|
Log-Analyse und Auswertung: Firefox öffnet andere Seiten Webseiten, Windows Sicherheitscenter deaktiviertWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
23.08.2012, 13:51 | #1 |
| Firefox öffnet andere Seiten Webseiten, Windows Sicherheitscenter deaktiviert Hallo Gemeinde, erst mal ein ganz GROßES LOB an dieses Board:. Hat mir schon oft geholfen. Jetzt aber habe ich an Papa´s Laptop ein besonderes Problem. Vor ca. 2Wochen hatte er diesen "Bundeskriminaltrojaner" drauf, den ich mit Antivir und Malwarebytes Anti-Malware beseitigen konnte(denke ich zumindest?). Und heute nun dieses Problem: 1.) Wenn ich im Firefox in Google etwas suche, klicke die Seite an aber es öffnet sich irgendeine andere Seite. Erst kommt in der Adresszeile etwas mit "ihavenet.com" und dann öffnet sich irgendeine Webseite. 2.) Als nächstes habe ich festgestellt das das Windows-Sicherheitscenter deativiert ist und ich es nicht mehr aktivieren kann. Heute morgen CCCleaner ausgeführt, Avira AntiVir laufen lassen (8Funde) und OTL(zum ersten mal) laufen lassen. Hier nun die Logfiles und Danke schon mal im voraus. DariusOTL Logfile: Code:
ATTFilter OTL logfile created on: 23.08.2012 13:47:04 - Run 1 OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,54 Gb Available Physical Memory | 63,52% Memory free 7,99 Gb Paging File | 6,28 Gb Available in Paging File | 78,58% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 74,52 Gb Total Space | 36,71 Gb Free Space | 49,26% Space Free | Partition Type: NTFS Drive D: | 204,03 Gb Total Space | 119,81 Gb Free Space | 58,72% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe () PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe () PRC - C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Windows\AsScrPro.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () PRC - C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe (asus) PRC - C:\Windows\SysWOW64\cjpcsc.exe (REINER SCT) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe (Boingo Wireless, Inc.) PRC - C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) PRC - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe () PRC - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe (SEIKO EPSON CORPORATION) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll () MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () MOD - C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll () MOD - C:\Program Files (x86)\ASUS\ControlDeck\HelpFunc.dll () MOD - C:\Program Files (x86)\ASUS\ControlDeck\P4GControl.dll () MOD - C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll () MOD - C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll () MOD - C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll () MOD - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe () ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (vToolbarUpdater11.2.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe () SRV - (StarMoney 8.0 OnlineUpdate) -- C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (StarMoney 7.0 OnlineUpdate) -- C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (cjpcsc) -- C:\Windows\SysWOW64\cjpcsc.exe (REINER SCT) SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY) SRV - (EpsonBidirectionalService) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe (SEIKO EPSON CORPORATION) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (cjusb) -- C:\Windows\SysNative\drivers\cjusb.sys (REINER SCT) DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.) DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( ) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation) DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys () DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS) DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2628501087-1004909151-860887654-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKU\S-1-5-21-2628501087-1004909151-860887654-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ IE - HKU\S-1-5-21-2628501087-1004909151-860887654-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2628501087-1004909151-860887654-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={BBE0C801-E245-4003-A0DF-B44FFFF1EBCE}&mid=b7dbf2539c2547d0841b99127f7d64e4-4efb5d353297c0c0a4776b28ba13c6bfc5d9c963&lang=de&ds=tt014&pr=sa&d=2012-05-30 08:12:55&v=8.0.0.34&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-2628501087-1004909151-860887654-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.20 21:30:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.08.20 11:27:11 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.20 21:30:19 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.08.20 11:27:11 | 000,000,000 | ---D | M] [2011.02.17 15:06:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2011.02.17 15:06:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2012.07.25 14:37:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5s7wglbn.default\extensions [2012.05.30 08:13:08 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5s7wglbn.default\extensions\avg@toolbar [2012.06.22 14:56:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.07.20 20:41:09 | 000,702,524 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5S7WGLBN.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI [2012.07.20 21:30:19 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.22 14:56:51 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.07.09 22:19:08 | 000,003,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2012.06.22 14:56:51 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.22 14:56:51 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.22 14:56:51 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.22 14:56:51 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.22 14:56:51 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll () O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-2628501087-1004909151-860887654-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.) O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk () O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [HF_G_Jul] C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe () O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2628501087-1004909151-860887654-1000..\Run: [EPSON12B8E6 (Epson Stylus SX420W)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU "C:\Windows\TEMP\E_SDE2E.tmp" /EF "HKCU" File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\S-1-5-21-2628501087-1004909151-860887654-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.5.1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A240E07-7A8F-4C05-BFFB-1F9C3FB9BA10}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll () O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.23 13:43:52 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Probs [2012.08.23 12:23:31 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.08.23 12:07:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\f-secure [2012.08.23 12:06:35 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure [2012.08.20 11:27:00 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.08.15 10:55:30 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.08.15 10:55:29 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.08.15 10:55:29 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.08.15 10:55:29 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.08.15 10:55:28 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.08.15 10:55:27 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.08.15 10:55:27 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.08.15 10:55:27 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.08.15 10:55:27 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.08.15 10:55:27 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.08.15 10:55:26 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.08.15 10:55:25 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.08.15 10:55:25 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.08.15 10:49:15 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll [2012.08.15 10:49:15 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll [2012.08.15 10:49:15 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll [2012.08.15 10:48:56 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll [2012.08.10 19:20:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.08.10 19:19:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle [2012.08.10 19:19:41 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012.08.10 19:08:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Macromedia [2012.08.10 19:08:04 | 000,000,000 | R--D | C] -- C:\Users\***\Documents [2012.08.10 19:07:25 | 000,955,888 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2012.08.10 19:07:25 | 000,839,152 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2012.08.10 19:07:25 | 000,268,784 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2012.08.10 19:07:16 | 000,189,424 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2012.08.10 19:07:16 | 000,188,912 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2012.08.10 19:07:10 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012.08.10 19:05:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2012.08.10 19:05:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2012.08.10 19:05:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2012.08.10 18:43:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.08.10 17:26:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012.08.10 17:26:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.08.10 17:26:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.10 17:26:34 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.08.10 17:26:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.08.03 15:22:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyTomTom 3 ========== Files - Modified Within 30 Days ========== [2012.08.23 13:48:14 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.23 12:23:50 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.08.23 11:32:53 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.08.23 11:32:53 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.08.23 11:13:57 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.23 11:13:57 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.23 11:06:17 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe [2012.08.23 11:06:13 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cc7058e4b99e9a.job [2012.08.23 11:06:07 | 000,000,306 | ---- | M] () -- C:\Windows\tasks\FIYTIW.job [2012.08.23 