|
Plagegeister aller Art und deren Bekämpfung: Google kann nicht über IE oder Mozilla geöffnet werdenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
24.08.2009, 07:30 | #1 |
| Google kann nicht über IE oder Mozilla geöffnet werden Hallo, ich habe seit einigen Tagen das Problem, dass sich google und ebay nicht mehr direkt im Browser aufrufen lassen. Dabei egal ob IE oder Mozilla. Nachdem ich CCleaner habe laufen lassen und er einiges entfernt hat, sowie mit SpyDoctor auch einiges habe entfernen lassen, ging es so für ca. 2 Stunden gut, dann wieder das gleiche Problem. Über z.B. freenet kann ich google aber über diese Seite nutzen. Ich habe mal Highjackthis laufen lassen: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:10:02, on 23.08.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18294) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Windows\system32\rundll32.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Windows\system32\svchost.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Launch Manager\LaunchAp.exe C:\Program Files\Launch Manager\HotkeyApp.exe C:\Program Files\Launch Manager\WisLMSvc.exe C:\Program Files\Launch Manager\OSD.exe C:\Program Files\Launch Manager\WButton.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\WinTV\WinTV7\WinTVTray.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe C:\Windows\system32\svchost.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Windows\system32\svchost.exe C:\Windows\system32\conime.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\highjack\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = SPIEGEL ONLINE - Nachrichten R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe" O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe" O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe" O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe O4 - Global Startup: WinTV Recording Status..lnk = C:\Program Files\WinTV\WinTV7\WinTVTray.exe O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe O13 - Gopher Prefix: O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - h**p://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1239566294137&h=2a5d3b60b910a79da61794c4574169c1/&filename=jinstall-6u13-windows-i586-jc.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe -- End of file - 12042 bytes Wer kann mir sagen, was ich machen kann? |
24.08.2009, 07:53 | #2 |
| Google kann nicht über IE oder Mozilla geöffnet werden Hi,
__________________du hast die Askbar drauf, mehr ist erstmal nicht zu erkenne... Folge dem Link "Erstbeitrag" (siehe Signatur( und arbeite alles ab... chris
__________________ |
26.08.2009, 07:20 | #3 |
| Google kann nicht über IE oder Mozilla geöffnet werden Hallo,
__________________leider hat es etwas gedauert. Ich habe AskToolbar über Deinstallieren entfernt. Dann habe ich CCleaner laufen lassen und dann mit Malwarebytes suchen lassen. Malware hat nichts gefunden. Dann habe ich nochmal Highjackthis gemacht. Nach dem entfernen von AskToolbar auch unter Highjackthis konnte ich kurz google wieder aufrufen, aber heute morgen ging es wieder nicht??? (Das CClean und Highjack habe ich heute morgen dann gemacht,) Ich nutze Vista als Betriebssystem. Highjack: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:12:22, on 26.08.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18294) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Windows\system32\rundll32.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Windows\system32\svchost.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskeng.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Windows\system32\svchost.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Launch Manager\LaunchAp.exe C:\Program Files\Launch Manager\HotkeyApp.exe C:\Program Files\Launch Manager\OSD.exe C:\Program Files\Launch Manager\WisLMSvc.exe C:\Program Files\Launch Manager\WButton.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\WinTV\WinTV7\WinTVTray.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\highjack\HiJackThis.exe C:\Windows\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.spiegel.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe" O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe" O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe" O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe O4 - Global Startup: WinTV Recording Status..lnk = C:\Program Files\WinTV\WinTV7\WinTVTray.exe O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe O13 - Gopher Prefix: O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1239566294137&h=2a5d3b60b910a79da61794c4574169c1/&filename=jinstall-6u13-windows-i586-jc.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe -- End of file - 11699 bytes Und das Malwarelog: Malwarebytes' Anti-Malware 1.40 Datenbank Version: 2690 Windows 6.0.6001 Service Pack 1 26.08.2009 07:58:52 mbam-log-2009-08-26 (07-58-52).txt Scan-Methode: Vollständiger Scan (C:\|D:\|) Durchsuchte Objekte: 332430 Laufzeit: 2 hour(s), 29 minute(s), 21 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Was kann ich noch machen? Oder muss ich das System neu aufsetzen? Wie gesagt, wenn ich z.B. über freenet die Google-Funktion nutze geht es! |
26.08.2009, 08:02 | #4 |
