|
Plagegeister aller Art und deren Bekämpfung: Google RedirectWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
05.11.2012, 00:20 | #1 |
| Google Redirect Hallo, werde nach Google Suchvorgängen regelmässig - aber nicht immer - auf andere nicht gesuchte Seiten geleitet. Ein vollständiger Scan mit Ad-Aware Antivirus brachte keine infizierten Dateien und auch ein Quickscán mit Malwarebytes zeigte nichts an: Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.04.05 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Max :: MAX-ON-TOUR [Administrator] 04.11.2012 23:49:38 mbam-log-2012-11-04 (23-49-38).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 190917 Laufzeit: 7 Minute(n), 4 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Und nun?? Vielen Dank für eure Hilfe. |
06.11.2012, 17:08 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Google RedirectBevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Zitat:
Bitte beachten => http://www.trojaner-board.de/125889-...tml#post941520
__________________ |
14.11.2012, 22:18 | #3 |
| Google Redirect Nein - wird nichts gefunden...
__________________ |
14.11.2012, 22:39 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Google Redirect Bitte nun Logs mit GMER (<<< klick für Anleitung) und aswMBR (Anleitung etwas weiter unten) erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur aswMBR aus. aswMBR-Download => aswMBR.exe - speichere die Datei auf deinem Desktop.
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
15.11.2012, 01:40 | #5 |
| Google Redirect GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover Rootkit scan 2012-11-15 01:40:32 Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST9160310AS rev.0303 Running: zi6y1gpo.exe; Driver: C:\DOKUME~1\Max\LOKALE~1\Temp\uxloraow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\drivers\sbaphd.sys (GFI ActiveProtection hook driver/GFI Software) ZwCreateKey [0xF7A204D0] SSDT \SystemRoot\system32\drivers\sbaphd.sys (GFI ActiveProtection hook driver/GFI Software) ZwSetValueKey [0xF7A20520] ---- Kernel code sections - GMER 1.0.15 ---- ? 31034520.sys Das System kann die angegebene Datei nicht finden. ! ---- Devices - GMER 1.0.15 ---- Device \FileSystem\13861817 \Device\KLMD13082012_208040_B 31034520.sys ---- EOF - GMER 1.0.15 ---- aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software Run date: 2012-11-15 01:44:03 ----------------------------- 01:44:03.718 OS Version: Windows 5.1.2600 Service Pack 3 01:44:03.718 Number of processors: 1 586 0xD08 01:44:03.718 ComputerName: MAX-ON-TOUR UserName: Max 01:44:04.484 Initialize success 01:48:47.687 AVAST engine defs: 12111401 01:51:54.828 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 01:51:54.828 Disk 0 Vendor: ST9160310AS 0303 Size: 152627MB BusType: 3 01:51:54.890 Disk 0 MBR read successfully 01:51:54.890 Disk 0 MBR scan 01:51:54.921 Disk 0 Windows XP default MBR code 01:51:54.968 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 81940 MB offset 63 01:51:54.984 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 70653 MB offset 167814990 01:51:55.031 Disk 0 Partition 3 00 EF EFI FAT B 31 MB offset 312512445 01:51:55.046 Disk 0 scanning sectors +312576705 01:51:55.359 Disk 0 scanning C:\WINDOWS\system32\drivers 01:52:23.796 Service scanning 01:52:47.437 Modules scanning 01:53:25.312 Disk 0 trace - called modules: 01:53:26.093 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS 01:53:26.093 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8651cab8] 01:53:26.109 3 CLASSPNP.SYS[f75c8fd7] -> nt!IofCallDriver -> \Device\00000068[0x865d72a0] 01:53:26.109 5 ACPI.sys[f7430620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86577940] 01:53:26.484 AVAST engine scan C:\WINDOWS 01:54:14.859 AVAST engine scan C:\WINDOWS\system32 01:58:57.328 File: C:\WINDOWS\system32\mshtmlerz.dll **INFECTED** Win32:Crypt-NYN [Trj] 02:09:41.203 AVAST engine scan C:\WINDOWS\system32\drivers 02:10:59.421 AVAST engine scan C:\Dokumente und Einstellungen\Max 02:42:02.875 AVAST engine scan C:\Dokumente und Einstellungen\All Users 02:42:48.359 Scan finished successfully 02:56:41.984 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Max\Desktop\MBR.dat" 02:56:41.984 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Max\Desktop\aswMBR1.txt" |
15.11.2012, 17:03 | #6 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Google RedirectZitat:
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehlalarm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!
__________________ --> Google Redirect |
15.11.2012, 20:32 | #7 |
| Google Redirect 20:26:14.0671 0524 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 20:26:15.0234 0524 ============================================================ 20:26:15.0234 0524 Current date / time: 2012/11/15 20:26:15.0234 20:26:15.0234 0524 SystemInfo: 20:26:15.0234 0524 20:26:15.0234 0524 OS Version: 5.1.2600 ServicePack: 3.0 20:26:15.0234 0524 Product type: Workstation 20:26:15.0234 0524 ComputerName: MAX-ON-TOUR 20:26:15.0234 0524 UserName: Max 20:26:15.0234 0524 Windows directory: C:\WINDOWS 20:26:15.0234 0524 System windows directory: C:\WINDOWS 20:26:15.0234 0524 Processor architecture: Intel x86 20:26:15.0234 0524 Number of processors: 1 20:26:15.0234 0524 Page size: 0x1000 20:26:15.0234 0524 Boot type: Normal boot 20:26:15.0234 0524 ============================================================ 20:26:17.0156 0524 BG loaded 20:26:18.0343 0524 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 20:26:18.0500 0524 ============================================================ 20:26:18.0500 0524 \Device\Harddisk0\DR0: 20:26:18.0500 0524 MBR partitions: 20:26:18.0500 0524 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xA00A70F 20:26:18.0500 0524 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xA00A74E, BlocksNum 0x89FE86F 20:26:18.0500 0524 ============================================================ 20:26:18.0578 0524 C: <-> \Device\Harddisk0\DR0\Partition1 20:26:18.0640 0524 D: <-> \Device\Harddisk0\DR0\Partition2 20:26:18.0640 0524 ============================================================ 20:26:18.0640 0524 Initialize success 20:26:18.0640 0524 ============================================================ 20:27:47.0687 5284 ============================================================ 20:27:47.0687 5284 Scan started 20:27:47.0687 5284 Mode: Manual; SigCheck; TDLFS; 20:27:47.0687 5284 ============================================================ 20:27:52.0046 5284 ================ Scan system memory ======================== 20:27:52.0046 5284 System memory - ok 20:27:52.0062 5284 ================ Scan services ============================= 20:27:53.0453 5284 [ D5A6658CBFBBF9A0F8827E83C9FDE806 ] 6to4 C:\WINDOWS\System32\6to4svc.dll 20:27:54.0968 5284 6to4 - ok 20:27:55.0250 5284 Abiosdsk - ok 20:27:55.0265 5284 abp480n5 - ok 20:27:55.0421 5284 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys 20:27:58.0218 5284 ACPI - ok 20:27:58.0390 5284 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 20:27:58.0765 5284 ACPIEC - ok 20:27:59.0562 5284 [ C59992E25F4EBAD9E5C15B0D5D225F99 ] Ad-Aware Service C:\Programme\Ad-Aware Antivirus\AdAwareService.exe 20:28:00.0593 5284 Ad-Aware Service - ok 20:28:02.0625 5284 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 20:28:02.0781 5284 AdobeFlashPlayerUpdateSvc - ok 20:28:02.0796 5284 adpu160m - ok 20:28:02.0906 5284 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys 20:28:03.0218 5284 aec - ok 20:28:03.0328 5284 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys 20:28:03.0531 5284 AFD - ok 20:28:03.0546 5284 Aha154x - ok 20:28:03.0562 5284 aic78u2 - ok 20:28:03.0593 5284 aic78xx - ok 20:28:03.0640 5284 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll 20:28:04.0015 5284 Alerter - ok 20:28:04.0062 5284 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe 20:28:04.0281 5284 ALG - ok 20:28:04.0296 5284 AliIde - ok 20:28:04.0312 5284 amsint - ok 20:28:04.0328 5284 AppMgmt - ok 20:28:04.0343 5284 asc - ok 20:28:04.0375 5284 asc3350p - ok 20:28:04.0390 5284 asc3550 - ok 20:28:04.0890 5284 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 20:28:05.0031 5284 aspnet_state - ok 20:28:05.0093 5284 [ 784FCB197F9A50A419D8CE4980655AE4 ] AsusACPI C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys 20:28:05.0359 5284 AsusACPI - ok 20:28:05.0437 5284 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys 20:28:05.0781 5284 AsyncMac - ok 20:28:05.0859 5284 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys 20:28:06.0218 5284 atapi - ok 20:28:06.0234 5284 Atdisk - ok 20:28:06.0281 5284 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys 20:28:06.0687 5284 Atmarpc - ok 20:28:06.0812 5284 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll 20:28:07.0171 5284 AudioSrv - ok 20:28:07.0234 5284 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys 20:28:07.0593 5284 audstub - ok 20:28:07.0750 5284 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys 20:28:08.0140 5284 Beep - ok 20:28:08.0250 5284 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll 20:28:08.0656 5284 BITS - ok 20:28:08.0734 5284 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll 20:28:08.0906 5284 Browser - ok 20:28:08.0937 5284 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys 20:28:11.0515 5284 cbidf2k - ok 20:28:11.0812 5284 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 20:28:12.0156 5284 CCDECODE - ok 20:28:12.0156 5284 cd20xrnt - ok 20:28:12.0312 5284 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys 20:28:12.0687 5284 Cdaudio - ok 20:28:12.0734 5284 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys 20:28:13.0078 5284 Cdfs - ok 20:28:13.0140 5284 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys 20:28:13.0531 5284 Cdrom - ok 20:28:13.0546 5284 Changer - ok 20:28:13.0609 5284 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe 20:28:13.0921 5284 CiSvc - ok 20:28:13.0984 5284 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe 20:28:14.0328 5284 ClipSrv - ok 20:28:14.0375 5284 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 20:28:14.0578 5284 clr_optimization_v2.0.50727_32 - ok 20:28:14.0640 5284 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys 20:28:14.0984 5284 CmBatt - ok 20:28:14.0984 5284 CmdIde - ok 20:28:15.0109 5284 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys 20:28:15.0468 5284 Compbatt - ok 20:28:15.0484 5284 COMSysApp - ok 20:28:15.0515 5284 Cpqarray - ok 20:28:15.0578 5284 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll 20:28:15.0937 5284 CryptSvc - ok 20:28:15.0937 5284 dac2w2k - ok 20:28:15.0953 5284 dac960nt - ok 20:28:16.0187 5284 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll 20:28:16.0484 5284 DcomLaunch - ok 20:28:16.0562 5284 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll 20:28:16.0906 5284 Dhcp - ok 20:28:16.0953 5284 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys 20:28:17.0328 5284 Disk - ok 20:28:17.0343 5284 dmadmin - ok 20:28:17.0421 5284 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys 20:28:18.0062 5284 dmboot - ok 20:28:18.0125 5284 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys 20:28:18.0484 5284 dmio - ok 20:28:18.0546 5284 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys 20:28:18.0875 5284 dmload - ok 20:28:18.0906 5284 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll 20:28:19.0281 5284 dmserver - ok 20:28:19.0359 5284 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys 20:28:19.0734 5284 DMusic - ok 20:28:19.0828 5284 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll 20:28:20.0062 5284 Dnscache - ok 20:28:20.0171 5284 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll 20:28:20.0546 5284 Dot3svc - ok 20:28:20.0562 5284 dpti2o - ok 20:28:20.0640 5284 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys 20:28:20.0953 5284 drmkaud - ok 20:28:21.0031 5284 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll 20:28:21.0671 5284 EapHost - ok 20:28:21.0734 5284 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll 20:28:22.0625 5284 ERSvc - ok 20:28:23.0562 5284 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe 20:28:23.0656 