|
Plagegeister aller Art und deren Bekämpfung: Google leitet auf Werbeseiten umWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
19.05.2012, 12:57 | #1 |
| Google leitet auf Werbeseiten um Hallo erstmal an alle, habe mich gerade hier angemeldet Ich habe ein kleines Problem mit dem PC eines Bekannten. Er schilderte mir das sein Laptop seid kurzem so gut wie alle google Suchen auf Seiten wie "Rocketnews.com" usw. umleitet. da ich selbst nicht unbedingt "Anfänger" auf diesem Gebiet bin habe ich erst einmal Kaspersky AntiVirus laufen lassen, nichts wurde gefunden. Als nächstes kam HijackThis dran. Der fand etwas (R03 Problem) welches ich habe fixen lassen. Soweit so gut. Leider leitet Google immer noch auf andere Seiten um. Habe mich hier im Forum etwas informiert und habe mal "ComboFix" laufen lassen und habe ein LogFile erhalten (ann ich posten sobald ich es auf meinem Rechner habe). Nun bin ich leider ratlos und auf eure hilfe angewiesen. System läuft mit Windows 7 Professional 64 Bit, Intel Core2Duo 2,10 Ghz, 4GB Ram danke schonmal für eure Antworten MfG EDIT: Ich werde hier gleich noch die verschiedenen LogFiles posten. hier sind die LogFiles: Combofix Logfile: [SPOILER] Code:
ATTFilter ComboFix 12-05-19.01 - Otte 19.05.2012 13:22:09.1.2 - x64 Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.4061.2328 [GMT 2:00] ausgef¸hrt von:: c:\users\Otte\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . . (((((((((((((((((((((((((((((((((((( Weitere Lˆschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Otte\Desktop\frische Musik\Einzelne Lieder - Untitled 1\_desktop.ini c:\users\Otte\Documents\~WRL0003.tmp . . ((((((((((((((((((((((( Dateien erstellt von 2012-04-19 bis 2012-05-19 )))))))))))))))))))))))))))))) . . 2012-05-19 11:28 . 2012-05-19 11:28 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-05-19 10:54 . 2012-05-19 10:54 -------- d-----w- c:\users\Otte\AppData\Roaming\Malwarebytes 2012-05-19 10:54 . 2012-05-19 10:54 -------- d-----w- c:\programdata\Malwarebytes 2012-05-19 10:54 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-19 10:54 . 2012-05-19 10:54 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-05-19 09:49 . 2012-05-19 11:33 -------- d-----w- c:\programdata\Kaspersky Lab 2012-05-19 09:49 . 2012-05-19 09:49 -------- d-----w- c:\program files (x86)\Kaspersky Lab 2012-05-19 09:44 . 2012-05-19 09:44 -------- d-----w- c:\program files\CCleaner 2012-05-13 16:09 . 2012-03-03 06:29 1541120 ----a-w- c:\windows\system32\DWrite.dll 2012-05-13 16:09 . 2012-03-03 06:29 320512 ----a-w- c:\windows\system32\d3d10_1core.dll 2012-05-13 16:09 . 2012-03-03 06:29 1837568 ----a-w- c:\windows\system32\d3d10warp.dll 2012-05-13 16:09 . 2012-03-03 05:40 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-05-13 16:09 . 2012-03-03 05:40 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll 2012-05-13 16:09 . 2012-03-03 06:29 197120 ----a-w- c:\windows\system32\d3d10_1.dll 2012-05-13 16:09 . 2012-03-03 06:29 902656 ----a-w- c:\windows\system32\d2d1.dll 2012-05-13 16:09 . 2012-03-03 05:40 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll 2012-05-13 16:09 . 2012-03-03 05:40 739840 ----a-w- c:\windows\SysWow64\d2d1.dll 2012-05-13 16:09 . 2012-03-03 05:40 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll 2012-05-13 16:06 . 2012-04-02 05:34 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-13 16:06 . 2012-04-02 04:46 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-13 16:06 . 2012-04-02 04:46 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-13 16:06 . 2012-04-02 03:01 3143680 ----a-w- c:\windows\system32\win32k.sys 2012-05-13 16:06 . 2012-03-17 07:55 75632 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-05-13 16:06 . 2012-03-30 11:09 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-05-13 16:06 . 2012-04-02 05:26 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL 2012-05-13 16:06 . 2012-04-02 05:24 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2012-05-13 16:06 . 2012-04-02 05:24 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll 2012-05-13 16:06 . 2012-04-02 05:24 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll 2012-05-13 16:06 . 2012-04-02 04:40 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2012-05-02 16:45 . 2012-05-02 16:45 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2012-05-02 16:45 . 2012-05-02 16:45 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe 2012-05-02 16:45 . 2012-05-02 16:45 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe 2012-04-25 19:36 . 2012-04-25 19:36 -------- d-----w- c:\users\Otte\AppData\Local\Zattoo 2012-04-23 17:04 . 2012-04-23 17:04 139264 --sha-r- c:\windows\SysWow64\msvcp604.dll 2012-04-22 20:01 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5E059494-3FB4-404F-AAA2-CBEC6A223CAF}\mpengine.