| Google kann nicht über IE oder Mozilla geöffnet werden Hi, Die Askbar hast Du deinstalliert, jedenfalls taucht sie im zweiten log nicht mehr auf... Dann müssen wir tiefer graben: RSIT Random's System Information Tool (RSIT) von random/random liest Systemdetails aus und erstellt ein aussagekräftiges Logfile. * Lade Random's System Information Tool (RSIT) herunter (http://filepony.de/download-rsit/) * speichere es auf Deinem Desktop. * Starte mit Doppelklick die RSIT.exe. * Klicke auf Continue, um die Nutzungsbedingungen zu akzeptieren. * Wenn Du HijackThis nicht installiert hast, wird RSIT das für Dich herunterladen und installieren. * In dem Fall bitte auch die Nutzungsbedingungen von Trend Micro (http://de.trendmicro.com/de/home) für HJT akzeptieren "I accept". * Wenn Deine Firewall fragt, bitte RSIT erlauben, ins Netz zu gehen. * Der Scan startet automatisch, RSIT checkt nun einige wichtige System-Bereiche und produziert Logfiles als Analyse-Grundlage. * Wenn der Scan beendet ist, werden zwei Logfiles erstellt und in Deinem Editor geöffnet. * Bitte poste den Inhalt von C:\rsit\log.txt und C:\rsit\info.txt (<= minimiert) hier in den Thread. Gmer: http://www.trojaner-board.de/74908-a...t-scanner.html Den Downloadlink findest Du links oben (www.gmer.net/files), dort dann auf den Button "Download EXE", dabei wird ein zufälliger Name generiert (den und den Pfad wo Du sie gespeichert hast bitte merken). Starte GMER und schaue, ob es schon was meldet. Macht es das, bitte alle Fragen mit "nein" beantworten, auf den Reiter "rootkit" gehen, wiederum die Frage mit "nein" beantworten und mit Hilfe von copy den Bericht in den Thread einfügen. Meldet es so nichts, gehe auf den Reiter Rootkit und mache einen Scan. Ist dieser beendet, wähle Copy und füge den Bericht ein. Hosts-File anzeigen: Lade das Host-file (C:\WINDOWS\system32\drivers\etc\hosts) in einen Texteditor (im Explorer drauf klicken, rechte Maus, senden an -> editor). Kopiere den Inhalt und poste ihn hier... chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
28.08.2009, 21:33 | #5 |
| Google kann nicht über IE oder Mozilla geöffnet werden Hallo chris, ersteinmal sorry, dass ich mich jetzt erst wieder einlogge. Ich war zwei Tage beruflich unterwegs. Wirkt bestimmt blöd, dass ich hier den Befall habe und eine "Pause" einlege? Aber neben meiner Abwesenheit war es so, dass ich am letzten Abend plötzlich google wieder aufrufen konnte. Heute am frühen abend ging es auch kurz und dann ging es wieder nicht. Und aktuell nach einem Neustart und nachdem ich die jeweiligen Textfiles erstellen lasse habe, geht es auch, aber ich vermute gleich ist es wieder nicht möglich. Wenn die Textfiles keine Hinweise geben, habe ich mal eine (bestimmt unwissende) Frage: Kann es sein, dass das Problem damit zusammenhängt, dass ich auf meinen Router DHCP vor kurzem aktiviert habe? Ich vermute ja nein, denn der Desktop geht, nur der Laptop per WLAN macht die macken??? Also lange Rede hier nun die benötigten Files: als erstes der RSIT log.txt Logfile of random's system information tool 1.06 (written by random/random) Run by Kerstin at 2009-08-28 21:48:38 Microsoft® Windows Vista™ Home Premium Service Pack 1 System drive C: has 23 GB (20%) free of 118 GB Total RAM: 2037 MB (58% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:49:17, on 28.08.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18294) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Windows\system32\rundll32.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Windows\system32\svchost.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Launch Manager\LaunchAp.exe C:\Program Files\Launch Manager\HotkeyApp.exe C:\Program Files\Launch Manager\OSD.exe C:\Program Files\Launch Manager\WButton.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Launch Manager\WisLMSvc.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\WinTV\WinTV7\WinTVTray.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\wuauclt.exe C:\Users\Kerstin\Desktop\RSIT.exe C:\Program Files\highjack\Kerstin.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.spiegel.