Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
google links werden falsch umgeleitet

google links werden falsch umgeleitet


Plagegeister aller Art und deren Bekämpfung: google links werden falsch umgeleitet

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 28.04.2010, 16:01   #1
sveapompea
 
google links werden falsch umgeleitet - Standard

google links werden falsch umgeleitet


links auf google werden umgeleitet.

hab schon hier im forum die beiträge gelesen aber da ich ein pc idiot bin werde ich nich so gnaz schlau draus.

wär toll wenn mir jemand helfen könnte und wenn möglich nich allzu viel fach chinesich benutzt ;-)

hijack this sagt folgendes:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:23:40, on 28.04.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\O2\bin\sprtsvc.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE
C:\Programme\ScanSoft\PaperPort\pptd40nt.exe
C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe
C:\Programme\Brother\ControlCenter3\brccMCtl.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\Windows Defender\MSASCui.exe
C:\Programme\O2\bin\sprtcmd.exe
C:\Programme\Brother\Brmfcmon\BrMfcmon.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Windows Live\Messenger\MsnMsgr.Exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\WINDOWS\VPro500.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Avira\AntiVir Desktop\avscan.exe
C:\Programme\Microsoft Office\Office12\WINWORD.EXE
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.arcor.de
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.arcor.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.arcor.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.arcor.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.arcor.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.arcor.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www.arcor.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Programme\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Programme\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Programme\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Programme\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Programme\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Programme\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [O2] "C:\Programme\O2\bin\sprtcmd.exe" /P O2
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
O4 - Global Startup: VPro500.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1207065143
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - hxxp://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: iPod-Dienst (iPod Service) - Unknown owner - C:\Programme\iPod\bin\iPodService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: SupportSoft Sprocket Service (O2) (sprtsvc_O2) - SupportSoft, Inc. - C:\Programme\O2\bin\sprtsvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Programme\Gemeinsame Dateien\Supportsoft\bin\ssrc.exe

--
End of file - 10415 bytes




malewarebytes findet nix , läuft aber grad nochmal durch.

was wird noch benötigt??

Alt 28.04.2010, 17:44   #2
sveapompea
 
google links werden falsch umgeleitet - Standard

google links werden falsch umgeleitet


wär toll wenn mir jemand schnell helfen kann!!

nachdem ich nun noch mehr foren beiträge über dieses problem gelesen habe scheint dies ein ernsthaftes problem zu sein mit hackern ,passwort spionage etc!!
__________________
Alt 28.04.2010, 18:14   #3
sveapompea
 
google links werden falsch umgeleitet - Standard

google links werden falsch umgeleitet


cleaner hab ich ausgeführt und alle fehler behoben.

malewearbytes läuft immer noch


hoffe das ist das richtige: RSIT:

ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:44:14, on 28.04.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\O2\bin\sprtsvc.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE
C:\Programme\ScanSoft\PaperPort\pptd40nt.exe
C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe
C:\Programme\Brother\ControlCenter3\brccMCtl.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\Windows Defender\MSASCui.exe
C:\Programme\O2\bin\sprtcmd.exe
C:\Programme\Brother\Brmfcmon\BrMfcmon.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Windows Live\Messenger\MsnMsgr.Exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\WINDOWS\VPro500.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
C:\Programme\Avira\AntiVir Desktop\avscan.exe
C:\Programme\Microsoft Office\Office12\WINWORD.EXE
C:\Programme\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\SVEA!\Eigene Dateien\Downloads\RSIT.exe
C:\Programme\Trend Micro\HijackThis\SVEA!.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Kostenlose E-Mail - Free Mail - E-Cards - Arcor das Newsportal
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Kostenlose E-Mail - Free Mail - E-Cards - Arcor das Newsportal
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Kostenlose E-Mail - Free Mail - E-Cards - Arcor das Newsportal
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Kostenlose E-Mail - Free Mail - E-Cards - Arcor das Newsportal
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Kostenlose E-Mail - Free Mail - E-Cards - Arcor das Newsportal
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Kostenlose E-Mail - Free Mail - E-Cards - Arcor das Newsportal
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = Kostenlose E-Mail - Free Mail - E-Cards - Arcor das Newsportal
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Programme\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Programme\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Programme\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Programme\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Programme\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Programme\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [O2] "C:\Programme\O2\bin\sprtcmd.exe" /P O2
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
O4 - Global Startup: VPro500.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1207065143
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - hxxp://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: iPod-Dienst (iPod Service) - Unknown owner - C:\Programme\iPod\bin\iPodService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: SupportSoft Sprocket Service (O2) (sprtsvc_O2) - SupportSoft, Inc. - C:\Programme\O2\bin\sprtsvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Programme\Gemeinsame Dateien\Supportsoft\bin\ssrc.exe

