| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: keine Chance über Google (in IE oder Firefox) die Links zu öffnenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
06.08.2012, 09:32
| #1 | |
| |  keine Chance über Google (in IE oder Firefox) die Links zu öffnen Hallo bin neu hier und hab ein riesiges Problem. Seit Tagen komm ich über die Google-Suche nicht mehr auf die verlinkten Seiten. Ob im Internetexplorer oder Firefox, es gibt keine Chance. Ich werde sofort auf andere Seiten geleitet und kann dies nicht stoppen. Langsam aber sicher brennen mir die Sicherungen durch. Was hab ich mir auf meinem Notebook bloß eingefangen?  System: Windows Vista Basic 32Bit Notebook: HP 6735s AMD Sempron Für Hilfe wäre ich sehr dankbar. Grüße Dirk so hier mal die Logfiles: Nr1. info.txtRSIT Logfile: Code:
ATTFilter logfile of random's system information tool 1.09 2012-08-06 12:05:39
======Uninstall list======
32 Bit HP CIO Components Installer-->MsiExec.exe /I{2614F54E-A828-49FA-93BA-45A3F756BFAA}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}
Adobe Flash Player 11 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe -maintain activex
Adobe Flash Player 11 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_270_Plugin.exe -maintain plugin
Adobe Reader X (10.1.3) - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-AA1000000001}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Agere Systems HDA Modem-->C:\Windows\agrsmdel
BitComet 1.29-->C:\Program Files\BitComet\uninst.exe
Broadcom 802.11 Wireless LAN Adapter-->"C:\Program Files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11\Driver"
Broadcom Wireless Utility-->"C:\Program Files\Broadcom\Broadcom 802.11\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11_App\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11"
Catalyst Control Center - Branding-->MsiExec.exe /I{021125D3-76FE-41CF-9022-ADB770265331}
Catalyst Control Center - Branding-->MsiExec.exe /I{30BF4E6C-D866-46F7-A4F6-81A45E97706E}
Catalyst Control Center - Branding-->MsiExec.exe /I{37AF26EB-ACCD-4F9C-A13E-81483F932203}
Catalyst Control Center - Branding-->MsiExec.exe /I{6346E85F-1CA6-4AA9-9718-A3E8BFCB572A}
Catalyst Control Center - Branding-->MsiExec.exe /I{C349C10C-1474-4000-9073-9299856C8A70}
Catalyst Control Center - Branding-->MsiExec.exe /I{F2C19209-8474-4BCB-89EC-AA0150C2B036}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Cisco EAP-FAST Module-->MsiExec.exe /I{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}
Cisco LEAP Module-->MsiExec.exe /I{51C7AD07-C3F6-4635-8E8A-231306D810FE}
Cisco PEAP Module-->MsiExec.exe /I{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}
Convert Image To PDF-->"C:\Program Files\Softinterface, Inc\Convert Image To PDF\unins000.exe"
DivX-Setup-->C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall
Free FLV Converter V 7.4.0-->"C:\Program Files\Free FLV Converter\unins000.exe"
Free Studio version 5.3.5-->C:\Program Files\Common Files\DVDVideoSoft\Uninstall.exe
Free Video to DVD Converter version 5.0.6.221-->C:\Program Files\Common Files\DVDVideoSoft\Uninstall.exe
Free YouTube Download version 3.1.27.508-->C:\Program Files\Common Files\DVDVideoSoft\Uninstall.exe
Freemake Video Converter Version 3.0.2-->"C:\Program Files\Freemake\Freemake Video Converter\Uninstall\unins000.exe"
Google Earth Plug-in-->MsiExec.exe /X{33286280-8617-11E1-8FF6-B8AC6F97B88E}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Customer Participation Program 8.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 8.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 8.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Photosmart.All-In-One Driver Software 8.0 .A-->C:\Program Files\HP\Digital Imaging\{282E5AB2-8E47-4571-B6FA-6B512555B557}\setup\hpzscr01.exe -datfile hposcr18.dat -onestop -showdisconnect -forcereboot
HP Product Detection-->MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
HP Quick Launch Buttons-->"C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -runfromtemp -l0x0407 -removeonly uninst
HP Solution Center 8.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}
HP Wireless Assistant-->MsiExec.exe /I{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}
HPDiagnosticAlert-->MsiExec.exe /I{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}
HPSSupply-->MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}
Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020F0}