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe" O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe" O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe" O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe O4 - Global Startup: WinTV Recording Status..lnk = C:\Program Files\WinTV\WinTV7\WinTVTray.exe O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe O13 - Gopher Prefix: O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1239566294137&h=2a5d3b60b910a79da61794c4574169c1/&filename=jinstall-6u13-windows-i586-jc.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe -- End of file - 11735 bytes ======Scheduled tasks folder====== C:\Windows\tasks\McDefragTask.job C:\Windows\tasks\McQcTask.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}] Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-18 1082880] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}] scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll [2009-07-08 62784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}] McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-07-23 203536] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-12 35840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-07-23 203536] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184] "NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048] "GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016] "IgfxTray"=C:\Windows\system32\igfxtray.exe [2007-07-02 141848] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2007-07-02 154136] "Persistence"=C:\Windows\system32\igfxpers.exe [2007-07-02 137752] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-02-15 857648] "LaunchAp"=C:\Program Files\Launch Manager\LaunchAp.exe [2005-07-25 32768] "HotkeyApp"=C:\Program Files\Launch Manager\HotkeyApp.exe [2006-12-14 192512] "LMgrOSD"=C:\Program Files\Launch Manager\OSD.exe [2006-12-26 180224] "Wbutton"=C:\Program Files\Launch Manager\Wbutton.exe [2006-11-09 86016] "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-06-20 4493312] "Skytel"=C:\Windows\Skytel.exe [2007-06-15 1826816] "IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-03-21 174872] "mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-07-10 645328] "McENUI"=C:\PROGRA~1\McAfee\MHN\McENUI.exe [2009-07-07 1176808] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-04-12 148888] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-05-30 292136] "ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2009-07-22 1181064] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-12-23 143360] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe AutoStart IR.lnk - C:\Program Files\WinTV\Ir.exe WinTV Recording Status..lnk - C:\Program Files\WinTV\WinTV7\WinTVTray.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2007-06-26 200704] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======List of files/folders created in the last 1 months====== 2009-08-28 21:48:38 ----D---- C:\rsit 2009-08-26 03:01:18 ----A---- C:\Windows\system32\tzres.dll 2009-08-24 20:43:24 ----D---- C:\Users\Kerstin\AppData\Roaming\Malwarebytes 2009-08-24 20:43:15 ----D---- C:\ProgramData\Malwarebytes 2009-08-24 20:43:14 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-08-23 16:06:30 ----D---- C:\Program Files\CCleaner 2009-08-23 16:05:43 ----A---- C:\ccsetup222.exe 2009-08-22 22:37:32 ----D---- C:\Windows\Minidump 2009-08-22 22:13:34 ----AD---- C:\ProgramData\TEMP 2009-08-22 22:13:26 ----D---- C:\Program Files\Common Files\PC Tools 2009-08-22 22:13:15 ----D---- C:\Users\Kerstin\AppData\Roaming\PC Tools 2009-08-22 22:13:15 ----D---- C:\ProgramData\PC Tools 2009-08-22 22:13:15 ----D---- C:\Program Files\Spyware Doctor 2009-08-22 22:12:45 ----A---- C:\sdsetup.exe 2009-08-22 22:08:56 ----D---- C:\Program Files\highjack 2009-08-22 18:09:54 ----A---- C:\Windows\Irremote.ini 2009-08-22 18:09:28 ----A---- C:\Windows\system32\msvcr71.dll 2009-08-22 18:09:28 ----A---- C:\Windows\system32\msvcp71.dll 2009-08-22 18:08:56 ----A---- C:\Windows\ODBC.INI 2009-08-22 18:08:55 ----A---- C:\Windows\ODBCINST.INI 2009-08-22 18:08:24 ----A---- C:\Windows\system32\Wait.exe 2009-08-22 18:08:23 ----D---- C:\Program Files\WinTV 2009-08-22 18:08:03 ----A---- C:\Windows\system32\hcwutl32.dll 2009-08-22 18:08:03 ----A---- C:\Windows\system32\hcwpnp32.dll 2009-08-22 18:08:03 ----A---- C:\Windows\system32\hcwi2c32.dll 2009-08-22 18:07:46 ----A---- C:\Windows\HCWPNP.INI 2009-08-20 01:42:34 ----RSH---- C:\Windows\system32\nbDX.dll 2009-08-20 01:42:34 ----RSH---- C:\Windows\system32\msfDX.dll 2009-08-20 01:42:30 ----RSH---- C:\Windows\system32\flvDX.dll 2009-08-18 20:45:32 ----D---- C:\Program Files\Mozilla Firefox 2009-08-16 00:33:13 ----D---- C:\Users\Kerstin\AppData\Roaming\vlc 2009-08-12 22:30:34 ----A---- C:\Windows\system32\wmpdxm.dll 2009-08-12 22:30:34 ----A---- C:\Windows\system32\wmp.dll 