| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Google spuckt richtige suchergebnisse mit falschen links ausWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
04.02.2009, 01:59
| #1 |
| |  Google spuckt richtige suchergebnisse mit falschen links aus habe seit neuem das problem das google und jegliche andere suchmaschine (zb yahoo) mich auf dubiose seiten verlinkt. hier ein hjt log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:51:52, on 04.02.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\Programme\Medion Info Display\MdionLCM.exe C:\Programme\Microsoft IntelliPoint\point32.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programme\iTunes\iTunesHelper.exe C:\WINDOWS\RTHDCPL.EXE C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programme\Avi Player\AviPlayer.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\ALCFDRTM.EXE C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE D:\nVidia\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Programme\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Programme\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\msiexec.exe C:\Programme\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.google.at/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 80.80.12.125:80 R3 - URLSearchHook: Softonic Deutsch Toolbar - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_08\bin\ssv.dll O2 - BHO: Softonic Deutsch Toolbar - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll O3 - Toolbar: Softonic Deutsch Toolbar - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [MedionVFD] "C:\Programme\Medion Info Display\MdionLCM.exe" O4 - HKLM\..\Run: [Adobe] "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S8B.tmp" /EF "HKLM" O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\lcdmon.exe" O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Ad-Watch] C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Avi Player] "C:\Programme\Avi Player\AviPlayer.exe" hmw O4 - HKCU\..\Run: [igndlm.exe] C:\Programme\Download Manager\DLM.exe /windowsstart /startifwork O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Programme\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme O4 - HKCU\..\Run: [NVIDIA nTune] "D:\nVidia\nTune\nTuneCmd.exe" clear O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Steam] "c:\programme\steam\steam.exe" -silent O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [PlayNC Launcher] C:\programme\ncsoft\launcher\NCLauncher.exe /Minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Xfire.lnk = C:\Programme\Xfire\xfire.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - h**p://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - h**p://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h**p://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158053667187 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - h**p://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - h**p://www.acclaim.com/cabs/acclaim_v5.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - h**p://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158053658234 O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Droppix Service - Droppix - C:\Programme\Gemeinsame Dateien\Droppix\DxService.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - D:\nVidia\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 10580 bytes hoffe ihr könnt mir in irgendeiner weise helfen |
|
04.02.2009, 08:07
| #2 |
  | Google spuckt richtige suchergebnisse mit falschen links aus Hi,
__________________Bitte folgende Files prüfen: Dateien Online überprüfen lassen:
Code:
ATTFilter C:\Programme\Avi Player\AviPlayer.exe
MAM: Malwarebytes Antimalware (MAM). Anleitung&Download hier: http://www.trojaner-board.de/51187-malwarebytes-anti-malware.html Fullscan und alles bereinigen lassen! Log posten. Alternativer Download: http://filepony.de/download-malwarebytes_anti_malware/, http://www.gt500.org/malwarebytes/mbam.jsp chris
__________________ |
|
05.02.2009, 03:55
| #3 |
| | Google spuckt richtige suchergebnisse mit falschen links aus das zeigt der log von virtustotal
__________________Antivirus Version letzte aktualisierung Ergebnis a-squared 4.0.0.93 2009.02.04 - AhnLab-V3 5.0.0.2 2009.02.04 - AntiVir 7.9.0.71 2009.02.04 - Authentium 5.1.0.4 2009.02.04 - Avast 4.8.1281.0 2009.02.03 - AVG 8.0.0.229 2009.02.04 Downloader.Generic6.QDM BitDefender 7.2 2009.02.04 - CAT-QuickHeal 10.00 2009.02.04 - ClamAV 0.94.1 2009.02.04 - Comodo 964 2009.02.04 - DrWeb 4.44.0.09170 2009.02.04 - eSafe 7.0.17.0 2009.02.01 Suspicious File eTrust-Vet 31.6.6341 2009.02.04 - F-Prot 4.4.4.56 2009.02.04 - F-Secure 8.0.14470.0 2009.02.04 - Fortinet 3.117.0.0 2009.02.04 - GData 19 2009.02.04 - Ikarus T3.1.1.45.0 2009.02.04 - K7AntiVirus 7.10.618 2009.02.04 - Kaspersky 7.0.0.125 2009.02.04 - McAfee 5515 2009.02.03 - McAfee+Artemis 5515 2009.02.03 - Microsoft 1.4306 2009.02.04 - NOD32 3825 2009.02.04 Win32/Ivefound.AviPlayer Norman 6.00.02 2009.02.04 - nProtect 2009.1.8.0 