Java(TM) 6 Update 31-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216031FF}
LG Internet Kit-->C:\Program Files\LG Electronics\LG Internet Kit\uninstall.exe
LG USB Modem Drivers-->MsiExec.exe /X{3E8DE1A6-B365-4FF6-B917-2892A34990E8}
Marvell Miniport Driver-->C:\Program Files\Marvell\Miniport Driver\Uninst.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile DEU Language Pack-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1031 /parameterfolder ClientLP
Microsoft .NET Framework 4 Client Profile DEU Language Pack-->MsiExec.exe /X{F750C986-5310-3A5A-95F8-4EC71C8AC01C}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Antimalware Service DE-DE Language Pack-->MsiExec.exe /X{1280E900-35DA-4E08-A700-B79A5B2B8532}
Microsoft Security Client DE-DE Language Pack-->MsiExec.exe /I{50779A29-834E-4E36-BBEB-B7CABC67A825}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
Mozilla Firefox 14.0.1 (x86 de)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Maintenance Service-->"C:\Program Files\Mozilla Maintenance Service\uninstall.exe"
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
OpenOffice.org 3.2-->MsiExec.exe /I{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}
Paint.NET v3.5.10-->MsiExec.exe /X{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}
PhotoScape-->"C:\Program Files\PhotoScape\uninstall.exe"
QLBCASL-->MsiExec.exe /I{F1D7AC58-554A-4A58-B784-B61558B1449A}
REALTEK 11n USB Wireless LAN Driver and Utility-->C:\Program Files\InstallShield Installation Information\{9C049499-055C-4a0c-A916-1D8CA1FF45EB}\Install.exe -uninst -l0x7
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {94EFE014-E577-310B-B2D5-6973A21D8A90} /qb+ REBOOTPROMPT=""
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {F6F5AC31-9833-3E77-AC8E-8E910CAB39AE} /qb+ REBOOTPROMPT=""
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {3E0806DB-3085-378A-840A-F0D3AE3609D1} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {728D9A6A-2206-31E8-9F65-C3EABEFCF53E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7E97AB83-C1FE-38DE-B848-877E0A4BD81E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DB31DEDD-BF95-31E7-A9B7-5480561CEFF3} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {67A5F99B-5EBA-3812-8D2E-BC251490DD3F} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {8DDEFC7E-0C61-3D11-AFC6-5414F2DAFD01} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4952F442-5C1A-38EB-8C23-B18EFE77E20C} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {9EC88EA8-4ABE-393C-87BD-90EABB1C4C9B} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {86BB5A25-8CC3-33CE-A393-CF28901682B2} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {16EEC04A-B924-37E0-97CF-422DCEFC1B63} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {C4D978AA-2668-3404-96DE-96E2AFC62FD7} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {728D9A6A-2206-31E8-9F65-C3EABEFCF53E} /parameterfolder ClientLP
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder ClientLP
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
StreamTransport version: 1.0.2.2171-->"C:\Program Files\StreamTransport\unins000.exe"
SUPER © Version 2010.bld.42 (Nov 7, 2010)-->C:\PROGRA~2\ERIGHT~1\SUPER\Setup.exe /remove /q0
Sweet Home 3D version 3.3-->"C:\Program Files\Sweet Home 3D\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Trojan Remover 6.8.4-->"C:\Program Files\Trojan Remover\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5E9CF3A4-ADB3-3080-A8BF-976A28340758} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {81EBB9D7-173C-32E3-B477-149C8DE075E4} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D9961AC-7C99-36A2-9EF0-34678AED5384} /parameterfolder Client
VC80CRTRedist - 8.0.50727.6195-->MsiExec.exe /I{933B4015-4618-4716-A828-5289FC03165F}
Visual C++ 9.0 CRT (x86) WinSXS MSM-->MsiExec.exe /I{0138F525-6C8A-333F-A105-14AE030B9A54}
VLC media player 2.0.3-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Mobile-Gerätecenter: Treiberupdate-->MsiExec.exe /X{E7044E25-3038-4A76-9064-344AC038043E}
Windows Mobile-Gerätecenter-->MsiExec.exe /X{904CCF62-818D-4675-BC76-D37EB399F917}
WinRAR 4.00 beta 3 (32-bit)-->C:\Program Files\WinRAR\uninstall.exe
======Hosts File======
::1 localhost
======Security center information======
AS: Spybot - Search and Destroy (disabled) (outdated)
AS: Windows Defender
======System event log======
Computer Name: Anne-PC
Event Code: 4374
Message: Windows-Wartung hat erkannt, dass das Paket KB2641653(Security Update) nicht für dieses System geeignet ist.
