| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Kein Zugriff auf Desctop wegen eines Fensters "Dieses Programm kann die Webseite nicht anzeigen"Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
07.08.2012, 17:05
| #12 |
| |  Kein Zugriff auf Desctop wegen eines Fensters "Dieses Programm kann die Webseite nicht anzeigen" Hallo, kannst du mal bitte die zwei Protokolle von meinem anderen PC anschauen. Danke. OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 07.08.2012 17:14:25 - Run 2
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Starke\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 68,67% Memory free
6,69 Gb Paging File | 5,53 Gb Available in Paging File | 82,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 584,17 Gb Total Space | 543,65 Gb Free Space | 93,06% Space Free | Partition Type: NTFS
Drive D: | 12,00 Gb Total Space | 8,89 Gb Free Space | 74,08% Space Free | Partition Type: NTFS
Drive J: | 3,60 Gb Total Space | 1,21 Gb Free Space | 33,70% Space Free | Partition Type: FAT32
Computer Name: STARKE-PC | User Name: Starke | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{281891A2-F88D-46A4-BB39-6F4236084E2A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{313EBFFF-8C55-4A7A-9A51-C565E2AC19B9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{986DFCEA-78F4-413F-967C-05CEDEF585C9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9EB6946F-14C2-42AC-9EB8-0130601399E3}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{ADB9A40B-6796-4C32-ABAD-FACA5B821291}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E9FCB712-1F2A-4BCD-9072-F8C2F1E3018A}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{3559CDE0-11FC-4D7B-A65C-D646035B1031}" = Nero 8 Essentials
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{33E995F7-B43B-4E54-9728-8F2D87CED091}" =
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.0 - Deutsch
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D359B12F-9B1A-46FD-B70C-F507B5B11590}" = HDRegDE
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"AdobeReader" = Adobe Reader 8
"AUDIO_REALTEK" = Realtek HD Audio V6.0.1.5610
"AVMWLANCLI" = AVM FRITZ!WLAN
"Carbonite" = Carbonite
"Carbonite Setup Lite" = Sichern Sie Ihre Daten
"Easybits Magic Desktop" = EasyBits Magic Desktop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ImageWriter" = Packard Bell ImageWriter
"Infocentre" = Infocentre Rev. 2.0
"LCDTest" = Packard Bell LCD Test
"magicdesktop" = Easybits Magic Desktop
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"METABOLI" = Metaboli
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSC" = McAfee AntiVirus Plus
"Nero8" = Nero 8 Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"OFF2k7_GE" = Microsoft® Office Home and Student 2007
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"SETUPMYPC_DE" = SetUp My PC
"Updator" = Packard Bell Updator
"VIDEO_NVIDIA" = Video NVIDIA v174.90
"works9" = Microsoft Works 9
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 22.04.2012 15:25:00 | Computer Name = Starke-PC | Source = WinMgmt | ID = 10
Description =
Error - 23.04.2012 03:01:11 | Computer Name = Starke-PC | Source = WinMgmt | ID = 10
Description =
Error - 23.04.2012 03:01:24 | Computer Name = Starke-PC | Source = WinDefendRtp | ID = 3003
Description = Vom %%827-Echtzeitschutz-Prüfpunkt wurde ein Fehler festgestellt.
Er konnte daraufhin nicht gestartet werden. Benutzer: Starke-PC\Schuster Prüfpunkt-ID:
7 Fehlercode: 0x80070005 Fehlerbeschreibung: Zugriff verweigert
Error - 23.04.2012 04:20:19 | Computer Name = Starke-PC | Source = WinMgmt | ID = 10
Description =
Error - 23.04.2012 04:20:42 | Computer Name = Starke-PC | Source = WinDefendRtp | ID = 3003
Description = Vom %%827-Echtzeitschutz-Prüfpunkt wurde ein Fehler festgestellt.
Er konnte daraufhin nicht gestartet werden. Benutzer: Starke-PC\Schuster Prüfpunkt-ID:
7 Fehlercode: 0x80070005 Fehlerbeschreibung: Zugriff verweigert
Error - 23.04.2012 05:58:07 | Computer Name = Starke-PC | Source = WinMgmt | ID = 10
Description =
Error - 23.04.2012 06:03:51 | Computer Name = Starke-PC | Source = WinDefendRtp | ID = 3003
Description = Vom %%827-Echtzeitschutz-Prüfpunkt wurde ein Fehler festgestellt.
