|
Plagegeister aller Art und deren Bekämpfung: Link-Klicks in Firefox: Umleitung auf iminent.com (keine Suchleiste)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
08.11.2012, 22:20 | #1 |
| Link-Klicks in Firefox: Umleitung auf iminent.com (keine Suchleiste) Hallo allerseits, erstmal: Toll, dass es so ein Forum gibt! Vor zwei Tagen habe ich Abends festgestellt, dass sich in Firefox bei Klicks auf einen beliebigen Link in einem neuen Tab eine Unterseite der Domain iminent.com öffnete, auch wenn das natürlich nicht das eigentliche Ziel des Links war. Der genaue Link war hxxp://de.iminent.com/LandingDirect/348/texteffects?refid=348&SourceId=355&CreativeId=17618502&LineItemId=5400510&PublisherId=780266&SectionId=1095&ym=00009725a7a016da243b8a9aad57a08ea3814 Die Suche in diversen Foren ergab, dass es mit Iminent (kenne ich überhaupt nicht) häufiger Probleme gibt: Meistens fand ich allerdings nur Hinweise auf eine installierte Toolbar, die Google als Standardsuchmaschine überschrieb. Mein Fehler tauchte nicht auf. Daher habe ich erstmal Malwarebytes und Avast laufen lassen, aber es kamen keine wirklichen Ergebnisse. Zwei Tage nachdem die Probleme aufgetaucht waren, bin ich jetzt wieder am selben Rechner. Und siehe da: Keine Umleitungen mehr! Jetzt frage ich mich natürlich die klassischen Fragen:
Ich habe (hoffentlich) korrekt alle Logfiles erstellt und hier angehängt. Würde mich sehr freuen, wenn von Euch mal jemand schauen könnte, ob noch was verdächtiges drin hängt (würde mich nicht wundern - PC läuft schon seit zwei Jahren ohne größere Scans). Vielen Dank schonmal im Voraus für die Mühen! PS: OTL gab mir nur eine OTL.txt, keine EXTRAS.txt. Keine Ahnung, was da schiefgelaufen ist. Eine Fehlermeldung kam nicht. Außerdem ist die OTL.txt zu groß, deshalb hier als Code: OTL.txt Code:
ATTFilter OTL logfile created on: 11/8/2012 8:21:19 PM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Besitzer\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.25 Gb Total Physical Memory | 2.67 Gb Available Physical Memory | 82.23% Memory free 7.09 Gb Paging File | 6.69 Gb Available in Paging File | 94.45% Paging File free Paging file location(s): C:\pagefile.sys 4092 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 97.65 Gb Total Space | 14.25 Gb Free Space | 14.60% Space Free | Partition Type: NTFS Drive D: | 195.31 Gb Total Space | 11.16 Gb Free Space | 5.72% Space Free | Partition Type: NTFS Drive E: | 172.79 Gb Total Space | 1.23 Gb Free Space | 0.71% Space Free | Partition Type: NTFS Computer Name: REAKZZ | User Name: Besitzer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Besitzer\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation) PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - E:\Games\Tribes\HiPatchService.exe (Hi-Rez Studios) PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) PRC - C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) PRC - C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe (Logitech, Inc.) PRC - C:\WINDOWS\system32\Ctxfihlp.exe (Creative Technology Ltd) PRC - C:\WINDOWS\system32\CTxfispi.exe (Creative Technology Ltd) PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe () PRC - C:\WINDOWS\tsnpstd3.exe () PRC - C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) PRC - C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe () PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\FixCamera.exe () PRC - C:\WINDOWS\vsnpstd3.exe () ========== Modules (No Company Name) ========== MOD - C:\Program Files\AVAST Software\Avast\defs\12110800\algo.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll () MOD - C:\Program Files\TeraCopy\TeraCopy.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files\CDBurnerXP\NMSAccessU.exe () MOD - C:\WINDOWS\tsnpstd3.exe () MOD - C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe () MOD - C:\Program Files\ASUS\EPU-4 Engine\AsSpindownTimeout.dll () MOD - C:\WINDOWS\FixCamera.exe () MOD - C:\WINDOWS\vsnpstd3.exe () MOD - C:\WINDOWS\CTXFIGER.DLL () MOD - C:\WINDOWS\system32\AsIO.dll () MOD - C:\Program Files\ASUS\EPU-4 Engine\pngio.dll () MOD - C:\WINDOWS\system32\pdfcmnnt.dll () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (TunngleService) -- C:\Program Files\Tunngle\TnglCtrl.exe (Tunngle.net GmbH) SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation) SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (HiPatchService) -- E:\Games\Tribes\HiPatchService.exe (Hi-Rez Studios) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (UMVPFSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) SRV - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (NMSAccess) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe () SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (DAUpdaterSvc) -- E:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare) SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs) SRV - (SandraAgentSrv) -- C:\Program Files\SiSoftware Sandra Lite 2009.SP4\RpcAgentSrv.exe (SiSoftware) SRV - (CTAudSvcService) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) ========== Driver Services (SafeList) ========== DRV - (ZSMC0305) -- System32\Drivers\usbVM305.sys File not found DRV - (WDICA) -- File not found DRV - (rt2870) -- system32\DRIVERS\rt2870.sys File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (FilterService) -- system32\DRIVERS\lvuvcflt.sys File not found DRV - (Changer) -- File not found DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software) DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software) DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software) DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (LVUVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.) DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.) DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (ACEDRV06) -- C:\WINDOWS\system32\drivers\ACEDRV06.sys (Protect Software GmbH) DRV - (tbhsd) -- C:\WINDOWS\system32\drivers\tbhsd.sys (RapidSolution Software AG) DRV - (ha20x2k) -- C:\WINDOWS\system32\drivers\ha20x2k.sys (Creative Technology Ltd) DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd) DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd) DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd) DRV - (ctaud2k) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd) DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd) DRV - (CTEXFIFX.SYS) -- C:\WINDOWS\system32\drivers\CTEXFIFX.sys (Creative Technology Ltd.) DRV - (CTEXFIFX) -- C:\WINDOWS\system32\drivers\CTEXFIFX.sys (Creative Technology Ltd.) DRV - (CTHWIUT.SYS) -- C:\WINDOWS\system32\drivers\CTHWIUT.sys (Creative Technology Ltd.) DRV - (CTHWIUT) -- C:\WINDOWS\system32\drivers\CTHWIUT.sys (Creative Technology Ltd.) DRV - (CT20XUT.SYS) -- C:\WINDOWS\system32\drivers\CT20XUT.sys (Creative Technology Ltd.) DRV - (CT20XUT) -- C:\WINDOWS\system32\drivers\CT20XUT.sys (Creative Technology Ltd.) DRV - (SNPSTD3) -- C:\WINDOWS\system32\drivers\snpstd3.sys (Sonix Co. Ltd.) DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys () DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.) DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.) DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (LBeepKE) -- C:\WINDOWS\system32\drivers\LBeepKE.sys (Logitech, Inc.) DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech, Inc.) DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.) DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (taphss) -- C:\WINDOWS\system32\drivers\taphss.sys (AnchorFree Inc) DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys (Duplex Secure Ltd.) DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.) DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative) DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys () DRV - (L1e) -- C:\WINDOWS\system32\drivers\l1e51x86.sys (Atheros Communications, Inc.) DRV - (tap0901t) -- C:\WINDOWS\system32\drivers\tap0901t.sys (Tunngle.net) DRV - (SANDRA) -- C:\Program Files\SiSoftware Sandra Lite 2009.SP4\WNt500x86\sandra.sys (SiSoftware) DRV - (mv61xx) -- C:\WINDOWS\system32\drivers\mv61xx.sys (Marvell Semiconductor, Inc.) DRV - (acedrv11) -- C:\WINDOWS\system32\drivers\acedrv11.sys (Protect Software GmbH) DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (mrdd) -- C:\WINDOWS\system32\drivers\mrdd.sys (Marvell Semiconductor, Inc.) DRV - (AsIO) -- C:\WINDOWS\system32\drivers\AsIO.sys () DRV - (FWLANUSB) -- C:\WINDOWS\system32\drivers\fwlanusb.sys (AVM GmbH) DRV - (avmeject) -- C:\WINDOWS\system32\drivers\avmeject.sys (AVM Berlin) DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (SynasUSB) -- C:\WINDOWS\system32\drivers\synasUSB.sys (SIA Syncrosoft) DRV - (WPN111) -- C:\WINDOWS\system32\drivers\WPN111.sys (NETGEAR, Inc.) DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys () DRV - (DNINDIS5) -- C:\WINDOWS\system32\DNINDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA)) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1220945662-1383384898-682003330-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1220945662-1383384898-682003330-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1220945662-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1220945662-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Besitzer\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Besitzer\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Besitzer\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101727.dll (Amazon.com, Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/09 20:09:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/05 