2009-08-12 22:30:32 ----A---- C:\Windows\system32\spwmp.dll 2009-08-12 22:30:31 ----A---- C:\Windows\system32\dxmasf.dll 2009-08-12 22:30:30 ----A---- C:\Windows\system32\wmploc.DLL 2009-08-12 22:30:26 ----A---- C:\Windows\system32\msv1_0.dll 2009-08-12 22:30:26 ----A---- C:\Windows\system32\kerberos.dll 2009-08-12 22:30:25 ----A---- C:\Windows\system32\wdigest.dll 2009-08-12 22:30:25 ----A---- C:\Windows\system32\schannel.dll 2009-08-12 22:30:25 ----A---- C:\Windows\system32\lsasrv.dll 2009-08-12 22:30:24 ----A---- C:\Windows\system32\secur32.dll 2009-08-12 22:30:24 ----A---- C:\Windows\system32\lsass.exe 2009-08-12 22:30:20 ----A---- C:\Windows\system32\wkssvc.dll 2009-08-12 22:30:17 ----A---- C:\Windows\system32\atl.dll 2009-08-12 22:30:14 ----A---- C:\Windows\system32\mstscax.dll 2009-08-12 22:30:11 ----A---- C:\Windows\system32\avifil32.dll 2009-08-12 20:28:28 ----D---- C:\Program Files\iPod 2009-08-12 20:28:22 ----D---- C:\Program Files\iTunes 2009-08-12 18:13:31 ----D---- C:\iphone 2009-08-09 22:45:51 ----D---- C:\Program Files\QuickTime 2009-08-09 14:34:12 ----A---- C:\Windows\system32\infocardapi.dll 2009-08-09 14:34:11 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2009-08-09 14:34:10 ----A---- C:\Windows\system32\PresentationHostProxy.dll 2009-08-09 14:34:10 ----A---- C:\Windows\system32\icardres.dll 2009-08-09 14:34:10 ----A---- C:\Windows\system32\icardagt.exe 2009-08-09 14:34:08 ----A---- C:\Windows\system32\PresentationNative_v0300.dll 2009-08-09 14:34:01 ----A---- C:\Windows\system32\PresentationHost.exe 2009-08-09 14:25:49 ----A---- C:\Windows\system32\dfshim.dll 2009-08-09 14:25:44 ----A---- C:\Windows\system32\mscoree.dll 2009-08-09 14:25:42 ----A---- C:\Windows\system32\netfxperf.dll 2009-08-09 14:25:11 ----A---- C:\Windows\system32\mscorier.dll 2009-08-09 14:24:54 ----A---- C:\Windows\system32\mscories.dll 2009-08-01 00:07:31 ----D---- C:\Programs 2009-07-29 18:40:55 ----A---- C:\Windows\system32\occache.dll 2009-07-29 18:40:55 ----A---- C:\Windows\system32\mshtml.dll 2009-07-29 18:40:54 ----A---- C:\Windows\system32\ieframe.dll 2009-07-29 18:40:53 ----A---- C:\Windows\system32\urlmon.dll 2009-07-29 18:40:52 ----A---- C:\Windows\system32\wininet.dll 2009-07-29 18:40:52 ----A---- C:\Windows\system32\iertutil.dll 2009-07-29 18:40:51 ----A---- C:\Windows\system32\msfeeds.dll 2009-07-29 18:40:51 ----A---- C:\Windows\system32\iedkcs32.dll 2009-07-29 18:40:50 ----A---- C:\Windows\system32\ieUnatt.exe 2009-07-29 18:40:50 ----A---- C:\Windows\system32\ieaksie.dll 2009-07-29 18:40:49 ----A---- C:\Windows\system32\mstime.dll 2009-07-29 18:40:49 ----A---- C:\Windows\system32\ieencode.dll 2009-07-29 18:40:48 ----A---- C:\Windows\system32\jsproxy.dll Teil II der Antwort folgt noch wegen der Textlänge! |
28.08.2009, 21:36 | #6 |
| Google kann nicht über IE oder Mozilla geöffnet werden nun der Rest der txt files: anbei der Rest von dem log.txt ======List of files/folders modified in the last 1 months====== 2009-08-28 21:48:40 ----D---- C:\Windows\Temp 2009-08-28 19:01:38 ----D---- C:\Windows\system32\drivers 2009-08-28 19:01:32 ----D---- C:\Windows 2009-08-28 06:59:38 ----D---- C:\Windows\Prefetch 2009-08-28 02:44:57 ----SHD---- C:\System Volume Information 2009-08-26 23:32:26 ----D---- C:\Windows\rescache 2009-08-26 23:23:21 ----SD---- C:\Users\Kerstin\AppData\Roaming\Microsoft 2009-08-26 03:02:30 ----D---- C:\Windows\winsxs 2009-08-26 03:02:29 ----D---- C:\Windows\system32\de-DE 2009-08-26 03:02:29 ----D---- C:\Windows\System32 2009-08-26 03:02:22 ----D---- C:\Windows\system32\catroot 2009-08-26 03:02:16 ----D---- C:\Windows\system32\catroot2 2009-08-25 21:56:07 ----D---- C:\Program Files 2009-08-24 20:43:15 ----D---- C:\ProgramData 2009-08-23 16:29:36 ----D---- C:\Windows\Debug 2009-08-23 13:38:30 ----D---- C:\Windows.old 2009-08-23 13:37:20 ----D---- C:\Musik 2009-08-23 10:34:54 ----D---- C:\Windows\system32\WDI 2009-08-23 10:32:35 ----D---- C:\Program Files\McAfee 2009-08-22 22:13:26 ----D---- C:\Program Files\Common Files 2009-08-22 18:08:54 ----SHD---- C:\Windows\Installer 2009-08-22 18:08:54 ----SHD---- C:\Config.Msi 2009-08-22 18:08:39 ----D---- C:\Program Files\Common Files\microsoft shared 2009-08-22 18:06:02 ----D---- C:\Windows\inf 2009-08-22 13:44:57 ----D---- C:\Program Files\Internet Explorer 2009-08-22 13:44:56 ----D---- C:\Windows\system32\migration 2009-08-21 23:21:38 ----D---- C:\ProgramData\McAfee 2009-08-20 21:32:31 ----A---- C:\Windows\system32\PerfStringBackup.INI 2009-08-20 21:29:58 ----D---- C:\film 2009-08-20 21:27:37 ----D---- C:\Windows\system32\Tasks 2009-08-20 01:47:57 ----A---- C:\Windows\NeroDigital.ini 2009-08-20 01:43:21 ----RSD---- C:\Windows\Fonts 2009-08-18 20:46:16 ----D---- C:\Users\Kerstin\AppData\Roaming\Mozilla 2009-08-12 23:45:44 ----D---- C:\Windows\Microsoft.NET 2009-08-12 23:38:18 ----D---- C:\Program Files\Windows Media Player 2009-08-12 23:38:09 ----D---- C:\Windows\PolicyDefinitions 2009-08-12 23:38:08 ----D---- C:\Windows\system32\en-US 2009-08-12 20:28:28 ----D---- C:\Program Files\Common Files\Apple 2009-08-12 18:41:09 ----D---- C:\Users\Kerstin\AppData\Roaming\Apple Computer 2009-08-09 22:41:48 ----D---- C:\ProgramData\Apple 2009-08-09 21:38:24 ----RSD---- C:\Windows\assembly 2009-08-09 14:57:56 ----D---- C:\Windows\system32\XPSViewer 2009-08-09 14:57:56 ----D---- C:\Windows\system32\wbem 2009-08-02 11:50:45 ----D---- C:\ProgramData\PopCap Games 2009-08-02 11:50:45 ----D---- C:\Program Files\PopCap Games 2009-08-01 20:07:27 ----D---- C:\Program Files\Common Files\DVDVideoSoft 2009-08-01 20:07:22 ----D---- C:\Program Files\DVDVideoSoft 2009-07-30 02:49:14 ----A---- C:\Windows\system32\mrt.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 Hotkey;Hotkey; C:\Windows\system32\drivers\Hotkey.sys [2003-04-28 9867] R1 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2009-07-08 214024] R1 MPFP;MPFP; C:\Windows\System32\Drivers\Mpfp.sys [2009-07-16 130424] R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2006-11-15 32256] R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2006-11-15 43520] R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-15 37376] R3 athrusb6;Atheros Wireless LAN USB device driver 6 Series; C:\Windows\system32\DRIVERS\athru6.sys [2007-05-16 871936] R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-06-26 1776128] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-06-22 1788056] R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2009-07-08 79816] R3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2009-07-08 35272] R3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys [2009-07-08 40552] R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-04-30 81408] R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-19 88576] R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2007-02-07 1729152] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-02-15 182456] R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264] S1 mailKmd;mailKmd; C:\Windows\system32\drivers\mailKmd.sys [] S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632] S3 FETNDIS;VIA Rhine-Familie--Fast-Ethernet-Adaptertreiberdienst; C:\Windows\system32\DRIVERS\fetnd5.sys [2006-11-02 45568] S3 hcw17bda;Hauppauge SMS1000-based; C:\Windows\system32\drivers\hcw17bda.sys [2008-12-11 45824] S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-06-26 1776128] S3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys [2009-07-08 34248] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192] S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888] S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016] S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032] S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-07-09 39424] S3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712] R2 Bonjour Service;Bonjour-Dienst; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 HauppaugeTVServer;HauppaugeTVServer; C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe [2009-04-01 442368] R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-03-21 355096] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-07-29 92296] R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-07-10 865832] R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-07-07 2482848] R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952] R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-07-08 144704] R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-07-10 894136] R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752] R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-07-22 1097096] R3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2009-05-30 541992] R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-07-08 606736] R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144] R3 WisLMSvc;WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [2006-11-17 118784] S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-07-08 365072] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824] S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-12-05 774144] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] -----------------EOF----------------- nun der RSIT info.txt: info.txt logfile of random's system information tool 1.06 2009-08-28 21:49:21 ======Uninstall list====== -->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\Windows\UNNeroBackItUp.exe /UNINSTALL -->C:\Windows\UNNeroMediaHome.exe /UNINSTALL -->C:\Windows\UNNeroShowTime.exe /UNINSTALL -->C:\Windows\UNNeroVision.exe /UNINSTALL -->C:\Windows\UNRecode.exe /UNINSTALL Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe Adobe Photoshop 6.0-->C:\WINDOWS\ISUN0407.EXE -f"C:\Program Files\Adobe\Photoshop 6.