--
End of file - 10299 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - c:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"LaunchApp"= []
"AzMixerSel"=C:\Programme\Realtek\InstallShield\AzMixerSel.exe [2006-04-14 53248]
"ntiMUI"=C:\Programme\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe [2005-05-11 45056]
"Acer ePresentation HPD"=C:\Acer\Empowering Technology\ePresentation\ePresentation.exe [2006-03-31 204800]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-10 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-10 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-10 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-10 455168]
"RTHDCPL"=RTHDCPL.EXE []
"SkyTel"=SkyTel.EXE []
"Alcmtr"=ALCMTR.EXE []
"ePower_DMC"=C:\Acer\Empowering Technology\ePower\ePower_DMC.exe [2006-05-30 421888]
"Boot"=C:\Acer\Empowering Technology\ePower\Boot.exe [2006-03-15 579584]
"SynTPEnh"=C:\Programme\Synaptics\SynTP\SynTPEnh.exe [2006-03-03 761946]
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2006-06-22 602112]
"ATICCC"=C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe [2006-05-10 90112]
"eRecoveryService"=C:\Acer\Empowering Technology\eRecovery\eRAgent.exe [2006-06-01 413696]
"SSBkgdUpdate"=C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"PaperPort PTD"=C:\Programme\ScanSoft\PaperPort\pptd40nt.exe [2007-01-29 30248]
"IndexSearch"=C:\Programme\ScanSoft\PaperPort\IndexSearch.exe [2007-01-29 46632]
"PPort11reminder"=C:\Programme\ScanSoft\PaperPort\Ereg\Ereg.exe [2007-02-01 255528]
"BrMfcWnd"=C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe [2007-03-12 663552]
"ControlCenter3"=C:\Programme\Brother\ControlCenter3\brctrcen.exe [2007-01-26 65536]
"QuickTime Task"=C:\Programme\QuickTime\QTTask.exe [2008-09-06 413696]
"SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"Windows Defender"=C:\Programme\Windows Defender\MSASCui.exe [2006-11-03 866584]
"O2"=C:\Programme\O2\bin\sprtcmd.exe [2009-03-04 202016]
"avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MsnMsgr"=C:\Programme\Windows Live\Messenger\MsnMsgr.Exe [2009-07-26 3883840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norman ZANDA]
[]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
Adobe Reader Speed Launch.lnk - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
VPro500.lnk - C:\WINDOWS\VPro500.exe
Adobe Gamma Loader.lnk - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
Ati2evxx.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
WgaLogon.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\Messenger\msmsgs.exe"="C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Programme\Real\RealPlayer\RealPlay.exe"="C:\Programme\Real\RealPlayer\RealPlay.exe:*:Enabled:RealPlayer"
"C:\Programme\Internet Explorer\IEXPLORE.EXE"="C:\Programme\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Programme\Mozilla Firefox\firefox.exe"="C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\WINDOWS\EXPLORER.EXE"="C:\WINDOWS\EXPLORER.EXE:*:Enabled:Windows Explorer"
"C:\Programme\Skype\Plugin Manager\skypePM.exe"="C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Programme\O2\agent\bin\bcont.exe"="C:\Programme\O2\agent\bin\bcont.exe:*:Enabled:bcont.exe"
"C:\Programme\O2\bin\wificfg.exe"="C:\Programme\O2\bin\wificfg.exe:*:Enabled:sprtcmd.exe"
"C:\Programme\Gemeinsame Dateien\SupportSoft\bin\ssrc.exe"="C:\Programme\Gemeinsame Dateien\SupportSoft\bin\ssrc.exe:*:Enabled:ssrc.exe"
"C:\Programme\O2\agent\bin\bcont_nm.exe"="C:\Programme\O2\agent\bin\bcont_nm.exe:*:Enabled:bcont_nm.exe"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe"="C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe"="C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Programme\AOL 9.0\waol.exe"="C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{46773912-762f-11dc-8571-0016d4502704}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{46773913-762f-11dc-8571-0016d4502704}]
shell\AutoRun\command - F:\AutoRun.exe