20:58:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/28 18:39:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/11/01 21:14:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012/11/01 21:14:29 | 000,000,000 | ---D | M] [2012/01/09 23:22:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Besitzer\Application Data\Mozilla\Extensions [2012/11/08 20:11:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Besitzer\Application Data\Mozilla\Firefox\Profiles\k11zvts9.default\extensions [2012/10/28 18:39:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/01/09 20:09:33 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2009/12/18 03:00:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2012/10/28 18:39:26 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/09/12 17:24:55 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/09/12 17:24:55 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/09/12 17:24:55 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012/09/12 17:24:55 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012/09/12 17:24:55 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012/09/12 17:24:55 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.spon.de/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.spon.de/ CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Besitzer\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.79\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Besitzer\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.79\pdf.dll CHR - plugin: Chrome NaCl (Enabled) = C:\Documents and Settings\Besitzer\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Documents and Settings\Besitzer\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.79\gears.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Besitzer\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Besitzer\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: AT_JamesWhite = C:\Documents and Settings\Besitzer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bkeidgmehkdjmpjodpjkepolokanalkm\3_0\ CHR - Extension: avast! WebRep = C:\Documents and Settings\Besitzer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Besitzer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ O1 HOSTS File: ([2011/08/08 20:32:18 | 000,000,812 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com #phone-home von adobe unterbinden O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKU\S-1-5-21-1220945662-1383384898-682003330-1003\..\Toolbar\WebBrowser: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Documents and Settings\Besitzer\Application Data\Gutscheinmieze\toolbar.dll File not found O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd) O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4 - HKLM..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe () O4 - HKLM..\Run: [Six Engine] C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe () O4 - HKLM..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe () O4 - HKLM..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe () O4 - HKLM..\Run: [Tweak UI 1.33 deutsch] C:\WINDOWS\System32\TWEAKUI.CPL (Brummelchen@gmx.at) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1220945662-1383384898-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1220945662-1383384898-682003330-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2) O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D9097D0-566B-4FFD-91DA-76146E74E487}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FCE933F6-3900-4E5A-92EF-53B268ADA3B2}: DhcpNameServer = 192.168.10.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O24 - Desktop WallPaper: C:\Documents and Settings\Besitzer\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Besitzer\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/11/14 13:41:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{171b7e5b-ff21-11de-8b72-0023542553c9}\Shell - "" = AutoRun O33 - MountPoints2\{171b7e5b-ff21-11de-8b72-0023542553c9}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{171b7e5b-ff21-11de-8b72-0023542553c9}\Shell\AutoRun\command - "" = H:\pushinst.exe O33 - MountPoints2\{d989b093-bdb6-11df-8bf2-0023542553c9}\Shell\AutoRun\command - "" = N:\wd_windows_tools\WDSetup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/11/06 01:11:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Wise PC Doctor [2012/11/06 01:11:52 | 000,000,000 | ---D | C] -- C:\Program Files\Wise PC Doctor [2012/11/06 00:56:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Besitzer\Desktop\OTL.exe [2012/11/06 00:54:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Besitzer\Application Data\Malwarebytes [2012/11/06 00:54:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/11/06 00:54:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2012/11/06 00:54:49 