11:05:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.23 11:05:50 | 3219,513,344 | -HS- | M] () -- C:\hiberfil.sys [2012.08.23 08:54:04 | 000,106,496 | RHS- | M] () -- C:\Windows\SysWow64\p2pcollabw.dll [2012.08.22 16:06:49 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.08.22 16:06:49 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.08.22 16:06:49 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.08.22 16:06:49 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.08.22 16:06:49 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.08.15 11:13:38 | 000,414,392 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.08.10 19:19:24 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012.08.10 19:19:24 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012.08.10 19:10:37 | 000,001,500 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini [2012.08.10 19:08:48 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012.08.10 19:07:11 | 000,955,888 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2012.08.10 19:07:11 | 000,839,152 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2012.08.10 19:07:11 | 000,268,784 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2012.08.10 19:07:11 | 000,189,424 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2012.08.10 19:07:11 | 000,188,912 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2012.08.10 18:43:08 | 000,001,019 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.08.10 18:36:20 | 000,002,189 | ---- | M] () -- C:\Users\Public\Desktop\Synchredible.lnk [2012.08.10 17:26:36 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.10 17:07:00 | 000,126,562 | ---- | M] () -- D:\Eigene Dokumente\cc_20120810_170651.reg [2012.08.10 17:06:16 | 000,262,306 | ---- | M] () -- D:\Eigene Dokumente\cc_20120810_170547.reg [2012.08.10 12:19:42 | 000,001,088 | ---- | M] () -- C:\Users\***\Desktop\Bilder - Verknüpfung.lnk [2012.08.10 09:33:20 | 004,503,728 | ---- | M] () -- C:\ProgramData\ldsw_0paos.pad [2012.08.03 18:09:58 | 000,002,130 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini ========== Files Created - No Company Name ========== [2012.08.23 08:54:04 | 000,106,496 | RHS- | C] () -- C:\Windows\SysWow64\p2pcollabw.dll [2012.08.23 08:54:04 | 000,000,306 | ---- | C] () -- C:\Windows\tasks\FIYTIW.job [2012.08.10 19:08:48 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012.08.10 19:08:48 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012.08.10 18:43:08 | 000,001,019 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.08.10 17:26:36 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.10 17:06:53 | 000,126,562 | ---- | C] () -- D:\Eigene Dokumente\cc_20120810_170651.reg [2012.08.10 17:05:56 | 000,262,306 | ---- | C] () -- D:\Eigene Dokumente\cc_20120810_170547.reg [2012.08.10 12:19:42 | 000,001,088 | ---- | C] () -- C:\Users\***\Desktop\Bilder - Verknüpfung.lnk [2012.08.10 08:50:52 | 004,503,728 | ---- | C] () -- C:\ProgramData\ldsw_0paos.pad [2011.10.12 18:23:16 | 000,000,000 | ---- | C] () -- C:\Windows\wiso.ini [2011.06.24 14:12:51 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{67E99B48-594C-4ACE-A9B7-577D02611072} [2011.05.09 17:17:56 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{05606C7E-9422-41BE-A304-53D63B0B4371} [2010.12.10 17:34:18 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.10.25 09:51:34 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI [2010.10.24 16:01:44 | 000,167,936 | ---- | C] () -- C:\Windows\SysWow64\SerialXP.dll [2010.10.24 16:01:44 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\win32com.dll [2010.10.24 15:58:00 | 000,000,572 | ---- | C] () -- C:\Windows\hbcikrnl.ini [2010.10.24 15:37:55 | 000,031,328 | ---- | C] () -- C:\Windows\SysWow64\Ctrsct16.dll [2010.10.21 19:53:32 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini [2010.09.10 03:10:41 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.09.10 03:06:21 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010.09.10 02:56:25 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== LOP Check ========== [2010.11.20 17:14:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ASCOMP Software [2010.10.21 17:25:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Asus WebStorage [2011.10.12 18:25:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Buhl Data Service [2011.07.15 18:38:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited [2011.10.27 14:02:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular [2011.08.25 19:20:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Epson [2012.08.23 12:07:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\f-secure [2011.06.23 15:32:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView [2011.02.17 15:06:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TomTom [2012.05.30 08:12:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software [2012.08.23 11:06:07 | 000,000,306 | ---- | M] () -- C:\Windows\Tasks\FIYTIW.job [2012.08.22 11:25:35 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:AB689DEA < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 23.08.2012 13:47:04 - Run 1 OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,54 Gb Available Physical Memory | 63,52% Memory free 7,99 Gb Paging File | 6,28 Gb Available in Paging File | 78,58% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 74,52 Gb Total Space | 36,71 Gb Free Space | 49,26% Space Free | Partition Type: NTFS Drive D: | 204,03 Gb Total Space | 119,81 Gb Free Space | 58,72% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2628501087-1004909151-860887654-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 "AutoUpdateDisableNotify" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01BD19EB-2751-4F6D-9AA8-9C3F6CFC94D4}" = lport=2869 | protocol=6 | dir=in | app=system | "{045D02B5-E443-4A8A-9BEE-6995BAD5B81E}" = rport=445 | protocol=6 | dir=out | app=system | "{119B20EB-2D8F-48D9-B927-23E4AF736B59}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 | "{2F9005E6-4119-4F94-B708-A91F5194ABC4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{375449CA-DEE1-4161-827B-A976DEBAD4E7}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary | "{3C661FE0-DE45-4A42-9A4F-454A4F331A6D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4B0FB565-5958-44A7-BF03-06D2CC2C5242}" = rport=138 | protocol=17 | dir=out | app=system | "{4E763C8F-A4C6-45FB-80EE-82902A3D4ECB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{598D4B1F-C539-499C-BF69-471BDB6A1C28}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5A823E94-9CBC-4F20-AE02-242DBC72D724}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{600E9D95-1263-4609-95AF-0F732F4F605E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{63E51BA8-DCAF-4CBF-9C38-A867AF7903F9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{6CB79DCD-B434-479D-8A50-6BA1A4BBA35A}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 | "{6E7A443C-238F-4815-A0C1-C08A6FEFF2FA}" = lport=138 | protocol=17 | dir=in | app=system | "{8525373B-A345-4486-9741-EAA1A530A42A}" = lport=10243 | protocol=6 | dir=in | app=system | "{888C9D30-B34E-4CE8-A274-7C7D18BE40B1}" = rport=139 | protocol=6 | dir=out | app=system | "{8A15D483-DE1A-466D-9FC2-9275EAFC581E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{95676941-860C-4707-9B87-C31323354956}" = lport=139 | protocol=6 | dir=in | app=system | "{95EB43E7-163A-40C1-932E-D3A7F5F38BC5}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{9F3F03B3-555D-4D9D-ACFF-00D7E80100C9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{A343AF65-3A19-4C34-BB43-DA7F85BE5129}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary | "{ABAEAE09-0D07-4F9A-9937-226643FB637D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{AD317DB8-A9E6-434A-B357-CF2B3F2A16A7}" = lport=137 | protocol=17 | dir=in | app=system | "{AEF863DC-61B6-45C5-99A6-EC2E4C0E1685}" = rport=137 | protocol=17 | dir=out | app=system | "{B282435F-CF77-4A25-98BD-374DB04458BC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B4EE9847-BE6E-48AC-B465-762CC33D18B3}" = lport=445 | protocol=6 | dir=in | app=system | "{BF1F8210-5BB0-4B2A-810A-2F68E795876A}" = rport=10243 | protocol=6 | dir=out | app=system | "{C6ACEDAE-E57F-41E4-BF5E-FD90EE773FF4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D1E4CC9C-242D-4C5D-8FFF-6749D91DC8BD}" = lport=2869 | protocol=6 | dir=in | app=system | "{DFF08376-A8B6-498F-AB51-80BE00016F65}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{05DEF2E9-17DA-4372-8CB6-B0543092D121}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{088B05B1-E91C-4CFC-8A78-A8F1F60F1DFE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{0A0B859B-FB98-4A6B-BFAC-A93B5052F5F6}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{0B90F743-55C8-456E-A861-50A0A8B157A0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{10683B3E-15B5-4A62-A8E4-BC43239F9201}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{107F21FD-8D6B-471F-8F3F-15530BCE401C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{18E81DCC-9A0B-4AB9-88AF-A423DF4AD8AF}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{1920AA72-398A-499A-955A-E5299E35AE16}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{1A5124E7-02DB-4C77-8121-C94E416B46A2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{20CBAC0F-4351-43CE-815C-622601CF32F0}" = protocol=6 | dir=out | app=system | "{21D0CB03-CFBF-4ABF-804B-1B14324E78F8}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{2BC108D0-0B0E-426C-8634-880FC5D1376E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{313EA298-2976-40E5-80DD-7D66569F7CDE}" = protocol=17 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool10\eneasyapp.exe | "{3FD9912A-0840-4A86-856E-2599EDE4924A}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 8.0\ouservice\starmoneyonlineupdate.exe | "{47802FA8-6CB0-487A-954F-BFB9A416E638}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{48741BC8-6A57-4F37-8459-5243FFCDD5DF}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 7.0\ouservice\starmoneyonlineupdate.exe | "{500B8477-DC6C-491D-B7E2-D44B4977969A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{781A5DAD-2C67-4921-BA26-7DA9CE12F1AA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{790BFCF3-CD80-44F8-A804-7B745DD4D793}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{8A437F74-1794-46A5-A10A-F72E78C41FC4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{9628491B-89D0-456A-AC7E-C04388C28AA6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{9ED03633-94D8-49B9-A097-7002D0031B0E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{9F2ED5EE-E70C-49BC-8B00-41417289B109}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A2D9BAAE-93D8-4DEB-BE36-4135F9BBF19C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{A76350A4-9184-413A-A9CD-185ACCE18F3C}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 