Er konnte daraufhin nicht gestartet werden. Benutzer: Starke-PC\Schuster Prüfpunkt-ID:
7 Fehlercode: 0x80070005 Fehlerbeschreibung: Zugriff verweigert
Error - 23.04.2012 10:07:48 | Computer Name = Starke-PC | Source = Windows Search Service | ID = 3013
Description =
[ System Events ]
Error - 29.07.2012 16:26:00 | Computer Name = Starke-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
Error - 29.07.2012 16:26:00 | Computer Name = Starke-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
Error - 30.07.2012 02:44:43 | Computer Name = Starke-PC | Source = HTTP | ID = 15016
Description =
Error - 30.07.2012 02:47:28 | Computer Name = Starke-PC | Source = HTTP | ID = 15016
Description =
Error - 30.07.2012 08:50:55 | Computer Name = Starke-PC | Source = HTTP | ID = 15016
Description =
Error - 30.07.2012 09:46:00 | Computer Name = Starke-PC | Source = HTTP | ID = 15016
Description =
Error - 30.07.2012 09:48:14 | Computer Name = Starke-PC | Source = bowser | ID = 8003
Description =
Error - 30.07.2012 11:58:32 | Computer Name = Starke-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 30.07.2012 12:16:31 | Computer Name = Starke-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 30.07.2012 12:16:38 | Computer Name = Starke-PC | Source = Service Control Manager | ID = 7034
Description =
< End of report >
OTL Logfile: Code:
ATTFilter OTL logfile created on: 07.08.2012 17:14:25 - Run 2 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Starke\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 68,67% Memory free 6,69 Gb Paging File | 5,53 Gb Available in Paging File | 82,58% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 584,17 Gb Total Space | 543,65 Gb Free Space | 93,06% Space Free | Partition Type: NTFS Drive D: | 12,00 Gb Total Space | 8,89 Gb Free Space | 74,08% Space Free | Partition Type: NTFS Drive J: | 3,60 Gb Total Space | 1,21 Gb Free Space | 33,70% Space Free | Partition Type: FAT32 Computer Name: STARKE-PC | User Name: Starke | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.exe (Adobe Systems Incorporated) PRC - C:\Users\Starke\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Windows\System32\mfevtps.exe (McAfee, Inc.) PRC - C:\Programme\Common Files\Mcafee\SystemCore\mfefire.exe (McAfee, Inc.) PRC - C:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) PRC - C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin) PRC - C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Packard Bell\Carbonite\CarboniteSetupLitePBPreInstaller.exe (Carbonite, Inc.) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation) PRC - C:\Windows\System32\cmd.exe (Microsoft Corporation) PRC - C:\Windows\System32\wsqmcons.exe (Microsoft Corporation) PRC - C:\OEM\process\tools\X86\LOGIT.EXE () ========== Modules (No Company Name) ========== MOD - C:\OEM\process\tools\X86\LOGIT.EXE () ========== Win32 Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (mfevtp) -- C:\Windows\System32\mfevtps.exe (McAfee, Inc.) SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe () SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe () SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SRV - (0173571344348751mcinstcleanup) -- C:\Windows\Temp\0173571344348751mcinst.exe (McAfee, Inc.) SRV - (McProxy) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McNASvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McNaiAnn) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (mcmscsvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin) SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation) SRV - (Automatic LiveUpdate Scheduler) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation) SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (mfeavfk01) -- File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.) DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.) DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.) DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.) DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.) DRV - (mfenlfk) -- C:\Windows\System32\drivers\mfenlfk.sys (McAfee, Inc.) DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.) DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.) DRV - (fwlanusbn) -- C:\Windows\System32\drivers\fwlanusbn.sys (AVM GmbH) DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin) DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (IDSvix86) -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20071204.002\IDSvix86.sys (Symantec Corporation) DRV - (nvrd32) -- C:\Windows\System32\drivers\nvrd32.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp32&d=0412&m=imedia_d6001_ge_aio IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp32&d=0412&m=imedia_d6001_ge_aio IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.spiegel.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {997620EE-CBAD-41CE-8862-ED6DE7136171} IE - HKCU\..\SearchScopes\{997620EE-CBAD-41CE-8862-ED6DE7136171}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACPW IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll () FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012.08.07 16:28:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012.08.07 16:12:19 | 000,000,000 | ---D | M] O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\Mcafee\SystemCore\ScriptSn.20120729202524.dll (McAfee, Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin) O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Packard Bell\Carbonite\CarboniteSetupLitePBPreInstaller.exe (Carbonite, Inc.) O4 - HKLM..\Run: [InstallProcess] c:\OEM\process\launchprocess.vbs () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A7B17D2-53CA-477C-A96A-983EA85D69BE}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D27FA6C4-F613-49DD-A375-DF8E7FEDA04E}: DhcpNameServer = 192.168.178.2 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\McAfee\MSC\McSnIePl.dll (McAfee, Inc.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\ezShellStart.exe) - C:\Windows\System32\ezShellStart.exe (EasyBits Software AS) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Packard Bell\Wallpaper\Lounge_1900x1440.