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012/11/06 00:54:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/11/06 00:47:29 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group [2012/11/06 00:47:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Besitzer\Start Menu\Programs\Revo Uninstaller [2012/11/06 00:33:05 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC [2012/11/01 21:14:27 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [2012/10/28 18:55:33 | 000,027,136 | ---- | C] (Tunngle.net) -- C:\WINDOWS\System32\drivers\tap0901t.sys [2012/10/28 18:55:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Besitzer\My Documents\Tunngle [2012/10/28 18:55:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Besitzer\Application Data\Tunngle [2012/10/28 18:55:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Tunngle [2012/10/28 18:55:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tunngle [2012/10/28 18:55:32 | 000,000,000 | ---D | C] -- C:\Program Files\Tunngle [2012/10/28 18:55:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Tunngle [2012/10/28 18:39:20 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012/10/28 18:24:44 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2012/10/28 17:45:41 | 000,065,536 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll [2012/10/28 17:45:19 | 005,947,392 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvopencl.dll [2012/10/28 17:45:19 | 001,009,512 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco32.dll [2012/10/28 17:45:19 | 000,888,168 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispgenco32.dll [2012/10/28 17:45:18 | 017,551,360 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll [2012/10/28 17:33:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA [2012/10/24 23:41:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Besitzer\Desktop\backups [2012/10/13 16:40:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes [2012/10/13 16:39:44 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012/10/13 16:39:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2012/10/13 16:28:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime [2012/10/13 16:28:23 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/11/08 20:14:30 | 000,494,342 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/11/08 20:14:30 | 000,084,760 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/11/08 20:14:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012/11/08 20:10:14 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/11/08 20:09:35 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job [2012/11/08 20:09:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/11/08 20:09:20 | 3488,657,408 | -HS- | M] () -- C:\hiberfil.sys [2012/11/08 20:09:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs [2012/11/08 20:08:09 | 000,054,400 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000002-00001102-00000005-00311102}.rfx [2012/11/08 20:08:09 | 000,054,400 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000002-00001102-00000005-00311102}.rfx [2012/11/08 20:08:09 | 000,000,788 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000002-00001102-00000005-00311102}.rfx [2012/11/08 20:07:51 | 000,000,176 | ---- | M] () -- C:\Documents and Settings\Besitzer\defogger_reenable [2012/11/08 20:05:04 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-1383384898-682003330-1003UA.job [2012/11/06 00:59:06 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012/11/06 00:56:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Besitzer\Desktop\OTL.exe [2012/11/06 00:47:29 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Besitzer\Desktop\Revo Uninstaller.lnk [2012/11/06 00:31:09 | 000,158,653 | ---- | M] () -- C:\Documents and Settings\Besitzer\Desktop\20121106003108.pdf [2012/11/06 00:30:27 | 000,158,658 | ---- | M] () -- C:\Documents and Settings\Besitzer\Desktop\20121106003027.pdf [2012/11/06 00:29:19 | 000,163,443 | ---- | M] () -- C:\Documents and Settings\Besitzer\Desktop\20121106002918.pdf [2012/11/06 00:02:20 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/11/05 22:05:00 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-1383384898-682003330-1003Core.job [2012/11/05 20:58:11 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2012/11/04 13:22:01 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [2012/11/01 18:51:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Access.dat [2012/10/30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys [2012/10/30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2012/10/30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2012/10/30 23:51:58 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2012/10/30 23:51:57 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2012/10/30 