======List of files/folders created in the last 1 months======

2010-04-28 15:43:37 ----D---- C:\rsit
2010-04-28 15:29:23 ----D---- C:\Programme\CCleaner
2010-04-28 15:22:10 ----D---- C:\Programme\Trend Micro
2010-04-28 14:30:59 ----D---- C:\Programme\AC3Filter
2010-04-15 00:21:03 ----HD---- C:\WINDOWS\$NtUninstallKB979683$
2010-04-15 00:20:53 ----HD---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-15 00:18:21 ----HD---- C:\WINDOWS\$NtUninstallKB981349$
2010-04-15 00:17:38 ----HD---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-15 00:17:32 ----HD---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-14 18:04:44 ----HD---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-14 18:03:29 ----HD---- C:\WINDOWS\$NtUninstallKB979309$
2010-03-29 13:05:10 ----D---- C:\Programme\Gemeinsame Dateien\Skype

======List of files/folders modified in the last 1 months======

2010-04-28 14:32:58 ----A---- C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt
2010-04-28 14:29:12 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-14 18:04:30 ----A---- C:\WINDOWS\imsins.BAK
2010-04-06 18:52:54 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-05-10 43520]
R1 Asapi;Asapi; C:\WINDOWS\system32\drivers\Asapi.sys [2002-04-17 11264]
R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 WmiAcpi;Microsoft Windows-Verwaltungsschnittstelle für ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-03-08 56816]
R2 DritekPortIO;Dritek General Port I/O; \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys []
R2 int15;int15; \??\C:\WINDOWS\system32\drivers\int15.sys []
R2 irda;IrDA-Protokoll; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-02-14 12672]
R2 tvicport;tvicport; \??\C:\WINDOWS\system32\drivers\tvicport.sys []
R2 zntport;zntport; \??\C:\WINDOWS\system32\drivers\zntport.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-07-17 1621504]
R3 BCM43XX;Treiber für Broadcom 802.11-Netzwerkadapter; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-11-02 424320]
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2004-12-07 16896]
R3 EMSCR;EMSCR; C:\WINDOWS\system32\DRIVERS\EMS7SK.sys [2006-05-24 61056]
R3 ESDCR;ESDCR; C:\WINDOWS\system32\DRIVERS\ESD7SK.sys [2006-05-24 40064]
R3 ESMCR;ESMCR; C:\WINDOWS\system32\DRIVERS\ESM7SK.sys [2006-05-24 74752]
R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-06-11 990592]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-06-11 208384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-06-27 4304384]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2006-06-21 6144]
R3 Rasirda;WAN-Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-06-15 83968]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-03 192672]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-06-11 727808]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver; \??\C:\WINDOWS\system32\eLock2BurnerLockDriver.sys []
S2 eLock2FSCTLDriver;eLock2FSCTLDriver; \??\C:\WINDOWS\system32\eLock2FSCTLDriver.sys []
S3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 15295]
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2006-01-11 194048]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2006-08-18 88960]
S3 irsir;Microsoft serieller Infrarottreiber; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
S3 jatmlano;jatmlano; \??\C:\DOKUME~1\SVEA!\LOKALE~1\Temp\jatmlano.sys []
S3 MHNDRV;MHN-Treiber; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 NvcMFlt;NvcMFlt; C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2009-01-22 19512]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SMCIRDA;SMSC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2004-12-09 46592]
S3 SONYPVU1;Sony USB-Filtertreiber (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 SPC610NC;Philips SPC500NC Webcam; C:\WINDOWS\system32\DRIVERS\SPC610NC.SYS [2005-10-13 156800]
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 tunmp;Microsoft Tun-Miniportadaptertreiber; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
S3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcerMemUsageCheckService;Memory Check Service; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [2006-03-29 28672]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-07-17 401408]
R2 Irmon;Infrarotüberwachung; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe [2006-02-17 73728]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 sprtsvc_O2;SupportSoft Sprocket Service (O2); C:\Programme\O2\bin\sprtsvc.exe [2009-03-04 202016]
R2 STI Simulator;STI Simulator; C:\WINDOWS\System32\PAStiSvc.exe [2005-01-14 53248]
R2 WinDefend;Windows Defender; C:\Programme\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]
S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe []
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 odserv;Microsoft Office Diagnostics Service; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SupportSoft RemoteAssist;SupportSoft RemoteAssist; C:\Programme\Gemeinsame Dateien\Supportsoft\bin\ssrc.exe [2007-07-27 382320]
S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\wmpnetwk.exe [2006-11-03 920576]
S4 NetTcpPortSharing;Net.Tcp-Portfreigabedienst; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
__________________
Alt 28.04.2010, 19:35   #4
sveapompea
 
google links werden falsch umgeleitet - Standard

google links werden falsch umgeleitet


Ergebnis meines antivir scans:

Avira AntiVir Personal
Report file date: Mittwoch, 28. April 2010 14:50

Scanning for 2047339 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : SVEA

Version information:
BUILD.DAT : 9.0.0.422 21701 Bytes 09.03.2010 10:29:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 13.10.2009 10:26:34
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27.02.2009 09:58:26
LUKE.DLL : 9.0.3.2 209665 Bytes 20.02.2009 10:35:50
LUKERES.DLL : 9.0.2.0 12033 Bytes 27.02.2009 09:58:54
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 06:35:52
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19.11.2009 11:30:00
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20.01.2010 11:30:12
VBASE003.VDF : 7.10.3.75 996864 Bytes 26.01.2010 11:30:14
VBASE004.VDF : 7.10.4.203 1579008 Bytes 05.03.2010 11:30:20
VBASE005.VDF : 7.10.6.82 2494464 Bytes 15.04.2010 12:31:46
VBASE006.VDF : 7.10.6.83 2048 Bytes 15.04.2010 12:31:46
VBASE007.VDF : 7.10.6.84 2048 Bytes 15.04.2010 12:31:46
VBASE008.VDF : 7.10.6.85 2048 Bytes 15.04.2010 12:31:48
VBASE009.VDF : 7.10.6.86 2048 Bytes 15.04.2010 12:31:48
VBASE010.VDF : 7.10.6.87 2048 Bytes 15.04.2010 12:31:48
VBASE011.VDF : 7.10.6.88 2048 Bytes 15.04.2010 12:31:48
VBASE012.VDF : 7.10.6.89 2048 Bytes 15.04.2010 12:31:48
VBASE013.VDF : 7.10.6.90 2048 Bytes 15.04.2010 12:31:48
VBASE014.VDF : 7.10.6.123 126464 Bytes 19.04.2010 19:00:04
VBASE015.VDF : 7.10.6.152 123392 Bytes 21.04.2010 03:20:46
VBASE016.VDF : 7.10.6.178 122880 Bytes 22.04.2010 09:27:24
VBASE017.VDF : 7.10.6.206 120320 Bytes 26.04.2010 18:24:50
VBASE018.VDF : 7.10.6.207 2048 Bytes 26.04.2010 18:24:50
VBASE019.VDF : 7.10.6.208 2048 Bytes 26.04.2010 18:24:50
VBASE020.VDF : 7.10.6.209 2048 Bytes 26.04.2010 18:24:50
VBASE021.VDF : 7.10.6.210 2048 Bytes 26.04.2010 18:24:50
VBASE022.VDF : 7.10.6.211 2048 Bytes 26.04.2010 18:24:50
VBASE023.VDF : 7.10.6.212 2048 Bytes 26.04.2010 18:24:50
VBASE024.VDF : 7.10.6.213 2048 Bytes 26.04.2010 18:24:50
VBASE025.VDF : 7.10.6.214 2048 Bytes 26.04.2010 18:24:50
VBASE026.VDF : 7.10.6.215 2048 Bytes 26.04.2010 18:24:50
VBASE027.VDF : 7.10.6.216 2048 Bytes 26.04.2010 18:24:50
VBASE028.VDF : 7.10.6.217 2048 Bytes 26.04.2010 18:24:52
VBASE029.VDF : 7.10.6.218 2048 Bytes 26.04.2010 18:24:52
VBASE030.VDF : 7.10.6.219 2048 Bytes 26.04.2010 18:24:52
VBASE031.VDF : 7.10.6.225 77824 Bytes 27.04.2010 15:39:50
Engineversion : 8.2.1.224
AEVDF.DLL : 8.1.2.0 106868 Bytes 24.04.2010 09:27:30
AESCRIPT.DLL : 8.1.3.27 1294714 Bytes 24.04.2010 09:27:30
AESCN.DLL : 8.1.5.0 127347 Bytes 07.03.2010 11:30:30
AESBX.DLL : 8.1.3.1 254324 Bytes 24.04.2010 09:27:30
AERDL.DLL : 8.1.4.6 541043 Bytes 16.04.2010 17:24:30
AEPACK.DLL : 8.2.1.1 426358 Bytes 19.03.2010 17:41:02
AEOFFICE.DLL : 8.1.0.41 201083 Bytes 17.03.2010 11:54:34
AEHEUR.DLL : 8.1.1.24 2613623 Bytes 16.04.2010 17:24:18
AEHELP.DLL : 8.1.11.3 242039 Bytes 02.04.2010 08:33:40
AEGEN.DLL : 8.1.3.7 373106 Bytes 16.04.2010 17:23:22
AEEMU.DLL : 8.1.2.0 393588 Bytes 24.04.2010 09:27:28
AECORE.DLL : 8.1.13.1 188790 Bytes 02.04.2010 08:33:38
AEBB.DLL : 8.1.1.0 53618 Bytes 24.04.2010 09:27:26
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12.12.2008 07:48:00
AVPREF.DLL : 9.0.3.0 44289 Bytes 26.08.2009 14:14:04
AVREP.DLL : 8.0.0.7 159784 Bytes 07.03.2010 11:30:34
AVREG.DLL : 9.0.0.0 36609 Bytes 05.12.2008 09:32:10
AVARKT.DLL : 9.0.0.3 292609 Bytes 24.03.2009 14:05:42
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30.01.2009 09:37:10
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28.01.2009 14:03:50
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02.02.2009 07:21:34
NETNT.DLL : 9.0.0.0 11521 Bytes 05.12.2008 09:32:12
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15.05.2009 14:40:00
RCTEXT.DLL : 9.0.73.0 86785 Bytes 13.10.2009 11:25:48