5284 Eventlog - ok 20:28:23.0765 5284 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll 20:28:23.0875 5284 EventSystem - ok 20:28:23.0953 5284 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys 20:28:24.0296 5284 Fastfat - ok 20:28:24.0375 5284 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll 20:28:24.0437 5284 FastUserSwitchingCompatibility - ok 20:28:24.0531 5284 [ 08B8B302AF0D1B3B8543429BBAC8F21F ] Fax C:\WINDOWS\system32\fxssvc.exe 20:28:24.0843 5284 Fax - ok 20:28:24.0906 5284 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys 20:28:25.0234 5284 Fdc - ok 20:28:25.0265 5284 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys 20:28:25.0546 5284 Fips - ok 20:28:25.0562 5284 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys 20:28:25.0859 5284 Flpydisk - ok 20:28:25.0921 5284 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys 20:28:26.0218 5284 FltMgr - ok 20:28:26.0296 5284 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 20:28:26.0328 5284 FontCache3.0.0.0 - ok 20:28:26.0359 5284 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys 20:28:26.0656 5284 Fs_Rec - ok 20:28:26.0703 5284 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys 20:28:27.0015 5284 Ftdisk - ok 20:28:27.0062 5284 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys 20:28:27.0359 5284 Gpc - ok 20:28:27.0437 5284 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9dd7a496a417e C:\Programme\Google\Update\GoogleUpdate.exe 20:28:27.0468 5284 gupdate1c9dd7a496a417e - ok 20:28:27.0484 5284 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Programme\Google\Update\GoogleUpdate.exe 20:28:27.0531 5284 gupdatem - ok 20:28:27.0593 5284 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 20:28:27.0890 5284 HDAudBus - ok 20:28:28.0000 5284 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 20:28:28.0296 5284 helpsvc - ok 20:28:28.0312 5284 HidServ - ok 20:28:28.0359 5284 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys 20:28:28.0625 5284 HidUsb - ok 20:28:29.0000 5284 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll 20:28:29.0296 5284 hkmsvc - ok 20:28:29.0312 5284 hpn - ok 20:28:29.0390 5284 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys 20:28:29.0468 5284 HTTP - ok 20:28:29.0515 5284 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll 20:28:29.0812 5284 HTTPFilter - ok 20:28:29.0812 5284 i2omgmt - ok 20:28:29.0828 5284 i2omp - ok 20:28:29.0906 5284 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys 20:28:30.0250 5284 i8042prt - ok 20:28:30.0359 5284 [ 6FCB904910DA07C9DC2593D66438FA29 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 20:28:30.0625 5284 ialm - ok 20:28:30.0718 5284 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 20:28:30.0843 5284 idsvc - ok 20:28:30.0906 5284 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys 20:28:31.0234 5284 Imapi - ok 20:28:31.0281 5284 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe 20:28:31.0625 5284 ImapiService - ok 20:28:31.0640 5284 ini910u - ok 20:28:32.0125 5284 [ CC8E47E97E4CB382C842A3066B1DFA7D ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys 20:28:32.0906 5284 IntcAzAudAddService - ok 20:28:32.0953 5284 [ 69C4E3C9E67A1F103B94E14FDD5F3213 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys 20:28:33.0234 5284 IntelIde - ok 20:28:33.0296 5284 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys 20:28:33.0656 5284 intelppm - ok 20:28:33.0671 5284 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 20:28:33.0937 5284 Ip6Fw - ok 20:28:33.0968 5284 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 20:28:34.0234 5284 IpFilterDriver - ok 20:28:34.0265 5284 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys 20:28:34.0546 5284 IpInIp - ok 20:28:34.0578 5284 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys 20:28:34.0890 5284 IpNat - ok 20:28:34.0937 5284 [ 9843F75E31FB74C5FE757D28150C2B9F ] Iprip C:\WINDOWS\System32\iprip.dll 20:28:35.0312 5284 Iprip - ok 20:28:35.0359 5284 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys 20:28:35.0718 5284 IPSec - ok 20:28:35.0781 5284 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys 20:28:35.0890 5284 IRENUM - ok 20:28:35.0937 5284 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys 20:28:36.0265 5284 isapnp - ok 20:28:36.0406 5284 [ 691B9B7C0CC1653732717D292D6B305D ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe 20:28:36.0468 5284 JavaQuickStarterService - ok 20:28:36.0531 5284 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys 20:28:36.0812 5284 Kbdclass - ok 20:28:36.0890 5284 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys 20:28:37.0234 5284 kmixer - ok 20:28:37.0281 5284 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys 20:28:37.0437 5284 KSecDD - ok 20:28:37.0500 5284 [ E04B182104F429CFA570FD6662EFC282 ] Ktp C:\WINDOWS\system32\DRIVERS\ETD.sys 20:28:37.0578 5284 Ktp - ok 20:28:37.0625 5284 [ 303627228DD739D98289679901A38C8F ] L1e C:\WINDOWS\system32\DRIVERS\l1e51x86.sys 20:28:37.0671 5284 L1e - ok 20:28:37.0718 5284 [ 2BBDCB79900990F0716DFCB714E72DE7 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll 20:28:37.0796 5284 LanmanServer - ok 20:28:37.0812 5284 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll 20:28:37.0937 5284 lanmanworkstation - ok 20:28:37.0953 5284 lbrtfdc - ok 20:28:38.0015 5284 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll 20:28:38.0328 5284 LmHosts - ok 20:28:38.0390 5284 [ 7A1A532F14FDE28489DC349C6E404A67 ] LPDSVC C:\WINDOWS\system32\tcpsvcs.exe 20:28:38.0718 5284 LPDSVC - ok 20:28:38.0796 5284 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys 20:28:39.0406 5284 MBAMProtector - ok 20:28:39.0968 5284 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe 20:28:40.0390 5284 MBAMScheduler - ok 20:28:40.0609 5284 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe 20:28:40.0812 5284 MBAMService - ok 20:28:40.0828 5284 MEMSWEEP2 - ok 20:28:40.0906 5284 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll 20:28:41.0250 5284 Messenger - ok 20:28:41.0296 5284 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys 20:28:41.0656 5284 mnmdd - ok 20:28:41.0718 5284 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe 20:28:42.0015 5284 mnmsrvc - ok 20:28:42.0062 5284 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys 20:28:42.0390 5284 Modem - ok 20:28:42.0437 5284 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys 20:28:42.0734 5284 Mouclass - ok 20:28:42.0765 5284 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys 20:28:43.0093 5284 mouhid - ok 20:28:43.0109 5284 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys 20:28:43.0390 5284 MountMgr - ok 20:28:43.0421 5284 [ 96AA8BA23142CC8E2B30F3CAE0C80254 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe 20:28:43.0453 5284 MozillaMaintenance - ok 20:28:43.0468 5284 mraid35x - ok 20:28:43.0562 5284 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys 20:28:43.0859 5284 MRxDAV - ok 20:28:43.0984 5284 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 20:28:44.0312 5284 MRxSmb - ok 20:28:44.0390 5284 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe 20:28:44.0671 5284 MSDTC - ok 20:28:44.0765 5284 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys 20:28:45.0046 5284 Msfs - ok 20:28:45.0062 5284 MSIServer - ok 20:28:45.0078 5284 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys 20:28:45.0375 5284 MSKSSRV - ok 20:28:45.0390 5284 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys 20:28:45.0687 5284 MSPCLOCK - ok 20:28:45.0718 5284 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys 20:28:46.0046 5284 MSPQM - ok 20:28:46.0093 5284 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys 20:28:46.0375 5284 mssmbios - ok 20:28:46.0406 5284 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys 20:28:46.0703 5284 MSTEE - ok 20:28:46.0750 5284 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys 20:28:46.0781 5284 Mup - ok 20:28:46.0828 5284 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 20:28:47.0187 5284 NABTSFEC - ok 20:28:47.0250 5284 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll 20:28:47.0593 5284 napagent - ok 20:28:47.0656 5284 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys 20:28:47.0953 5284 NDIS - ok 20:28:47.0968 5284 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys 20:28:48.0265 5284 NdisIP - ok 20:28:48.0296 5284 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys 20:28:48.0343 5284 NdisTapi - ok 20:28:48.0406 5284 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys 20:28:48.0687 5284 Ndisuio - ok 20:28:48.0703 5284 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys 20:28:49.0000 5284 NdisWan - ok 20:28:49.0046 5284 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys 20:28:49.0125 5284 NDProxy - ok 20:28:49.0203 5284 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys 20:28:49.0500 5284 NetBIOS - ok 20:28:49.0578 5284 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys 20:28:49.0859 5284 NetBT - ok 20:28:49.0906 5284 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe 20:28:50.0171 5284 NetDDE - ok 20:28:50.0171 5284 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe 20:28:50.0468 5284 NetDDEdsdm - ok 20:28:50.0515 5284 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe 20:28:50.0812 5284 Netlogon - ok 20:28:50.0828 5284 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll 20:28:51.0156 5284 Netman - ok 20:28:51.0218 5284 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 20:28:51.0265 5284 NetTcpPortSharing - ok 20:28:51.0328 5284 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll 20:28:51.0375 5284 Nla - ok 20:28:51.0453 5284 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys 20:28:51.0734 5284 Npfs - ok 20:28:51.0781 5284 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys 20:28:52.0078 5284 Ntfs - ok 20:28:52.0109 5284 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe 20:28:52.0390 5284 NtLmSsp - ok 20:28:52.0437 5284 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll 20:28:52.0734 5284 NtmsSvc - ok 20:28:52.0781 5284 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys 20:28:53.0062 5284 Null - ok 20:28:53.0093 5284 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 20:28:53.0406 5284 NwlnkFlt - ok 20:28:53.0406 5284 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 20:28:53.0687 5284 NwlnkFwd - ok 20:28:53.0734 5284 [ 9BAD7EDCFEE78FF3B3D852E881633C6A ] p2pgasvc C:\WINDOWS\system32\p2pgasvc.dll 20:28:54.0000 5284 p2pgasvc - ok 20:28:54.0031 5284 [ 02EBBECE9FB4A4811AD3C4BB55CCED0C ] p2pimsvc C:\WINDOWS\system32\p2psvc.dll 20:28:54.0375 5284 p2pimsvc - ok 20:28:54.0406 5284 [ 02EBBECE9FB4A4811AD3C4BB55CCED0C ] p2psvc C:\WINDOWS\system32\p2psvc.dll 20:28:54.0687 5284 p2psvc - ok 20:28:54.0718 5284 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\drivers\Parport.sys 20:28:55.0031 5284 Parport - ok 20:28:55.0078 5284 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys 20:28:55.0375 5284 PartMgr - ok 20:28:55.0421 5284 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys 20:28:55.0718 5284 ParVdm - ok 20:28:55.0796 5284 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys 20:28:56.0062 5284 PCI - ok 20:28:56.0062 5284 PCIDump - ok 20:28:56.0125 5284 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys 20:28:56.0421 5284 PCIIde - ok 20:28:56.0468 5284 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys 20:28:56.0781 5284 Pcmcia - ok 20:28:56.0796 5284 PDCOMP - ok 20:28:56.0812 5284 PDFRAME - ok 20:28:56.0812 5284 PDRELI - ok 20:28:56.0843 5284 PDRFRAME - ok 20:28:56.0859 5284 perc2 - ok 20:28:56.0875 5284 perc2hib - ok 20:28:56.0953 5284 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe 20:28:56.0984 5284 PlugPlay - ok 20:28:57.0046 5284 [ 02EBBECE9FB4A4811AD3C4BB55CCED0C ] PNRPSvc C:\WINDOWS\system32\p2psvc.dll 20:28:57.0343 5284 PNRPSvc - ok 20:28:57.0359 5284 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe 20:28:57.0625 5284 PolicyAgent - ok 20:28:57.0671 5284 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys 20:28:57.0984 5284 PptpMiniport - ok 20:28:58.0000 5284 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe 20:28:58.0265 