2009.02.04 - Panda 9.5.1.2 2009.02.03 - PCTools 4.4.2.0 2009.02.03 - Prevx1 V2 2009.02.04 - Rising 21.15.20.00 2009.02.04 - SecureWeb-Gateway 6.7.6 2009.02.04 - Sophos 4.38.0 2009.02.04 - Sunbelt 3.2.1835.2 2009.01.16 - Symantec 10 2009.02.04 - TheHacker 6.3.1.5.246 2009.02.04 - TrendMicro 8.700.0.1004 2009.02.04 - VBA32 3.12.8.12 2009.02.04 - ViRobot 2009.2.4.1589 2009.02.04 - VirusBuster 4.5.11.0 2009.02.04 - weitere Informationen File size: 629760 bytes MD5...: dfea57f56092b33484d18bf5fde73fb9 SHA1..: 957791dc0b0706542feb40606fe694bb6703c5f9 SHA256: 4078226af61e032e4c0d24c0daa84f48072769399466c973edec0ffba2c3712a SHA512: b571e74747ad07043942569171322888e521bb661b32c88f2fae0187b69fb276 4e98146d9b0cd2ea719093642215c48b107e5b5aff0ad4197e2a473de302f385 ssdeep: 12288:74F3oQjJ3vXvQBrPX8hT43pP0qRcHerqJvHCcdhjZFadzhPWk+:QNQl8hT 43xfKXtHCc7TadzVW PEiD..: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser TrID..: File type identification UPX compressed Win32 Executable (42.6%) Win32 EXE Yoda's Crypter (37.0%) Win32 Executable Generic (11.8%) Win16/32 Executable Delphi generic (2.8%) Generic Win/DOS Executable (2.7%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x184450 timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 UPX0 0x1000 0x113000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e UPX1 0x114000 0x71000 0x70600 7.93 dbe5c76caeb17d5028017b959a0226c6 .rsrc 0x185000 0x2a000 0x29200 5.37 9ac65298e18fc47e4281ee1545299d8a ( 12 imports ) > KERNEL32.DLL: LoadLibraryA, GetProcAddress, ExitProcess > advapi32.dll: RegCloseKey > comctl32.dll: ImageList_Add > comdlg32.dll: GetOpenFileNameA > gdi32.dll: SaveDC > ole32.dll: OleDraw > oleaut32.dll: VariantCopy > quartz.dll: AMGetErrorTextA > shell32.dll: SHGetMalloc > user32.dll: GetDC > version.dll: VerQueryValueA > wininet.dll: InternetGetConnectedState ( 0 exports ) packers (Kaspersky): UPX CWSandbox info: <a href='h**p://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=dfea57f56092b33484d18bf5fde73fb9' target='_blank'>h**p://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=dfea57f56092b33484d18bf5fde73fb9</a> packers (F-Prot): UPX ThreatExpert info: <a href='h**p://www.threatexpert.com/report.aspx?md5=dfea57f56092b33484d18bf5fde73fb9' target='_blank'>h**p://www.threatexpert.com/report.aspx?md5=dfea57f56092b33484d18bf5fde73fb9</a> und das is der Malwarebytes log Malwarebytes' Anti-Malware 1.33 Datenbank Version: 1729 Windows 5.1.2600 Service Pack 3 05.02.2009 03:52:13 mbam-log-2009-02-05 (03-52-13).txt Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|H:\|) Durchsuchte Objekte: 204002 Laufzeit: 1 hour(s), 30 minute(s), 16 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\System Volume Information\_restore{FC790E93-A10B-46C5-B704-30CD2343A6E7}\RP945\A0262948.exe (Adware.NetPumper) -> Quarantined and deleted successfully. |
|
05.02.2009, 08:20
| #4 |
| | Google spuckt richtige suchergebnisse mit falschen links aus Hi, hm, dem AviPlayer.exe traue ich nicht über den Weg, wenn Du ihn nicht brauchst bitte löschen/deinstallieren; Du hattest eine Infektion mit NetPumper, der zieht alle mögliche Adware nach sich... Scanne mal mit ewido: Ewido MicroScanner: http://downloads.ewido.net/ewido_micro.exe DSS Download dss zum Desktop (http://www.techsupportforum.com/sectools/Deckard/dss.exe) Schliesse alle Anwendungen und Doppelklicke dss.exe Während DSS läuft, keine anderen Aktionen ausführen! Kopiere den Inhalt des Berichts C:\main.txt und extra.txt in Deinen Thread Inhalt von Hostsfile prüfen: Hosts-File anzeigen: Lade das Host-file (C:\WINDOWS\system32\drivers\etc\hosts) in einen Texteditor (im Explorer drauf klicken, rechte Maus, senden an -> editor). Kopiere den Inhalt und poste ihn hier... chris
__________________  Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) |
|
05.02.2009, 22:50
| #5 |
| | Google spuckt richtige suchergebnisse mit falschen links aus ewido funktionierte nicht, der machte zwar in nem fenster nach dem download + ausführen auf, gab mir aber gleich einen error hier is die main datei Deckard's System Scanner v20071014.68 Run by Michael on 2009-02-05 22:31:32 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 127: 2009-02-05 21:31:43 UTC - RP960 - Deckard's System Scanner Restore Point 126: 2009-02-05 04:41:34 UTC - RP959 - Software Distribution Service 3.0 125: 2009-02-04 20:00:15 UTC - RP958 - Removed Crysis(R). 124: 2009-02-04 19:54:13 UTC - RP957 - Removed Grand Theft Auto IV 123: 2009-02-04 19:53:28 UTC - RP956 - Removed Rockstar Games Social Club -- First Restore Point -- 1: 2008-11-21 08:35:31 UTC - RP834 - Software Distribution Service 3.0 Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Michael.exe) --------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:33:12, on 05.02.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\Programme\Medion Info Display\MdionLCM.exe C:\Programme\Microsoft IntelliPoint\point32.