8.0\ouservice\starmoneyonlineupdate.exe | "{A7A76E61-F552-4D4D-B26F-0DCA5511E3BE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{C0010B64-730C-421D-B827-598369978BBB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C07C02D4-E9F1-458B-8DB4-3C5CE375634C}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 8.0\app\starmoney.exe | "{C78CCD71-9735-4E99-8785-47EFE0F4C5EB}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 7.0\app\starmoney.exe | "{CB6706E7-5F32-4D92-ADD0-2ECEF7713F65}" = protocol=6 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool10\eneasyapp.exe | "{D10C8E9E-CBB8-40D5-AEC1-159031C4FE26}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 7.0\ouservice\starmoneyonlineupdate.exe | "{D4F3F184-0043-43D6-B031-0E27A0DD7D3D}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 7.0\app\starmoney.exe | "{E46D0F46-4BF3-4669-9A65-2D03814B05AA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{EBE76B26-1523-4B60-9D81-1B61675BFC85}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{F8412C94-95B1-4BDB-AE45-72E5747082B7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{FB15823E-F19D-4101-81F1-3B63CA64D04B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{FCBCE112-35BB-4172-85D1-044F552B08E7}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 8.0\app\starmoney.exe | "TCP Query User{370B6A76-8B65-452F-8B83-D9AA7203CBA6}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe | "TCP Query User{A3F60212-290A-4A48-B949-E3257BE09102}C:\program files (x86)\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe | "TCP Query User{BED736D4-DB5C-41C0-AE00-B2964724E8DE}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{D6141B97-4D3A-4A1C-86A8-2198CA436C5B}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "TCP Query User{FE71F411-18A4-41BA-B65C-CC3F0FC7C676}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "UDP Query User{2ECCBA01-C989-4270-9F9E-6CF6E2438935}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "UDP Query User{370B3B34-0EB6-49A9-8850-755ABD43B4D8}C:\program files (x86)\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe | "UDP Query User{AF9F0D98-5C32-4DFE-8978-2DE7EDAD44D4}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{D2D33C90-273F-43BF-8CA5-1AF114F0E34C}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe | "UDP Query User{D9CC4737-A7A6-437E-844E-263B58BE676E}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot "{266058E0-8FB1-8487-C833-3697A3484E01}" = ccc-utility64 "{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit) "{3768263E-8BE8-4CEF-9463-6D36F731824B}" = Windows Live Family Safety "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{C42CA929-C55C-4435-F6B2-160C10FD301E}" = ATI Catalyst Install Manager "{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}" = SRS Premium Sound Control Panel "CCleaner" = CCleaner "Elantech" = ETDWare PS/2-x64 7.0.5.13_WHQL "EPSON SX420W Series" = EPSON SX420W Series Printer Uninstall "USB 2.0 VGA UVC WebCam" = USB 2.0 VGA UVC WebCam [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager "{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009 "{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery "{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{16B730BF-C913-4CE0-9D86-3BA55E796AD9}" = StarMoney 7.0 "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1BAAF2F6-C688-ACB4-89C3-3D0D074CE59F}" = CCC Help Russian "{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FCBD504-AB7D-4757-9A14-850348384B08}" = StarMoney "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3 "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32 "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart "{2CA575D0-4A39-13B7-C3F6-C12DCECB5BE4}" = CCC Help Finnish "{2D12DFC6-4C5E-2734-5979-2D94798738F1}" = CCC Help Italian "{33A51566-5216-B590-472F-D626C407E332}" = CCC Help Hungarian "{38E5F2CE-F3B8-95C8-E2D2-E668ECF12FB3}" = CCC Help Greek "{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2 "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{41B4578A-520D-375F-0702-51608CFDDA0F}" = CCC Help Norwegian "{43233BDA-5837-0AA5-1624-4746516BCB01}" = CCC Help Dutch "{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime "{44FAF589-DA07-039F-A7BF-09A846640A43}" = Catalyst Control Center Graphics Full Existing "{47CB9C66-D023-34D2-98EB-541D05F89968}" = CCC Help Chinese Standard "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update "{4D409740-7A1C-52B4-D7E6-BB6C4F343140}" = CCC Help Spanish "{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail "{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck "{5EFDCD2E-1218-5101-747C-C9AA9443CB85}" = CCC Help Japanese "{619D83DC-710E-203E-29EA-8318FB27C5E4}" = CCC Help Thai "{63B9224A-89C9-44E6-8252-5F2F73A71C54}" = StarMoney "{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon "{6703F18D-12B3-7936-2DCA-5D50FD0E3235}" = CCC Help Polish "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie "{6E08F573-FCF7-C933-5BC5-7B14FD5564E3}" = CCC Help Korean "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7AC9FA44-609F-8D70-5CC3-9C6A1E59CA4D}" = Catalyst Control Center Graphics Light "{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115233673}" = Dream Day Wedding Married in Manhattan "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-1173957}" = Piggly FREE "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117396510}" = Smileyville FREE "{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call "{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger "{840E2658-DBA1-9A75-7C36-6C6E3F67FAC0}" = ccc-core-static "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{879C52A2-FF9A-4CB5-BB74-B0DA994ABB2A}" = StarMoney "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync "{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{90C67C7D-E918-402C-9856-7B13999E1786}" = StarMoney "{92633C0F-C9BE-41E3-B439-0B508F859DB5}" = StarMoney "{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver "{9BDD86A7-B184-BB3F-222C-BD24871C0021}" = CCC Help Turkish "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame "{A1ABB2D1-3A6C-8598-CCCC-684625F4D451}" = CCC Help Swedish "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A7B8A5E9-CA44-44A0-9393-9EA0FFE4C3FB}" = Alcor Micro USB Card Reader "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch "{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) "{B30B1C24-863A-B8D3-DB04-7037EE242486}" = CCC Help French "{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar "{B653A2EC-D816-4498-A4FD-651047AB9DC9}" = Boingo Wi-Fi "{B89F53E2-4461-16D4-66B5-285593D1BE07}" = CCC Help Chinese Traditional "{BBED4F90-7AE5-40BF-AFB7-1B495692F4AB}" = syncables desktop SE "{BC3F09E3-E113-1856-855D-E90B073190D1}" = CCC Help Danish "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{BE79D33C-6C74-2F72-2160-F0DB4C897B3D}" = Catalyst Control Center InstallProxy "{C0A0FA0B-9C4C-1653-0A8D-5F1D92F38D16}" = CCC Help English "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{C9991C9B-0783-452E-8954-AB93E2AB3B80}_is1" = Game Park Console "{C9A00809-0A5A-39DD-C70F-B2CBDD4EA35A}" = Catalyst Control Center Graphics Previews Vista "{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.2 "{CA0E4192-E92A-4C61-BB7F-84117DEAE896}" = StarMoney 8.0 "{D21D5B3B-0BCB-1809-5701-E59EFB4358E8}" = Catalyst Control Center Core Implementation "{D619679A-64A9-4677-F2D9-BF2EB2746D61}" = CCC Help Portuguese "{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials "{E2F2B987-F2BC-4969-95F2-92099486B811}" = StarMoney "{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update "{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{EEC9A274-AD86-3A16-4F17-22490EF597B4}" = CCC Help German "{EF6ADCD6-C463-24C9-EEE0-6E07F5CC5182}" = CCC Help Czech "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform "{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint "{F99BB4A4-5C73-0E3B-59E4-41960860A26E}" = Catalyst Control Center Localization All "{FC338210-F594-11D3-BA24-00001C3AB4DF}" = cyberJack Base Components "{FF783F26-3A11-FD83-4B2E-7A7C423323C7}" = Catalyst Control Center Graphics Full New "ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "ASUS AP Bank_is1" = ASUS AP Bank "ASUS WebStorage" = ASUS WebStorage "AVG Secure Search" = AVG Security Toolbar "Avira AntiVir Desktop" = Avira Free Antivirus "ElsterFormular 13.0.0.8086p" = ElsterFormular "ENTERPRISE" = Microsoft Office Enterprise 2007 "EPSON Scanner" = EPSON Scan "EPSON SX420W Series Manual" = EPSON SX420W Series Handbuch "EPSON SX420W Series Network Guide" = EPSON SX420W Series Netzwerk-Handbuch "Google Chrome" = Google Chrome "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{A7B8A5E9-CA44-44A0-9393-9EA0FFE4C3FB}" = Alcor Micro USB Card Reader "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "IrfanView" = IrfanView (remove only) "K_Series_ScreenSaver_EN" = K_Series_ScreenSaver_EN "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300 "Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MyTomTom" = MyTomTom 3.2.0.700 "Synchredible_is1" = Synchredible v4.0 "TomTom HOME" = TomTom HOME 2.8.3.2499 "WinLiveSuite_Wave3" = Windows Live Essentials ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 10.08.2012 13:19:17 | Computer Name = ***-PC | Source = System Restore | ID = 8193 Description = Error - 10.08.2012 13:19:19 | Computer Name = ***-PC | Source = System Restore | ID = 8193 Description = Error - 10.08.2012 13:19:46 | Computer Name = ***-PC | Source = System Restore | ID = 8193 Description = Error - 10.08.2012 13:19:47 | Computer Name = ***-PC | Source = System Restore | ID = 8193 Description = Error - 14.08.2012 07:44:20 | Computer Name = ***-PC | Source = System Restore | ID = 8193 Description = Error - 15.08.2012 04:50:44 | Computer Name = ***-PC | Source = System Restore | ID = 8193 Description = Error - 15.08.2012 04:54:18 | Computer Name = ***-PC | Source = System Restore | ID = 8193 Description = Error - 17.08.2012 06:26:39 | Computer Name = ***-PC | Source = System Restore | ID = 8193 Description = Error - 21.08.2012 02:04:45 | Computer Name = ***-PC | Source = System Restore | ID = 8193 Description = Error - 23.08.2012 06:39:41 | Computer Name = ***-PC | Source = Application Hang | ID = 1002 Description = Programm OTL.exe, Version 3.2.58.