5284 ProtectedStorage - ok 20:28:58.0296 5284 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys 20:28:58.0656 5284 PSched - ok 20:28:58.0734 5284 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys 20:28:59.0031 5284 Ptilink - ok 20:28:59.0046 5284 ql1080 - ok 20:28:59.0062 5284 Ql10wnt - ok 20:28:59.0078 5284 ql12160 - ok 20:28:59.0093 5284 ql1240 - ok 20:28:59.0109 5284 ql1280 - ok 20:28:59.0156 5284 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys 20:28:59.0437 5284 RasAcd - ok 20:28:59.0500 5284 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll 20:28:59.0781 5284 RasAuto - ok 20:28:59.0812 5284 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 20:29:00.0109 5284 Rasl2tp - ok 20:29:00.0156 5284 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll 20:29:00.0453 5284 RasMan - ok 20:29:00.0500 5284 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys 20:29:00.0796 5284 RasPppoe - ok 20:29:00.0859 5284 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys 20:29:01.0140 5284 Raspti - ok 20:29:01.0203 5284 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys 20:29:01.0468 5284 Rdbss - ok 20:29:01.0546 5284 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 20:29:01.0875 5284 RDPCDD - ok 20:29:01.0937 5284 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys 20:29:02.0000 5284 RDPWD - ok 20:29:02.0031 5284 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe 20:29:02.0328 5284 RDSessMgr - ok 20:29:02.0359 5284 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys 20:29:02.0671 5284 redbook - ok 20:29:02.0718 5284 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll 20:29:03.0000 5284 RemoteAccess - ok 20:29:03.0046 5284 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe 20:29:03.0343 5284 RpcLocator - ok 20:29:03.0375 5284 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll 20:29:03.0421 5284 RpcSs - ok 20:29:03.0484 5284 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe 20:29:03.0781 5284 RSVP - ok 20:29:03.0843 5284 [ 0DF1D68F289E07EFD054B498D8EFBBFD ] rtl8187Se C:\WINDOWS\system32\DRIVERS\rtl8187Se.sys 20:29:03.0921 5284 rtl8187Se - ok 20:29:03.0953 5284 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe 20:29:04.0281 5284 SamSs - ok 20:29:04.0468 5284 [ BCE943896289A91AD75CC5652620B1C6 ] SBAMSvc C:\Programme\Ad-Aware Antivirus\SBAMSvc.exe 20:29:04.0781 5284 SBAMSvc - ok 20:29:04.0828 5284 [ 62BA65CC0B4A4BD1EAFF5FED6E2B5069 ] sbaphd C:\WINDOWS\system32\drivers\sbaphd.sys 20:29:04.0937 5284 sbaphd - ok 20:29:04.0984 5284 [ 3FFF8CDA4D2F29CA06F1557E85163C30 ] sbapifs C:\WINDOWS\system32\drivers\sbapifs.sys 20:29:05.0000 5284 sbapifs - ok 20:29:05.0046 5284 [ 1FD538C4FEB36B793D2121F20BBDC16F ] SBRE C:\WINDOWS\system32\drivers\SBREdrv.sys 20:29:05.0093 5284 SBRE - ok 20:29:05.0140 5284 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe 20:29:05.0437 5284 SCardSvr - ok 20:29:05.0515 5284 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll 20:29:05.0812 5284 Schedule - ok 20:29:05.0890 5284 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys 20:29:06.0015 5284 Secdrv - ok 20:29:06.0062 5284 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll 20:29:06.0359 5284 seclogon - ok 20:29:06.0421 5284 [ E5B56569A9F79B70314FEDE6C953641E ] seehcri C:\WINDOWS\system32\DRIVERS\seehcri.sys 20:29:06.0484 5284 seehcri - ok 20:29:06.0546 5284 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll 20:29:06.0812 5284 SENS - ok 20:29:06.0843 5284 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\drivers\Serial.sys 20:29:07.0125 5284 Serial - ok 20:29:07.0171 5284 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys 20:29:07.0453 5284 Sfloppy - ok 20:29:07.0531 5284 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll 20:29:07.0843 5284 SharedAccess - ok 20:29:07.0890 5284 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll 20:29:07.0921 5284 ShellHWDetection - ok 20:29:07.0937 5284 Simbad - ok 20:29:07.0968 5284 [ 7A1A532F14FDE28489DC349C6E404A67 ] SimpTcp C:\WINDOWS\system32\tcpsvcs.exe 20:29:08.0250 5284 SimpTcp - ok 20:29:08.0296 5284 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Programme\Skype\Updater\Updater.exe 20:29:08.0328 5284 SkypeUpdate - ok 20:29:08.0375 5284 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys 20:29:08.0640 5284 SLIP - ok 20:29:08.0703 5284 [ 708A1B41E7E850B2B1309073551CBD53 ] SNMP C:\WINDOWS\System32\snmp.exe 20:29:08.0984 5284 SNMP - ok 20:29:09.0000 5284 [ 0702E1D16B7003049918595057F3904F ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe 20:29:10.0609 5284 SNMPTRAP - ok 20:29:10.0625 5284 Sparrow - ok 20:29:10.0703 5284 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys 20:29:11.0000 5284 splitter - ok 20:29:11.0046 5284 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe 20:29:11.0078 5284 Spooler - ok 20:29:11.0156 5284 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys 20:29:11.0296 5284 sr - ok 20:29:11.0328 5284 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll 20:29:11.0468 5284 srservice - ok 20:29:11.0546 5284 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys 20:29:11.0640 5284 Srv - ok 20:29:11.0687 5284 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll 20:29:11.0812 5284 SSDPSRV - ok 20:29:11.0890 5284 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll 20:29:12.0234 5284 stisvc - ok 20:29:12.0265 5284 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys 20:29:12.0546 5284 streamip - ok 20:29:12.0609 5284 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys 20:29:12.0875 5284 swenum - ok 20:29:12.0937 5284 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys 20:29:13.0218 5284 swmidi - ok 20:29:13.0234 5284 SwPrv - ok 20:29:13.0250 5284 symc810 - ok 20:29:13.0281 5284 symc8xx - ok 20:29:13.0296 5284 sym_hi - ok 20:29:13.0312 5284 sym_u3 - ok 20:29:13.0593 5284 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys 20:29:13.0875 5284 sysaudio - ok 20:29:13.0937 5284 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe 20:29:14.0250 5284 SysmonLog - ok 20:29:14.0312 5284 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll 20:29:14.0593 5284 TapiSrv - ok 20:29:14.0671 5284 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys 20:29:14.0718 5284 Tcpip - ok 20:29:14.0781 5284 [ 4E53BBCC4BE37D7A4BD6EF1098C89FF7 ] Tcpip6 C:\WINDOWS\system32\DRIVERS\tcpip6.sys 20:29:14.0843 5284 Tcpip6 - ok 20:29:14.0906 5284 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys 20:29:15.0234 5284 TDPIPE - ok 20:29:15.0250 5284 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys 20:29:15.0562 5284 TDTCP - ok 20:29:15.0609 5284 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys 20:29:15.0906 5284 TermDD - ok 20:29:15.0953 5284 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll 20:29:16.0250 5284 TermService - ok 20:29:16.0265 5284 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll 20:29:16.0328 5284 Themes - ok 20:29:16.0343 5284 TosIde - ok 20:29:16.0437 5284 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll 20:29:16.0734 5284 TrkWks - ok 20:29:16.0812 5284 [ 8F861EDA21C05857EB8197300A92501C ] tunmp C:\WINDOWS\system32\DRIVERS\tunmp.sys 20:29:17.0078 5284 tunmp - ok 20:29:17.0093 5284 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys 20:29:17.0406 5284 Udfs - ok 20:29:17.0406 5284 ultra - ok 20:29:17.0468 5284 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys 20:29:17.0750 5284 Update - ok 20:29:17.0796 5284 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll 20:29:17.0937 5284 upnphost - ok 20:29:17.0968 5284 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe 20:29:18.0234 5284 UPS - ok 20:29:18.0281 5284 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys 20:29:18.0562 5284 usbccgp - ok 20:29:18.0625 5284 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys 20:29:18.0906 5284 usbehci - ok 20:29:18.0968 5284 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys 20:29:19.0234 5284 usbhub - ok 20:29:19.0281 5284 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys 20:29:19.0593 5284 usbprint - ok 20:29:19.0640 5284 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys 20:29:19.0921 5284 usbscan - ok 20:29:19.0953 5284 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 20:29:20.0234 5284 usbstor - ok 20:29:20.0312 5284 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys 20:29:20.0625 5284 usbuhci - ok 20:29:20.0687 5284 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys 20:29:20.0968 5284 usbvideo - ok 20:29:21.0015 5284 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys 20:29:21.0312 5284 VgaSave - ok 20:29:21.0312 5284 ViaIde - ok 20:29:21.0390 5284 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys 20:29:21.0656 5284 VolSnap - ok 20:29:21.0750 5284 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe 20:29:21.0906 5284 VSS - ok 20:29:21.0953 5284 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll 20:29:22.0250 5284 W32Time - ok 20:29:22.0265 5284 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys 20:29:22.0546 5284 Wanarp - ok 20:29:22.0562 5284 WDICA - ok 20:29:22.0578 5284 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys 20:29:22.0843 5284 wdmaud - ok 20:29:22.0921 5284 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll 20:29:23.0218 5284 WebClient - ok 20:29:23.0343 5284 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll 20:29:23.0640 5284 winmgmt - ok 20:29:23.0703 5284 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll 20:29:23.0781 5284 WmdmPmSN - ok 20:29:23.0828 5284 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe 20:29:24.0187 5284 WmiApSrv - ok 20:29:24.0265 5284 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe 20:29:24.0390 5284 WMPNetworkSvc - ok 20:29:24.0421 5284 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys 20:29:24.0453 5284 WpdUsb - ok 20:29:24.0515 5284 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll 20:29:24.0796 5284 wscsvc - ok 20:29:24.0843 5284 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 20:29:25.0156 5284 WSTCODEC - ok 20:29:25.0218 5284 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll 20:29:25.0484 5284 wuauserv - ok 20:29:25.0546 5284 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys 20:29:25.0609 5284 WudfPf - ok 20:29:25.0656 5284 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys 20:29:25.0687 5284 WudfRd - ok 20:29:25.0718 5284 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll 20:29:25.0765 5284 WudfSvc - ok 20:29:25.0859 5284 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll 20:29:26.0265 5284 WZCSVC - ok 20:29:26.0296 5284 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll 20:29:26.0609 5284 xmlprov - ok 20:29:26.0765 5284 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe 20:29:26.0843 5284 YahooAUService - ok 20:29:26.0875 5284 ================ Scan global =============================== 20:29:26.0953 5284 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll 20:29:27.0046 5284 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll 20:29:27.0109 5284 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll 20:29:27.0140 5284 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe 20:29:27.0140 5284 [Global] - ok 20:29:27.0140 5284 ================ Scan MBR ================================== 20:29:27.0187 5284 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0 20:29:27.0687 5284 \Device\Harddisk0\DR0 - ok 20:29:27.0687 5284 ================ Scan VBR ================================== 20:29:27.0703 5284 [ 1BDE5FC4624CBA051CB0E3369BE9E13C ] \Device\Harddisk0\DR0\Partition1 20:29:27.0703 5284 \Device\Harddisk0\DR0\Partition1 - ok 20:29:27.0750 5284 [ 3B23AA2077D65E35BB2B38EC6D4E074D ] \Device\Harddisk0\DR0\Partition2 20:29:27.0750 5284 \Device\Harddisk0\DR0\Partition2 - ok 20:29:27.0750 5284 ============================================================ 20:29:27.0750 5284 Scan finished 20:29:27.0750 5284 ============================================================ 20:29:27.0906 4948 Detected object count: 0 20:29:27.0906 4948 Actual detected object count: 0 |
15.11.2012, 22:53 | #8 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Google Redirect Die Logs bitte in CODE-Tags posten! Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