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programme\iTunes\iTunesHelper.exe C:\WINDOWS\RTHDCPL.EXE C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\ALCFDRTM.EXE C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE D:\nVidia\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Programme\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Dokumente und Einstellungen\Michael\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Michael.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 80.80.12.125:80 R3 - URLSearchHook: Softonic Deutsch Toolbar - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_08\bin\ssv.dll O2 - BHO: Softonic Deutsch Toolbar - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll O3 - Toolbar: Softonic Deutsch Toolbar - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [MedionVFD] "C:\Programme\Medion Info Display\MdionLCM.exe" O4 - HKLM\..\Run: [Adobe] "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S8B.tmp" /EF "HKLM" O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\lcdmon.exe" O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Ad-Watch] C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [igndlm.exe] C:\Programme\Download Manager\DLM.exe /windowsstart /startifwork O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Programme\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme O4 - HKCU\..\Run: [NVIDIA nTune] "D:\nVidia\nTune\nTuneCmd.exe" clear O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Steam] "c:\programme\steam\steam.exe" -silent O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [PlayNC Launcher] C:\programme\ncsoft\launcher\NCLauncher.exe /Minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Xfire.lnk = C:\Programme\Xfire\xfire.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158053667187 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158053658234 O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Droppix Service - Droppix - C:\Programme\Gemeinsame Dateien\Droppix\DxService.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - D:\nVidia\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 10404 bytes -- File Associations ----------------------------------------------------------- .bat - batfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,71 .cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%* .cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%* .inf - inffile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69 .ini - inifile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69 .txt - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,70 -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System> R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System> R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu> R1 SSHDRV65 - c:\windows\system32\drivers\sshdrv65.sys R3 NVR0Dev - c:\windows\nvoclock.sys <Not Verified; NVidia Corp.; NVidia System Utility Driver> S3 ASPI (Advanced SCSI Programming Interface Driver) - c:\windows\system32\drivers\aspi32.sys <Not Verified; Adaptec; Adaptec's ASPI Layer> S3 cdrmkaun - c:\dokume~1\michael\lokale~1\temp\cdrmkaun.sys (file missing) S3 ssmdrv - c:\windows\system32\drivers\ssmdrv.sys <Not Verified; AVIRA GmbH; > -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 AntiVirScheduler (Avira AntiVir Personal - Free Antivirus Planer) - "c:\programme\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation> R2 EPSONStatusAgent2 (EPSON Printer Status Agent2) - c:\programme\gemeinsame dateien\epson\ebapi\sagent2.exe <Not Verified; SEIKO EPSON CORPORATION; EPSON Bidirectional Printer> R2 nTuneService (nTune Service) - d:\nvidia\ntune\ntuneservice.exe /startservice <Not Verified; NVIDIA; NVIDIA nTune> R2 x10nets (X10 Device Network Service) - c:\progra~1\common~1\x10\common\x10nets.exe <Not Verified; X10; x10 Module> S3 Droppix Service - "c:\programme\gemeinsame dateien\droppix\dxservice.exe" <Not Verified; Droppix; Droppix Services> -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2009-02-02 15:26:07 456 --a------ C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job 2009-01-28 13:44:05 276 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -- Files created between 2009-01-05 and 2009-02-05 ----------------------------- 2009-02-04 01:33:50 0 d-------- C:\Programme\Trend Micro 2009-01-31 15:25:09 0 d-------- C:\Programme\Lavasoft 2009-01-30 15:51:43 0 d-------- C:\Programme\Malwarebytes' Anti-Malware 2009-01-16 16:01:08 0 d-------- C:\Dokumente und Einstellungen\Michael\.thumbnails 2009-01-16 16:00:13 0 d-------- C:\Dokumente und Einstellungen\Michael\.gimp-2.6 2009-01-16 16:00:10 0 d-------- C:\Programme\Conduit 2009-01-16 16:00:09 0 d-------- C:\Programme\Softonic_Deutsch 2009-01-16 16:00:07 0 d-------- C:\Dokumente und Einstellungen\Michael\.gegl-0.0 2009-01-16 15:59:33 0 d-------- C:\Programme\GIMP-2.0 -- Find3M Report --------------------------------------------------------------- 2009-02-05 22:31:02 0 d-------- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Xfire 2009-02-05 20:40:53 0 d-------- C:\Programme\Steam 