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-01 06:54 . 2012-04-11 19:28 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-03-01 06:45 . 2012-04-11 19:28 220672 ----a-w- c:\windows\system32\wintrust.dll 2012-03-01 06:40 . 2012-04-11 19:28 80896 ----a-w- c:\windows\system32\imagehlp.dll 2012-03-01 06:35 . 2012-04-11 19:28 5120 ----a-w- c:\windows\system32\wmi.dll 2012-03-01 05:49 . 2012-04-11 19:28 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-03-01 05:45 . 2012-04-11 19:28 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-03-01 05:40 . 2012-04-11 19:28 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2012-02-28 06:56 . 2012-04-11 19:29 2311168 ----a-w- c:\windows\system32\jscript9.dll 2012-02-28 06:49 . 2012-04-11 19:29 1390080 ----a-w- c:\windows\system32\wininet.dll 2012-02-28 06:48 . 2012-04-11 19:29 1493504 ----a-w- c:\windows\system32\inetcpl.cpl 2012-02-28 06:42 . 2012-04-11 19:29 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-02-28 01:18 . 2012-04-11 19:29 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-02-28 01:11 . 2012-04-11 19:29 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-02-28 01:11 . 2012-04-11 19:29 1127424 ----a-w- c:\windows\SysWow64\wininet.dll 2012-02-28 01:03 . 2012-04-11 19:29 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-02-23 20:28 . 2012-02-23 20:28 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2012-02-23 20:28 . 2012-02-23 20:28 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2012-02-23 20:28 . 2012-02-23 20:28 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2012-02-23 20:28 . 2012-02-23 20:28 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2012-02-23 20:28 . 2012-02-23 20:28 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2012-02-23 20:28 . 2012-02-23 20:28 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2012-02-23 20:28 . 2012-02-23 20:28 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2012-02-23 20:28 . 2012-02-23 20:28 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2012-02-23 20:28 . 2012-02-23 20:28 85504 ----a-w- c:\windows\system32\iesetup.dll 2012-02-23 20:28 . 2012-02-23 20:28 76800 ----a-w- c:\windows\system32\tdc.ocx 2012-02-23 20:28 . 2012-02-23 20:28 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2012-02-23 20:28 . 2012-02-23 20:28 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2012-02-23 20:28 . 2012-02-23 20:28 603648 ----a-w- c:\windows\system32\vbscript.dll 2012-02-23 20:28 . 2012-02-23 20:28 49664 ----a-w- c:\windows\system32\imgutil.dll 2012-02-23 20:28 . 2012-02-23 20:28 48640 ----a-w- c:\windows\system32\mshtmler.dll 2012-02-23 20:28 . 2012-02-23 20:28 448512 ----a-w- c:\windows\system32\html.iec 2012-02-23 20:28 . 2012-02-23 20:28 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-02-23 20:28 . 2012-02-23 20:28 367104 ----a-w- c:\windows\SysWow64\html.iec 2012-02-23 20:28 . 2012-02-23 20:28 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2012-02-23 20:28 . 2012-02-23 20:28 30720 ----a-w- c:\windows\system32\licmgr10.dll 2012-02-23 20:28 . 2012-02-23 20:28 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2012-02-23 20:28 . 2012-02-23 20:28 222208 ----a-w- c:\windows\system32\msls31.dll 2012-02-23 20:28 . 2012-02-23 20:28 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-02-23 20:28 . 2012-02-23 20:28 165888 ----a-w- c:\windows\system32\iexpress.exe 2012-02-23 20:28 . 2012-02-23 20:28 160256 ----a-w- c:\windows\system32\wextract.exe 2012-02-23 20:28 . 2012-02-23 20:28 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2012-02-23 20:28 . 2012-02-23 20:28 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2012-02-23 20:28 . 2012-02-23 20:28 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-02-23 20:28 . 2012-02-23 20:28 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2012-02-23 20:28 . 2012-02-23 20:28 12288 ----a-w- c:\windows\system32\mshta.exe 2012-02-23 20:28 . 2012-02-23 20:28 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2012-02-23 20:28 . 2012-02-23 20:28 114176 ----a-w- c:\windows\system32\admparse.dll 2012-02-23 20:28 . 2012-02-23 20:28 111616 ----a-w- c:\windows\system32\iesysprep.dll 2012-02-23 20:28 . 2012-02-23 20:28 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2012-02-23 08:18 . 2011-11-10 17:38 279656 ------w- c:\windows\system32\MpSigStub.exe . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Eintr‰ge & legitime Standardeintr‰ge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EC136321-1AE5-4A7F-B01C-5380D666175B}] 2011-10-30 13:44 126880 ----a-w- c:\program files (x86)\icq\Internet Explorer\icq.