16.11.2012, 00:36 | #9 |
| Google RedirectCode:
ATTFilter ComboFix 12-11-15.01 - Max 16.11.2012 0:13.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1015.464 [GMT 1:00] ausgeführt von:: c:\dokumente und einstellungen\Max\Desktop\ComboFix.exe . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\PostBuild.exe c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe c:\windows\system32\drivers\etc\hosts.ics c:\windows\system32\SET3C.tmp c:\windows\system32\SET40.tmp c:\windows\system32\SET48.tmp c:\windows\system32\Thumbs.db c:\windows\system32\URTTemp c:\windows\system32\URTTemp\fusion.dll c:\windows\system32\URTTemp\mscoree.dll c:\windows\system32\URTTemp\mscoree.dll.local c:\windows\system32\URTTemp\mscorsn.dll c:\windows\system32\URTTemp\mscorwks.dll c:\windows\system32\URTTemp\msvcr71.dll c:\windows\system32\URTTemp\regtlib.exe . . ((((((((((((((((((((((( Dateien erstellt von 2012-10-15 bis 2012-11-15 )))))))))))))))))))))))))))))) . . 2012-11-14 21:49 . 2012-11-14 21:49 -------- d-----w- C:\TDSSKiller_Quarantine 2012-11-04 22:47 . 2012-11-04 22:47 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware 2012-11-04 22:47 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-04 21:33 . 2012-11-04 21:33 -------- d-----w- c:\programme\Sophos 2012-11-04 19:58 . 2012-11-14 21:06 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-11-04 19:58 . 2012-11-14 21:06 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-11-04 19:56 . 2012-11-04 19:56 -------- d-----w- c:\programme\Gemeinsame Dateien\Java 2012-11-04 19:50 . 2012-11-04 19:50 -------- d-----w- c:\programme\MSXML 4.0 2012-11-04 19:04 . 2012-11-04 19:04 -------- d-----w- c:\programme\ESET 2012-11-04 16:04 . 2012-11-04 16:04 -------- d-----w- c:\dokumente und einstellungen\Max\Anwendungsdaten\LavasoftStatistics 2012-11-04 11:24 . 2012-11-04 11:24 -------- d-----w- c:\dokumente und einstellungen\LocalService\Anwendungsdaten\Ad-Aware Antivirus 2012-11-04 11:21 . 2011-11-29 05:59 77816 ----a-w- c:\windows\system32\drivers\sbapifs.sys 2012-11-04 11:21 . 2011-11-29 05:59 21240 ----a-w- c:\windows\system32\drivers\sbaphd.sys 2012-11-04 11:21 . 2012-11-04 11:21 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft 2012-11-04 11:20 . 2012-11-04 11:20 -------- d-----w- c:\windows\system32\drivers\VDD 2012-11-04 11:20 . 2012-11-04 11:31 -------- d-----w- c:\programme\Ad-Aware Antivirus 2012-11-04 11:20 . 2012-11-04 11:20 -------- d-----w- c:\dokumente und einstellungen\Max\Lokale Einstellungen\Anwendungsdaten\Downloaded Installations 2012-11-04 11:19 . 2012-11-04 11:20 -------- d-----w- c:\dokumente und einstellungen\Max\Lokale Einstellungen\Anwendungsdaten\adawarebp 2012-11-04 11:19 . 2012-11-04 11:19 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\blekko toolbars 2012-11-04 11:19 . 2012-11-14 21:02 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection 2012-11-04 11:19 . 2012-11-04 11:19 -------- d-----w- c:\programme\Toolbar Cleaner 2012-11-04 11:19 . 2012-11-04 11:19 -------- d-----w- c:\dokumente und einstellungen\Max\Anwendungsdaten\blekko 2012-11-04 11:19 . 2012-11-04 16:02 -------- d-----w- c:\dokumente und einstellungen\Max\Anwendungsdaten\adawaretb 2012-11-04 11:19 . 2012-11-04 16:41 -------- d-----w- c:\programme\adawaretb 2012-11-04 11:14 . 2012-11-04 22:46 -------- d-----w- c:\dokumente und einstellungen\Max\Anwendungsdaten\Ad-Aware Antivirus . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-22 19:56 . 2008-09-08 08:19 1866496 ----a-w- c:\windows\system32\win32k.sys 2012-10-02 18:04 . 2008-09-08 08:19 58368 ----a-w- c:\windows\system32\synceng.dll 2012-09-24 14:32 . 2012-09-25 13:39 477168 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-09-24 14:32 . 2011-03-13 16:34 473072 ----a-w- c:\windows\system32\deployJava1.dll 2012-09-24 12:51 . 2012-09-25 13:39 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-08-28 15:05 . 2008-09-08 08:19 916992 ----a-w- c:\windows\system32\wininet.dll 2012-08-28 15:05 . 2008-09-08 08:19 43520 ------w- c:\windows\system32\licmgr10.dll 2012-08-28 15:05 . 2008-09-08 08:19 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-08-28 12:07 . 2008-09-08 08:19 385024 ------w- c:\windows\system32\html.iec 2012-08-24 13:53 . 2008-09-08 08:19 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-08-23 06:26 . 2008-09-08 08:19 2195200 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-23 06:26 . 2008-04-14 07:30 2071936 ----a-w- c:\windows\system32\ntkrnlpa.exe 2008-05-07 08:34 . 2008-09-08 09:33 15523560 ----a-w- c:\programme\U1 Setup.exe 2008-08-16 15:42 . 2008-08-16 15:42 13112 ----a-w- c:\programme\mozilla firefox\plugins\cgpcfg.dll 2008-08-16 15:42 . 2008-08-16 15:42 70456 ----a-w- c:\programme\mozilla firefox\plugins\CgpCore.dll 2008-08-16 15:42 . 2008-08-16 15:42 91448 ----a-w- c:\programme\mozilla firefox\plugins\confmgr.dll 2008-08-16 15:42 . 2008-08-16 15:42 20800 ----a-w- c:\programme\mozilla firefox\plugins\ctxlogging.dll 2008-08-16 15:43 . 2008-08-16 15:43 206136 ----a-w- c:\programme\mozilla firefox\plugins\ctxmui.dll 2008-08-16 15:42 . 2008-08-16 15:42 31032 ----a-w- c:\programme\mozilla firefox\plugins\icafile.dll 2008-08-16 15:42 . 2008-08-16 15:42 40248 ----a-w- c:\programme\mozilla firefox\plugins\icalogon.dll 2008-05-21 06:41 . 2008-05-21 06:41 479232 ----a-w- c:\programme\mozilla firefox\plugins\msvcm80.dll 2008-05-21 06:41 . 2008-05-21 06:41 548864 ----a-w- c:\programme\mozilla firefox\plugins\msvcp80.dll 2008-05-21 06:41 . 2008-05-21 06:41 626688 ----a-w- c:\programme\mozilla firefox\plugins\msvcr80.dll 2008-06-05 11:58 . 2008-06-05 11:58 648504 ----a-w- c:\programme\mozilla firefox\plugins\sslsdk_b.dll 2008-08-16 15:42 . 2008-08-16 15:42 23864 ----a-w- c:\programme\mozilla firefox\plugins\TcpPServ.dll 2012-10-14 20:55 . 2012-10-14 20:55 97208 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Ad-Aware Antivirus"="c:\programme\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-24 104984] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-24 121368] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-24 100888] "AsusTray"="c:\programme\EeePC\ACPI\AsTray.exe" [2008-07-23 98304] "AsusACPIServer"="c:\programme\EeePC\ACPI\AsAcpiSvr.exe" [2008-07-23 479232] "AsusEPCMonitor"="c:\programme\EeePC\ACPI\AsEPCMon.exe" [2008-05-20 94208] "ETDWare"="c:\programme\Elantech\ETDCtrl.exe" [2008-07-24 335872] "RTHDCPL"="RTHDCPL.EXE" [2008-03-06 16858112] "QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2010-03-17 421888] "UpdateLBPShortCut"="c:\programme\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504] "CLMLServer"="c:\programme\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-15 103720] "UpdateP2GoShortCut"="c:\programme\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504] "UCam_Menu"="c:\programme\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-17 218408] "LGODDFU"="c:\programme\lg_fwupdate\lgfw.exe" [2012-07-23 27760] "UpdatePSTShortCut"="c:\programme\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2010-04-20 222504] "Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "Reader Application Helper"="c:\programme\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe" [2012-01-31 892928] "Ad-Aware Browsing Protection"="c:\dokumente und einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection\adawarebp.exe" [2012-08-08 540056] "SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-09-17 254896] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\dokumente und einstellungen\Max\Startmenü\Programme\Autostart\ OpenOffice.org 3.0.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000] . c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\ Asus Power Management Utility.lnk - c:\programme\ASUS\EeePC\Asus Power Management Utility\Asus Power Management Utility.exe [2008-9-8 294912] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service] @="Ad-Aware Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)] 2009-05-26 19:06 4351216 ----a-w- c:\programme\Yahoo!\Messenger\YahooMessenger.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion] 2011-02-28 14:15 427008 ----a-w- c:\programme\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Programme\\Messenger\\msmsgs.exe"= "c:\\Programme\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"= "c:\\Programme\\Java\\jre6\\bin\\javaw.exe"= "c:\\Programme\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Programme\\Skype\\Phone\\Skype.exe"= "c:\\Programme\\adawaretb\\dtUser.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3587:TCP"= 3587:TCP:Windows Peer-zu-Peer-Gruppierung "3540:UDP"= 3540:UDP:Peer Name Resolution-Protokoll (PNRP) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) . R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [04.11.2012 12:21 21240] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [26.10.2011 14:23 101112] R2 Ad-Aware Service;Ad-Aware Service;c:\programme\Ad-Aware Antivirus\AdAwareService.exe [20.09.2012 15:03 1236368] R2 Iprip;RIP-Überwachung;c:\windows\System32\svchost.exe -k netsvcs [08.09.2008 09:19 14336] R2 MBAMScheduler;MBAMScheduler;c:\programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [04.11.2012 23:47 399432] R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [04.11.2012 23:47 676936] R2 SBAMSvc;Ad-Aware;c:\programme\Ad-Aware Antivirus\SBAMSvc.exe [19.12.2011 13:20 3289032] R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [04.11.2012 12:21 77816] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [04.11.2012 23:47 22856] R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [13.12.2009 22:46 27632] S2 gupdate1c9dd7a496a417e;Google Update Service (gupdate1c9dd7a496a417e);c:\programme\Google\Update\GoogleUpdate.exe [25.05.2009 21:49 133104] S2 SkypeUpdate;Skype Updater;c:\programme\Skype\Updater\Updater.exe [13.07.2012 12:28 160944] S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\14DD.tmp --> c:\windows\system32\14DD.tmp [?] . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - 01067630 *NewlyCreated* - 13861817 *NewlyCreated* - 22228888 *NewlyCreated* - 72374828 *NewlyCreated* - ASWMBR *NewlyCreated* - UXLORAOW *Deregistered* - 01067630 *Deregistered* - 13861817 *Deregistered* - 22228888 *Deregistered* - 72374828 *Deregistered* - aswMBR *Deregistered* - uxloraow . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc . Inhalt des "geplante Tasks" Ordners . 2012-11-04 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job - c:\progra~1\AD-AWA~1\AdAwareLauncher.exe [2012-09-20 14:03] . 2012-11-15 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-04 21:06] . 2012-11-14 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . 2012-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\programme\Google\Update\GoogleUpdate.exe [2009-05-25 20:49] . 2012-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\programme\Google\Update\GoogleUpdate.exe [2009-05-25 20:49] . 2012-11-14 c:\windows\Tasks\slrxonomf.job - c:\windows\system32\mshtmlerz.dll [2012-10-14 17:15] . . ------- Zusätzlicher Suchlauf ------- . Trusted Zone: amadeus.net\sbc TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\dokumente und einstellungen\Max\Anwendungsdaten\Mozilla\Firefox\Profiles\hwuxoqja.default\ FF - prefs.js: browser.startup.homepage - hxxp://de.wikipedia.org/wiki/Wikipedia:Hauptseite FF - prefs.js: browser.search.selectedEngine - blekko FF - prefs.js: browser.startup.homepage - hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=00F11E03D7FC522950577B50964F423C FF - ExtSQL: 2012-09-25 15:38; jqs@sun.com; c:\programme\Java\jre6\lib\deploy\jqs\ff FF - ExtSQL: 2012-09-25 15:39; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} FF - ExtSQL: !HIDDEN! 2009-08-10 20:41; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - user.js: yahoo.homepage.dontask - true . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Toolbar-Locked - (no file) Toolbar-{6c97a91e-4524-4019-86af-2aa2d567bf5c} - (no file) SafeBoot-13861817.sys MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe MSConfigStartUp-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe AddRemove-ESET Online Scanner - c:\programme\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2012-11-16 00:22 Windows 5.1.2600 Service Pack 3 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\14DD.tmp" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- . - - - - - - - > 'winlogon.exe'(988) c:\windows\system32\igfxdev.dll . Zeit der Fertigstellung: 2012-11-16 00:25:49 ComboFix-quarantined-files.txt 2012-11-15 23:25 . Vor Suchlauf: 8 Verzeichnis(se), 30.756.511.744 Bytes frei Nach Suchlauf: 10 Verzeichnis(se), 31.747.919.872 Bytes frei . WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - 4565371AD4D98770D8770F004D451F3D |