2009-02-04 20:53:30 0 d-------- C:\Programme\Rockstar Games 2009-02-04 20:53:29 0 d--h----- C:\Programme\InstallShield Installation Information 2009-01-31 17:45:49 0 d-------- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\GetRightToGo 2009-01-31 17:36:08 0 d-------- C:\Programme\NCSoft 2009-01-31 13:57:29 0 d-------- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\U3 2009-01-30 15:51:49 0 d-------- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Malwarebytes 2009-01-30 12:48:12 0 d---s---- C:\Programme\Xfire 2009-01-28 13:28:51 0 d-------- C:\Programme\World of Warcraft 2009-01-26 13:23:04 0 d-------- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\teamspeak2 2009-01-23 21:57:05 0 d-------- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\SPORE 2009-01-17 22:49:22 0 d-------- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\gtk-2.0 2008-12-31 17:02:54 494054 --a------ C:\WINDOWS\system32\perfh007.dat 2008-12-31 17:02:54 99982 --a------ C:\WINDOWS\system32\perfc007.dat 2008-12-28 18:59:00 0 d-------- C:\Programme\Microsoft Games for Windows - LIVE 2008-12-28 18:04:28 0 d-------- C:\Programme\Messenger 2008-12-28 17:57:47 0 d-------- C:\Programme\Movie Maker 2008-12-28 17:55:02 0 d-------- C:\Programme\Windows NT 2008-12-28 16:30:12 0 d-------- C:\Programme\MSBuild 2008-12-28 16:24:49 0 d-------- C:\Programme\Reference Assemblies 2008-12-26 16:53:44 0 d-------- C:\Programme\DOSBox-0.63 2008-12-25 20:14:44 73728 --a------ C:\WINDOWS\ALCFDRTM.EXE <Not Verified; Realtek Semiconductor Corp.; Realtek ALCFDRTM> 2008-12-25 20:12:06 0 d-------- C:\Programme\Realtek 2008-12-24 18:20:44 0 d-------- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Apple Computer 2008-12-24 18:20:35 0 d-------- C:\Programme\iTunes 2008-12-24 18:20:17 0 d-------- C:\Programme\iPod 2008-12-24 18:20:17 0 d-------- C:\Programme\Gemeinsame Dateien\Apple 2008-12-24 18:19:44 0 d-------- C:\Programme\QuickTime 2008-12-24 18:17:59 0 d-------- C:\Programme\Apple Software Update 2008-12-24 18:16:57 0 d-------- C:\Programme\Gemeinsame Dateien 2008-12-21 00:50:01 0 d-------- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla 2008-12-19 22:07:31 0 d-------- C:\Programme\GameSpy Arcade 2008-12-12 19:01:51 0 d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard 2008-12-12 19:01:23 0 d-------- C:\Programme\AGEIA Technologies 2008-12-12 18:57:44 1984 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-11-12 14:54:00 1630208 --a------ C:\WINDOWS\system32\nwiz.exe 2008-11-12 14:54:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll 2008-11-12 14:54:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll 2008-11-12 14:54:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll 2008-11-12 14:54:00 1486848 --a------ C:\WINDOWS\system32\nview.dll 2008-11-12 14:54:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe 2008-11-12 14:54:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe 2008-11-12 14:54:00 425984 --a------ C:\WINDOWS\system32\keystone.exe -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}] 15.09.2008 06:47 1784856 --a------ C:\Programme\Softonic_Deutsch\tbSoft.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}"= C:\Programme\Softonic_Deutsch\tbSoft.dll [15.09.2008 06:47 1784856] [-HKEY_CLASSES_ROOT\CLSID\{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [29.09.2005 13:01] "MedionVFD"="C:\Programme\Medion Info Display\MdionLCM.exe" [17.04.2006 15:04] "Adobe"="C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" [] "EPSON Stylus DX4000 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.exe" [21.02.2006 05:00] "Launch LCDMon"="C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\lcdmon.exe" [] "IntelliPoint"="C:\Programme\Microsoft IntelliPoint\point32.exe" [24.03.2005 00:26] "Adobe Photo Downloader"="C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [] "avgnt"="C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [12.06.2008 14:28] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12.11.2008 14:54] "nwiz"="nwiz.exe" [12.11.2008 14:54 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12.11.2008 14:54] "QuickTime Task"="C:\Programme\QuickTime\QTTask.exe" [04.11.2008 10:30] "iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe" [20.11.2008 13:20] "RTHDCPL"="RTHDCPL.EXE" [09.12.2008 14:23 C:\WINDOWS\RTHDCPL.EXE] "Alcmtr"="ALCMTR.EXE" [19.06.2008 16:20 C:\WINDOWS\ALCMTR.EXE] "Ad-Watch"="C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe" [31.01.2009 15:26] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [14.04.2008 07:52] "swg"="C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [20.06.2007 21:38] "CD Bremse"="" [] "igndlm.exe"="C:\Programme\Download Manager\DLM.exe" [05.03.2007 22:57] "SRS Audio Sandbox"="C:\Programme\SRS Labs\Audio Sandbox\SRSSSC.exe" [] "NVIDIA nTune"="D:\nVidia\nTune\nTuneCmd.exe" [04.09.2007 18:25] "WMPNSCFG"="C:\Programme\Windows Media Player\WMPNSCFG.exe" [] "Steam"="c:\programme\steam\steam.exe" [14.12.2008 14:36] "SpybotSD TeaTimer"="C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" [16.09.2008 12:16] "PlayNC Launcher"="C:\programme\ncsoft\launcher\NCLauncher.exe" [31.01.2009 17:42] C:\Dokumente und Einstellungen\Michael\Startmen\Programme\Autostart\ Xfire.lnk - C:\Programme\Xfire\xfire.exe [15.01.2009 09:36:58] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy] C:\WINDOWS\System32\dimsntfy.