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 378 Startzeit: 01cd81197dc6bf84 Endzeit: 0 Anwendungspfad: C:\Users\***\Desktop\OTL.exe Berichts-ID: cbc7b8b4-ed0e-11e1-a9a0-485b39998d17 [ System Events ] Error - 20.08.2012 05:17:47 | Computer Name = ***-PC | Source = DCOM | ID = 10016 Description = Error - 20.08.2012 13:58:54 | Computer Name = ***-PC | Source = DCOM | ID = 10016 Description = Error - 21.08.2012 05:12:20 | Computer Name = ***-PC | Source = DCOM | ID = 10016 Description = Error - 21.08.2012 05:44:00 | Computer Name = ***-PC | Source = DCOM | ID = 10016 Description = Error - 21.08.2012 10:31:45 | Computer Name = ***-PC | Source = DCOM | ID = 10016 Description = Error - 21.08.2012 14:34:34 | Computer Name = ***-PC | Source = DCOM | ID = 10016 Description = Error - 22.08.2012 03:01:02 | Computer Name = ***-PC | Source = DCOM | ID = 10016 Description = Error - 22.08.2012 05:26:40 | Computer Name = ***-PC | Source = DCOM | ID = 10016 Description = Error - 22.08.2012 13:39:07 | Computer Name = ***-PC | Source = DCOM | ID = 10016 Description = Error - 23.08.2012 06:07:51 | Computer Name = ***-PC | Source = Application Popup | ID = 1060 Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\***\AppData\Local\Temp\OnlineScanner\Anti-Virus\ nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. < End of report > Avira Free Antivirus Erstellungsdatum der Reportdatei: Donnerstag, 23. August 2012 11:39 Es wird nach 4153501 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira AntiVir Personal - Free Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows 7 Home Premium Windowsversion : (Service Pack 1) [6.1.7601] Boot Modus : Normal gebootet Benutzername : SYSTEM Computername : ***-PC Versionsinformationen: BUILD.DAT : 12.0.0.1167 40870 Bytes 18.07.2012 19:07:00 AVSCAN.EXE : 12.3.0.33 468472 Bytes 08.08.2012 08:04:17 AVSCAN.DLL : 12.3.0.15 66256 Bytes 08.05.2012 10:08:57 LUKE.DLL : 12.3.0.15 68304 Bytes 08.05.2012 10:08:58 AVSCPLR.DLL : 12.3.0.14 97032 Bytes 08.05.2012 10:08:58 AVREG.DLL : 12.3.0.17 232200 Bytes 11.05.2012 09:05:36 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 09:07:39 VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 15:41:51 VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 10:57:08 VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 17:37:21 VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 17:09:58 VBASE006.VDF : 7.11.34.117 2048 Bytes 29.06.2012 17:09:58 VBASE007.VDF : 7.11.34.118 2048 Bytes 29.06.2012 17:09:58 VBASE008.VDF : 7.11.34.119 2048 Bytes 29.06.2012 17:09:58 VBASE009.VDF : 7.11.34.120 2048 Bytes 29.06.2012 17:09:58 VBASE010.VDF : 7.11.34.121 2048 Bytes 29.06.2012 17:09:58 VBASE011.VDF : 7.11.34.122 2048 Bytes 29.06.2012 17:09:58 VBASE012.VDF : 7.11.34.123 2048 Bytes 29.06.2012 17:09:58 VBASE013.VDF : 7.11.34.124 2048 Bytes 29.06.2012 17:09:58 VBASE014.VDF : 7.11.38.18 2554880 Bytes 30.07.2012 18:24:13 VBASE015.VDF : 7.11.38.70 556032 Bytes 31.07.2012 18:27:00 VBASE016.VDF : 7.11.38.143 171008 Bytes 02.08.2012 06:46:21 VBASE017.VDF : 7.11.38.221 178176 Bytes 06.08.2012 08:44:09 VBASE018.VDF : 7.11.39.37 168448 Bytes 08.08.2012 08:04:13 VBASE019.VDF : 7.11.39.89 131072 Bytes 09.08.2012 17:27:56 VBASE020.VDF : 7.11.39.145 142336 Bytes 11.08.2012 18:29:39 VBASE021.VDF : 7.11.39.207 165888 Bytes 14.08.2012 06:37:11 VBASE022.VDF : 7.11.40.9 156160 Bytes 16.08.2012 10:25:35 VBASE023.VDF : 7.11.40.49 133120 Bytes 17.08.2012 12:02:36 VBASE024.VDF : 7.11.40.95 156160 Bytes 20.08.2012 18:03:04 VBASE025.VDF : 7.11.40.155 181760 Bytes 22.08.2012 06:30:06 VBASE026.VDF : 7.11.40.156 2048 Bytes 22.08.2012 06:30:06 VBASE027.VDF : 7.11.40.157 2048 Bytes 22.08.2012 06:30:06 VBASE028.VDF : 7.11.40.158 2048 Bytes 22.08.2012 06:30:06 VBASE029.VDF : 7.11.40.159 2048 Bytes 22.08.2012 06:30:06 VBASE030.VDF : 7.11.40.160 2048 Bytes 22.08.2012 06:30:06 VBASE031.VDF : 7.11.40.188 117760 Bytes 23.08.2012 07:44:29 Engineversion : 8.2.10.132 AEVDF.DLL : 8.1.2.10 102772 Bytes 11.07.2012 07:22:03 AESCRIPT.DLL : 8.1.4.42 459129 Bytes 09.08.2012 17:28:02 AESCN.DLL : 8.1.8.2 131444 Bytes 27.01.2012 08:11:02 AESBX.DLL : 8.2.5.12 606578 Bytes 15.06.2012 09:45:53 AERDL.DLL : 8.1.9.15 639348 Bytes 08.09.2011 21:16:06 AEPACK.DLL : 8.3.0.24 811381 Bytes 07.08.2012 17:20:12 AEOFFICE.DLL : 8.1.2.42 201083 Bytes 19.07.2012 13:05:45 AEHEUR.DLL : 8.1.4.86 5165429 Bytes 09.08.2012 17:28:02 AEHELP.DLL : 8.1.23.2 258422 Bytes 28.06.2012 12:34:49 AEGEN.DLL : 8.1.5.34 434548 Bytes 19.07.2012 13:05:42 AEEXP.DLL : 8.1.0.74 86387 Bytes 03.08.2012 10:57:32 AEEMU.DLL : 8.1.3.2 393587 Bytes 11.07.2012 07:22:02 AECORE.DLL : 8.1.27.4 201078 Bytes 07.08.2012 17:20:12 AEBB.DLL : 8.1.1.0 53618 Bytes 01.09.2011 21:46:01 AVWINLL.DLL : 12.3.0.15 27344 Bytes 08.05.2012 10:08:57 AVPREF.DLL : 12.3.0.15 51920 Bytes 08.05.2012 10:08:57 AVREP.DLL : 12.3.0.15 179208 Bytes 08.05.2012 10:08:58 AVARKT.DLL : 12.3.0.15 211408 Bytes 08.05.2012 10:08:57 AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 08.05.2012 10:08:57 SQLITE3.DLL : 3.7.0.1 398288 Bytes 08.05.2012 10:08:58 AVSMTP.DLL : 12.3.0.32 63480 Bytes 08.08.2012 08:04:17 NETNT.DLL : 12.3.0.15 17104 Bytes 08.05.2012 10:08:58 RCIMAGE.DLL : 12.3.0.31 4444408 Bytes 08.08.2012 08:04:12 RCTEXT.DLL : 12.3.0.31 100088 Bytes 08.08.2012 08:04:12 Konfiguration für den aktuellen Suchlauf: Job Name..............................: Vollständige Systemprüfung Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp Protokollierung.......................: standard Primäre Aktion........................: interaktiv Sekundäre Aktion......................: ignorieren Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: C:, D:, Durchsuche aktive Programme...........: ein Laufende Programme erweitert..........: ein Durchsuche Registrierung..............: ein Suche nach Rootkits...................: ein Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: erweitert Beginn des Suchlaufs: Donnerstag, 23. August 2012 11:39 Der Suchlauf über die Masterbootsektoren wird begonnen: Masterbootsektor HD0 [INFO] Es wurde kein Virus gefunden! Der Suchlauf über die Bootsektoren wird begonnen: Bootsektor 'C:\' [INFO] Es wurde kein Virus gefunden! Bootsektor 'D:\' [INFO] Es wurde kein Virus gefunden! Der Suchlauf nach versteckten Objekten wird begonnen. Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'firefox.exe' - '103' Modul(e) wurden durchsucht Durchsuche Prozess 'avscan.exe' - '89' Modul(e) wurden durchsucht Durchsuche Prozess 'ControlDeck.exe' - '89' Modul(e) wurden durchsucht Durchsuche Prozess 'WDC.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'ATKOSD.exe' - '18' Modul(e) wurden durchsucht Durchsuche Prozess 'vprot.exe' - '41' Modul(e) wurden durchsucht Durchsuche Prozess 'EEventManager.exe' - '61' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '82' Modul(e) wurden durchsucht Durchsuche Prozess 'wcourier.exe' - '39' Modul(e) wurden durchsucht Durchsuche Prozess 'HControlUser.exe' - '18' Modul(e) wurden durchsucht Durchsuche Prozess 'ATKOSD2.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'Boingo Wi-Fi.exe' - '69' Modul(e) wurden durchsucht Durchsuche Prozess 'ToolbarUpdater.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'TomTomHOMEService.exe' - '12' Modul(e) wurden durchsucht Durchsuche Prozess 'CLMLSvc.exe' - '36' Modul(e) wurden durchsucht Durchsuche Prozess 'StarMoneyOnlineUpdate.exe' - '44' Modul(e) wurden durchsucht Durchsuche Prozess 'AsScrPro.exe' - '32' Modul(e) wurden durchsucht Durchsuche Prozess 'StarMoneyOnlineUpdate.exe' - '42' Modul(e) wurden durchsucht Durchsuche Prozess 'cjpcsc.exe' - '52' Modul(e) wurden durchsucht Durchsuche Prozess 'SeaPort.EXE' - '50' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '62' Modul(e) wurden durchsucht Durchsuche Prozess 'ALU.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'sensorsrv.exe' - '27' Modul(e) wurden durchsucht Durchsuche Prozess 'armsvc.exe' - '24' Modul(e) wurden durchsucht Durchsuche Prozess 'NetworkLicenseServer.exe' - '39' Modul(e) wurden durchsucht Durchsuche Prozess 'eEBSVC.exe' - '31' Modul(e) wurden durchsucht Durchsuche Prozess 'HControl.exe' - '48' Modul(e) wurden durchsucht Durchsuche Prozess 'rundll32.exe' - '37' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '41' Modul(e) wurden durchsucht Durchsuche Prozess 'GFNEXSrv.exe' - '10' Modul(e) wurden durchsucht Durchsuche Prozess 'smartlogon.exe' - '42' Modul(e) wurden durchsucht Durchsuche Prozess 'ASLDRSrv.exe' - '21' Modul(e) wurden durchsucht Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen: Die Registry wurde durchsucht ( '2443' Dateien ). Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\' <OS> C:\eSupport\eDriver\Software\Trendmicro\TIS2009\XP32_Win7_32_Win7_64_17.50.1493\Tools\32bit\SICTOOL\SICBASE.DAT [WARNUNG] Die Datei ist kennwortgeschützt C:\eSupport\eDriver\Software\Trendmicro\TIS2009\XP32_Win7_32_Win7_64_17.50.1493\Tools\64bit\SICTOOL\SICBASE.DAT [WARNUNG] Die Datei ist kennwortgeschützt C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\513afd90-3a00538e [0] Archivtyp: ZIP --> r0a/r0c.class [FUND] Enthält Erkennungsmuster des Exploits EXP/2012-0507.CX --> r0a/r0a.class [FUND] Enthält Erkennungsmuster des Exploits EXP/2012-0507.CU.1 --> r0a/r0d.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Karam.AH --> r0a/r0b.class [FUND] Enthält Erkennungsmuster des Exploits EXP/2012-1723.DG.1 C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe [WARNUNG] Unerwartetes Dateiende erreicht Beginne mit der Suche in 'D:\' <Data> D:\Downloads\Antivir\avira_free_antivirus_de.exe [WARNUNG] Die Datei ist kennwortgeschützt D:\***-PC\Backup Set 2012-08-12 193152\Backup Files 2012-08-12 193152\Backup files 1.zip [0] Archivtyp: ZIP --> C/Users/***/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/16/513afd90-3a00538e [1] Archivtyp: ZIP --> r0a/r0c.class [FUND] Enthält Erkennungsmuster des Exploits EXP/2012-0507.CX --> r0a/r0a.class [FUND] Enthält Erkennungsmuster des Exploits EXP/2012-0507.CU.1 --> r0a/r0d.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Karam.AH --> r0a/r0b.class [FUND] Enthält Erkennungsmuster des Exploits EXP/2012-1723.DG.1 Beginne mit der Desinfektion: D:\***-PC\Backup Set 2012-08-12 193152\Backup Files 2012-08-12 193152\Backup files 1.zip [FUND] Enthält Erkennungsmuster des Exploits EXP/2012-1723.DG.1 [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '56c8b3c3.qua' verschoben! C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\513afd90-3a00538e [FUND] Enthält Erkennungsmuster des Exploits EXP/2012-1723.DG.1 [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4eaf9c51.qua' verschoben! Ende des Suchlaufs: Donnerstag, 23. August 2012 13:43 Benötigte Zeit: 2:02:49 Stunde(n) Der Suchlauf wurde vollständig durchgeführt. 29167 Verzeichnisse wurden überprüft 930927 Dateien wurden geprüft 8 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 2 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 930919 Dateien ohne Befall 51924 Archive wurden durchsucht 4 Warnungen 2 Hinweise 666350 Objekte wurden beim Rootkitscan durchsucht 0 Versteckte Objekte wurden gefunden |