16.11.2012, 09:47 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Google Redirect Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter File:: c:\windows\Tasks\slrxonomf.job c:\windows\system32\mshtmlerz.dll 4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet. 6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
17.11.2012, 18:15 | #11 |
| Google Redirect [code] Combofix Logfile: Code:
ATTFilter ComboFix 12-11-16.02 - Max 17.11.2012 17:57:16.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1015.514 [GMT 1:00] ausgeführt von:: c:\dokumente und einstellungen\Max\Desktop\ComboFix.exe Benutzte Befehlsschalter :: c:\dokumente und einstellungen\Max\Desktop\CFScript.txt AV: Lavasoft Ad-Aware *Disabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C} FW: Lavasoft Ad-Aware *Disabled* {FF1CD5B7-1553-4625-A258-1775385CED33} * Neuer Wiederherstellungspunkt wurde erstellt . FILE :: "c:\windows\system32\mshtmlerz.dll" "c:\windows\Tasks\slrxonomf.job" . . ((((((((((((((((((((((( Dateien erstellt von 2012-10-17 bis 2012-11-17 )))))))))))))))))))))))))))))) . . 2012-11-14 21:49 . 2012-11-14 21:49 -------- d-----w- C:\TDSSKiller_Quarantine 2012-11-04 22:47 . 2012-11-04 22:47 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware 2012-11-04 22:47 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-04 21:33 . 2012-11-04 21:33 -------- d-----w- c:\programme\Sophos 2012-11-04 19:58 . 2012-11-14 21:06 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-11-04 19:58 . 2012-11-14 21:06 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-11-04 19:56 . 2012-11-04 19:56 -------- d-----w- c:\programme\Gemeinsame Dateien\Java 2012-11-04 19:50 . 2012-11-04 19:50 -------- d-----w- c:\programme\MSXML 4.0 2012-11-04 19:04 . 2012-11-04 19:04 -------- d-----w- c:\programme\ESET 2012-11-04 16:04 . 2012-11-04 16:04 -------- d-----w- c:\dokumente und einstellungen\Max\Anwendungsdaten\LavasoftStatistics 2012-11-04 11:24 . 2012-11-04 11:24 -------- d-----w- c:\dokumente und einstellungen\LocalService\Anwendungsdaten\Ad-Aware Antivirus 2012-11-04 11:21 . 2011-11-29 05:59 77816 ----a-w- c:\windows\system32\drivers\sbapifs.sys 2012-11-04 11:21 . 2011-11-29 05:59 21240 ----a-w- c:\windows\system32\drivers\sbaphd.sys 2012-11-04 11:21 . 2012-11-04 11:21 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft 2012-11-04 11:20 . 2012-11-04 11:20 -------- d-----w- c:\windows\system32\drivers\VDD 2012-11-04 11:20 . 2012-11-04 11:31 -------- d-----w- c:\programme\Ad-Aware Antivirus 2012-11-04 11:20 . 2012-11-04 11:20 -------- d-----w- c:\dokumente und einstellungen\Max\Lokale Einstellungen\Anwendungsdaten\Downloaded Installations 2012-11-04 11:19 . 2012-11-04 11:20 -------- d-----w- c:\dokumente und einstellungen\Max\Lokale Einstellungen\Anwendungsdaten\adawarebp 2012-11-04 11:19 . 2012-11-04 11:19 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\blekko toolbars 2012-11-04 11:19 . 2012-11-14 21:02 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection 2012-11-04 11:19 . 2012-11-04 11:19 -------- d-----w- c:\programme\Toolbar Cleaner 2012-11-04 11:19 . 2012-11-04 11:19 -------- d-----w- c:\dokumente und einstellungen\Max\Anwendungsdaten\blekko 2012-11-04 11:19 . 2012-11-04 16:02 -------- d-----w- c:\dokumente und einstellungen\Max\Anwendungsdaten\adawaretb 2012-11-04 11:19 . 2012-11-04 16:41 -------- d-----w- c:\programme\adawaretb 2012-11-04 11:14 . 2012-11-04 22:46 -------- d-----w- c:\dokumente und einstellungen\Max\Anwendungsdaten\Ad-Aware Antivirus . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-22 19:56 . 2008-09-08 08:19 1866496 ----a-w- c:\windows\system32\win32k.sys 2012-10-02 18:04 . 2008-09-08 08:19 58368 ----a-w- c:\windows\system32\synceng.dll 2012-09-24 14:32 . 2012-09-25 13:39 477168 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-09-24 14:32 . 2011-03-13 16:34 473072 ----a-w- c:\windows\system32\deployJava1.dll 2012-09-24 12:51 . 2012-09-25 13:39 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-08-28 15:05 . 2008-09-08 08:19 916992 ----a-w- c:\windows\system32\wininet.dll 2012-08-28 15:05 . 2008-09-08 08:19 43520 ------w- c:\windows\system32\licmgr10.dll 2012-08-28 15:05 . 2008-09-08 08:19 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-08-28 12:07 . 2008-09-08 08:19 385024 ------w- c:\windows\system32\html.iec 2012-08-24 13:53 . 2008-09-08 08:19 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-08-23 06:26 . 2008-09-08 08:19 2195200 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-23 06:26 . 2008-04-14 07:30 2071936 ----a-w- c:\windows\system32\ntkrnlpa.exe 2008-05-07 08:34 . 2008-09-08 09:33 15523560 ----a-w- c:\programme\U1 Setup.exe 2008-08-16 15:42 . 2008-08-16 15:42 13112 ----a-w- c:\programme\mozilla firefox\plugins\cgpcfg.dll 2008-08-16 15:42 . 2008-08-16 15:42 70456 ----a-w- c:\programme\mozilla firefox\plugins\CgpCore.dll 2008-08-16 15:42 . 2008-08-16 15:42 91448 ----a-w- c:\programme\mozilla firefox\plugins\confmgr.dll 2008-08-16 15:42 . 2008-08-16 15:42 20800 ----a-w- c:\programme\mozilla firefox\plugins\ctxlogging.dll 2008-08-16 15:43 . 2008-08-16 15:43 206136 ----a-w- c:\programme\mozilla firefox\plugins\ctxmui.dll 2008-08-16 15:42 . 2008-08-16 15:42 31032 ----a-w- c:\programme\mozilla firefox\plugins\icafile.dll 2008-08-16 15:42 . 2008-08-16 15:42 40248 ----a-w- c:\programme\mozilla firefox\plugins\icalogon.dll 2008-05-21 06:41 . 2008-05-21 06:41 479232 ----a-w- c:\programme\mozilla firefox\plugins\msvcm80.dll 2008-05-21 06:41 . 2008-05-21 06:41 548864 ----a-w- c:\programme\mozilla firefox\plugins\msvcp80.dll 2008-05-21 06:41 . 2008-05-21 06:41 626688 ----a-w- c:\programme\mozilla firefox\plugins\msvcr80.dll 2008-06-05 11:58 . 2008-06-05 11:58 648504 ----a-w- c:\programme\mozilla firefox\plugins\sslsdk_b.dll 2008-08-16 15:42 . 2008-08-16 15:42 23864 ----a-w- c:\programme\mozilla firefox\plugins\TcpPServ.dll 2012-10-14 20:55 . 2012-10-14 20:55 97208 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Ad-Aware Antivirus"="c:\programme\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-24 104984] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-24 121368] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-24 100888] "AsusTray"="c:\programme\EeePC\ACPI\AsTray.exe" [2008-07-23 98304] "AsusACPIServer"="c:\programme\EeePC\ACPI\AsAcpiSvr.exe" [2008-07-23 479232] "AsusEPCMonitor"="c:\programme\EeePC\ACPI\AsEPCMon.exe" [2008-05-20 94208] "ETDWare"="c:\programme\Elantech\ETDCtrl.exe" [2008-07-24 335872] "RTHDCPL"="RTHDCPL.EXE" [2008-03-06 16858112] "QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2010-03-17 421888] "UpdateLBPShortCut"="c:\programme\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504] "CLMLServer"="c:\programme\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-15 103720] "UpdateP2GoShortCut"="c:\programme\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504] "UCam_Menu"="c:\programme\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-17 218408] "LGODDFU"="c:\programme\lg_fwupdate\lgfw.exe" [2012-07-23 27760] "UpdatePSTShortCut"="c:\programme\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2010-04-20 222504] "Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "Reader Application Helper"="c:\programme\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe" [2012-01-31 892928] "Ad-Aware Browsing Protection"="c:\dokumente und einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection\adawarebp.exe" [2012-08-08 540056] "SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-09-17 254896] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\dokumente und einstellungen\Max\Startmenü\Programme\Autostart\ OpenOffice.org 3.0.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000] . c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\ Asus Power Management Utility.lnk - c:\programme\ASUS\EeePC\Asus Power Management Utility\Asus Power Management Utility.exe [2008-9-8 294912] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service] @="Ad-Aware Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)] 2009-05-26 19:06 4351216 ----a-w- c:\programme\Yahoo!\Messenger\YahooMessenger.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion] 2011-02-28 14:15 427008 ----a-w- c:\programme\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Programme\\Messenger\\msmsgs.exe"= "c:\\Programme\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"= "c:\\Programme\\Java\\jre6\\bin\\javaw.exe"= "c:\\Programme\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Programme\\Skype\\Phone\\Skype.exe"= "c:\\Programme\\adawaretb\\dtUser.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3587:TCP"= 3587:TCP:Windows Peer-zu-Peer-Gruppierung "3540:UDP"= 3540:UDP:Peer Name Resolution-Protokoll (PNRP) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) . R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [04.11.2012 12:21 21240] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [26.10.2011 14:23 101112] R2 Ad-Aware Service;Ad-Aware Service;c:\programme\Ad-Aware Antivirus\AdAwareService.exe [20.09.2012 15:03 1236368] R2 Iprip;RIP-Überwachung;c:\windows\System32\svchost.exe -k netsvcs [08.09.2008 09:19 14336] R2 MBAMScheduler;MBAMScheduler;c:\programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [04.11.2012 23:47 399432] R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [04.11.2012 23:47 676936] R2 SBAMSvc;Ad-Aware;c:\programme\Ad-Aware Antivirus\SBAMSvc.exe [19.12.2011 13:20 3289032] R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [04.11.2012 12:21 77816] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [04.11.2012 23:47 22856] R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [13.12.2009 22:46 27632] S2 gupdate1c9dd7a496a417e;Google Update Service (gupdate1c9dd7a496a417e);c:\programme\Google\Update\GoogleUpdate.exe [25.05.2009 21:49 133104] S2 SkypeUpdate;Skype Updater;c:\programme\Skype\Updater\Updater.exe [13.07.2012 12:28 160944] S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\14DD.tmp --> c:\windows\system32\14DD.tmp [?] . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc . Inhalt des "geplante Tasks" Ordners . 2012-11-04 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job - c:\progra~1\AD-AWA~1\AdAwareLauncher.exe [2012-09-20 14:03] . 2012-11-15 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-04 21:06] . 2012-11-14 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . 2012-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\programme\Google\Update\GoogleUpdate.exe [2009-05-25 20:49] . 2012-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\programme\Google\Update\GoogleUpdate.exe [2009-05-25 20:49] . 2012-11-17 c:\windows\Tasks\slrxonomf.job - c:\windows\system32\mshtmlerz.dll [2012-10-14 17:15] . . ------- Zusätzlicher Suchlauf ------- . Trusted Zone: amadeus.net\sbc TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\dokumente und einstellungen\Max\Anwendungsdaten\Mozilla\Firefox\Profiles\hwuxoqja.default\ FF - prefs.js: browser.startup.homepage - hxxp://de.wikipedia.org/wiki/Wikipedia:Hauptseite FF - prefs.js: browser.search.selectedEngine - blekko FF - prefs.js: browser.startup.homepage - hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=00F11E03D7FC522950577B50964F423C FF - ExtSQL: 2012-09-25 15:38; jqs@sun.com; c:\programme\Java\jre6\lib\deploy\jqs\ff FF - ExtSQL: 2012-09-25 15:39; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} FF - ExtSQL: !HIDDEN! 2009-08-10 20:41; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - user.js: yahoo.homepage.dontask - true . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2012-11-17 18:07 Windows 5.1.2600 Service Pack 3 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\14DD.tmp" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- . - - - - - - - > 'explorer.exe'(1496) c:\windows\Microsoft.NET\Framework\v1.1.4322\fusion.dll c:\programme\eee storage\xpclient.dll c:\programme\eee storage\logicnp.eznamespaceextensions.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Zeit der Fertigstellung: 2012-11-17 18:09:49 ComboFix-quarantined-files.txt 2012-11-17 17:09 ComboFix2.txt 2012-11-15 23:25 . Vor Suchlauf: 9 Verzeichnis(se), 31.686.316.032 Bytes frei Nach Suchlauf: 10 Verzeichnis(se), 31.691.870.208 Bytes frei . - - End Of File - - E03EB1413B7A2DB24A1A666E46E78874 |