23:51:57 | 000,089,752 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2012/10/30 23:51:56 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2012/10/30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2012/10/30 23:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr [2012/10/30 23:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [2012/10/30 13:33:16 | 000,000,223 | RHS- | M] () -- C:\boot.ini [2012/10/28 19:31:09 | 003,622,264 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012/10/28 18:55:33 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Tunngle beta.lnk [2012/10/28 17:45:40 | 001,101,436 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2012/10/28 17:45:40 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin [2012/10/28 17:45:37 | 001,101,436 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2012/10/28 17:45:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk [2012/10/28 16:12:39 | 000,254,095 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml [2012/10/27 15:53:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012/10/27 01:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-REAKZZ-Besitzer.job [2012/10/15 23:19:43 | 000,467,307 | ---- | M] () -- C:\Documents and Settings\Besitzer\Desktop\Ticket Bahn Weihnachten.pdf [2012/10/14 16:40:12 | 000,000,862 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Müller Foto.lnk [2012/10/13 16:40:33 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2012/10/13 16:28:41 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk [2012/10/12 10:06:41 | 000,002,309 | ---- | M] () -- C:\Documents and Settings\Besitzer\Desktop\Google Chrome.lnk [2012/10/12 10:06:41 | 000,002,287 | ---- | M] () -- C:\Documents and Settings\Besitzer\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2012/10/11 11:37:11 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/11/08 20:07:41 | 000,000,176 | ---- | C] () -- C:\Documents and Settings\Besitzer\defogger_reenable [2012/11/08 20:03:20 | 3488,657,408 | -HS- | C] () -- C:\hiberfil.sys [2012/11/06 00:54:50 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012/11/06 00:47:29 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Besitzer\Desktop\Revo Uninstaller.lnk [2012/11/06 00:31:08 | 000,158,653 | ---- | C] () -- C:\Documents and Settings\Besitzer\Desktop\20121106003108.pdf [2012/11/06 00:30:27 | 000,158,658 | ---- | C] () -- C:\Documents and Settings\Besitzer\Desktop\20121106003027.pdf [2012/11/06 00:29:19 | 000,163,443 | ---- | C] () -- C:\Documents and Settings\Besitzer\Desktop\20121106002918.pdf [2012/11/01 18:49:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Access.dat [2012/10/28 18:55:33 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Tunngle beta.lnk [2012/10/28 17:45:37 | 001,101,436 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2012/10/28 17:45:37 | 001,101,436 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2012/10/28 17:45:37 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2012/10/28 17:45:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk [2012/10/28 17:45:19 | 002,811,988 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data [2012/10/28 17:45:19 | 000,012,210 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb [2012/10/15 23:19:43 | 000,467,307 | ---- | C] () -- C:\Documents and Settings\Besitzer\Desktop\Ticket Bahn Weihnachten.pdf [2012/10/13 16:40:33 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2012/10/13 16:28:41 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk [2012/10/01 23:16:46 | 000,961,654 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1220945662-1383384898-682003330-1003-0.dat [2012/09/29 16:16:49 | 000,453,086 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat [2012/09/05 20:52:57 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Besitzer\Application Data\Adobe PNG Format CS5 Prefs [2012/08/26 15:20:58 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\Besitzer\Application Data\SquadManagerOptions.xml [2012/08/05 10:33:50 | 000,000,865 | ---- | C] () -- C:\Documents and Settings\Besitzer\.recently-used.xbel [2012/05/08 19:22:32 | 000,835,584 | ---- | C] () -- C:\WINDOWS\vsnpstd3.exe [2012/05/08 19:22:31 | 000,356,352 | ---- | C] () -- C:\WINDOWS\tsnpstd3.exe [2012/05/08 19:22:31 | 000,015,498 | ---- | C] () -- C:\WINDOWS\snpstd3.ini [2012/05/08 19:22:28 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd3.dll [2012/05/08 19:22:28 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll [2012/05/08 19:22:28 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll [2012/05/08 19:22:28 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\csnpstd3.dll [2012/02/17 16:01:19 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012/01/18 07:44:00 | 010,920,984 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll [2012/01/18 07:44:00 | 000,336,408 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll [2012/01/18 07:44:00 | 000,104,472 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe [2012/01/08 19:13:25 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2011/11/17 02:40:38 | 000,028,418 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2011/10/24 12:09:14 | 000,000,042 | ---- | C] () -- C:\WINDOWS\popcinfo.dat [2011/10/24 11:21:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat [2011/10/24 11:21:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcinfot.dat [2011/10/24 11:11:50 | 000,000,231 | ---- | C] () -- C:\WINDOWS\cncscore.ini [2011/09/07 23:41:18 | 000,000,032 | R--- | C] () -- C:\Documents and Settings\All Users\hash.dat [2011/08/18 18:19:09 | 000,004,505 | ---- | C] () -- C:\Documents and Settings\Besitzer\.heldEinstellungen4_1.xml [2011/08/18 18:19:09 | 000,000,292 | ---- | C] () -- C:\Documents and Settings\Besitzer\.dsa4.properties [2011/08/12 11:20:14 | 000,015,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll [2011/08/09 18:55:26 | 000,002,892 | ---- | C] () -- C:\WINDOWS\System32\audcon.sys [2011/08/08 21:29:22 | 000,001,456 | ---- | C] () -- C:\Documents and Settings\Besitzer\Local Settings\Application Data\Adobe Für Web speichern 12.0 Prefs [2011/03/30 18:49:30 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2011/02/12 13:24:43 | 000,020,480 | ---- | C] () -- C:\WINDOWS\FixCamera.exe [2010/12/13 21:55:41 | 000,000,072 | ---- | C] () -- C:\Documents and Settings\Besitzer\.gtk-bookmarks [2010/09/10 20:27:20 | 000,000,440 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol [2010/09/01 19:24:07 | 000,308,072 | ---- | C] () -- C:\Documents and Settings\Besitzer\Application Data\mdbu.bin [2009/11/23 13:27:38 | 011,808,768 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sandra.mda [2009/11/14 16:38:54 | 000,232,960 | ---- | C] () -- C:\Documents and Settings\Besitzer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2009/12/17 08:07:04 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2012/08/30 21:29:36 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 13:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012/10/13 16:40:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2011/07/16 12:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software [2010/07/28 09:54:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVM [2012/05/15 01:22:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Battle.net [2011/06/06 17:30:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare [2012/09/16 20:51:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess [2010/09/26 10:34:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited [2010/07/28 10:07:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan [2009/12/03 18:52:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite [2012/01/10 22:49:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core [2012/01/10 22:49:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts [2010/10/21 16:54:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fallout3 [2012/09/12 19:32:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hi-Rez Studios [2010/09/01 19:03:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lidl_Fotos [2010/03/20 14:34:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PPLive [2010/11/29 12:09:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution [2011/08/08 20:34:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe [2012/01/10 22:23:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Solidshield [2011/08/09 18:55:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Syncrosoft [2011/01/27 16:05:51 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\System Restore [2012/10/14 20:46:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\tmp [2012/11/01 18:48:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tunngle [2010/03/18 17:21:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualizedApplications [2010/10/29 15:13:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2012/02/10 23:26:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Besitzer\Application Data\Amazon [2012/06/08 17:21:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Besitzer\Application Data\Audacity [2010/02/09 19:47:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Besitzer\Application Data\AVM [2010/09/26 10:34:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Besitzer\Application Data\Canneverbe Limited [2010/07/28 10:07:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Besitzer\Application Data\Canon [2010/10/29 15:13:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Besitzer\Application Data\COWON [2009/12/03 18:56:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Besitzer\Application