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\programme\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Mittwoch, 28. April 2010 14:50

Starting search for hidden objects.
'67898' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'WINWORD.EXE' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'MBAM.EXE' - '1' Module(s) have been scanned
Scan process 'CLI.EXE' - '1' Module(s) have been scanned
Scan process 'VPro500.exe' - '1' Module(s) have been scanned
Scan process 'Acer.Empowering.Framework.Launcher.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'BrMfcMon.exe' - '1' Module(s) have been scanned
Scan process 'SPRTCMD.EXE' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'JUSCHED.EXE' - '1' Module(s) have been scanned
Scan process 'BrccMCtl.exe' - '1' Module(s) have been scanned
Scan process 'BrMfcWnd.exe' - '1' Module(s) have been scanned
Scan process 'PPTD40NT.EXE' - '1' Module(s) have been scanned
Scan process 'CLI.EXE' - '1' Module(s) have been scanned
Scan process 'WMIPRVSE.EXE' - '1' Module(s) have been scanned
Scan process 'LManager.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'WMIPRVSE.EXE' - '1' Module(s) have been scanned
Scan process 'ePower_DMC.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'WMIAPSRV.EXE' - '1' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'PAStiSvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SPRTSVC.EXE' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'JQS.EXE' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'MemCheck.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
55 processes with 55 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '89' files ).


Starting the file scan:

Begin scan in 'C:\' <ACER>
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\hiberfil.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\System Volume Information\_restore{3DEA2D57-7765-4B6A-BDDE-F50A7E3CAB58}\RP633\A0170087.exe
[DETECTION] Is the TR/PCK.Katusha.J.1745 Trojan
Begin scan in 'D:\'

Beginning disinfection:
C:\System Volume Information\_restore{3DEA2D57-7765-4B6A-BDDE-F50A7E3CAB58}\RP633\A0170087.exe
[DETECTION] Is the TR/PCK.Katusha.J.1745 Trojan
[NOTE] The file was moved to '4c097f44.qua'!


End of the scan: Mittwoch, 28. April 2010 19:31
Used time: 4:13:48 Hour(s)

The scan has been done completely.

8501 Scanned directories
364568 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned
364565 Files not concerned
8078 Archives were scanned
2 Warnings
3 Notes
67898 Objects were scanned with rootkit scan
0 Hidden objects were found



ergebnis malwarebytes

alwarebytes' Anti-Malware 1.40
Datenbank Version: 2719
Windows 5.1.2600 Service Pack 3

28.04.2010 19:34:33
mbam-log-2010-04-28 (19-34-33).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 199603
Laufzeit: 4 hour(s), 52 minute(s), 43 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\WINDOWS\system32\drivers\down (Trojan.Downloader) -> Quarantined and deleted successfully.