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Packard Bell\Wallpaper\Lounge_1900x1440.jpg O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\System32\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.08.07 16:14:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2012.08.07 16:08:47 | 000,000,000 | ---D | C] -- C:\Users\Starke\Desktop\ADA-Neu Teilnehmer [2012.07.30 18:21:48 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe [2012.07.30 18:21:48 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll [2012.07.30 18:21:48 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll [2012.07.30 17:55:12 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.07.30 17:55:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.07.30 17:50:25 | 000,000,000 | ---D | C] -- C:\Users\Starke\AppData\Roaming\Malwarebytes [2012.07.30 17:50:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.30 17:49:13 | 000,000,000 | ---D | C] -- C:\Users\Starke\mbam-installer [2012.07.30 15:43:12 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.07.30 15:43:12 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.07.30 15:32:32 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Starke\Desktop\OTL.exe [2012.07.30 15:30:00 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll [2012.07.29 22:01:04 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe [2012.07.29 21:52:05 | 000,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll [2012.07.29 21:52:05 | 000,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll [2012.07.29 21:52:04 | 000,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe [2012.07.29 21:52:04 | 000,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl [2012.07.29 21:52:04 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll [2012.07.29 21:52:03 | 000,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll [2012.07.29 21:48:35 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll [2012.07.29 21:48:33 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll [2012.07.29 21:47:21 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll [2012.07.29 21:47:11 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll [2012.07.29 21:46:47 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0 [2012.07.29 21:35:29 | 000,000,000 | ---D | C] -- C:\Users\Starke\AppData\Roaming\Adobe [2012.07.29 21:35:29 | 000,000,000 | ---D | C] -- C:\Users\Starke\AppData\Local\Adobe [2012.07.29 20:25:24 | 000,009,608 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeclnk.sys [2012.07.29 20:25:19 | 000,340,920 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfefirek.sys [2012.07.29 20:25:19 | 000,180,848 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys [2012.07.29 20:25:19 | 000,169,608 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfewfpk.sys [2012.07.29 20:25:19 | 000,087,656 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys [2012.07.29 20:25:19 | 000,064,912 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfenlfk.sys [2012.07.29 20:25:19 | 000,059,456 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys [2012.07.29 20:25:19 | 000,057,600 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\cfwids.sys [2012.07.29 20:25:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Mcafee [2012.07.29 20:25:17 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com [2012.07.29 20:25:15 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee [2012.07.29 20:18:25 | 000,151,912 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe [2012.07.29 20:18:22 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2012.07.29 20:08:13 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2012.07.29 20:08:05 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2012.07.29 20:08:05 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll [2012.07.29 20:08:05 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2012.07.29 20:08:05 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll [2012.07.29 20:07:56 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll [2012.07.29 20:07:55 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE [2012.07.29 20:07:55 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE [2012.07.29 20:07:55 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE [2012.07.29 20:07:55 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE [2012.07.29 20:07:55 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe [2012.07.29 20:07:55 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE [2012.07.29 20:07:42 | 002,452,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2012.07.29 20:07:40 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2012.07.29 20:07:40 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.07.29 20:07:40 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2012.07.29 20:07:40 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2012.07.29 20:07:40 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2012.07.29 20:07:40 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2012.07.29 20:07:40 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2012.07.29 20:07:40 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2012.07.29 20:07:40 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.07.29 20:07:40 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.07.29 20:07:39 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.07.29 20:07:28 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll [2012.07.29 20:07:28 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll [2012.07.29 20:07:28 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll [2012.07.29 20:07:23 | 003,600,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012.07.29 20:07:23 | 003,548,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2012.07.29 20:07:17 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2012.07.29 20:07:17 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2012.07.29 20:07:14 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll [2012.07.29 20:07:13 | 002,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2012.07.29 20:07:13 | 002,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL [2012.07.29 20:07:09 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2012.07.29 20:07:08 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll [2012.07.29 20:07:04 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll [2012.07.29 20:07:04 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll [2012.07.29 20:07:02 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll [2012.07.29 20:07:01 | 002,042,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.07.29 20:06:52 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe [2012.07.29 20:06:51 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll [2012.07.29 20:06:46 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL [2012.07.29 20:06:36 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll [2012.07.29 20:06:35 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll [2012.07.29 20:06:34 | 