17.11.2012, 22:31 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Google Redirect adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
17.11.2012, 22:40 | #13 |
| Google RedirectCode:
ATTFilter # AdwCleaner v2.007 - Datei am 17/11/2012 um 22:39:50 erstellt # Aktualisiert am 06/11/2012 von Xplode # Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits) # Benutzer : Max - MAX-ON-TOUR # Bootmodus : Normal # Ausgeführt unter : C:\Dokumente und Einstellungen\Max\Lokale Einstellungen\Temporary Internet Files\Content.IE5\HVYLDJ61\adwcleaner[1].exe # Option [Suche] **** [Dienste] **** ***** [Dateien / Ordner] ***** Ordner Gefunden : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\blekko toolbars ***** [Registrierungsdatenbank] ***** Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Schlüssel Gefunden : HKU\S-1-5-21-3986137887-372591639-3133890140-1006\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} ***** [Internet Browser] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Die Registrierungsdatenbank ist sauber. ************************* AdwCleaner[R1].txt - [1014 octets] - [17/11/2012 22:39:50] ########## EOF - C:\AdwCleaner[R1].txt - [1074 octets] ########## |
17.11.2012, 23:21 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Google Redirect adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
17.11.2012, 23:49 | #15 |
| Google RedirectCode:
ATTFilter # AdwCleaner v2.007 - Datei am 17/11/2012 um 23:41:26 erstellt # Aktualisiert am 06/11/2012 von Xplode # Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits) # Benutzer : Max - MAX-ON-TOUR # Bootmodus : Normal # Ausgeführt unter : C:\Dokumente und Einstellungen\Max\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Ordner Gelöscht : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\blekko toolbars ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} ***** [Internet Browser] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Die Registrierungsdatenbank ist sauber. ************************* AdwCleaner[R1].txt - [1080 octets] - [17/11/2012 22:46:54] AdwCleaner[S1].txt - [853 octets] - [17/11/2012 23:41:26] ########## EOF - C:\AdwCleaner[S1].txt - [912 octets] ########## Code:
ATTFilter OTL logfile created on: 18.11.2012 00:29:45 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Max\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1015,05 Mb Total Physical Memory | 365,48 Mb Available Physical Memory | 36,01% Memory free 2,39 Gb Paging File | 1,80 Gb Available in Paging File | 75,36% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 80,02 Gb Total Space | 29,50 Gb Free Space | 36,87% Space Free | Partition Type: NTFS Drive D: | 69,00 Gb Total Space | 68,84 Gb Free Space | 99,78% Space Free | Partition Type: NTFS Computer Name: MAX-ON-TOUR | User Name: Max | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Max\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Programme\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited) PRC - C:\Programme\Ad-Aware Antivirus\AdAware.exe (Lavasoft Limited) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) PRC - C:\Programme\lg_fwupdate\fwupdate.exe (BitLeader) PRC - C:\Programme\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation) PRC - C:\Programme\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software) PRC - C:\Programme\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\Elantech\ETDCTRL.EXE (ELANTECH Devices Corp.) PRC - C:\Programme\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.) PRC - C:\Programme\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.) PRC - C:\Programme\ASUS\EeePC\Asus Power Management Utility\Asus Power Management Utility.exe (ASUSTeK Computer Inc.) PRC - C:\Programme\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\da4bcb702feb770ce40cf1371b0c4d02\System.Drawing.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\90ad0c96693527ae685ff40019bb33b0\System.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3add69b075f3da012fb97ce00cd795c0\mscorlib.ni.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll () MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_d9dbebe8\mscorlib.dll () MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_cd35d9be\system.xml.dll () MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_eeda6918\system.windows.forms.dll () MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_0238698c\system.dll () MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll () MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll () MOD - C:\Programme\Ad-Aware Antivirus\Definitions\libMachoUniv.dll () MOD - C:\Programme\Ad-Aware Antivirus\Definitions\libBase64.dll () MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\fsk.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\readerAppHelper.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\USBDetector.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskNetInterface.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskPower.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskinLocalize.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\ticket.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\Fskin.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskSecurity.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\ebookUsb.dll () MOD - C:\Programme\CyberLink\Power2Go\CLMLSvcPS.dll () MOD - C:\Programme\CyberLink\Power2Go\CLMediaLibrary.dll () MOD - c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll () MOD - c:\windows\assembly\gac\microsoft.visualbasic\7.0.5000.0__b03f5f7f11d50a3a\microsoft.visualbasic.dll () MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll () ========== Services (SafeList) ========== SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (Ad-Aware Service) -- C:\Programme\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (SBAMSvc) -- C:\Programme\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software) SRV - (YahooAUService) -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) SRV - (p2pgasvc) -- C:\WINDOWS\system32\p2pgasvc.dll (Microsoft Corporation) SRV - (Iprip) -- C:\WINDOWS\system32\iprip.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (MEMSWEEP2) -- C:\WINDOWS\system32\14DD.tmp File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (Changer) -- File not found DRV - (catchme) -- C:\DOKUME~1\Max\LOKALE~1\Temp\catchme.sys File not found DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (sbapifs) -- C:\WINDOWS\system32\drivers\sbapifs.sys (GFI Software) DRV - (sbaphd) -- C:\WINDOWS\system32\drivers\sbaphd.sys (GFI Software) DRV - (SBRE) -- C:\WINDOWS\system32\drivers\SBREDrv.sys (GFI Software) DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation) DRV - (rtl8187Se) -- C:\WINDOWS\system32\drivers\rtl8187Se.sys (Realtek Semiconductor Corporation ) DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (L1e) -- C:\WINDOWS\system32\drivers\l1e51x86.sys (Atheros Communications, Inc.) DRV - (seehcri) -- C:\WINDOWS\system32\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV - (AsusACPI) -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS (ASUSTeK Computer Inc.) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3986137887-372591639-3133890140-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKU\S-1-5-21-3986137887-372591639-3133890140-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKU\S-1-5-21-3986137887-372591639-3133890140-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-21-3986137887-372591639-3133890140-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKU\S-1-5-21-3986137887-372591639-3133890140-1006\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-3986137887-372591639-3133890140-1006\..\SearchScopes,DefaultScope = {286C0378-91C1-41B2-BFA8-85303C337F84} IE - HKU\S-1-5-21-3986137887-372591639-3133890140-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3986137887-372591639-3133890140-1006\..\SearchScopes\{286C0378-91C1-41B2-BFA8-85303C337F84}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-3986137887-372591639-3133890140-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "blekko" FF - prefs.js..browser.startup.homepage: "hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=00F11E03D7FC522950577B50964F423C" FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35 FF - prefs.js..extensions.enabledAddons: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledAddons: fb_add_on@avm.de:1.6.3 FF - prefs.js..extensions.enabledAddons: {972ce4c6-7e08-4474-a285-3208198ce6fd}:12.0 FF - prefs.js..extensions.enabledItems: fb_add_on@avm.de:1.5.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.22 FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Programme\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Programme\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.08.10 19:41:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Programme\Java\jre6\lib\deploy\jqs\ff [2012.09.25 14:38:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.11.04 12:19:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.10.14 21:55:52 | 000,000,000 | ---D | M] [2009.03.21 18:23:06 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Max\Anwendungsdaten\Mozilla\Extensions [2009.03.21 18:23:06 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Max\Anwendungsdaten\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2012.11.04 12:19:38 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Max\Anwendungsdaten\Mozilla\Firefox\Profiles\hwuxoqja.default\extensions [2010.06.17 13:03:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Max\Anwendungsdaten\Mozilla\Firefox\Profiles\hwuxoqja.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.11.04 12:19:30 | 000,000,000 | ---D | M] (Ad-Aware Security Add-on) -- C:\Dokumente und Einstellungen\Max\Anwendungsdaten\Mozilla\Firefox\Profiles\hwuxoqja.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} [2012.10.21 22:24:38 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Dokumente und Einstellungen\Max\Anwendungsdaten\Mozilla\Firefox\Profiles\hwuxoqja.default\extensions\fb_add_on@avm.de [2012.11.04 12:19:42 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Dokumente und Einstellungen\Max\Anwendungsdaten\Mozilla\Firefox\Profiles\hwuxoqja.