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-01 98304] "BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168] "ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" [2011-04-24 202296] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-02 129976] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x] S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x] S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2011-08-17 247872] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] S3 yukonw7;NDIS6.2-Miniporttreiber f¸r Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - WS2IFSL . Inhalt des "geplante Tasks" Ordners . 2012-05-19 c:\windows\Tasks\Nqix.job - c:\windows\system32\rundll32.exe [2009-07-13 01:14] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-29 8123936] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Zus‰tzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SYSTEM32\blank.htm IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\Otte\AppData\Roaming\Mozilla\Firefox\Profiles\scxvpm1g.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ FF - prefs.js: network.proxy.type - 0 . - - - - Entfernte verwaiste Registrierungseintr‰ge - - - - . Wow6432Node-HKCU-Run-ICQ - c:\program files (x86)\ICQ7.7\ICQ.exe HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-Macromedia Shockwave Player - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\windows\SysWOW64\rundll32.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe . ************************************************************************** . Zeit der Fertigstellung: 2012-05-19 13:38:51 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2012-05-19 11:38 . Vor Suchlauf: 7 Verzeichnis(se), 10.090.749.952 Bytes frei Nach Suchlauf: 11 Verzeichnis(se), 10.056.921.088 Bytes frei . - - End Of File - - 818C3AC203300B568A1533B1F3E04AB5 HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:07:25, on 19.05.2012 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Users\Otte\Downloads\HiJackThis204.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll O2 - BHO: icqBHO - {EC136321-1AE5-4A7F-B01C-5380D666175B} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll O9 - Extra button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (file missing) O9 - Extra 'Tools' menuitem: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (file missing) O9 - Extra button: Verkn�pfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: Verkn�pfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: ICQ Service - Unknown owner - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 8841 bytes Code:
ATTFilter OTL logfile created on: 19.05.2012 16:48:23 - Run 1 OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\***\Downloads 64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,97 Gb Total Physical Memory | 2,24 Gb Available Physical Memory | 56,47% Memory free 7,93 Gb Paging File | 6,25 Gb Available in Paging File | 78,81% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 97,56 Gb Total Space | 29,69 Gb Free Space | 30,43% Space Free | Partition Type: NTFS Drive D: | 339,50 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF Drive E: | 368,10 Gb Total Space | 324,75 Gb Free Space | 88,22% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf () MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis) DRV:64bit: - (tifsfilter) -- C:\Windows\SysNative\drivers\tifsfilt.sys (Acronis) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO) DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO) DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (SABI) -- C:\Windows\SysNative\drivers\SABI.sys (SAMSUNG ELECTRONICS) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9F DE F7 85 CE 9F CC 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru [2012.05.19 13:01:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.05.19 13:01:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.02 18:45:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.12 18:19:59 | 000,000,000 | ---D | M] [2011.11.10 19:56:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012.05.02 18:49:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\scxvpm1g.default\extensions [2012.03.28 21:35:50 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\scxvpm1g.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.02.18 17:36:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.02.18 21:14:28 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SCXVPM1G.