Record Number: 206056
Source Name: Microsoft-Windows-Servicing
Time Written: 20120314132402.000000-000
Event Type: Warnung
User: NT-AUTORITÄT\SYSTEM
Computer Name: Anne-PC
Event Code: 4374
Message: Windows-Wartung hat erkannt, dass das Paket KB2641653(Security Update) nicht für dieses System geeignet ist.
Record Number: 206055
Source Name: Microsoft-Windows-Servicing
Time Written: 20120314132402.000000-000
Event Type: Warnung
User: NT-AUTORITÄT\SYSTEM
Computer Name: Anne-PC
Event Code: 4371
Message: Windows-Wartung hat begonnen, den Status des Pakets KB2641653(Security Update) von Nicht vorhanden(Absent) in Bereitgestellt(Staged) zu ändern.
Record Number: 206054
Source Name: Microsoft-Windows-Servicing
Time Written: 20120314132402.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM
Computer Name: Anne-PC
Event Code: 4371
Message: Windows-Wartung hat begonnen, den Status des Pakets KB2641653(Security Update) von Nicht vorhanden(Absent) in Bereitgestellt(Staged) zu ändern.
Record Number: 206053
Source Name: Microsoft-Windows-Servicing
Time Written: 20120314132402.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM
Computer Name: Anne-PC
Event Code: 4371
Message: Windows-Wartung hat begonnen, den Status des Pakets KB2641653(Security Update) von Nicht vorhanden(Absent) in Bereitgestellt(Staged) zu ändern.
Record Number: 206052
Source Name: Microsoft-Windows-Servicing
Time Written: 20120314132401.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM
=====Application event log=====
Computer Name: Anne-PC
Event Code: 10
Message: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.
Record Number: 5762
Source Name: Microsoft-Windows-WMI
Time Written: 20110119192836.000000-000
Event Type: Fehler
User:
Computer Name: Anne-PC
Event Code: 1
Message: Der Windows-Sicherheitscenterdienst wurde gestartet.
Record Number: 5761
Source Name: SecurityCenter
Time Written: 20110119192836.000000-000
Event Type: Informationen
User:
Computer Name: Anne-PC
Event Code: 102
Message: Windows (2472) Windows: Das Datenbankmodul (6.00.6002.0000) hat eine neue Instanz gestartet (0).
Record Number: 5760
Source Name: ESENT
Time Written: 20110119192836.000000-000
Event Type: Informationen
User:
Computer Name: Anne-PC
Event Code: 5617
Message: Die Subsysteme des Windows-Verwaltungsinstrumentationsdienstes wurden erfolgreich initialisiert.
Record Number: 5759
Source Name: Microsoft-Windows-WMI
Time Written: 20110119192835.000000-000
Event Type: Informationen
User:
Computer Name: Anne-PC
Event Code: 0
Message:
Record Number: 5758
Source Name: hpqddsvc
Time Written: 20110119192834.000000-000
Event Type: Informationen
User:
=====Security event log=====
Computer Name: Anne-PC
Event Code: 4672
Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen.
Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-ID: 0x3e7
Berechtigungen: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 43808
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20111121031337.698942-000
Event Type: Überwachung erfolgreich
User:
Computer Name: Anne-PC
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.
Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: ANNE-PC$
Kontodomäne: WORKGROUP
Anmelde-ID: 0x3e7
Anmeldetyp: 5
Neue Anmeldung:
Sicherheits-ID: S-1-5-18
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-ID: 0x3e7
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}
Prozessinformationen:
Prozess-ID: 0x260
Prozessname: C:\Windows\System32\services.exe
Netzwerkinformationen:
Arbeitsstationsname:
Quellnetzwerkadresse: -
Quellport: -
Detaillierte Authentifizierungsinformationen:
Anmeldeprozess: Advapi
Authentifizierungspaket: Negotiate
Übertragene Dienste: -
Paketname (nur NTLM): -
Schlüssellänge: 0
Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.
Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".
Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).
Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.
Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.
Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
- Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
- Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
- Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
- Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 43807
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20111121031337.698942-000
Event Type: Überwachung erfolgreich
User:
Computer Name: Anne-PC
Event Code: 4648
Message: Anmeldeversuch mit expliziten Anmeldeinformationen.
Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: ANNE-PC$
Kontodomäne: WORKGROUP
Anmelde-ID: 0x3e7
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}
Konto, dessen Anmeldeinformationen verwendet wurden:
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}
Zielserver:
Zielservername: localhost
Weitere Informationen: localhost
Prozessinformationen:
Prozess-ID: 0x260
Prozessname: C:\Windows\System32\services.exe
Netzwerkinformationen:
Netzwerkadresse: -
Port: -
Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden. Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird.