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 6.0\Uninst.dll" Adobe Reader 8.1.0 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81000000003} Adobe SVG Viewer-->C:\Windows\IsUn0407.exe -f"C:\Windows\System32\Adobe\SVG Viewer\Uninst.isu" Apple Mobile Device Support-->MsiExec.exe /I{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Atomica Deluxe 2.52-->C:\Program Files\PopCap Games\Atomica Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Atomica Deluxe\Install.log" AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe" Bejeweled 2 Deluxe 1.0-->C:\Program Files\PopCap Games\Bejeweled 2 Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Bejeweled 2 Deluxe\Install.log" Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B} Bookworm Deluxe 1.131-->C:\Program Files\PopCap Games\Bookworm Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Bookworm Deluxe\Install.log" Canon G.726 WMP-Decoder-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini" CANON iMAGE GATEWAY Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CRWUnInstall.ini" Canon Internet Library for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CIGUnInstall.ini" Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini" Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini" Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini" Canon Utilities CameraWindow DC-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDC\Uninst.ini" Canon Utilities CameraWindow-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowLauncher\Uninst.ini" Canon Utilities MyCamera DC-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\MyCameraDC\Uninst.ini" Canon Utilities MyCamera-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\MyCamera\Uninst.ini" Canon Utilities PhotoStitch-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini" Canon Utilities RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini" Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini" Canon ZoomBrowser EX Memory Card Utility-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX MCU\Uninst.ini" CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" Chuzzle Deluxe 1.0.3.1132-->C:\Program Files\PopCap Games\Chuzzle Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Chuzzle Deluxe\Install.log" Free YouTube Download 2.2-->"C:\Program Files\DVDVideoSoft\Free YouTube Download\unins000.exe" Free YouTube to Mp3 Converter version 3.1-->"C:\Program Files\DVDVideoSoft\Free YouTube to Mp3 Converter\unins000.exe" Hammer Heads 1.0-->C:\Program Files\PopCap Games\Hammer Heads Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Hammer Heads Deluxe\Install.log" Hauppauge Signal Monitor Utility-->C:\PROGRA~1\WinTV\UNSigMon.EXE C:\PROGRA~1\WinTV\hcwsigmon.LOG Hauppauge Software MPEG-2 Decoder Installer-->C:\PROGRA~1\WinTV\UNWISE.EXE C:\PROGRA~1\WinTV\WinTV7\SMD06\hcwsmd06.LOG Hauppauge WinTV 7-->C:\PROGRA~1\WinTV\UNWISE.EXE C:\Windows\WinTV7.LOG Hauppauge WinTV Infrared Remote-->C:\PROGRA~1\WinTV\UNir32.EXE C:\PROGRA~1\WinTV\ir32.LOG HijackThis 2.0.2-->"C:\Program Files\highjack\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" IEEE 802.11a-b-g Wireless LAN Utility-->C:\Program Files\InstallShield Installation Information\{F627582C-B411-47EE-A8F8-0D14A91B2303}\setup.exe -runfromtemp -l0x0009 -removeonly Iggle Pop Deluxe 1.0-->C:\Program Files\PopCap Games\Iggle Pop Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Iggle Pop Deluxe\Install.log" Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall Intel(R) Matrix Storage Manager-->C:\Windows\System32\Imsmudlg.exe IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe iTunes-->MsiExec.exe /I{CC5702D7-86E2-45A8-99D7-E8B976ADCC56} Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF} Launch Manager V1.3.9-->C:\Program Files\InstallShield Installation Information\{D0846526-66DD-4DC9-A02C-98F9A2806812}\setup.exe -runfromtemp -l0x0007 -removeonly Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Office Access MUI (German) 2007-->MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE} Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISER /dll OSETUP.DLL Microsoft Office Enterprise 2007-->MsiExec.exe /X{91120000-0030-0000-0000-0000000FF1CE} Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE} Microsoft Office Groove MUI (German) 2007-->MsiExec.exe /X{90120000-00BA-0407-0000-0000000FF1CE} Microsoft Office InfoPath MUI (German) 2007-->MsiExec.exe /X{90120000-0044-0407-0000-0000000FF1CE} Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE} Microsoft