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] eapsvcs eaphost dot3svc dot3svc HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs napagent hkmsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1fb6a09d-7d42-11db-8a6c-001617840b94}] AutoRun\command- L:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cdec19ca-766b-11db-8a5c-001617840b94}] AutoRun\command- K:\LaunchU3.exe -a -- Hosts ----------------------------------------------------------------------- 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 10115 more entries in hosts file. -- End of Deckard's System Scanner: finished at 2009-02-05 22:34:19 ------------ |
|
05.02.2009, 22:51
| #6 |
| | Google spuckt richtige suchergebnisse mit falschen links aus und hier die extra datei Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 3.0 Architecture: X86; Language: German CPU 0: Intel(R) Pentium(R) D CPU 3.40GHz Percentage of Memory in Use: 29% Physical Memory (total/avail): 2046.42 MiB / 1432.54 MiB Pagefile Memory (total/avail): 3938.5 MiB / 3450.45 MiB Virtual Memory (total/avail): 2047.88 MiB / 1926.62 MiB C: is Fixed (NTFS) - 112.3 GiB total, 22.9 GiB free. D: is Fixed (NTFS) - 112.3 GiB total, 62.18 GiB free. E: is Fixed (FAT32) - 8.27 GiB total, 4.26 GiB free. F: is CDROM (No Media) G: is CDROM (No Media) H: is Fixed (NTFS) - 232.88 GiB total, 232.42 GiB free. I: is Removable (No Media) J: is Removable (No Media) K: is Removable (No Media) N: is CDROM (No Media) O: is CDROM (No Media) \\.\PHYSICALDRIVE0 - WDC WD2500JS-00NCB1 - 232.88 GiB - 3 partitions \PARTITION0 (bootable) - Installierbares Dateisystem - 112.3 GiB - C: \PARTITION1 - Erweitert mit Int 13 (erweitert) - 120.58 GiB - D: - E: \\.\PHYSICALDRIVE1 - WDC WD2500JS-22NCB1 - 232.88 GiB - 1 partition \PARTITION0 - Erweitert mit Int 13 (erweitert) - 232.88 GiB - H: \\.\PHYSICALDRIVE2 - Generic Flash HS-CF USB Device \\.\PHYSICALDRIVE3 - Generic Flash HS-MS/SD USB Device \\.\PHYSICALDRIVE4 - Generic Flash HS-SM USB Device -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Dokumente und Einstellungen\All Users APPDATA=C:\Dokumente und Einstellungen\Michael\Anwendungsdaten CLASSPATH=.;C:\Programme\Java\jre1.5.0_08\lib\ext\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Programme\Gemeinsame Dateien COMPUTERNAME=OEM-1AC0DC88A96 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HellgateEnv=C:\Programme\Flagship Studios\Hellgate London\ HOMEDRIVE=C: HOMEPATH=\Dokumente und Einstellungen\Michael LOGONSERVER=\\OEM-1AC0DC88A96 NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Programme\ATI Technologies\ATI.ACE\Core-Static;C:\Programme\QuickTime\QTSystem\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 6 Stepping 4, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0604 ProgramFiles=C:\Programme PROMPT=$P$G QTJAVA=C:\Programme\Java\jre1.5.0_08\lib\ext\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOKUME~1\Michael\LOKALE~1\Temp TMP=C:\DOKUME~1\Michael\LOKALE~1\Temp USERDOMAIN=OEM-1AC0DC88A96 USERNAME=Michael USERPROFILE=C:\Dokumente und Einstellungen\Michael windir=C:\WINDOWS __COMPAT_LAYER=EnableNXShowUI -- User Profiles --------------------------------------------------------------- Michael (admin) Administrator (admin) -- Add/Remove Programs --------------------------------------------------------- --> C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER --> C:\WINDOWS\IsUn0407.exe -fC:\WINDOWS\orun32.isu --> MsiExec /X{AC54E544-3E42-443C-A91D-A00A6974C592} --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 4Musics OGG to MP3 Converter 4.3 --> "C:\Programme\4Musics OGG to MP3 Converter\unins000.exe" 7-Zip 4.42 --> "C:\Programme\7-Zip\Uninstall.exe" ABBYY FineReader 6.0 Sprint --> MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07} Ad-Aware --> "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE Ad-Aware --> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe Adobe Flash Player 10 Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Reader 7.0.8 - Deutsch --> MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A70800000002} Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Apple Mobile Device Support --> MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886} Apple Software Update --> MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Audacity 1.2.6 --> "C:\Programme\Audacity\unins000.exe" Avira AntiVir Personal - Free Antivirus --> C:\Programme\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE Battlefield 2(TM) --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly Battlefield2 Map Hamburger Hill 2005 Bot Support --> D:\bf2\Uninstal.exe