Record Number: 43806
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20111121031337.698942-000
Event Type: Überwachung erfolgreich
User:
Computer Name: Anne-PC
Event Code: 4902
Message: Eine Benutzerrichtlinien-Überwachungstabelle wurde erstellt.
Anzahl von Elementen: 0
Richtlinienkennung: 0x18064
Record Number: 43805
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20111121031337.090538-000
Event Type: Überwachung erfolgreich
User:
Computer Name: Anne-PC
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.
Antragsteller:
Sicherheits-ID: S-1-0-0
Kontoname: -
Kontodomäne: -
Anmelde-ID: 0x0
Anmeldetyp: 0
Neue Anmeldung:
Sicherheits-ID: S-1-5-18
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-ID: 0x3e7
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}
Prozessinformationen:
Prozess-ID: 0x4
Prozessname:
Netzwerkinformationen:
Arbeitsstationsname: -
Quellnetzwerkadresse: -
Quellport: -
Detaillierte Authentifizierungsinformationen:
Anmeldeprozess: -
Authentifizierungspaket: -
Übertragene Dienste: -
Paketname (nur NTLM): -
Schlüssellänge: 0
Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.
Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".
Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).
Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.
Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.
Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
- Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
- Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
- Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
- Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 43804
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20111121031336.950137-000
Event Type: Überwachung erfolgreich
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Broadcom\Broadcom 802.11\Driver;c:\Program Files\ATI Technologies\ATI.ACE\Core-Static;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Windows\system32\gs\gs7.05\bin
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=17
"PROCESSOR_IDENTIFIER"=x86 Family 17 Model 3 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=0301
"NUMBER_OF_PROCESSORS"=1
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
-----------------EOF-----------------
Zitat:
Nr2. RSIT Logfile: Code:
ATTFilter Logfile of random's system information tool 1.09 (written by random/random) Run by Anne at 2012-08-06 12:05:25 Microsoft® Windows Vista™ Home Basic Service Pack 2 System drive C: has 48 GB (32%) free of 153 GB Total RAM: 2812 MB (52% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:05:37, on 06.08.2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16447) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe C:\Windows\WindowsMobile\wmdc.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe C:\Windows\System32\mobsync.exe c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\conime.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Windows\system32\SearchFilterHost.exe E:\RSIT.exe C:\Program Files\trend micro\Anne.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - (no file) O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Free YouTube Download - C:\Users\Anne\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Anne\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - C:\Program Files\BitComet\tools\BitCometService.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: Freemake Improver - Freemake - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice_tmp.exe O23 - Service: Realtek11nSU - Realtek - C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE -- End of file - 8204 bytes ======Scheduled tasks folder====== C:\Windows\tasks\Adobe Flash Player Updater.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job =========Mozilla firefox========= ProfilePath - C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\q05e5wce.default prefs.js - "browser.startup.homepage" - "hxxp://www.google.de/" "{20a82645-c095-46ed-80e3-08825760534b}"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ "fmconverter@gmail.com"=C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ "{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"=C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer] "Description"=Adobe® Flash® Player 11.3.300.270 Plugin "Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer] "Description"=Adobe Shockwave Player "Path"=C:\Windows\system32\Adobe\Director\np32dsw.