23.08.2012, 15:51 | #2 |
/// Helfer-Team | Firefox öffnet andere Seiten Webseiten, Windows Sicherheitscenter deaktiviertFixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2628501087-1004909151-860887654-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2628501087-1004909151-860887654-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={BBE0C801-E245-4003-A0DF-B44FFFF1EBCE}&mid=b7dbf2539c2547d0841b99127f7d64e4-4efb5d353297c0c0a4776b28ba13c6bfc5d9c963&lang=de&ds=tt014&pr=sa&d=2012-05-30 08:12:55&v=8.0.0.34&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-2628501087-1004909151-860887654-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..browser.startup.homepage: "google.de" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll File not found O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-2628501087-1004909151-860887654-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\S-1-5-21-2628501087-1004909151-860887654-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.5.1) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 [2012.08.10 09:33:20 | 004,503,728 | ---- | M] () -- C:\ProgramData\ldsw_0paos.pad @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:AB689DEA :Files ipconfig /flushdns /c :Commands [purity] [emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________ |
23.08.2012, 17:53 | #3 |
| Firefox öffnet andere Seiten Webseiten, Windows Sicherheitscenter deaktiviert Hallo t´john,
__________________danke für die schnelle Antwort. Fix wurde durchgeführt. Hier nun der Logfile: Code:
ATTFilter All processes killed ========== OTL ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKEY_USERS\S-1-5-21-2628501087-1004909151-860887654-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-2628501087-1004909151-860887654-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully. HKU\S-1-5-21-2628501087-1004909151-860887654-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! Prefs.js: "" removed from browser.search.defaultenginename Prefs.js: "Wikipedia (de)" removed from browser.search.selectedEngine Prefs.js: "google.de" removed from browser.startup.homepage 64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer\ deleted successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_USERS\S-1-5-21-2628501087-1004909151-860887654-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found. Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLinkedConnections deleted successfully. Registry value HKEY_USERS\S-1-5-21-2628501087-1004909151-860887654-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully. 64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ not found. Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\ProgramData\ldsw_0paos.pad moved successfully. ADS C:\ProgramData\Temp:AB689DEA deleted successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\Georg\Desktop\cmd.bat deleted successfully. C:\Users\Georg\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Georg ->Temp folder emptied: 495144900 bytes ->Temporary Internet Files folder emptied: 1504867 bytes ->Java cache emptied: 2549851 bytes ->FireFox cache emptied: 83677933 bytes ->Flash cache emptied: 545 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 53571 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67899 bytes RecycleBin emptied: 596480 bytes Total Files Cleaned = 557,00 mb OTL by OldTimer - Version 3.2.58.1 log created on 08232012_184408 Files\Folders moved on Reboot... C:\Users\Georg\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... |
23.08.2012, 18:52 | #4 |
/// Helfer-Team | Firefox öffnet andere Seiten Webseiten, Windows Sicherheitscenter deaktiviert Sehr gut! Wie laeuft der Rechner? 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
|
23.08.2012, 20:34 | #5 |
| Firefox öffnet andere Seiten Webseiten, Windows Sicherheitscenter deaktiviert Hallo, also wie er so läuft kann ich jetzt nicht sagen. Habe nicht viel dran gemacht wegen der Sicherheit. Auf jeden Fall läuft das "Windows-Sicherheitscenter" immer noch nicht. Hier mal die gewünschten Log´s: Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.23.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Georg :: GEORG-PC [Administrator] 23.08.2012 20:20:24 mbam-log-2012-08-23 (20-20-24).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 340234 Laufzeit: 1 Stunde(n), 4 Minute(n), 40 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) und AdwC: Code:
ATTFilter # AdwCleaner v1.801 - Logfile created 08/23/2012 at 21:27:21 # Updated 14/08/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Georg - GEORG-PC # Boot Mode : Normal # Running from : C:\Users\Georg\Desktop\adwcleaner.exe # Option [Search] ***** [Services] ***** Found : vToolbarUpdater11.2.0 ***** [Files / Folders] ***** Folder Found : C:\Users\Georg\AppData\Local\AVG Secure Search Folder Found : C:\Users\Georg\AppData\LocalLow\AVG Secure Search Folder Found : C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\5s7wglbn.default\extensions\avg@toolbar Folder Found : C:\ProgramData\AVG Secure Search Folder Found : C:\Program Files (x86)\AVG Secure Search Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search Folder Found : C:\ProgramData\Partner File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml ***** [Registry] ***** Key Found : HKCU\Software\AVG Secure Search Key Found : HKCU\Software\Softonic Key Found : HKLM\SOFTWARE\AVG Secure Search Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1 Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1 Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 Key Found : HKLM\SOFTWARE\Iminent Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin [x64] Key Found : HKCU\Software\AVG Secure Search [x64] Key Found : HKCU\Software\Softonic [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL [x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI [x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1 [x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj [x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1 [x64] Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol [x64] Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi [x64] Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 [x64] Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE [x64] Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 ***** [Registre - GUID] ***** Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Key Found : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761} Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3} Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} Key Found : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Found : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} Key Found : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} Key Found : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} Key Found : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} Key Found : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} Key Found : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} Key Found : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} Key Found : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} Key Found : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} Key Found : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} Key Found : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Found : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} Key Found : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} Key Found : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} Key Found : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} Key Found : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} Key Found : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Key Found : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} Key Found : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} Key Found : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} Key Found : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} Key Found : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Found : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} Key Found : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} Key Found : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} Key Found : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} Key Found : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} Key Found : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Found : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} Key Found : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} Key Found : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} Key Found : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} Key Found : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} Key Found : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} Key Found : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} Key Found : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} Key Found : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} Key Found : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} Key Found : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} Key Found : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} Key Found : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}] [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} [x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759} [x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} [x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} [x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} [x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://isearch.avg.com/tab?cid={BBE0C801-E245-4003-A0DF-B44FFFF1EBCE}&mid=b7dbf2539c2547d0841b99127f7d64e4-4efb5d353297c0c0a4776b28ba13c6bfc5d9c963&lang=de&ds=tt014&pr=sa&d=2012-05-30 08:12:55&v=9.0.0.22&sap=nt -\\ Mozilla Firefox v14.0.1 (de) Profile name : default File : C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\5s7wglbn.default\prefs.js [OK] File is clean. ************************* AdwCleaner[R1].txt - [15180 octets] - [23/08/2012 21:27:21] ########## EOF - C:\AdwCleaner[R1].txt - [15309 octets] ########## |
24.08.2012, 00:36 | #6 | |
/// Helfer-Team | Firefox öffnet andere Seiten Webseiten, Windows Sicherheitscenter deaktiviertZitat:
Sehr gut!