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2012.11.04 20:55:46 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.10.14 21:55:51 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2012.09.25 14:39:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.11.04 20:55:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012.09.25 14:38:45 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2012.10.14 21:55:42 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2008.08.16 16:42:36 | 000,013,112 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\mozilla firefox\plugins\cgpcfg.dll [2008.08.16 16:42:02 | 000,070,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\mozilla firefox\plugins\CgpCore.dll [2008.08.16 16:42:12 | 000,091,448 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\confmgr.dll [2008.08.16 16:42:08 | 000,020,800 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\ctxlogging.dll [2008.08.16 16:43:00 | 000,206,136 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\mozilla firefox\plugins\ctxmui.dll [2008.08.16 16:42:10 | 000,031,032 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\mozilla firefox\plugins\icafile.dll [2008.08.16 16:42:32 | 000,040,248 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\mozilla firefox\plugins\icalogon.dll [2008.05.21 07:41:08 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Programme\mozilla firefox\plugins\msvcm80.dll [2008.05.21 07:41:08 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Programme\mozilla firefox\plugins\msvcp80.dll [2008.05.21 07:41:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Programme\mozilla firefox\plugins\msvcr80.dll [2008.08.16 16:44:46 | 000,427,312 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\npicaN.dll [2012.07.27 21:51:30 | 000,184,248 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\mozilla firefox\plugins\nppdf32.dll [2008.06.05 12:58:54 | 000,648,504 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\mozilla firefox\plugins\sslsdk_b.dll [2008.08.16 16:42:04 | 000,023,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\mozilla firefox\plugins\TcpPServ.dll [2012.11.04 12:19:33 | 000,000,616 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\adawaretb.xml [2012.10.14 21:55:31 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.14 21:55:31 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.10.14 21:55:31 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.10.14 21:55:31 | 000,003,413 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\google.xml [2012.10.14 21:55:31 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.14 21:55:31 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.14 21:55:31 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.11.16 00:22:30 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found. O3 - HKU\S-1-5-21-3986137887-372591639-3133890140-1006\..\Toolbar\WebBrowser: (&Adresse) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-3986137887-372591639-3133890140-1006\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-3986137887-372591639-3133890140-1006\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Programme\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited) O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AsusACPIServer] C:\Programme\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [AsusEPCMonitor] C:\Programme\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [AsusTray] C:\Programme\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [CLMLServer] C:\Programme\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [ETDWare] C:\Programme\Elantech\ETDCTRL.EXE (ELANTECH Devices Corp.) O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [LGODDFU] C:\Programme\lg_fwupdate\lgfw.exe (Bitleader) O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [QuickTime Task] C:\Programme\QuickTime\qttask.exe (Apple Inc.) O4 - HKLM..\Run: [Reader Application Helper] C:\Programme\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation) O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [UCam_Menu] C:\Programme\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Programme\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Programme\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Programme\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3986137887-372591639-3133890140-1006..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Asus Power Management Utility.lnk = C:\Programme\ASUS\EeePC\Asus Power Management Utility\Asus Power Management Utility.exe (ASUSTeK Computer Inc.) O4 - Startup: C:\Dokumente und Einstellungen\Max\Startmenü\Programme\Autostart\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3986137887-372591639-3133890140-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3986137887-372591639-3133890140-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-3986137887-372591639-3133890140-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-3986137887-372591639-3133890140-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\npjpi160_37.dll (Sun Microsystems, Inc.) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\pnrpnsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O15 - HKU\S-1-5-21-3986137887-372591639-3133890140-1006\..Trusted Domains: amadeus.net ([sbc] * in Vertrauenswürdige Sites) O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner) O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1352054965718 (MUWebControl Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{491B983B-C7C5-479B-833C-8AEBC6322AC6}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation) O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\EeePC01.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\EeePC01.bmp O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.09.08 09:40:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.11.17 23:51:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Max\Desktop\OTL.exe [2012.11.17 22:07:36 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2012.11.16 00:10:53 | 000,000,000 | RHSD | C] -- C:\cmdcons [2012.11.16 00:07:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2012.11.16 00:07:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2012.11.16 00:07:58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2012.11.16 00:07:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2012.11.16 00:07:34 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.11.16 00:07:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2012.11.16 00:05:17 | 005,002,404 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Max\Desktop\ComboFix.exe [2012.11.15 01:43:40 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\Max\Desktop\aswMBR.exe [2012.11.14 22:49:03 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012.11.14 22:43:21 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Max\Desktop\tdsskiller.exe [2012.11.14 21:49:23 | 000,000,000 | ---D | C] -- C:\Config.Msi [2012.11.04 23:47:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.11.04 23:47:29 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.11.04 23:47:29 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.11.04 22:33:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Sophos [2012.11.04 22:33:48 | 000,000,000 | ---D | C] -- C:\Programme\Sophos [2012.11.04 20:58:20 | 000,697,272 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012.11.04 20:58:20 | 000,073,656 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012.11.04 20:56:37 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java [2012.11.04 20:55:34 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2012.11.04 20:55:34 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2012.11.04 20:55:34 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2012.11.04 20:50:34 | 000,000,000 | ---D | C] -- C:\Programme\MSXML 4.0 [2012.11.04 20:04:39 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2012.11.04 18:42:36 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Max\Recent [2012.11.04 17:04:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Max\Anwendungsdaten\LavasoftStatistics [2012.11.04 12:24:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Ad-Aware Antivirus [2012.11.04 12:21:06 | 000,077,816 | ---- | C] (GFI Software) -- C:\WINDOWS\System32\drivers\sbapifs.sys [2012.11.04 12:21:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Ad-Aware Antivirus [2012.11.04 12:21:05 | 000,021,240 | ---- | C] (GFI Software) -- C:\WINDOWS\System32\drivers\sbaphd.sys [2012.11.04 12:21:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft [2012.11.04 12:20:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\VDD [2012.11.04 12:20:57 | 000,000,000 | ---D | C] -- C:\Programme\Ad-Aware Antivirus [2012.11.04 12:20:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Max\Lokale Einstellungen\Anwendungsdaten\Downloaded Installations [2012.11.04 12:19:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Max\Lokale Einstellungen\Anwendungsdaten\adawarebp [2012.11.04 12:19:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection [2012.11.04 12:19:42 | 000,000,000 | ---D | C] -- C:\Programme\Toolbar Cleaner [2012.11.04 12:19:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Max\Anwendungsdaten\blekko [2012.11.04 12:19:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Max\Anwendungsdaten\adawaretb [2012.11.04 12:19:19 | 000,000,000 | ---D | C] -- C:\Programme\adawaretb [2012.11.04 12:14:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Max\Anwendungsdaten\Ad-Aware Antivirus [2008.09.08 10:33:54 | 015,523,560 | ---- | C] (Macrovision Corporation) -- C:\Programme\U1 Setup.exe [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.18 00:32:54 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.11.17 23:59:16 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.11.17 23:51:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Max\Desktop\OTL.exe [2012.11.17 23:44:24 | 000,001,587 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ad-Aware Antivirus.lnk [2012.11.17 23:43:50 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.11.17 23:43:38 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\slrxonomf.job [2012.11.17 23:43:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.11.17 23:43:24 | 1064,423,424 | -HS- | M] () -- C:\hiberfil.sys [2012.11.17 22:46:38 | 000,541,569 | ---- | M] () -- C:\Dokumente und Einstellungen\Max\Desktop\adwcleaner.exe [2012.11.17 19:06:35 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.11.17 17:53:42 | 005,002,404 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Max\Desktop\ComboFix.exe [2012.11.16 00:22:30 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012.11.16 00:10:59 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2012.11.15 01:43:40 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\Max\Desktop\aswMBR.exe [2012.11.14 23:26:36 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Max\Desktop\zi6y1gpo.exe [2012.11.14 23:20:05 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012.11.14 22:43:26 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Max\Desktop\tdsskiller.exe [2012.11.14 22:06:08 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012.11.14 22:06:08 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012.11.14 22:01:44 | 000,187,408 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.11.14 21:57:23 | 000,460,762 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.11.14 21:57:23 | 000,442,894 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.11.14 21:57:23 | 000,085,626 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.11.14 21:57:23 | 000,072,160 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.11.14 21:48:50 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.11.04 23:47:33 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.04 18:40:17 | 000,000,654 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk [2012.11.04 12:25:30 | 000,001,076 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Antivirus Scheduled Scan.job [2012.10.23 14:26:37 | 000,013,998 | ---- | M] () -- C:\Dokumente und Einstellungen\Max\Eigene Dateien\Abrechnung Westkanada 2012.ods [2012.10.23 11:56:00 | 000,014,496 | ---- | M] () -- C:\Dokumente und Einstellungen\Max\Desktop\Abrechnung Westkanada 2011.ods [2012.10.22 20:56:29 | 001,866,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys [2012.10.22 20:56:29 | 001,866,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.17 22:46:37 | 000,541,569 | ---- | C] () -- C:\Dokumente und Einstellungen\Max\Desktop\adwcleaner.exe [2012.11.16 00:10:59 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2012.11.16 00:10:55 | 000,262,448 | RHS- | C] () -- C:\cmldr [2012.11.16 00:07:58 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012.11.16 00:07:58 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012.11.16 00:07:58 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012.11.16 00:07:58 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012.11.16 00:07:58 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012.11.14 23:26:32 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Max\Desktop\zi6y1gpo.exe [2012.11.14 21:48:47 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2012.11.04 23:47:33 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.04 20:58:26 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.11.04 12:25:30 | 000,001,076 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Antivirus