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0] "Description"=DivX Plus Web Player "Path"=C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0] "Description"=DivX VOD Helper Plug-in "Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin] "Description"=Google Earth in your browser "Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin] "Description"=Oracle® Next Generation Java™ Plug-In "Path"=C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] "Description"=Ag Player Plugin "Path"=c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5] "Description"=Windows Presentation Foundation plug-in for Mozilla browsers "Path"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3] "Description"=Google Update "Path"=C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9] "Description"=Google Update "Path"=C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.3] "Description"=VLC Multimedia Plugin "Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader] "Description"=Handles PDFs in-place in Firefox "Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll C:\Program Files\Mozilla Firefox\extensions\ {972ce4c6-7e08-4474-a285-3208198ce6fd} C:\Program Files\Mozilla Firefox\components\ binary.manifest browsercomps.dll C:\Program Files\Mozilla Firefox\searchplugins\ amazondotcom-de.xml bing.xml eBay-de.xml google.xml leo_ende_de.xml wikipedia-de.xml yahoo-de.xml ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}] DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12 194432] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-03-12 325408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-03-12 42272] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {99079a25-328f-4bd4-be04-00955acaa0a7} [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Broadcom Wireless Manager UI"=C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe [2010-12-10 4367360] "StartCCC"=c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-06-04 1791272] "QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2009-11-11 287800] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712] "Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696] "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152] "DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2011-07-29 1259376] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "uTorrent"=C:\Program Files\uTorrent\uTorrent.exe /MINIMIZED [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe start [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2011-07-29 1259376] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2008-04-15 488752] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC] c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\QTTask.exe -atboottime [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter] oobefldr.dll,ShowWelcomeCenter [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] C:\PROGRA~2\HP\DIGITA~1\bin\hpqtra08.exe [2008-03-25 214360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Anne^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk] C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE [2010-05-20 1195008] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "BindDirectlyToPropertySetStorage"=0 "NoToolbarCustomize"=0 "NoBandCustomize"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "VIDC.UYVY"=msyuv.dll "VIDC.YUY2"=msyuv.dll "VIDC.YVYU"=msyuv.dll "VIDC.IYUV"=iyuv_32.dll "vidc.i420"=i420vfw.dll "VIDC.YVU9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\System32\l3codeca.acm "vidc.cvid"=iccvid.dll "MSVideo8"=VfWWDM32.dll "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv "vidc.yv12"=DivX.dll "vidc.DIVX"=DivX.dll ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 3 months====== 2012-08-06 12:05:26 ----D---- C:\Program Files\trend micro 2012-08-06 12:05:25 ----D---- C:\rsit 2012-08-04 11:10:43 ----AD---- C:\ProgramData\TEMP 2012-08-04 11:08:33 ----A---- C:\Windows\system32\ztvunrar39.dll 2012-08-04 11:08:33 ----A---- C:\Windows\system32\ztvunrar36.dll 2012-08-04 11:08:33 ----A---- C:\Windows\system32\ztvunace26.dll 2012-08-04 11:08:33 ----A---- C:\Windows\system32\ztvcabinet.dll 2012-08-04 11:08:33 ----A---- C:\Windows\system32\ztv7z.dll 2012-08-04 11:08:33 ----A---- C:\Windows\system32\UNRAR3.dll 2012-08-04 11:08:33 ----A---- C:\Windows\system32\unacev2.dll 2012-08-04 11:08:32 ----D---- C:\Users\Anne\AppData\Roaming\Simply Super Software 2012-08-04 11:08:32 ----D---- C:\ProgramData\Simply Super Software 2012-08-04 11:08:32 ----D---- C:\Program Files\Trojan Remover 2012-08-04 09:16:06 ----D---- C:\Users\Anne\AppData\Roaming\Malwarebytes 2012-08-04 09:15:55 ----D---- C:\ProgramData\Malwarebytes 2012-08-04 09:00:25 ----D---- C:\ProgramData\Mozilla 2012-08-04 09:00:25 ----D---- C:\Program Files\Mozilla Maintenance Service 2012-08-04 09:00:23 ----D---- C:\Program Files\Mozilla Firefox 2012-08-03 13:25:10 ----SHD---- C:\Windows\system32\%APPDATA% 2012-07-23 18:32:07 ----D---- C:\Users\Anne\AppData\Roaming\vlc 2012-07-23 18:31:16 ----D---- C:\Program Files\VideoLAN 2012-07-16 20:16:40 ----A---- C:\Windows\system32\FlashPlayerApp.exe 2012-07-16 12:14:11 ----D---- C:\ProgramData\IBUpdaterService 2012-07-15 08:15:06 ----D---- C:\ProgramData\boost_interprocess 2012-07-14 19:02:27 ----D---- C:\Users\Anne\AppData\Roaming\Ashampoo 2012-07-14 19:02:10 ----D---- C:\ProgramData\ashampoo 2012-07-14 19:02:04 ----D---- C:\Program Files\Ashampoo 2012-07-14 18:47:17 ----D---- C:\Users\Anne\AppData\Roaming\Nero 2012-07-14 18:40:01 ----D---- C:\ProgramData\Nero 2012-07-14 18:38:38 ----A---- C:\Windows\system32\d3dx11_43.dll 2012-07-14 18:37:53 ----A---- C:\Windows\system32\D3DCompiler_42.dll 2012-07-14 18:37:11 ----A---- C:\Windows\system32\d3dx10_43.dll 2012-07-14 18:36:31 ----A---- C:\Windows\system32\D3DX9_42.dll 2012-07-14 18:36:03 ----A---- C:\Windows\system32\D3DX9_43.dll 2012-07-14 18:35:32 ----A---- C:\Windows\system32\D3DX9_40.dll 2012-07-14 18:35:04 ----A---- C:\Windows\system32\d3dcsx_43.dll 2012-07-14 18:34:34 ----A---- C:\Windows\system32\d3dx9_35.dll 2012-07-14 18:34:06 ----A---- C:\Windows\system32\D3DCompiler_43.dll 2012-07-14 18:33:35 ----A---- C:\Windows\system32\d3dx9_34.dll 2012-07-14 18:32:59 ----A---- C:\Windows\system32\d3dx9_30.dll 2012-07-14 17:43:01 ----D---- C:\ProgramData\Freemake 2012-07-14 17:42:45 ----D---- C:\Program Files\Freemake 2012-07-14 13:01:02 ----A---- C:\Windows\system32\TubeFinder.exe 2012-07-14 13:01:00 ----A---- C:\Windows\system32\VB6STKIT.DLL 2012-07-14 13:01:00 ----A---- C:\Windows\system32\VB6FR.DLL 2012-07-14 13:00:59 ----D---- C:\Users\Anne\AppData\Roaming\FreeFLVConverter 2012-07-14 13:00:59 ----D---- C:\Program Files\Free FLV Converter 2012-07-14 13:00:59 ----A---- C:\Windows\system32\PCCLPFR.DLL 2012-07-14 13:00:59 ----A---- C:\Windows\system32\MSCMCFR.DLL 2012-07-14 13:00:59 ----A---- C:\Windows\system32\CMDLGFR.DLL 2012-07-13 06:59:29 ----D---- C:\Program Files\StreamTransport 2012-07-11 22:26:41 ----A---- C:\Windows\system32\win32k.sys 2012-07-11 22:24:34 ----A---- C:\Windows\system32\mshtmled.dll 2012-07-11 22:24:33 ----A---- C:\Windows\system32\ieui.dll 2012-07-11 22:24:33 ----A---- C:\Windows\system32\iertutil.dll 2012-07-11 22:24:32 ----A---- C:\Windows\system32\wininet.dll 2012-07-11 22:24:32 ----A---- C:\Windows\system32\ieUnatt.exe 2012-07-11 22:24:31 ----A---- C:\Windows\system32\url.dll 2012-07-11 22:24:31 ----A---- C:\Windows\system32\jsproxy.dll 2012-07-11 22:24:31 ----A---- C:\Windows\system32\jscript9.dll 2012-07-11 22:24:31 ----A---- C:\Windows\system32\jscript.dll 2012-07-11 22:24:30 ----A---- C:\Windows\system32\urlmon.dll 2012-07-11 22:24:29 ----A---- C:\Windows\system32\mshtml.dll 2012-07-11 22:24:28 ----A---- C:\Windows\system32\ieframe.dll 2012-07-11 13:49:15 ----A---- C:\Windows\system32\shell32.dll 2012-07-11 13:49:10 ----A---- C:\Windows\system32\msxml6.dll 2012-07-11 13:49:10 ----A---- C:\Windows\system32\msxml3.dll 2012-07-11 13:49:08 ----A---- C:\Windows\system32\schannel.dll 2012-07-11 13:49:08 ----A---- C:\Windows\system32\ncrypt.dll 2012-07-11 13:49:08 ----A---- C:\Windows\system32\drivers\ksecdd.sys 2012-06-24 07:55:56 ----D---- C:\Program Files\Google 2012-06-22 09:20:48 ----A---- C:\Windows\system32\wups2.dll 2012-06-22 09:20:48 ----A---- C:\Windows\system32\wuauclt.exe 2012-06-22 09:20:47 ----A---- C:\Windows\system32\wucltux.dll 2012-06-22 09:20:47 ----A---- C:\Windows\system32\wuaueng.dll 2012-06-22 09:20:18 ----A---- C:\Windows\system32\wups.dll 2012-06-22 09:20:18 ----A---- C:\Windows\system32\wudriver.dll 2012-06-22 09:20:18 ----A---- C:\Windows\system32\wuapi.dll 2012-06-22 09:20:08 ----A---- C:\Windows\system32\wuwebv.dll 2012-06-22 09:20:08 ----A---- C:\Windows\system32\wuapp.exe 2012-06-13 08:13:09 ----A---- C:\Windows\system32\cryptsvc.dll 2012-06-13 08:13:09 ----A---- C:\Windows\system32\cryptnet.dll 2012-06-13 08:13:09 ----A---- C:\Windows\system32\crypt32.dll 2012-06-13 08:13:06 ----A---- C:\Windows\system32\drivers\rdpwd.sys 2012-05-27 18:50:00 ----D---- C:\Users\Anne\AppData\Roaming\OpenCandy 2012-05-27 18:49:09 ----A---- C:\Windows\system32\QtCore4.dll 2012-05-27 18:49:05 ----A---- C:\Windows\system32\Newtonsoft.Json.Net20.dll 2012-05-09 17:12:40 ----A---- C:\Windows\system32\drivers\tcpipreg.sys 2012-05-09 17:12:40 ----A---- C:\Windows\system32\drivers\tcpip.sys 2012-05-09 17:12:39 ----A---- C:\Windows\system32\drivers\partmgr.sys 2012-05-09 17:12:35 ----A---- C:\Windows\system32\DWrite.dll 2012-05-09 17:12:35 ----A---- C:\Windows\system32\d3d10warp.dll 2012-05-09 17:12:35 ----A---- C:\Windows\system32\d3d10_1core.dll 2012-05-09 17:12:35 ----A---- C:\Windows\system32\d3d10_1.dll 2012-05-09 17:12:35 ----A---- C:\Windows\system32\d2d1.dll 2012-05-09 17:12:32 ----A---- C:\Windows\system32\ntoskrnl.exe 2012-05-09 17:12:32 ----A---- C:\Windows\system32\ntkrnlpa.exe ======List of files/folders modified in the last 3 months====== 2012-08-06 12:05:37 ----D---- C:\Windows\Prefetch 2012-08-06 12:05:26 ----D---- C:\Program Files 2012-08-06 12:05:12 ----D---- C:\Windows\Temp 2012-08-06 11:27:21 ----D---- C:\Windows\System32 2012-08-06 11:27:21 ----D---- C:\Windows\inf 2012-08-06 11:27:21 ----A---- C:\Windows\system32\PerfStringBackup.INI 2012-08-06 11:23:31 ----SHD---- C:\System Volume Information 2012-08-06 09:52:57 ----D---- C:\Users\Anne\AppData\Roaming\Mozilla 2012-08-05 12:13:59 ----D---- C:\Windows\system32\Tasks 2012-08-05 12:13:34 ----D---- C:\SWSetup 2012-08-05 12:11:26 ----D---- C:\Windows 2012-08-05 12:08:58 ----D---- C:\Windows\system32\catroot 2012-08-05 09:02:04 ----D---- C:\Windows\system32\drivers 2012-08-04 17:58:40 ----D---- C:\ProgramData\DivX 2012-08-04 17:58:36 ----D---- C:\Program Files\DivX 2012-08-04 17:51:33 ----D---- C:\Program Files\Common Files\DivX Shared 2012-08-04 17:42:03 ----SHD---- C:\Windows\Installer 2012-08-04 17:42:03 ----HD---- C:\Config.Msi 2012-08-04 11:18:44 ----D---- C:\Windows\system32\drivers\etc 2012-08-04 11:12:24 ----D---- C:\Windows\WindowsMobile 2012-08-04 11:10:43 ----HD---- C:\ProgramData 2012-08-04 10:42:10 ----D---- C:\Windows\Registration 2012-08-04 08:49:50 ----D---- C:\ProgramData\Spybot - Search & Destroy 2012-08-04 08:49:45 ----D---- C:\Windows\SoftwareDistribution 2012-08-04 08:49:45 ----D---- C:\Windows\Logs 2012-08-04 08:49:45 ----D---- C:\Windows\Debug 2012-08-02 20:39:09 ----D---- C:\Windows\system32\catroot2 2012-08-02 20:38:53 ----D---- C:\Users\Anne\AppData\Roaming\HpUpdate 2012-07-31 14:34:48 ----D---- C:\Users\Anne\AppData\Roaming\BitComet 2012-07-31 14:34:42 ----D---- C:\Downloads 2012-07-16 20:16:43 ----D---- C:\Windows\Tasks 2012-07-16 12:14:05 ----HD---- C:\Program Files\Uninstall Information 2012-07-15 12:14:14 ----D---- C:\Program Files\Common Files 2012-07-14 18:43:43 ----D---- C:\Windows\Cursors 2012-07-14 18:32:05 ----D---- C:\Windows\winsxs 2012-07-14 13:01:03 ----SD---- C:\ProgramData\Microsoft 2012-07-12 07:05:48 ----D---- C:\Windows\system32\migration 2012-07-12 07:05:47 ----D---- C:\Program Files\Internet Explorer 2012-07-11 22:25:10 ----A---- C:\Windows\system32\mrt.exe 2012-06-22 12:40:19 ----D---- C:\Windows\rescache 2012-06-22 12:23:44 ----D---- C:\Windows\system32\de-DE 2012-06-14 15:15:10 ----RSD---- C:\Windows\assembly 2012-06-14 15:15:10 ----D---- C:\Windows\Microsoft.NET 2012-05-31 12:25:14 ----N---- C:\Windows\system32\MpSigStub.exe 2012-05-27 18:50:02 ----D---- C:\Users\Anne\AppData\Roaming\DVDVideoSoft 2012-05-27 18:49:15 ----D---- C:\Users\Anne\AppData\Roaming\DVDVideoSoftIEHelpers 2012-05-27 18:49:09 ----D---- C:\Program Files\Common Files\DVDVideoSoft 2012-05-10 10:31:39 ----D---- C:\Program Files\Microsoft Silverlight 2012-05-10 08:44:27 ----D---- C:\Windows\system32\XPSViewer ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 AtiPcie;ATI PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2008-04-28 14352] R0 hpdskflt;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2011-05-13 25656] R3 Accelerometer;HP Mobile Data Protection Sensor; C:\Windows\system32\DRIVERS\Accelerometer.sys [2011-05-13 35896] R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2008-11-21 1204128] R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-09-11 3847680] R3 BCM42RLY;BCM42RLY; C:\Windows\system32\drivers\BCM42RLY.sys [2010-12-10 18424] R3 HBtnKey;HP Hotkey Device; C:\Windows\system32\DRIVERS\cpqbttn.sys [2011-07-26 15544] R3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544] R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2009-04-29 15872] R3 KMWDFILTER;HIDUASDesc; C:\Windows\system32\DRIVERS\KMWDFILTER.sys [2008-10-09 