Office Outlook MUI (German) 2007-->MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE} Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE} Microsoft Office Publisher MUI (German) 2007-->MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE} Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE} Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Mozilla Firefox (3.5.2)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe Nero 7 Essentials-->MsiExec.exe /X{4366F05B-950A-4698-863C-93B8C7671031} PartyPoker-->"C:\Programs\PartyGaming\PartyPoker\Uninstall.exe" "C:\Programs\PartyGaming\PartyPoker\install.log" Peggle Deluxe 1.03-->C:\Program Files\PopCap Games\Peggle Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Peggle Deluxe\Install.log" Pizza Frenzy Deluxe 1.0-->C:\Program Files\PopCap Games\PizzaFrenzy\PopUninstall.exe "C:\Program Files\PopCap Games\PizzaFrenzy\Install.log" QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68} Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0007 -removeonly Realtek High Definition Audio Driver-->RtlUpd.exe -r -m REALTEK RTL8187B Wireless LAN Driver-->C:\Program Files\InstallShield Installation Information\{895722FE-25FE-4854-95AC-B0C42F9DBEDA}\setup.exe -uninst -l0x7 Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} Spyware Doctor 6.1-->C:\Program Files\Spyware Doctor\unins000.exe /LOG SUPER © Version 2009.bld.36 (June 10, 2009)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0 Suyin Live Camera-->C:\Program Files\InstallShield Installation Information\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}\setup.exe -runfromtemp -l0x0007 -removeonly -u SUYIN webcam-->C:\Program Files\InstallShield Installation Information\{AA047D7C-5E7C-4878-B75C-77589151B563}\setup.exe -runfromtemp -l0x0009 -removeonly Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe" Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Videora iPod nano Converter 4.07-->C:\Program Files\Red Kawa\Video Converter App\uninstaller.exe Windows-Treiberpaket - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /us C:\PROGRA~1\DIFX\UninstallScripts\F13EE0B22AD5D087DFA50E3D4D6F13FC1AAAFB32 YouTube Downloader App 1.02-->C:\Program Files\Regensoft\Downloader App\uninstaller.exe =====HijackThis Backups===== O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2009-08-25] O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2009-08-25] ======Security center information====== AS: Windows-Defender (disabled) ======System event log====== Computer Name: Kerstin-PC Event Code: 4201 Message: Netzwerkadapter "Drahtlosnetzwerkverbindung" wurde mit dem Netzwerk verbunden, und das System im normalen Zustand gestartet. Record Number: 87194 Source Name: Tcpip Time Written: 20090828191014.600000-000 Event Type: Informationen User: Computer Name: Kerstin-PC Event Code: 4201 Message: Netzwerkadapter "Drahtlosnetzwerkverbindung" wurde mit dem Netzwerk verbunden, und das System im normalen Zustand gestartet. Record Number: 87195 Source Name: Tcpip Time Written: 20090828191014.600000-000 Event Type: Informationen User: Computer Name: Kerstin-PC Event Code: 104 Message: Der Dienst veröffentlicht in das Netzwerk. Record Number: 87196 Source Name: Microsoft-Windows-ResourcePublication Time Written: 20090828191016.360000-000 Event Type: Informationen User: NT-AUTORITÄT\LOKALER DIENST Computer Name: Kerstin-PC Event Code: 7036 Message: Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" befindet sich jetzt im Status "Beendet". Record Number: 87197 Source Name: Service Control Manager Time Written: 20090828192601.000000-000 Event Type: Informationen User: Computer Name: Kerstin-PC Event Code: 7036 Message: Dienst "Diagnosediensthost" befindet sich jetzt im Status "Beendet". Record Number: 87198 Source Name: Service Control Manager Time Written: 20090828192622.000000-000 Event Type: Informationen User: =====Application event log===== Computer Name: Kerstin-PC Event Code: 0 Message: Record Number: 13907 Source Name: NMIndexingService Time Written: 20090828170214.000000-000 Event Type: Informationen User: Computer Name: Kerstin-PC Event Code: 0 Message: Record Number: 13908 Source Name: iPod Service Time Written: 20090828170223.000000-000 Event Type: Informationen User: Computer Name: Kerstin-PC Event Code: 1 Message: Der Zertifikatdiensteclient wurde erfolgreich gestartet. Record Number: 13909 Source Name: Microsoft-Windows-CertificateServicesClient Time Written: 20090828170231.966340-000 Event Type: Informationen User: NT-AUTORITÄT\SYSTEM Computer Name: Kerstin-PC Event Code: 1 Message: Der Zertifikatdiensteclient wurde erfolgreich gestartet. Record Number: 13910 Source Name: Microsoft-Windows-CertificateServicesClient Time Written: 20090828170234.510340-000 Event Type: Informationen User: Kerstin-PC\Kerstin Computer Name: Kerstin-PC Event Code: 5 Message: Unsupported service control request (see data below) Record Number: 13911 Source Name: LightScribeService Time Written: 20090828194920.000000-000 Event Type: Informationen User: der rest hiervon und der GMER text folgt gleich (egen der länge) |