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.05.02 18:45:01 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.11.10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.02.18 17:36:45 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.18 17:36:45 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.18 17:36:45 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.18 17:36:45 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.18 17:36:45 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.18 17:36:45 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.05.19 13:32:54 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (ICQ Sparberater) - {EC136321-1AE5-4A7F-B01C-5380D666175B} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe File not found O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe File not found O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97575CDD-EC6F-422D-85B4-C4982E266890}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO) O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2002.03.18 10:13:04 | 000,000,051 | R--- | M] () - D:\Autorun.inf -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.05.19 14:58:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.05.19 14:46:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VCDS MFT [2012.05.19 14:45:57 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX [2012.05.19 14:44:59 | 000,000,000 | ---D | C] -- C:\Diagnosetool [2012.05.19 14:18:22 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.05.19 13:38:54 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.05.19 13:20:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.05.19 13:20:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.05.19 13:20:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.05.19 13:20:34 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2012.05.19 13:20:30 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.05.19 13:20:13 | 004,498,946 | R--- | C] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe [2012.05.19 12:54:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012.05.19 12:54:28 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.05.19 12:54:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.05.19 12:54:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.05.19 12:54:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.05.19 11:50:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2012 [2012.05.19 11:49:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2012.05.19 11:49:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab [2012.05.19 11:49:28 | 000,615,728 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2012.05.19 11:44:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.05.19 11:44:21 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.05.13 18:09:45 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2012.05.13 18:09:45 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2012.05.13 18:09:45 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2012.05.13 18:09:44 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2012.05.13 18:09:44 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2012.05.13 18:06:53 | 005,504,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.05.13 18:06:52 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.05.13 18:06:52 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.05.02 18:45:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.05.02 18:45:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012.04.25 21:36:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Zattoo [2012.04.25 21:36:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zattoo4 [2012.04.25 21:36:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zattoo4 ========== Files - Modified Within 30 Days ========== [2012.05.19 15:13:45 | 000,000,000 | -H-- | M] () -- C:\Windows\msds.dat [2012.05.19 14:40:25 | 000,015,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.05.19 14:40:25 | 000,015,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.05.19 13:37:12 | 001,507,342 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.05.19 13:37:12 | 000,657,910 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.05.19 13:37:12 | 000,619,146 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.05.19 13:37:12 | 000,131,250 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.05.19 13:37:12 | 000,107,466 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.05.19 13:32:54 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.05.19 13:29:50 | 000,000,312 | ---- | M] () -- C:\Windows\tasks\Nqix.job [2012.05.19 13:29:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.05.19 13:29:31 | 3193,393,152 | -HS- | M] () -- C:\hiberfil.sys [2012.05.19 13:18:18 | 004,498,946 | R--- | M] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe [2012.05.19 11:50:35 | 000,152,233 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat [2012.05.19 11:50:35 | 000,107,177 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat [2012.05.19 11:49:28 | 000,615,728 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2012.05.14 16:32:45 | 000,417,840 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.04.25 21:40:31 | 000,017,408 | ---- | M] () -- C:\Users\***\AppData\Local\WebpageIcons.db [2012.04.25 21:36:35 | 000,000,796 | ---- | M] () -- C:\Users\***\Desktop\Zattoo.lnk [2012.04.23 19:04:40 | 000,139,264 | RHS- | M] () -- C:\Windows\SysWow64\msvcp604.dll ========== Files Created - No Company Name ========== [2012.05.19 15:13:45 | 000,000,000 | -H-- | C] () -- C:\Windows\msds.dat [2012.05.19 13:20:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.05.19 13:20:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.05.19 13:20:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.05.19 13:20:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.05.19 13:20:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.05.19 11:50:35 | 000,152,233 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat [2012.05.19 11:50:35 | 000,107,177 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat [2012.04.25 21:36:38 | 000,017,408 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db [2012.04.25 21:36:35 | 000,000,796 | ---- | C] () -- C:\Users\***\Desktop\Zattoo.lnk [2012.04.23 19:04:40 | 000,139,264 | RHS- | C] () -- C:\Windows\SysWow64\msvcp604.dll [2012.04.23 19:04:40 | 000,000,312 | ---- | C] () -- C:\Windows\tasks\Nqix.job [2012.01.09 20:19:02 | 000,000,241 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2012.01.09 20:19:02 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini [2012.01.09 20:18:34 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012.01.09 20:18:34 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2012.01.09 20:16:54 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat [2011.12.08 00:38:17 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.11.10 21:11:36 | 000,007,598 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2011.11.10 18:55:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin < End of report > [/CODE] und hier die Extra Datei: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 19.05.2012 16:48:23 - Run 1 OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\***\Downloads 64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,97 Gb Total Physical Memory | 2,24 Gb Available Physical Memory | 56,47% Memory free 7,93 Gb Paging File | 6,25 Gb Available in Paging File | 78,81% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 97,56 Gb Total Space | 29,69 Gb Free Space | 30,43% Space Free | Partition Type: NTFS Drive D: | 339,50 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF Drive E: | 368,10 Gb Total Space | 324,75 Gb Free Space | 88,22% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02AF374D-8700-4912-967C-7E6B63DEB67A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{088216D3-BD42-42C0-933B-9F48FD3DBEF6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{11C5B074-E4EA-4078-8F5C-9D928ADE5D04}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{198C8B75-C0B4-4EEF-8CBE-D069CC74A6B5}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{1B91A99E-9F50-4437-9833-1A1D406107C4}" = rport=445 | protocol=6 | dir=out | app=system | "{2DF3BD12-7F55-4AD8-AA6F-D90B4611135D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{35D9D9BF-CCE9-4C72-BF9D-3CD0EC280603}" = lport=2869 | protocol=6 | dir=in | app=system | "{37C02B42-E2E5-4EFE-ABDC-27127AF9D4D2}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 | "{38C7F8A1-0A29-4AA3-A9F5-8CCEFFB3E162}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{3BF7449D-C26B-466D-8C1E-71C04B3A01E6}" = rport=137 | protocol=17 | dir=out | app=system | "{41D64BDA-C36F-4961-9E6F-072E9030F6F8}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 | "{57AC4264-1A69-4B25-AFA9-54D4C4761172}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{74ECE899-E45D-40EC-8CDE-99D23F16C690}" = lport=445 | protocol=6 | dir=in | app=system | "{75868D0F-11EE-4EF8-90AE-4046092BA28C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{811A5DB9-7C57-4F32-9D2F-8EC58CD81DA6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{9975587E-2CC5-44CD-AC4E-8FCC9D69BC25}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{9E0AFA99-DC83-487C-AB5C-B8F4DC8B85D5}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{9ECD642A-40E3-4A92-9AED-F64580584109}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{9FDF087A-1A8E-4769-8FE9-6F578C6C2FDE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A735EB7B-06D7-4094-B10C-7BDDF6D6E1E5}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{A7A15D12-A4B8-4D96-9BA7-DA0CF0AD47FF}" = lport=139 | protocol=6 | dir=in | app=system | "{AD84E35C-6E4C-4D57-B143-037C17CB6534}" = lport=10243 | protocol=6 | dir=in | app=system | "{B7844658-972B-4D40-9A67-64E5AD5DEC0E}" = lport=138 | protocol=17 | dir=in | app=system | "{BA5AF85E-39DE-4451-B24E-8750ABA1A3A8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C2864F46-64D4-40A4-AA49-91E4E142D4B2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{CB6CF7D5-9A66-42A0-9FE4-CC2CA522ED54}" = rport=10243 | protocol=6 | dir=out | app=system | "{D118A1CE-F7C7-498D-B584-0F7802396443}" = lport=137 | protocol=17 | dir=in | app=system | "{D2008A7A-A694-4882-BB02-88434D22AA82}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D3104FC5-7D84-4114-B0CE-3A32921F2EE9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D832F938-3405-41DA-85A7-186B45E0B38E}" = rport=138 | protocol=17 | dir=out | app=system | "{DDCC8655-BA63-4EE3-B71F-21359A46699D}" = rport=139 | protocol=6 | dir=out | app=system | "{EED27AE5-BA8E-4D2A-A561-ECBB8D6675FF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{FA656463-D85A-47BE-8E88-5F815D5707F8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{FBC399D2-9DB6-4EDF-BC5E-1CAECD394C2F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{05F978C7-A1C9-4BB0-9DF2-31766C5F0FD1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{0B073F2B-55AB-48B6-A93D-ABFFEF8A7732}" = protocol=6 | dir=out | app=system | "{1261F85F-F151-4D40-B95D-46AB20967147}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{174D6326-3F2F-4E7B-9A8B-7357CD475E77}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{1FDF12B8-F62F-41A3-80F0-8D114FCBCA07}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{2318CD7B-1F1B-4037-8402-159D2EC778C1}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | "{27F0DF93-E0F2-44C3-956E-B52C46108028}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{324C9DE0-08BE-4694-8C08-A12DDAD4AF95}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{358D3006-47F3-415C-924D-31C93A69105E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{4512C2A6-9DE7-4B0E-A7AD-438D52FF88C9}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{49FA2C3B-9D5C-4FB1-AEBB-D82A6C42F05D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{51EC6EBF-58D7-4CD6-9736-8052442D0789}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{57DADB09-3911-4E2A-AAD5-078B6024411F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{623AD53C-35BF-4E83-8FEC-E716C3A39964}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{72BED88E-F6AE-4E29-B07D-58EF7FD245C0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{91AA0258-058F-4C70-9D13-01AA0E85CCC2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{980A8729-2652-473C-8E3D-D9A5308D55FD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9DD2A7F3-64B4-41B6-AB51-A3F31C978C99}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | "{9E89F79F-54AD-4AD4-8092-987878EB730C}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | "{9EBA99A2-B9E8-47CB-A9EC-102A79D3B259}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{A3241E86-5AB5-4286-8B4D-C60AEBEA9269}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{A9A9CBC2-C664-4DD2-9980-BAEE187B9222}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{ADC992FA-9529-4764-AA68-357FDAB3300D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{AEF939F8-BB81-4645-997D-78F537D51CAF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{B3223A30-AD9D-47B5-9665-ADC3C2B046E2}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | "{B5B947B2-5843-4FE8-9ADB-000F6288EF02}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{C3BA623F-8BF4-4F4F-A5FF-7F48FEDA2ACD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{C3D4C089-AE5A-4D15-A2DC-9FE2234256FF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{E40919DD-976F-4D13-9154-626FF1231F1E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{ECFB5883-3FEC-42A4-AF3E-452E5D974141}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{ED416BA1-852E-48B3-9C88-D935602C2C52}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{EE60B338-4EFC-4A5E-9575-3A0454362E42}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{FA692E57-A123-4B12-B3A8-30D9D2E27C34}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{FE03D05B-2EBC-4BB3-ADBF-720B56B59713}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{2C7079FF-145F-55D4-1798-8F142C8CE52D}" = ccc-utility64 "{3A44C087-94C4-CEA2-70EF-CFF112F451EA}" = ATI Catalyst Install Manager "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support "{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "CCleaner" = CCleaner "F2D626F9A8E5C6126BED6EBD3E3504D0B2AB8443" = Windows-Treiberpaket - Ross-Tech USB Driver Package (06/16/2010 2.06.02) "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "SynTPDeinstKey" = Synaptics Pointing Device Driver "WinRAR archiver" = WinRAR 4.00 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0613F79E-C012-BC98-6E9C-5A47AEE6D37A}" = CCC Help Korean "{0A8CE3AA-99F2-5632-A8D2-636BE6CFE856}" = Catalyst