Blaze Media Pro --> "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{CFAB4006-0AE0-414D-866A-DCB2C46553CF}\setup_blazemp.exe" REMOVE=TRUE MODIFY=FALSE Call of Duty(R) 4 - Modern Warfare(TM) --> C:\Programme\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0407 Canon S330 --> C:\WINDOWS\system32\CNMCP45.EXE -@C:\WINDOWS\IsUn0407.exe -f"C:\BJPrinter\CNMWINDOWS\Canon S330 Installer\Inst\DeIsL2.isu" -pCanon S330-c"C:\BJPrinter\CNMWINDOWS\Canon S330 Installer\Inst\bjinst.dll CD Bremse 1.47 --> "C:\Programme\CD Bremse\unins000.exe" DeepBurner v1.9.0.228 --> "D:\deepburner\Uninstall.exe" "D:\deepburner\install.log" -u Desktop Taipei version 2.2 --> "C:\Programme\Desktop Taipei\unins000.exe" DEVIL MAY CRY 4 --> MsiExec.exe /I{D4E5A687-797D-44B1-8F96-4FD7A24166A9} Diablo II --> C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat DivX Codec --> C:\Programme\DivX\DivXCodecUninstall.exe /CODEC DivX Content Uploader --> C:\Programme\DivX\DivXContentUploaderUninstall.exe /CUPLOADER DivX Converter --> C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player --> C:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER DivX Web Player --> C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN Download Manager 2.3.6 --> C:\Programme\Download Manager\uninst.exe Droppix Recorder 2 --> "C:\Programme\Droppix\Droppix Recorder 2\unins000.exe" EPSON-Drucker-Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R EPSON Attach To Email --> C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG EPSON Easy Photo Print --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{BC69DDB8-4840-4D9B-BB31-0D4DB2BA1312}\SETUP.EXE" -l0x7 UNINST EPSON File Manager --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{E86BC406-944E-41F6-ADE6-2C136734C96B}\Setup.exe" -l0x7 UNINST EPSON Scan --> C:\Programme\epson\escndv\setup\setup.exe /r EPSON Scan Assistant --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x7 -u EPSON Web-To-Page --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x7 -anything ESDX4000_4050_CX3900 --> C:\Programme\EPSON\TPMANUAL\ESDX4000_4050_CX3900\USE_G\DOCUNINS.EXE ffdshow [rev 918] [2007-02-12] --> "C:\Programme\ffdshow\unins000.exe" File Rescue Plus --> MsiExec.exe /I{52E26953-00EF-42B3-A075-A57E86A38D07} Free YouTube to Mp3 Converter version 3.1 --> "C:\Free YouTube to Mp3 Converter\unins000.exe" GameSpy Arcade --> C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG GIMP 2.6.3 --> "C:\Programme\GIMP-2.0\setup\unins000.exe" Google Toolbar for Firefox --> MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F} Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29} Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\programme\google\googletoolbar1.dll" GRID --> "C:\Program Files\InstallShield Installation Information\{5A0B7BA5-4682-4273-81C2-69B17E649103}\setup.exe" -runfromtemp -l0x0009 -removeonly Hamachi 1.0.3.0 --> C:\Programme\Hamachi\uninstall.exe Hellgate: London --> MsiExec.exe /X{A2B4455D-1046-4732-BFBC-0821BEFC07BC} Hero Editor V0.96 --> C:\WINDOWS\st6unst.exe -n "C:\Programme\Hero Editor\ST6UNST.LOG" High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe" HijackThis 2.0.2 --> "C:\Programme\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix für Windows XP (KB952287) --> "C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" IrfanView (remove only) --> C:\Programme\IrfanView\iv_uninstall.exe iTunes --> MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371} J2SE Runtime Environment 5.0 Update 8 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080} Left 4 Dead --> "C:\Programme\Steam\steam.exe" steam://uninstall/500 LEGO Star Wars II --> C:\Programme\InstallShield Installation Information\{4E074808-1B86-4230-A9EB-0904942EC4AE}\setup.exe -runfromtemp -l0x0407 LimeWire 4.18.8 --> "C:\Programme\LimeWire\uninstall.exe" Little Fighter 2 1.9c --> C:\Programme\LittleFighter2\LF2_v1.9c\uninst.exe Logitech G11 Keyboard Software 1.03 --> MsiExec.exe /X{77A1C7DD-E4F6-4057-92FC-710219215987} Malwarebytes' Anti-Malware --> "C:\Programme\Malwarebytes' Anti-Malware\unins000.exe" Medion Info Display (MCE) --> C:\WINDOWS\UnInst32.exe VFDUtil.uni Microsoft-Basissmartcard-Kryptografiedienstanbieterpaket --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe" Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Games for Windows - LIVE --> MsiExec.exe /X{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F} Microsoft Games for Windows - LIVE Redistributable --> MsiExec.exe /X{FD052FB9-FE90-4438-B355-15EDC89D8FB1} Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110407-6000-11D3-8CFE-0150048383C9} Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 --> MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4} Microsoft Windows-Journal-Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8} Mozilla Firefox (3.0.6) --> C:\Programme\Mozilla Firefox\uninstall\helper.exe MP3Converter --> "C:\Programme\TotalMP3Converter\unins000.exe" MSXML 6.0 Parser (KB925673) --> MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08} NfoDiz 6.0 Setup --> C:\PROGRA~1\NFODIZ~1.0\UNWISE.EXE C:\PROGRA~1\NFODIZ~1.0\INSTALL.LOG NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI NVIDIA nTune --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF} /l1031 NVIDIA PhysX v8.10.13 --> MsiExec.exe /X{AC54E544-3E42-443C-A91D-A00A6974C592} Office 2003 Trial Assistant --> MsiExec.exe /I{47D2103B-FD51-4017-9C20-DD408B17D726} oggcodecs --> MsiExec.exe /I{D65F0073-A820-4085-B997-A061171595A7} OpenAL --> "C:\Programme\OpenAL\OalinstGridRelease.exe" /U PIF DESIGNER --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B90450DF-E781-46FD-B1F1-0C86DA40E443}\SETUP.EXE" -l0x7 anything PlayNC Launcher --> C:\Programme\InstallShield Installation Information\{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}\setup.exe -runfromtemp -l0x0007 -removeonly PowerDVD --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall PowerISO --> "C:\Programme\PowerISO\uninstall.exe" PunkBuster Services --> C:\WINDOWS\system32\pbsvc.exe -u QuickTime --> MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4} Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x7 -removeonly Richard Garriott's Tabula Rasa --> C:\Programme\InstallShield Installation Information\{A64C0769-8048-40B3-8C64-B3E79D6E10E0}\Setup.exe -runfromtemp -l0x0007 -removeonly Sicherheitsupdate für Step by Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe" Sicherheitsupdate für Step by Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB938464) --> "C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB946648) --> "C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB950760) --> "C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB950762) --> "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB950974) --> "C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951066) --> "C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951376-v2) --> "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951376) --> "C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951698) --> "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951748) --> "C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB952954) --> "C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB953839) --> "C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB954211) --> "C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB954459) --> "C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB954600) --> "C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB955069) --> "C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956391) --> "C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956802) --> "C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956803) --> "C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956841) --> "C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB957095) --> "C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB957097) --> "C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958644) --> "C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958687) --> "C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Softonic_Deutsch Toolbar --> C:\PROGRA~1\SOFTON~1\UNWISE.EXE C:\PROGRA~1\SOFTON~1\INSTALL.LOG SPORE™ --> "C:\Programme\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\SPORESetup.exe" -runfromtemp -l0x0007 -removeonly Spybot - Search & Destroy --> "C:\Programme\Spybot - Search & Destroy\unins001.exe" Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3} TeamSpeak 2 RC2 --> C:\Programme\Teamspeak2_RC2\unins000.exe Text-To-Speech-Runtime --> MsiExec.exe /X{7B3F0113-E63C-4D6D-AF19-111A3165CCA2} Uninstall 1.0.0.0 --> "C:\Programme\Gemeinsame Dateien\DVDVideoSoft\unins000.exe" Unreal Tournament 2004 --> D:\UT2004\System\Setup.exe uninstall "UT2004" Unreal Tournament 3 --> "C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\InstallShield Installation Information\{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}\SetupUT3.exe" -runfromtemp -l0x0409 -removeonly Unreal Tournament 3 --> MsiExec.exe /X{BFA90209-7AFF-4DB6-8E4B-E57305751AD7} Update für Windows XP (KB951072-v2) --> "C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Update für Windows XP (KB951978) --> "C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Update für Windows XP (KB955839) --> "C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Update Rollup 2 für Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe USB File Transfer 1.11A --> C:\WINDOWS\IsUninst.exe -f"C:\Programme\Genesys Logic\USB File Transfer 1.11A\Uninst.isu" -c"C:\Programme\Genesys Logic\USB File Transfer 1.11A\uninst.dll" Virtual Keyboard 2.4.0 --> C:\Programme\VirtualKeyboard\uninst.exe Visual Basic 6.0 Runtime&Steuerelemente --> C:\WINDOWS\st6unst.exe -n "C:\Programme\Visual Basic 6.0 Runtime&Steuerelemente\ST6UNST.LOG" Visual C++ 2008 x86 Runtime - (v9.0.30729) --> MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27} Visual C++ 2008 x86 Runtime - v9.0.30729.01 --> C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT="" Warcraft III: All Products --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat WAV to MP3 --> C:\WAVTOMP3\Uninstal.exe Windows-Sicherungsprogramm --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE} Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333} Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe" Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe" Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840} Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD} Windows XP Media Center Edition 2005 KB908246 --> "C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe" Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe" Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WinRAR Archivierer --> C:\Programme\WinRAR\uninstall.exe World of Warcraft --> C:\Programme\Gemeinsame Dateien\Blizzard Entertainment\WORLD OF WARCRAFT\Uninstall.exe X10 Hardware(TM) --> C:\WINDOWS\UNWISE.EXE C:\PROGRA~1\X10HAR~1\Install.log Xfire (remove only) --> "C:\Programme\Xfire\uninst.exe" XML Paper Specification Shared Components Pack 1.0 --> Zune Desktop Theme --> MsiExec.exe /X{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4} -- Application Event Log ------------------------------------------------------- Event Record #/Type14432 / Warning Event Submitted/Written: 02/05/2009 08:19:35 PM Event ID/Source: 32068 / Microsoft Fax Event Description: Die ausgehende Verteilerregel ist nicht gültig, weil kein gültiges Gerät gefunden werden kann. Ausgehende Faxe, die diese Regel verwenden, werden nicht weitergeleitet. Stellen Sie sicher, dass das angezielte Gerät bzw. die angezielten Geräte angeschlossen, korrekt installiert und angeschaltet sind. Stellen Sie außerdem sicher, dass die Gruppe korrekt konfiguriert ist, falls die Weiterleitung an eine Gruppe von Geräten erfolgen soll. Landes-/Regionskennzahl: "*" Ortskennzahl: "*" Event Record #/Type14431 / Warning Event Submitted/Written: 02/05/2009 08:19:35 PM Event ID/Source: 32026 / Microsoft Fax Event Description: Fehler beim Initialisieren der zugewiesenen Faxgeräte (virtuell oder TAPI) durch den Faxdienst. Es können keine Faxe gesendet werden, bis ein Faxgerät installiert ist. Event Record #/Type14427 / Warning Event Submitted/Written: 02/05/2009 06:11:04 PM / 02/05/2009 06:11:05 PM Event ID/Source: 4113 / Avira AntiVir Event Description: AntiVir erkannte in der Datei C:\WINDOWS\system32\wdmaud.sys verdächtigen Code mit der Bezeichnung 'TR/Agent2.crz'! Event Record #/Type14424 / Warning Event Submitted/Written: 02/05/2009 03:24:27 PM Event ID/Source: 32068 / Microsoft Fax Event Description: Die ausgehende Verteilerregel ist nicht gültig, weil kein gültiges Gerät gefunden werden kann. Ausgehende Faxe, die diese Regel verwenden, werden nicht weitergeleitet. Stellen Sie sicher, dass das angezielte Gerät bzw. die angezielten Geräte angeschlossen, korrekt installiert und angeschaltet sind. Stellen Sie außerdem sicher, dass die Gruppe korrekt konfiguriert ist, falls die Weiterleitung an eine Gruppe von Geräten erfolgen soll. Landes-/Regionskennzahl: "*" Ortskennzahl: "*" Event Record #/Type14423 / Warning Event Submitted/Written: 02/05/2009 03:24:27 PM Event ID/Source: 32026 / Microsoft Fax Event Description: Fehler beim Initialisieren der zugewiesenen Faxgeräte (virtuell oder TAPI) durch den Faxdienst. Es können keine Faxe gesendet werden, bis ein Faxgerät installiert ist. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type23793 / Error Event Submitted/Written: 02/05/2009 08:19:36 PM Event ID/Source: 7026 / Service Control Manager Event Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: Beep Event Record #/Type23789 / Error Event Submitted/Written: 02/05/2009 08:17:37 PM Event ID/Source: 14 / nv Event Description: Unknown error on CMDre 00000001 00000080 00000000 00000005 00000009 Event Record #/Type23788 / Error Event Submitted/Written: 02/05/2009 08:17:37 PM Event ID/Source: 14 / nv Event Description: Unknown error on CMDre 00000001 00000080 00000000 00000005 00000009 Event Record #/Type23787 / Error Event Submitted/Written: 02/05/2009 08:17:36 PM Event ID/Source: 14 / nv Event Description: Unknown error on CMDre 00000001 00000080 00000000 00000005 00000009 Event Record #/Type23786 / Error Event Submitted/Written: 02/05/2009 08:17:36 PM Event ID/Source: 14 / nv Event Description: Unknown error on CMDre 00000001 00000080 00000000 00000005 00000009 -- End of Deckard's System Scanner: finished at 2009-02-05 22:34:19 ------------ die hostfile war mit 293485 viel zu lang |
|
| Themen zu Google spuckt richtige suchergebnisse mit falschen links aus |
| ad-aware, ad-watch, adobe, antivir, antivirus, avg, avira, bho, c:\windows\temp, downloader, excel, firefox, google, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, launch, mozilla, object, photoshop, problem, rundll, softonic, softonic deutsch toolbar, software, suchmaschine, system, windows, windows xp, windows\temp |
Linear-Darstellung