danach: Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________ --> Firefox öffnet andere Seiten Webseiten, Windows Sicherheitscenter deaktiviert |
24.08.2012, 09:37 | #7 |
| Firefox öffnet andere Seiten Webseiten, Windows Sicherheitscenter deaktiviert Guten Morgen, also Fehlermeldung ist folgende: Der Windows-Sicherheitscenterdienst kann nicht gestartet werden. Hoffe das bringt dich weiter. Hier noch die Logfiles. Mann des ist lange gelaufen. AdwC Code:
ATTFilter # AdwCleaner v1.801 - Logfile created 08/24/2012 at 08:33:46 # Updated 14/08/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : *** - ***-PC # Boot Mode : Normal # Running from : C:\Users\***\Desktop\adwcleaner.exe # Option [Delete] ***** [Services] ***** Stopped & Deleted : vToolbarUpdater11.2.0 ***** [Files / Folders] ***** Folder Deleted : C:\Users\***\AppData\Local\AVG Secure Search Folder Deleted : C:\Users\***\AppData\LocalLow\AVG Secure Search Folder Deleted : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5s7wglbn.default\extensions\avg@toolbar Folder Deleted : C:\ProgramData\AVG Secure Search Folder Deleted : C:\Program Files (x86)\AVG Secure Search Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search Folder Deleted : C:\ProgramData\Partner File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml ***** [Registry] ***** Key Deleted : HKCU\Software\AVG Secure Search Key Deleted : HKCU\Software\Softonic Key Deleted : HKLM\SOFTWARE\AVG Secure Search Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1 Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1 Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 Key Deleted : HKLM\SOFTWARE\Iminent Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin ***** [Registre - GUID] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}] [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://isearch.avg.com/tab?cid={BBE0C801-E245-4003-A0DF-B44FFFF1EBCE}&mid=b7dbf2539c2547d0841b99127f7d64e4-4efb5d353297c0c0a4776b28ba13c6bfc5d9c963&lang=de&ds=tt014&pr=sa&d=2012-05-30 08:12:55&v=9.0.0.22&sap=nt --> hxxp://www.google.com -\\ Mozilla Firefox v14.0.1 (de) Profile name : default File : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5s7wglbn.default\prefs.js C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5s7wglbn.default\user.js ... Deleted ! [OK] File is clean. ************************* AdwCleaner[R1].txt - [15173 octets] - [23/08/2012 21:27:21] AdwCleaner[S1].txt - [13942 octets] - [24/08/2012 08:33:46] ########## EOF - C:\AdwCleaner[S1].txt - [14071 octets] ########## und Emisoft Code:
ATTFilter Emsisoft Anti-Malware - Version 6.6 Letztes Update: 24.08.2012 09:04:57 Scan Einstellungen: Scan Methode: Detail Scan Objekte: Rootkits, Speicher, Traces, C:\, D:\ Archiv Scan: An ADS Scan: An Scan Beginn: 24.08.2012 09:05:19 c:\casino gefunden: Trace.File.carnivalcasino!E1 c:\casino\ gefunden: Trace.File.21novacasino!E1 Key: hkey_current_user\software\ptech gefunden: Trace.Registry.e2give(charitynetwork)!E1 Value: hkey_current_user\software\classes\joyland --> url protocol gefunden: Trace.Registry.joyland casino!E1 Value: hkey_current_user\software\joyland casino --> options_dealervoiceset gefunden: Trace.Registry.joyland casino!E1 Value: hkey_current_user\software\joyland casino --> options_music gefunden: Trace.Registry.joyland casino!E1 Value: hkey_current_user\software\joyland casino --> options_sounds gefunden: Trace.Registry.joyland casino!E1 Value: hkey_current_user\software\joyland casino --> options_xlslots gefunden: Trace.Registry.joyland casino!E1 Value: hkey_current_user\software\joyland casino --> options_dealervoices gefunden: Trace.Registry.joyland casino!E1 D:\***-PC\Backup Set 2012-06-10 200541\Backup Files 2012-06-17 205328\Backup files 2.zip -> C\Users\***\AppData\Local\Mozilla\Firefox\Profiles\5s7wglbn.default\Cache\4\46\23B45d01 gefunden: Trojan.IframeRef!E2 D:\***-PC\Backup Set 2012-06-10 200541\Backup Files 2012-06-17 205328\Backup files 2.zip -> C\Users\***\AppData\Local\Mozilla\Firefox\Profiles\5s7wglbn.default\Cache\4\6E\51F80d01 gefunden: Trojan.IframeRef!E2 D:\***-PC\Backup Set 2012-06-10 200541\Backup Files 2012-06-17 205328\Backup files 2.zip -> C\Users\***\AppData\Local\Mozilla\Firefox\Profiles\5s7wglbn.default\Cache\4\A4\F3055d01 gefunden: Trojan.IframeRef!E2 D:\***-PC\Backup Set 2012-06-10 200541\Backup Files 2012-06-17 205328\Backup files 2.zip -> C\Users\***\AppData\Local\Mozilla\Firefox\Profiles\5s7wglbn.default\Cache\5\1C\3B0D8d01 gefunden: Trojan.IframeRef!E2 D:\***-PC\Backup Set 2012-06-10 200541\Backup Files 2012-06-17 205328\Backup files 3.zip -> C\Users\***\AppData\Local\Mozilla\Firefox\Profiles\5s7wglbn.default\Cache\8\FC\41EC7d01 gefunden: Trojan.IframeRef!E2 D:\***-PC\Backup Set 2012-06-10 200541\Backup Files 2012-06-17 205328\Backup files 3.zip -> C\Users\***\AppData\Local\Mozilla\Firefox\Profiles\5s7wglbn.default\Cache\A\5C\C5606d01 gefunden: Trojan.IframeRef!E2 D:\***-PC\Backup Set 2012-06-10 200541\Backup Files 2012-06-17 205328\Backup files 4.zip -> C\Users\***\AppData\Local\Mozilla\Firefox\Profiles\5s7wglbn.default\Cache\E\5D\AE986d01 gefunden: Trojan.IframeRef!E2 D:\***-PC\Backup Set 2012-06-10 200541\Backup Files 2012-06-17 205328\Backup files 4.zip -> C\Users\***\AppData\Local\Mozilla\Firefox\Profiles\5s7wglbn.default\Cache\E\92\5B659d01 gefunden: Trojan.IframeRef!E2 D:\***-PC\Backup Set 2012-06-10 200541\Backup Files 2012-06-17 205328\Backup files 3.zip -> C\Users\***\AppData\Local\Mozilla\Firefox\Profiles\5s7wglbn.default\Cache\B\35\A968Ad01 gefunden: Trojan.IframeRef!E2 D:\***-PC\Backup Set 2012-06-10 200541\Backup Files 2012-06-17 205328\Backup files 4.zip -> C\Users\***\AppData\Local\Mozilla\Firefox\Profiles\5s7wglbn.default\Cache\E\C0\12F14d01 gefunden: Trojan.IframeRef!E2 D:\***-PC\Backup Set 2012-06-10 200541\Backup Files 2012-06-17 205328\Backup files 3.zip -> C\Users\***\AppData\Local\Mozilla\Firefox\Profiles\5s7wglbn.default\Cache\B\AB\F9876d01 gefunden: Trojan.IframeRef!E2 Gescannt 595433 Gefunden 20 Scan Ende: 24.08.2012 10:26:07 Scan Zeit: 1:20:48 D:\***-PC\Backup Set 2012-06-10 200541\Backup Files 2012-06-17 205328\Backup files 2.zip -> C\Users\***\AppData\Local\Mozilla\Firefox\Profiles\5s7wglbn.default\Cache\4\46\23B45d01 Quarantäne Trojan.IframeRef!E2 D:\***-PC\Backup Set 2012-06-10 200541\Backup Files 2012-06-17 205328\Backup files 3.zip -> C\Users\***\AppData\Local\Mozilla\Firefox\Profiles\5s7wglbn.default\Cache\8\FC\41EC7d01 Quarantäne Trojan.IframeRef!E2 D:\***-PC\Backup Set 2012-06-10 200541\Backup Files 2012-06-17 205328\Backup files 4.zip -> C\Users\***\AppData\Local\Mozilla\Firefox\Profiles\5s7wglbn.default\Cache\E\5D\AE986d01 Quarantäne Trojan.IframeRef!E2 Value: hkey_current_user\software\classes\joyland --> url protocol Quarantäne Trace.Registry.joyland casino!E1 Value: hkey_current_user\software\joyland casino --> options_dealervoiceset Quarantäne Trace.Registry.joyland casino!E1 Value: hkey_current_user\software\joyland casino --> options_music Quarantäne Trace.Registry.joyland casino!E1 Value: hkey_current_user\software\joyland casino --> options_sounds Quarantäne Trace.Registry.joyland casino!E1 Value: hkey_current_user\software\joyland casino --> options_xlslots Quarantäne Trace.Registry.joyland casino!E1 Value: hkey_current_user\software\joyland casino --> options_dealervoices Quarantäne Trace.Registry.joyland casino!E1 Key: hkey_current_user\software\ptech Quarantäne Trace.Registry.e2give(charitynetwork)!E1 c:\casino\ Quarantäne Trace.File.21novacasino!E1 c:\casino Quarantäne Trace.File.carnivalcasino!E1 Quarantäne 12 Darius |
24.08.2012, 15:47 | #8 |
/// Helfer-Team | Firefox öffnet andere Seiten Webseiten, Windows Sicherheitscenter deaktiviert Bitte mal durchfuehren: http://www.trojaner-board.de/72874-s...eparieren.html |
24.08.2012, 16:48 | #9 |
| Firefox öffnet andere Seiten Webseiten, Windows Sicherheitscenter deaktiviert Hi, hab scannow durchlaufen lassen, hat aber nix gefunden. Wollte dann die cbs.log öffnen um sie dir zu schicken dass ging aber nicht Fehler Zugriff verweigert. Und jetzt pass auf! Wollte googeln wie ich die Datei öffnen kann und wir stehen wieder am Anfang!!! Es wird wieder irendeine Seite geöffnet nur nicht die, die ich will. Auch wieder über ihavenet. Sicherheitscenter geht auch immer noch nicht! So ich glaube wir werden noch ein paar viele Stunden miteinander verbringen HILFE wie geht´s denn nun weiter Geändert von DariMD (24.08.2012 um 16:50 Uhr) Grund: Etwas wichtiges vergessen |
24.08.2012, 18:09 | #10 |
/// Helfer-Team | Firefox öffnet andere Seiten Webseiten, Windows Sicherheitscenter deaktiviert Malware mit Combofix beseitigen Lade Combofix von einem der folgenden Download-Spiegel herunter: BleepingComputer.com - ForoSpyware.com und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig! Beachte die ausführliche Original-Anleitung. Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:
Vorbereitung und wichtige Hinweise
Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen! |
24.08.2012, 19:02 | #11 |
| Firefox öffnet andere Seiten Webseiten, Windows Sicherheitscenter deaktiviert Oh man, ich glaub ich habe jetzt echt MIST gebaut. Combofix runtergeladen Avira deaktiviert wie in der Anleitung und W-LAN ausgemacht und Combofix gestartet. Combo brachte immer noch Fehler wegen AVIRA daraufhin COMBO geschlossen und AVIRA deinstalliert. Jetzt nach nem Neustart installiere ich AVIRA wieder neu und COMBO auch und gehe dann nach deiner Anleitung weiter an. SSOORRYY des war denke ich riesen Mist was ich gemacht hab aber ich schalte eigentlich immer W-Lan aus wenn ich Avira oder Firewall abschalte. Nabend, so nun die Logfiles von Combo. Code:
ATTFilter ComboFix 12-08-24.02 - *** 24.08.2012 20:08:46.2.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4094.2924 [GMT 2:00] ausgeführt von:: c:\users\***\Desktop\ComboFix.exe AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\esupport\eDriver\Software\ASUS\MultiFrame\XP32_Vista32_Vista64_Win7_32_Win7_64_1.0.0021\Desktop_.ini c:\programdata\FullRemove.exe c:\windows\msvcr71.dll . . ((((((((((((((((((((((( Dateien erstellt von 2012-07-24 bis 2012-08-24 )))))))))))))))))))))))))))))) . . 2012-08-24 18:21 . 2012-08-24 18:21 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-24 17:45 . 2012-08-24 17:45 -------- d-----w- c:\users\***\AppData\Roaming\Avira 2012-08-24 17:38 . 2012-08-24 18:04 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-08-24 17:38 . 2012-08-24 18:04 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys 2012-08-24 17:38 . 2012-08-24 17:38 -------- d-----w- c:\programdata\Avira 2012-08-24 17:38 . 2012-08-24 17:38 -------- d-----w- c:\program files (x86)\Avira 2012-08-24 17:38 . 2011-12-09 10:40 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2012-08-24 07:02 . 2012-08-24 13:21 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware 2012-08-23 16:44 . 2012-08-23 16:44 -------- d-----w- C:\_OTL 2012-08-23 10:07 . 2012-08-23 10:07 -------- d-----w- c:\users\***\AppData\Roaming\f-secure 2012-08-23 10:06 . 2012-08-23 10:06 -------- d-----w- c:\programdata\F-Secure 2012-08-23 06:54 . 2012-08-23 06:54 106496 --sha-r- c:\windows\SysWow64\p2pcollabw.dll 2012-08-21 06:05 . 2012-08-01 22:58 9309624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2D982476-E513-416F-B4C8-91E961C217E5}\mpengine.dll 2012-08-15 08:49 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll 2012-08-15 08:49 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll 2012-08-15 08:49 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll 2012-08-15 08:49 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll 2012-08-15 08:49 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-08-15 08:48 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll 2012-08-10 17:20 . 2012-08-10 17:20 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-08-10 17:19 . 2012-08-10 17:19 -------- d-----w- c:\program files (x86)\Oracle 2012-08-10 17:08 . 2012-08-10 17:08 -------- d-----w- c:\users\***\AppData\Local\Macromedia 2012-08-10 17:07 . 2012-08-10 17:07 955888 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-08-10 17:07 . 2012-08-10 17:07 839152 ----a-w- c:\windows\system32\deployJava1.dll 2012-08-10 17:07 . 2012-08-10 17:07 268784 ----a-w- c:\windows\system32\javaws.exe 2012-08-10 17:07 . 2012-08-10 17:07 189424 ----a-w- c:\windows\system32\javaw.exe 2012-08-10 17:07 . 2012-08-10 17:07 188912 ----a-w- c:\windows\system32\java.exe 2012-08-10 17:07 . 2012-08-10 17:07 -------- d-----w- c:\program files\Java 2012-08-10 17:05 . 2012-08-10 17:05 -------- d-----w- c:\program files\Microsoft Silverlight 2012-08-10 17:05 . 2012-08-10 17:05 -------- d-----w- c:\program files (x86)\Microsoft Silverlight 2012-08-10 15:26 . 2012-08-10 15:26 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes 2012-08-10 15:26 . 2012-08-10 15:26 -------- d-----w- c:\programdata\Malwarebytes 2012-08-10 15:26 . 2012-08-10 15:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-08-10 15:26 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-03 13:22 . 2012-08-03 13:22 -------- d-----w- c:\program files (x86)\MyTomTom 3 2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-24 18:23 . 2010-10-21 15:09 45056 ----a-w- c:\windows\system32\acovcnt.exe 2012-08-23 09:32 . 2012-05-17 13:25 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-08-23 09:32 . 2012-05-17 13:25 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-08-15 08:50 . 2010-10-24 11:43 62134624 ----a-w- c:\windows\system32\MRT.exe 2012-07-05 20:06 . 2012-05-23 16:24 772544 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-07-05 20:06 . 2011-05-01 06:47 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-06-25 14:04 . 2012-06-25 14:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll 2012-06-09 05:43 . 2012-07-11 07:32 14172672 ----a-w- c:\windows\system32\shell32.dll 2012-06-06 18:59 . 2012-06-06 18:59 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX 2012-06-06 06:06 . 2012-07-11 07:32 2004480 ----a-w- c:\windows\system32\msxml6.dll 2012-06-06 06:06 . 2012-07-11 07:32 1881600 ----a-w- c:\windows\system32\msxml3.dll 2012-06-06 06:02 . 2012-07-11 07:32 1133568 ----a-w- c:\windows\system32\cdosys.dll 2012-06-06 05:05 . 2012-07-11 07:32 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll 2012-06-06 05:05 . 2012-07-11 07:32 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2012-06-06 05:03 . 2012-07-11 07:32 805376 ----a-w- c:\windows\SysWow64\cdosys.dll 2012-06-02 22:19 . 2012-06-19 10:10 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-19 10:10 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-19 10:10 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-19 10:10 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-19 10:10 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-19 10:10 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-19 10:10 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 13:19 . 2012-06-19 10:10 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 13:15 . 2012-06-19 10:10 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 05:50 . 2012-07-11 07:32 458704 ----a-w- c:\windows\system32\drivers\cng.sys 2012-06-02 05:48 . 2012-07-11 07:32 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-06-02 05:48 . 2012-07-11 07:32 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-06-02 05:45 . 2012-07-11 07:32 340992 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 05:44 . 2012-07-11 07:32 307200 ----a-w- c:\windows\system32\ncrypt.dll 2012-06-02 04:40 . 2012-07-11 07:32 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2012-06-02 04:40 . 2012-07-11 07:32 225280 ----a-w- c:\windows\SysWow64\schannel.dll 2012-06-02 04:39 . 2012-07-11 07:32 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll 2012-06-02 04:34 . 2012-07-11 07:32 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2012-05-31 10:25 . 2011-09-01 12:58 279656 ------w- c:\windows\system32\MpSigStub.exe . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Boingo Wi-Fi"="c:\program files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-09-10 2429] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-31 102400] "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-02-04 7350912] "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016] "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-07-02 1597440] "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "emsisoft anti-malware"="c:\program files (x86)\Emsisoft Anti-Malware\a2guard.exe" [2012-07-30 3408288] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-24 348664] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" . R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-10 135664] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944] R2 StarMoney 7.0 OnlineUpdate;StarMoney 7.0 OnlineUpdate;c:\program files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe [2011-11-08 554160] R2 StarMoney 8.0 OnlineUpdate;StarMoney 8.0 OnlineUpdate;c:\program files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe [2012-06-28 692432] R3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2012-04-30 66320] R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-12-28 44032] R3 cjusb;REINER SCT cyberJack USB Driver;c:\windows\system32\DRIVERS\cjusb.sys [2010-02-08 29184] R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-10 135664] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-20 113120] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040] R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088] S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2011-05-19 23208] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-09 27760] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 a2AntiMalware;Emsisoft Anti-Malware 6.6 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [2012-07-30 3075920] S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960] S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-12-07 379520] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-30 202752] S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-08-24 86224] S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416] S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176] S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648] S2 cjpcsc;cyberJack PC/SC COM Service ;c:\windows\SysWOW64\cjpcsc.exe [2010-05-02 498096] S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-01-23 92592] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-03-30 6657536] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-03-30 195584] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-07-21 129024] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-03-04 75816] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] . . Inhalt des "geplante Tasks" Ordners . 