Control Center Core Implementation "{1664EB8B-057B-0E23-7245-ECE92849FF4C}" = ccc-core-static "{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager "{1DBD8607-39EE-B7F3-CDE6-A2095B0EE0C9}" = CCC Help Chinese Traditional "{20167022-64F2-4836-B9C9-1DBAA6721FD4}" = CCC Help Hungarian "{204DD5C2-441A-DADC-E765-595B5C1EDE88}" = CCC Help Norwegian "{218E2C0C-4740-DBCB-C8E8-D67201A6500A}" = CCC Help English "{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 30 "{3501AF2D-A97E-F6DB-521A-4E64EAEF5BDC}" = CCC Help Thai "{3A7C46AC-060B-6CBF-1862-969F79A5B758}" = CCC Help French "{3EB37B26-432C-467C-9FBC-9BDA0E6FBDD7}" = Catalyst Control Center InstallProxy "{411429D5-83D1-2F9B-9F53-4524DCE99E6D}" = CCC Help Portuguese "{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012 "{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}" = Brother MFL-Pro Suite MFC-250C "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{54FBC914-82D7-E646-2916-B3C6D320E0B4}" = Catalyst Control Center Graphics Previews Vista "{5D221DF2-F206-681F-75FE-1C7620BE69A7}" = CCC Help Greek "{6B9EFC04-713D-F238-E388-F3CDA52E7880}" = Catalyst Control Center Graphics Light "{6CB778E6-693F-7A2A-C5AD-C7743500D249}" = CCC Help Turkish "{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7C2A05B5-A80C-4F33-A388-51D46790AC9F}" = VAG-COM 311 Deutsch "{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender "{8666658B-62C2-11D8-A993-0050DA519711}" = VAG-COM 402 Deutsch "{8D88074D-4378-C049-4264-EB3EE8AC155C}" = CCC Help Japanese "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{93E42FF5-065E-0D52-2777-8A1849CB8574}" = CCC Help Swedish "{94D5097B-46D0-A1D9-8983-284E3C675CA9}" = Catalyst Control Center Localization All "{961B4059-D1C0-43C8-095B-75A18BD0F8C8}" = CCC Help Polish "{9B84A151-81CC-6133-D844-A189FDA1C34F}" = CCC Help Chinese Standard "{9EC14056-1A97-11D8-A8F3-0050DA519711}" = VAG-COM 303 Deutsch "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch "{AE86495C-42F9-F5BE-E878-7798456A509A}" = CCC Help Spanish "{B6D8DC8C-F077-4631-A221-4D5E1D8E87E7}" = Catalyst Control Center - Branding "{B7493783-F638-BEAE-C8C7-665C5A03E652}" = CCC Help Dutch "{B82ABF2C-CBD3-5528-26DF-F1161A2B34BF}" = Catalyst Control Center Graphics Full New "{B9B1B5D9-F96D-0257-A23C-8EA9ACCCF8CB}" = CCC Help Czech "{C3181764-B8F3-A705-5362-86E37C476710}" = Catalyst Control Center Graphics Full Existing "{DA146D61-5542-2F55-C5E4-49D26EBAAA5B}" = CCC Help Russian "{DB0EF3C1-8AF4-1E28-267E-024999C11828}" = CCC Help Finnish "{DBB62E6B-66F5-09D2-D2CC-C1877CDD9A8B}" = CCC Help Italian "{E5141E62-8A90-D9A1-EB2D-C4D0D9940D90}" = CCC Help German "{EC136321-1AE5-4A7F-B01C-5380D666175B}" = ICQ Sparberater "{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F293A67D-04BB-6960-5D13-13F158796960}" = CCC Help Danish "ESET Online Scanner" = ESET Online Scanner v3 "ICQToolbar" = ICQ Toolbar "InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012 "Macromedia Shockwave Player" = Macromedia Shockwave Player "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400 "Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "VCDS MFT" = VCDS MFT 10 "VLC media player" = VLC media player 1.1.11 "Zattoo4" = Zattoo4 4.0.5 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 19.05.2012 08:58:37 | Computer Name = ***-PC | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\***\Downloads\esetsmartinstaller_enu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest. Error - 19.05.2012 08:59:10 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 19.05.2012 09:11:15 | Computer Name = ***-PC | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\***\Downloads\esetsmartinstaller_enu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest. Error - 19.05.2012 09:11:17 | Computer Name = ***-PC | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\***\Downloads\esetsmartinstaller_enu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest. Error - 19.05.2012 09:12:01 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 19.05.2012 09:15:51 | Computer Name = ***-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: VagCom-PCI-3113-S.exe, Version: 311.1.0.0, Zeitstempel: 0x3fbbbde7 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel: 0x4ec49d10 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002df85 ID des fehlerhaften Prozesses: 0xa54 Startzeit der fehlerhaften Anwendung: 0x01cd35c17e1666e3 Pfad der fehlerhaften Anwendung: C:\Users\***\Downloads\tada\VAG COM 311.3\VAG-COM 311.3 Deutsch\VagCom-PCI-3113-S.exe Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: c0fe3188-a1b4-11e1-9582-002454169398 Error - 19.05.2012 09:16:03 | Computer Name = ***-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: VagCom-PCI-3113-S.exe, Version: 