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Alt 28.04.2010, 21:26   #5
sveapompea
 
google links werden falsch umgeleitet - Standard

google links werden falsch umgeleitet


ok, jetzt habe ich wirklich ein problem!!

hab pc runtergefahren und wieder neu gestarte. jettzt gibt es anstatt buchstaben nur noch komische zeichen!!

bitte bitte helft mir!!


Alt 28.04.2010, 22:06   #6
sveapompea
 
google links werden falsch umgeleitet - Standard

google links werden falsch umgeleitet


musste ne systemwiederherstellung durch fuhren und bin wieder auf dem stand von montag. da hatte ich die trojaner aber wohl schon

ich wuerde mich sehr freuen wenn sich jemand meinem problem annehmen koennte, dreh hier total am rad!

Alt 29.04.2010, 00:02   #7
sveapompea
 
google links werden falsch umgeleitet - Standard

google links werden falsch umgeleitet


wieder bei zeichen. sztemwiderherstellung geht nur noch fuer heute. kein spaeterer zeitpunkt anklickbar

Alt 29.04.2010, 17:37   #8
sveapompea
 
google links werden falsch umgeleitet - Standard

google links werden falsch umgeleitet


Hab heute in der uni meine festplatte nochma scannen lassen.der mann meinte es wurden 3 viruse gefunden. Hab mein laptop grad angeschalten und seh leider immer noch nur wilde zeichen anstatt buchstaben. Irgendwelche tips wie ich das wegbekomm?

Antwort

Themen zu google links werden falsch umgeleitet
adobe, antivir, antivir guard, avira, bho, defender, desktop, einstellungen, excel, explorer, firefox, google, hijackthis, hkus\s-1-5-18, hotkey, internet, internet explorer, launch, malwarebytes, malwarebytes' anti-malware, microsoft, mozilla, plug-in, programme, realtek, software, system, windows, windows xp


« ICQ-Virus (*.jpg.scr) | StartService.exe- Fehler in Anwendung und TR/patched.gen »


Ähnliche Themen: google links werden falsch umgeleitet


  1. Google Links werden umgeleitet (ihavenet/newsbuster)
    Log-Analyse und Auswertung - 09.07.2013 (55)
  2. Internet langsam, Google-Links werden umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 20.09.2012 (25)
  3. Google-Links werden umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 12.07.2012 (22)
  4. google links werden umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 12.02.2012 (6)
  5. Links auf Google werden umgeleitet, Antivirenprogramm fehlerhaft
    Plagegeister aller Art und deren Bekämpfung - 12.10.2011 (66)
  6. Google/Bing Links werden umgeleitet (admirablesearchsystem.com)
    Plagegeister aller Art und deren Bekämpfung - 07.10.2011 (17)
  7. Dringend! Google Links werden umgeleitet - OTL & GMER werden von Virus beendet
    Plagegeister aller Art und deren Bekämpfung - 25.07.2011 (1)
  8. google links werden umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 17.03.2011 (18)
  9. Links von Google werden ständig umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 28.10.2010 (1)
  10. Google Suchergebnisse und Links werden umgeleitet
    Log-Analyse und Auswertung - 24.09.2010 (16)
  11. Google suche: Links werden auf Werbeseiten umgeleitet
    Log-Analyse und Auswertung - 03.12.2009 (4)
  12. Google Links werden umgeleitet
    Log-Analyse und Auswertung - 14.05.2009 (0)
  13. Links in Google werden umgeleitet
    Log-Analyse und Auswertung - 26.12.2008 (1)
  14. Google und Yahoo links werden umgeleitet
    Log-Analyse und Auswertung - 13.12.2008 (1)
  15. Google Links werden umgeleitet
    Log-Analyse und Auswertung - 09.09.2008 (5)
  16. google links werden falsch verlinkt! Hijacking?
    Plagegeister aller Art und deren Bekämpfung - 21.04.2007 (12)
  17. Google links werden umgeleitet
    Log-Analyse und Auswertung - 02.10.2006 (4)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema google links werden falsch umgeleitet - links auf google werden umgeleitet. hab schon hier im forum die beiträge gelesen aber da ich ein pc idiot bin werde ich nich so gnaz schlau draus. wär toll wenn - google links werden falsch umgeleitet...
Archiv
Du betrachtest: google links werden falsch umgeleitet auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131