Scheduled Scan.job [2012.11.04 12:21:07 | 000,001,587 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ad-Aware Antivirus.lnk [2012.10.14 18:15:19 | 000,094,208 | RHS- | C] () -- C:\WINDOWS\System32\mshtmlerz.dll [2012.02.26 23:48:11 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.09.22 01:13:10 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011.06.19 03:05:26 | 000,000,326 | ---- | C] () -- C:\Dokumente und Einstellungen\Max\Verknüpfung (2) mit Track01.lnk [2011.06.19 03:04:13 | 000,000,326 | ---- | C] () -- C:\Dokumente und Einstellungen\Max\Verknüpfung mit Track01.lnk [2011.06.19 02:15:24 | 000,000,333 | ---- | C] () -- C:\WINDOWS\lgfwup.ini [2009.02.16 17:19:28 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat [2009.01.16 01:19:44 | 000,000,147 | ---- | C] () -- C:\Dokumente und Einstellungen\Max\.languagetool.cfg [2008.11.24 15:35:03 | 000,019,968 | ---- | C] () -- C:\Dokumente und Einstellungen\Max\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.11.16 01:32:22 | 000,000,136 | ---- | C] () -- C:\Dokumente und Einstellungen\Max\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2008.11.15 20:23:11 | 000,004,796 | ---- | C] () -- C:\Dokumente und Einstellungen\Max\Anwendungsdaten\wklnhst.dat ========== ZeroAccess Check ========== [2008.09.08 10:18:30 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.06.26 09:12:40 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 13:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.11.14 22:02:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection [2009.02.04 02:47:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software [2012.01.01 23:57:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\kinoma [2009.02.04 02:40:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony [2012.11.04 12:24:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Ad-Aware Antivirus [2012.11.04 23:46:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Max\Anwendungsdaten\Ad-Aware Antivirus [2012.11.04 17:02:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Max\Anwendungsdaten\adawaretb [2009.03.19 13:18:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Max\Anwendungsdaten\Amadeus [2012.11.04 12:19:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Max\Anwendungsdaten\blekko [2012.01.02 21:09:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Max\Anwendungsdaten\calibre [2012.04.08 10:19:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Max\Anwendungsdaten\ElevatedDiagnostics [2010.10.31 13:16:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Max\Anwendungsdaten\FRITZ! [2011.04.22 09:31:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Max\Anwendungsdaten\ICAClient [2009.01.16 00:46:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Max\Anwendungsdaten\OpenOffice.org [2009.02.04 02:40:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Max\Anwendungsdaten\Sony [2009.02.04 02:22:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Max\Anwendungsdaten\Sony Setup [2008.11.15 20:30:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Max\Anwendungsdaten\Template ========== Purity Check ========== < End of report > OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 18.11.2012 00:29:45 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Max\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1015,05 Mb Total Physical Memory | 365,48 Mb Available Physical Memory | 36,01% Memory free 2,39 Gb Paging File | 1,80 Gb Available in Paging File | 75,36% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 80,02 Gb Total Space | 29,50 Gb Free Space | 36,87% Space Free | Partition Type: NTFS Drive D: | 69,00 Gb Total Space | 68,84 Gb Free Space | 99,78% Space Free | Partition Type: NTFS Computer Name: MAX-ON-TOUR | User Name: Max | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_USERS\S-1-5-21-3986137887-372591639-3133890140-1006\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-zu-Peer-Gruppierung "3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution-Protokoll (PNRP) "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-zu-Peer-Gruppierung "3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution-Protokoll (PNRP) "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation) "C:\Programme\Windows Live\Sync\WindowsLiveSync.exe" = C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Programme\Messenger\msmsgs.exe" = C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation) "C:\Programme\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe" = C:\Programme\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.2 -- (Sony Creative Software Inc.) "C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.) "C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" = C:\Programme\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.) "C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation) "C:\Programme\Windows Live\Sync\WindowsLiveSync.exe" = C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation) "C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath -- (Skype Technologies S.A.) "C:\Programme\adawaretb\dtUser.exe" = C:\Programme\adawaretb\dtUser.exe:*:Enabled:Ad-Aware Security Add-on DTX Broker -- (Visicom Media Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam "{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0 "{10F755FD-ED31-4ABF-8720-49A399C52297}" = calibre "{19F5658D-92E8-4A08-8657-D38ABB1574B2}" = Asus ACPI Driver "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 37 "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4C60287C-052E-4595-8B83-32A9977FE942}" = Asus Power Management Utility "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC "{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6a4b0a4f-58d0-430c-becc-aa50733cd761}" = Ad-Aware Antivirus "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{82F2B38B-1426-443D-874C-AC25675E7BEB}" = Windows Live Mail "{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent "{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{91605026-DBBF-48FF-B703-F7719CE3F703}" = Reader for PC "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{98EA51C9-B0B0-45BC-8641-3E119EA47D7B}" = Sony Ericsson Media Manager 1.2 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8 "{ADD5DB49-72CF-11D8-9D75-000129760D75}" = LG CyberLink PowerBackup "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{D4EEC21C-04F0-4CF4-8078-82C11E38EF11}" = REALTEK RTL8187SE Wireless LAN Driver "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.01.149 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "adawaretb" = Ad-Aware Security Add-on "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "CCleaner" = CCleaner "Eee Storage" = Eee Storage 1.1.15.197 "Elantech" = ETD Ware PS/2-x86 5.0.0.4 WHQL "HDMI" = Intel(R) Graphics Media Accelerator Driver "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie8" = Windows Internet Explorer 8 "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.20 "VLC media player" = VLC media player 0.9.8a "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WinLiveSuite_Wave3" = Windows Live Essentials "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Messenger" = Yahoo! Messenger "Yahoo! Software Update" = Yahoo! Software Update ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3986137887-372591639-3133890140-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "DrKawashima" = Dr Kawashima "LanguageTool" = LanguageTool ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 14.06.2012 11:18:00 | Computer Name = MAX-ON-TOUR | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: 307 (HTTP-Antwortstatus). Error - 16.06.2012 18:40:34 | Computer Name = MAX-ON-TOUR | Source = ESENT | ID = 490 Description = svchost (1316) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien. Error - 24.07.2012 17:33:23 | Computer Name = MAX-ON-TOUR | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x01c70fc6. Error - 26.07.2012 16:58:41 | Computer Name = MAX-ON-TOUR | Source = ESENT | ID = 490 Description = svchost (1324) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien. Error - 10.08.2012 09:47:02 | Computer Name = MAX-ON-TOUR | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben. . Error - 16.09.2012 11:52:25 | Computer Name = MAX-ON-TOUR | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung imgresize.exe, Version 1.4.0.0, fehlgeschlagenes Modul imgresize.exe, Version 1.4.0.0, Fehleradresse 0x0000b26c. Error - 16.09.2012 11:55:13 | Computer Name = MAX-ON-TOUR | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung imgresize.exe, Version 1.4.0.0, fehlgeschlagenes Modul imgresize.exe, Version 1.4.0.0, Fehleradresse 0x0000b26c. Error - 06.10.2012 18:02:43 | Computer Name = MAX-ON-TOUR | Source = ESENT | ID = 490 Description = svchost (1316) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien. Error - 14.10.2012 17:04:25 | Computer Name = MAX-ON-TOUR | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung firefox.exe, Version 12.0.0.4493, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 14.11.2012 18:32:50 | Computer Name = MAX-ON-TOUR | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung AdAware.exe, Version 10.3.45.3935, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. [ System Events ] Error - 14.11.2012 18:30:59 | Computer Name = MAX-ON-TOUR | Source = PlugPlayManager | ID = 12 Description = Das Gerät "Realtek RTL8187SE Wireless LAN PCIE Network Adapter" (PCI\VEN_10EC&DEV_8199&SUBSYS_819910EC&REV_22\4&1b635843&0&00E2) wurde ohne vorbereitende Maßnahmen vom System entfernt. Error - 14.11.2012 18:34:44 | Computer Name = MAX-ON-TOUR | Source = atapi | ID = 262153 Description = Das Gerät \Device\Ide\IdePort0 hat innerhalb der Fehlerwartezeit nicht geantwortet. Error - 14.11.2012 18:34:47 | Computer Name = MAX-ON-TOUR | Source = atapi | ID = 262153 Description = Das Gerät \Device\Ide\IdePort0 hat innerhalb der Fehlerwartezeit nicht geantwortet. Error - 14.11.2012 20:40:12 | Computer Name = MAX-ON-TOUR | Source = MRxSmb | ID = 8003 Description = Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "GREGOR-VAIO", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{491B983B-C7C5-47-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error - 14.11.2012 20:43:51 | Computer Name = MAX-ON-TOUR | Source = PlugPlayManager | ID = 12 Description = Das Gerät "Realtek RTL8187SE Wireless LAN PCIE Network Adapter" (PCI\VEN_10EC&DEV_8199&SUBSYS_819910EC&REV_22\4&1b635843&0&00E2) wurde ohne vorbereitende Maßnahmen vom System entfernt. Error - 14.11.2012 20:52:09 | Computer Name = MAX-ON-TOUR | Source = MRxSmb | ID = 8003 Description = Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "GREGOR-VAIO", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{491B983B-C7C5-47-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error - 14.11.2012 21:01:59 | Computer Name = MAX-ON-TOUR | Source = atapi | ID = 262153 Description = Das Gerät \Device\Ide\IdePort0 hat innerhalb der Fehlerwartezeit nicht geantwortet. Error - 15.11.2012 15:19:18 | Computer Name = MAX-ON-TOUR | Source = MRxSmb | ID = 8003 Description = Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "GREGOR-VAIO", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{491B983B-C7C5-47-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error - 15.11.2012 18:43:10 | Computer Name = MAX-ON-TOUR | Source = MRxSmb | ID = 8003 Description = Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "GREGOR-VAIO", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{491B983B-C7C5-47-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error - 17.11.2012 18:58:14 | Computer Name = MAX-ON-TOUR | Source = MRxSmb | ID = 8003 Description = Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "GREGOR-VAIO", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{491B983B-C7C5-47-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. < End of report > |
Themen zu Google Redirect |
ad-aware, administrator, anti-malware, antivirus, autostart, bösartige, dateien, explorer, gen, google, google redirect, infizierte, malwarebytes, minute, nichts, redirect, registrierung, scan, seite, seiten, service, service pack 3, speicher, version |