permanent angeboten Sieht ok aus, da wurden nur Cookies gefunden. Das zu WinRAR ist ein Fehlalarm. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/ Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.04.2012, 15:37
| #29 |
| | Umleitung Ergebnis Googlesuche in IE & FF / XP update wird permanent angeboten puh, dann bin ich beruhigt, dass es nur eine Fehlmeldung war. Cookies lösch ich von Zeit zu Zeit. Was geblieben ist, ist das XP-Update, was sich immer wieder anbietet. Ansonsten hat das Sytem hat keine weiteren Probleme. Umleitung im Browser ist verschwunden und es macht einen schnelleren Eindruck. Kannst Du mir sagen, was das für ein Ding war und ob ggfls. noch weitere Vorscihtsmaßnahmen wie Passwörter auser der Reihe ändern etc.pp. zu tun ist. Irgendein Hinweis auf die Quelle? Wie gesagt, Probleme fingen mit ner Volume Licence DVD an ... hoffe, dass die es nicht ist. Was ist jetzt noch zu tun ... kann ich die Tools deinstallieren? Ansonsten vielen, vielen herzlichen Dank für die schnelle und kompetente Hilfe!!!  |
|
10.04.2012, 15:48
| #30 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Umleitung Ergebnis Googlesuche in IE & FF / XP update wird permanent angebotenZitat:
Dann wären wir durch!  Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt. Mit Hilfe von OTL kannst du auch viele Tools entfernen: Starte bitte OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Adobe - Andere Version des Adobe Flash Player installieren Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Umleitung Ergebnis Googlesuche in IE & FF / XP update wird permanent angeboten |
| 100%, avira, cd-rom, download, ergebnis, escan, firewall, foren, forum, hängen, installation, kaputt, link, malwarebytes, neustart, nicht mehr, problem, rechner, spybot, umleitung, unregelmäßige, update, windows, windows update |
Linear-Darstellung