17408] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-06-04 1303728] R3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016] R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328] R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2009-07-17 312832] S3 athrusb;Atheros Wireless LAN USB device driver; C:\Windows\system32\DRIVERS\athrusb.sys [2008-07-29 904192] S3 BCM43XX;Treiber für Broadcom 802.11-Netzwerkadapter; C:\Windows\system32\DRIVERS\bcmwl6.sys [2010-12-10 2661368] S3 BthEnum;Bluetooth-Anforderungsblocktreiber; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528] S3 BthPan;Bluetooth-Gerät (PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160] S3 BTHPORT;Bluetooth-Porttreiber; C:\Windows\System32\Drivers\BTHport.sys [2011-04-21 508416] S3 BTHUSB;USB-Treiber für Bluetooth-Sender; C:\Windows\System32\Drivers\BTHUSB.sys [2009-06-17 30208] S3 Dot4;MS IEEE-1284.4-Treiber; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-21 131584] S3 Dot4Print;Druckerklassentreiber für IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-21 16384] S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-21 36864] S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192] S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888] S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016] S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992] S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8192su.sys [2010-12-10 515584] S3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2009-03-27 1810992] S3 Tq_91Assistant;Tq_91Assistant; \??\C:\Program Files\NetDragon\91 Mobile\iPhone\Tq_91Assistant.sys [] S3 usb_rndisx;USB-RNDIS-Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-04-11 15872] S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [] S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys [2010-01-21 13056] S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgusbdiag.sys [2010-01-21 20864] S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgusbmodem.sys [2010-01-21 24960] S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328] S3 winusb;WinUsb-Treiber; C:\Windows\system32\DRIVERS\winusb.sys [2009-04-11 31616] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448] S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656] S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [2008-08-26 14336] R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-09-11 692224] R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504] R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504] R2 Freemake Improver;Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2012-06-27 96768] R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-21 21504] R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2011-05-13 26168] R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504] R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-21 21504] R2 Realtek11nSU;Realtek11nSU; C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [2009-04-24 36864] R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-21 21504] R2 wltrysvc;Broadcom Wireless LAN Tray Service; C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE [2010-12-10 26112] R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408] R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-21 21504] R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2009-04-30 229944] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 gupdate;Google Update-Dienst (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-06-24 116648] S2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-02 250056] S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service; C:\Program Files\BitComet\tools\BitCometService.exe [2010-12-28 1296728] S3 gupdatem;Google Update-Dienst (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-06-24 116648] S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice_tmp.exe [2012-07-14 113120] S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] -----------------EOF----------------- |
| Themen zu keine Chance über Google (in IE oder Firefox) die Links zu öffnen |
| acrobat update, amd, andere, basic, brennen, eingefangen, explorer, firefox, fontcache, gefangen, geleitet, google, hdaudio.sys, interne, internetexplorer, langsam, launch, links, msiexec.exe, neu, nicht mehr, notebook, problem gelöst, safer networking, seite, sofort, tagen, trojaner, usb 2.0, usbvideo.sys, virus, vista, windows, windows vista, wscript.exe, öffnen |
Baum-Darstellung