2012-08-24 c:\windows\Tasks\FIYTIW.job - c:\windows\system32\rundll32.exe [2009-07-13 01:14] . 2012-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc7058e4b99e9a.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-10 00:55] . 2012-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-10 00:55] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B] @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}" [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}] 2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O] @="{64174815-8D98-4CE6-8646-4C039977D808}" [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}] 2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-01-18 324608] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://google.de/ uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.178.1 FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5s7wglbn.default\ FF - prefs.js: browser.search.selectedEngine - FF - prefs.js: browser.startup.homepage - google.de . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Wow6432Node-HKLM-Run-vProt - c:\program files (x86)\AVG Secure Search\vprot.exe Wow6432Node-HKLM-Run-HF_G_Jul - c:\program files (x86)\AVG Secure Search\HF_G_Jul.exe HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe AddRemove-K_Series_ScreenSaver_EN - c:\windows\system32\K_Series_ScreenSaver_EN.scr . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe c:\windows\SysWOW64\rundll32.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe c:\windows\AsScrPro.exe c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe c:\program files (x86)\ASUS\ControlDeck\ControlDeck.exe . ************************************************************************** . Zeit der Fertigstellung: 2012-08-24 20:44:31 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2012-08-24 18:44 . Vor Suchlauf: 8 Verzeichnis(se), 42.110.730.240 Bytes frei Nach Suchlauf: 16 Verzeichnis(se), 41.952.231.424 Bytes frei . - - End Of File - - F5AFFF69C28EBE3B7A4B77DC2C2CCCA0 und Code:
ATTFilter Update for Microsoft Office 2007 (KB2508958) ABBYY FineReader 9.0 Sprint Acrobat.com Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.4) - Deutsch Alcor Micro USB Card Reader Alice Greenfingers AMD USB Filter Driver ASUS AI Recovery ASUS AP Bank ASUS FancyStart ASUS LifeFrame3 ASUS Live Update ASUS MultiFrame ASUS SmartLogon ASUS Splendid Video Enhancement Technology ASUS Virtual Camera ASUS WebStorage ATK Package Avira Free Antivirus Bing Bar Boingo Wi-Fi Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Chicken Invaders 2 Choice Guard ControlDeck cyberJack Base Components CyberLink LabelPrint CyberLink Power2Go Dream Day Wedding Married in Manhattan ElsterFormular ElsterFormular 2008/2009 Emsisoft Anti-Malware Epson Easy Photo Print 2 Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) Epson Event Manager EPSON Scan EPSON SX420W Series Handbuch EPSON SX420W Series Netzwerk-Handbuch EpsonNet Print EpsonNet Setup 3.2 Game Park Console Google Chrome Google Toolbar for Internet Explorer Google Update Helper IrfanView (remove only) Java Auto Updater Java(TM) 6 Update 32 Java(TM) 7 Update 5 JavaFX 2.1.1 Junk Mail filter update K_Series_ScreenSaver_EN Malwarebytes Anti-Malware Version 1.62.0.1300 Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (German) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (German) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (German) 2007 Microsoft Office InfoPath MUI (German) 2007 Microsoft Office Live Add-in 1.5 Microsoft Office OneNote MUI (German) 2007 Microsoft Office Outlook MUI (German) 2007 Microsoft Office PowerPoint MUI (German) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Italian) 2007 Microsoft Office Proofing (German) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (German) 2007 Microsoft Office Shared MUI (German) 2007 Microsoft Office Word MUI (German) 2007 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Mozilla Firefox 14.0.1 (x86 de) Mozilla Maintenance Service MSVCRT MSXML 4.0 SP3 Parser (KB2721691) MSXML 4.0 SP3 Parser (KB973685) MyTomTom 3.2.0.700 Piggly FREE Realtek High Definition Audio Driver Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition Skype™ 5.10 Smileyville FREE StarMoney StarMoney 7.0 StarMoney 8.0 syncables desktop SE Synchredible v4.0 TomTom HOME 2.8.3.2499 TomTom HOME Visual Studio Merge Modules Update für Microsoft Office Excel 2007 Help (KB963678) Update für Microsoft Office Outlook 2007 Help (KB963677) Update für Microsoft Office Powerpoint 2007 Help (KB963669) Update für Microsoft Office Word 2007 Help (KB963665) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687400) 32-Bit Edition Visual Studio C++ 10.0 Runtime Windows Live-Uploadtool Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Fotogalerie Windows Live Mail Windows Live Messenger Windows Live Sync Windows Live Writer WinFlash Wireless Console 3 Schönen Abend noch und ich hoffe ich bereite dir nicht alzu viele Sorgen. Darius |
26.08.2012, 00:11 | #12 | |
/// Helfer-Team | Firefox öffnet andere Seiten Webseiten, Windows Sicherheitscenter deaktiviert Bitte mal ausfuehren: http://www.trojaner-board.de/72874-s...eparieren.html Danach: - neustarten - nochmal versuchen Zitat:
|
26.08.2012, 11:51 | #13 |
| Firefox öffnet andere Seiten Webseiten, Windows Sicherheitscenter deaktiviert Hallo, das mit "sfc" hat wieder nichts gebracht. Habe mal ein wenig weiter geschaut unter Verwaltung - Dienste dort ist der Sicherheitscenterdienst und Windows-Defender auf deaktiviert gesetzt. Konnte sie beide problemlos wieder auf automatisch setzen und starten. Ca. 1Min laufen die Dienste auch, dann machts ping und sie sind wieder beide auf deaktiviert!!! Da muss doch noch irgendetwas sein wo darauf zugreift und die dienste deaktiviert. Google-Suche funktioniert auch weiterhin nicht! Wie machen wir weiter? Kann mein Dad denn Laptop für E-Mail und Onlinebanking in diesem Zustand eigentlich sicher nutzen? Weil der steht zur Zeit bei mir und er gefragt wann ich es bringe grade wegen E-Mails und Banking etwas machen sollte. Danke |
27.08.2012, 02:33 | #14 | |
/// Helfer-Team | Firefox öffnet andere Seiten Webseiten, Windows Sicherheitscenter deaktiviert versuche folgendes, um das Sicherheitscenter zu resetten: - drücke Windows-Taste + R - tippe service.msc ein und bestätige mit OK - beende die folgenden Dieste und stelle den Starttyp jeweils auf "Automatisch" Windows-Verwaltungsinstrumentation (WMI) Sicherheitscenter - schließe nun das Fenster - öffne als nächstes den Windows-Explorer - wechsle in das Verzeichnis C:\Windows\System32\wbem - benenne den Ordner Repository um in altRepository - starte den PC neu, damit der Ordner Repository neu angelegt wird (ggf. mußt du zwei Neustarts durchführen) Zitat:
|
27.08.2012, 16:18 | #15 |
| Firefox öffnet andere Seiten Webseiten, Windows Sicherheitscenter deaktiviert Hallo t´john, das funktioniert nicht. Also folgendes, wenn ich den Dienst WMI beende, startet er innerhalb weniger Sekunden wieder, sodass ich den Ordner Repository nicht umbennenen kann. Beim Sicherheitscenterdienst ist es so, dass er sich wieder selbstständig auf deaktiviert stellt. Habe den WMI Dienst mal deaktiviert, das hat funktioniert, konnte den Ordener Repository auch umbennenen, nach Neustart wieder auf automatisch gestellt wieder Neustart und dann fing das Spiel wieder von vorne an. Sicherheitscenter funktioniert weiterhin nicht! Gruß Darius |
Themen zu Firefox öffnet andere Seiten Webseiten, Windows Sicherheitscenter deaktiviert |
.com, antivir, avg secure search, avg security toolbar, avira, bho, bingbar, cid, error, firefox, flash player, format, gfnexsrv.exe, google, helper, home, ihavenet.com, install.exe, office 2007, plug-in, popup, programm, prozesse, realtek, registry, rundll, scan, secure search, security, senden, software, starmoney, svchost.exe, usb 2.0, verweise, visual studio, vtoolbarupdater, warnung, windows, windows sicherheitscenter deaktiviert, öffnet andere seiten |