Data\DAEMON Tools Lite [2012/01/09 20:10:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Besitzer\Application Data\DDMSettings [2012/02/12 15:43:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Besitzer\Application Data\Dropbox [2010/09/17 17:28:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Besitzer\Application Data\FireShot [2010/03/19 19:09:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Besitzer\Application Data\gnupg [2012/09/30 17:53:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Besitzer\Application Data\gtk-2.0 [2010/07/28 10:15:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Besitzer\Application Data\HLSW [2010/09/10 19:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Besitzer\Application Data\Leadertech [2010/11/01 16:35:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Besitzer\Application Data\Miranda [2010/03/15 16:20:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Besitzer\Application Data\NVD [2010/08/11 10:18:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Besitzer\Application Data\OpenOffice.org [2012/08/15 12:49:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Besitzer\Application Data\Oracle [2010/08/11 13:33:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Besitzer\Application Data\ProtectDisc [2011/07/28 20:15:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Besitzer\Application Data\Simfy [2010/07/28 10:11:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Besitzer\Application Data\SoftGrid Client [2011/10/24 12:12:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Besitzer\Application Data\SpinTop [2011/10/24 12:12:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Besitzer\Application Data\SpinTop Games [2011/08/09 19:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Besitzer\Application Data\Steinberg [2012/01/08 17:21:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Besitzer\Application Data\TeamViewer [2012/01/09 00:05:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Besitzer\Application Data\temp [2012/03/11 23:39:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Besitzer\Application Data\TeraCopy [2010/03/18 20:24:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Besitzer\Application Data\Thunderbird [2010/03/15 16:20:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Besitzer\Application Data\TP [2010/11/02 21:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Besitzer\Application Data\Tropico 3 [2012/09/16 20:58:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Besitzer\Application Data\TS3Client [2012/11/01 18:51:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Besitzer\Application Data\Tunngle [2011/02/11 16:55:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Besitzer\Application Data\Unity [2012/04/26 19:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Besitzer\Application Data\vitero ========== Purity Check ========== < End of report > |
09.11.2012, 23:17 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Link-Klicks in Firefox: Umleitung auf iminent.com (keine Suchleiste) Hallo und
__________________Code:
ATTFilter O1 - Hosts: 127.0.0.1 activate.adobe.com #phone-home von adobe unterbinden Was verwendest du Adobe-Software wenn du diesem Unternehmen nicht vertraust? Dass du das Phonehome unterbindest bzw. darüber versuchst du unterbinden spricht ja für sich, aber trotzdem setzt du weiterhin auf diese Software. Ist so als wenn du in deiner Wohnung eine Person reinlässt, du sie für einen Dieb hälst, sie aber nicht rausschmeißt - um den Diebstahl zu verhindern klebst du Zettel auf deinen Schranktüren mit der Beschriftung "Hier sind keine Wertsachen drin" Wie hast du deine CS5 Installation denn aktiviert wenn du einen Kommunikation zu activate.adobe.com nicht zulassen willst?
__________________ |
10.11.2012, 10:14 | #3 |
| Link-Klicks in Firefox: Umleitung auf iminent.com (keine Suchleiste) Hi Cosinus,
__________________danke, dass Du Dir die Sachen angesehen hast. Vor zwei Jahren hatte ich nach nem Adobe Update plötzlich Probleme mit PS. Damals kam ein Kumpel (Informatiker) vorbei und hat mir geholfen - weiß aber auch nicht genau, wie er das gemacht hat. Ist das gefährlich, was Du da gefunden hast? Sollte ich das fixen? Liebe Grüße |
11.11.2012, 19:59 | #4 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Link-Klicks in Firefox: Umleitung auf iminent.com (keine Suchleiste)Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Link-Klicks in Firefox: Umleitung auf iminent.com (keine Suchleiste) |
.com, antivirus, asus, avast, besitzer, bho, bonjour, browser, cdburnerxp, down, error, explorer, fehler, fehlermeldung, firefox, flash player, format, frage, google, helper, homepage, iminent, launch, netgear, nvidia, nvidia update, object, plug-in, realtek, redirect, registry, software, umleitung |