002,927,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe [2012.07.29 20:01:43 | 000,866,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll [2012.07.29 20:01:39 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2012.07.29 20:01:39 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll [2012.07.29 20:01:39 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll [2012.07.29 20:01:39 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll [2012.07.29 20:01:39 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll [2012.07.29 20:01:39 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2012.07.29 20:01:39 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe [2012.07.29 20:01:36 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2012.07.29 20:01:35 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm [2012.07.29 20:01:29 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll [2012.07.29 20:01:24 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll [2012.07.29 20:01:23 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll [2012.07.29 20:01:23 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll [2012.07.29 20:01:22 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll [2012.07.29 20:01:22 | 000,605,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll [2012.07.29 20:01:22 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2012.07.29 20:01:22 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll [2012.07.29 20:01:19 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll [2012.07.29 20:01:19 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll [2012.07.29 20:01:17 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe [2012.07.29 20:01:15 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll [2012.07.29 20:01:15 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2012.07.29 20:01:09 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2012.07.29 20:00:54 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll [2012.07.29 20:00:53 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb [2012.07.29 20:00:53 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb [2012.07.29 20:00:53 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx [2012.07.29 20:00:53 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll [2012.07.29 20:00:50 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll [2012.07.29 20:00:50 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe [2012.07.29 20:00:49 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2012.07.29 20:00:49 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2012.07.29 20:00:39 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll [2012.07.29 20:00:32 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll [2012.07.29 20:00:32 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll [2012.07.29 20:00:30 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL [2012.07.29 19:53:07 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2012.07.29 19:51:02 | 000,000,000 | ---D | C] -- C:\Users\Starke\AppData\Roaming\Macromedia [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.07 16:45:16 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.07 16:45:13 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.08.07 16:45:13 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.08.07 16:18:03 | 000,618,204 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.08.07 16:18:03 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.08.07 16:18:03 | 000,122,636 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.08.07 16:18:03 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.08.07 16:14:55 | 000,001,738 | ---- | M] () -- C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk [2012.08.07 16:07:09 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.07 16:07:09 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.07 16:06:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.07 16:06:26 | 3487,813,632 | -HS- | M] () -- C:\hiberfil.sys [2012.07.30 17:55:21 | 000,000,909 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.30 15:33:27 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Starke\Desktop\OTL.exe [2012.07.30 15:31:30 | 000,050,477 | ---- | M] () -- C:\Users\Starke\Desktop\Defogger.exe [2012.07.30 15:30:24 | 000,000,000 | ---- | M] () -- C:\Users\Starke\defogger_reenable [2012.07.30 08:48:12 | 000,001,592 | ---- | M] () -- C:\Users\Public\Desktop\Browserwahl.lnk [2012.07.30 08:47:24 | 000,297,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.07.29 19:57:45 | 000,588,472 | ---- | M] (EasyBits Software AS) -- C:\Windows\System32\ezsvc7x.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.30 17:55:21 | 000,000,909 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.30 15:43:13 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.30 15:31:26 | 000,050,477 | ---- | C] () -- C:\Users\Starke\Desktop\Defogger.exe [2012.07.30 15:30:24 | 000,000,000 | ---- | C] () -- C:\Users\Starke\defogger_reenable [2012.07.30 08:48:12 | 000,001,592 | ---- | C] () -- C:\Users\Public\Desktop\Browserwahl.lnk [2012.07.29 20:26:56 | 000,001,738 | ---- | C] () -- C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk [2012.07.29 20:07:29 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf [2012.04.23 11:38:23 | 000,015,565 | ---- | C] () -- C:\Windows\System32\drivers\fwlanusbn.bin [2012.04.23 04:45:25 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2012.04.23 04:45:25 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2012.04.23 04:41:04 | 000,618,204 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2012.04.23 04:41:04 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2012.04.23 04:41:04 | 000,122,636 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2012.04.23 04:41:04 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2012.04.22 21:32:36 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2012.04.22 21:32:26 | 000,008,180 | ---- | C] () -- C:\Windows\System32\ezdigsgn.dat < End of report > |
| Themen zu Kein Zugriff auf Desctop wegen eines Fensters "Dieses Programm kann die Webseite nicht anzeigen" |
| adobe, antivirus, anzeige, association, bildschirm, bildschirm gesperrt, desktop, dieses programm kann die webseite nicht anzeigen, dvdvideosoft ltd., explorer.exe, farbar, farbar recovery scan tool, frst.txt, google, home, ics, lenovo, microsoft, minidump, mp3, netzwerk, programm, realtek, registry, router, secur, services.exe, siteadvisor, software, svchost.exe, system, system32, temp, usbvideo.sys, weißer bildschirm, winlogon.exe |
Baum-Darstellung