311.1.0.0, Zeitstempel: 0x3fbbbde7 Name des fehlerhaften Moduls: kernel32.dll, Version: 6.1.7600.16850, Zeitstempel: 0x4e211484 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00039a27 ID des fehlerhaften Prozesses: 0x13d4 Startzeit der fehlerhaften Anwendung: 0x01cd35c189b4346f Pfad der fehlerhaften Anwendung: C:\Users\***\Downloads\tada\VAG COM 311.3\VAG-COM 311.3 Deutsch\VagCom-PCI-3113-S.exe Pfad des fehlerhaften Moduls: C:\Windows\syswow64\kernel32.dll Berichtskennung: c890c7eb-a1b4-11e1-9582-002454169398 Error - 19.05.2012 09:16:37 | Computer Name = ***-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: VagCom-PCI-3113-S.exe, Version: 311.1.0.0, Zeitstempel: 0x3fbbbde7 Name des fehlerhaften Moduls: kernel32.dll, Version: 6.1.7600.16850, Zeitstempel: 0x4e211484 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00039a27 ID des fehlerhaften Prozesses: 0x111c Startzeit der fehlerhaften Anwendung: 0x01cd35c19e8f686c Pfad der fehlerhaften Anwendung: C:\Users\***\Downloads\tada\VAG COM 311.3\VAG-COM 311.3 Deutsch\VagCom-PCI-3113-S.exe Pfad des fehlerhaften Moduls: C:\Windows\syswow64\kernel32.dll Berichtskennung: dc731954-a1b4-11e1-9582-002454169398 Error - 19.05.2012 09:17:05 | Computer Name = ***-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: VagCom-PCI-3113-S.exe, Version: 311.1.0.0, Zeitstempel: 0x3fbbbde7 Name des fehlerhaften Moduls: kernel32.dll, Version: 6.1.7600.16850, Zeitstempel: 0x4e211484 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00039a27 ID des fehlerhaften Prozesses: 0x1288 Startzeit der fehlerhaften Anwendung: 0x01cd35c1af201164 Pfad der fehlerhaften Anwendung: C:\Users\***\Downloads\tada\VAG COM 311.3\VAG-COM 311.3 Deutsch\VagCom-PCI-3113-S.exe Pfad des fehlerhaften Moduls: C:\Windows\syswow64\kernel32.dll Berichtskennung: ed015143-a1b4-11e1-9582-002454169398 Error - 19.05.2012 10:00:42 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . [ System Events ] Error - 18.02.2012 15:29:05 | Computer Name = ***-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 18.02.2012 15:29:06 | Computer Name = ***-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 20.02.2012 13:34:07 | Computer Name = ***-PC | Source = DCOM | ID = 10010 Description = Error - 21.03.2012 19:37:39 | Computer Name = ***-PC | Source = DCOM | ID = 10010 Description = Error - 19.05.2012 07:24:40 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7030 Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error - 19.05.2012 07:27:56 | Computer Name = ***-PC | Source = Application Popup | ID = 1060 Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error - 19.05.2012 07:28:42 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7030 Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error - 19.05.2012 07:29:52 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet: %%126 Error - 19.05.2012 07:30:18 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7024 Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535. Error - 19.05.2012 07:30:18 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7031 Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. < End of report > [/CODE] Geändert von TheDon (19.05.2012 um 13:22 Uhr) |
21.05.2012, 12:19 | #2 | ||
/// Winkelfunktion /// TB-Süch-Tiger™ | Google leitet auf Werbeseiten umZitat:
Einen ganz klaren Hinweis gibt es auch zu http://www.trojaner-board.de/95175-combofix.html Zitat:
__________________ |
21.05.2012, 12:32 | #3 |
| Google leitet auf Werbeseiten um hat sich sowieso erledigt. Habe alle seine wichtigen Dateien gesichert, Windows neu aufgespielt und ihm ne Antiviren-Software verpasst. Sollte sich damit erledigt haben! Trotdem Danke.
__________________ |
21.05.2012, 12:33 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Google leitet auf Werbeseiten um Ok, danke für die Info, aber in Zukunft bitte vorsichtiger bzgl. Combofix sein
__________________ Logfiles bitte immer in CODE-Tags posten |
21.05.2012, 12:36 | #5 |
| Google leitet auf Werbeseiten um auf jedenfall wären auf diesem Gerät wichtige Daten und viel Zusatz-Software installiert gewesen hätte ich weiterhin auf eine Antwort hier gehofft. Habe mich dann aber wie schon erwähnt dazu entschieden den Laptop Neu aufzusetzen. In den meisten Fällen (wenn der Rechner erstmal "infiziert" ist) macht das ja sowieso am meisten Sinn |
Themen zu Google leitet auf Werbeseiten um |
acrobat update, anfänger, angemeldet, antivirus, antworten, avp.exe, combofix, erhalte, forum, google, hijack, hijackthis, kaspersky, kleines, langs, laptop, leitet, logfile, microsoft office word, nichts, nodrives, ntdll.dll, plug-in, problem, problem mit dem pc, ratlos, rechner, richtlinie, searchscopes, seite, seiten, suche, unbedingt, version=1.0, werbeseite |