28.08.2009, 21:38 | #7 |
| Google kann nicht über IE oder Mozilla geöffnet werden =====Security event log===== Computer Name: Kerstin-PC Event Code: 5038 Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen. Dateiname: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys Record Number: 26930 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090828194912.407000-000 Event Type: Überwachung gescheitert User: Computer Name: Kerstin-PC Event Code: 5038 Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen. Dateiname: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys Record Number: 26931 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090828194912.445000-000 Event Type: Überwachung gescheitert User: Computer Name: Kerstin-PC Event Code: 5038 Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen. Dateiname: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys Record Number: 26932 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090828194912.483000-000 Event Type: Überwachung gescheitert User: Computer Name: Kerstin-PC Event Code: 5038 Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen. Dateiname: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys Record Number: 26933 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090828194912.520000-000 Event Type: Überwachung gescheitert User: Computer Name: Kerstin-PC Event Code: 5038 Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen. Dateiname: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys Record Number: 26934 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090828194912.557000-000 Event Type: Überwachung gescheitert User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 12, GenuineIntel "PROCESSOR_REVISION"=0e0c "NUMBER_OF_PROCESSORS"=2 "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip -----------------EOF----------------- nun der GMER text: GMER 1.0.15.15077 [3gkl1h7w.exe] - http://www.gmer.net Rootkit quick scan 2009-08-28 22:01:00 Windows 6.0.6001 Service Pack 1 ---- System - GMER 1.0.15 ---- Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0x8D081500] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8D08153E] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0x8D081581] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0x8D081470] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0x8D081484] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0x8D081514] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0x8D0815A9] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0x8D081595] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0x8D0814EC] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x8D0814D8] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8D081554] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0x8D08152A] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation) AttachedDevice \FileSystem\fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) AttachedDevice \Driver\tdx \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) ---- EOF - GMER 1.0.15 ---- und zum Schluß noch der Windows hosts text: # Copyright (c) 1993-2006 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost ::1 localhost Vielen Dank für die Unterstützung - das ist ja leider doch sehr aufwendig. |
31.08.2009, 07:59 | #8 |
| Google kann nicht über IE oder Mozilla geöffnet werden Hi, Bitte folgende Files prüfen: Dateien Online überprüfen lassen:
Code:
ATTFilter C:\ccsetup222.exe (CCleaner, gibts auch als torrent verseucht...) C:\sdsetup.exe
Wobei die Files wahrscheinlich sauber sind... Nach dem Entfernen der Askbar war kurz Ruhe und danach fing es wieder an? Hmm, seltsam... Schmeiss auch mal C:\Programs\PartyGaming\PartyPoker runter... Gmer ist Okay... Prevx: http://www.prevx.com/freescan.asp Falls das Tool was findet, nicht das Log posten sondern einen Screenshot des dann angezeigten Fensters... Hängst Du über einen Router am Internet? chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
Themen zu Google kann nicht über IE oder Mozilla geöffnet werden |
ask toolbar, askbar, aufrufe, bho, bonjour, browser, computer, defender, ebay, entfernen, google, highjackthis, hijack, hijackthis, internet, internet explorer, launch, mozilla, object, plug-in, problem, rundll, security, senden, siteadvisor, software, spyware, system, toolbars, vista, windows |