unerwünschte Weiterleitung bei Googel

mogri · 22.08.2010, 13:28

Hallo zusammen,
ich hatte beretits ein ähnliches problem vor ca. 1Jahr. Aber beim Vergleich mit den damaligen Lösungshilfen habe ich festgetellt,dass das meine logs nicht übereinstimmen, daher das erneute Hilfegesuch.

zum Problem:
wenn ich nach etwas google, so geschieht es manchmal dass ich auf andere sieten umgelietet werde. wenn ich jedoch auf "im Cache" klicke, so komme ich auf die richtige Seite.
Das Problem tritt nicht bei jeder Suche ein.

CCleaner ausgeführt

Malwarebytes Quickscan findet nichts

Selbst ist mir beim RSIT Log aufgefallen (poste noch das ganze File im anschluss), dass folgender Schlüssel aufgeführt ist

Code:

ATTFilter

R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll

Die Forums- Googlesuche hat ergeben dass das wohl mit dem Pdf Creator zusammenhängen kann welchen ich installiert habe. Weiß weder ob das was schlimmes ist oder wie ich es ggf lösen soll.

hier also das log: (linfo.txt):

Code:

ATTFilter

info.txt logfile of random's system information tool 1.08 2010-08-22 13:20:23

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acer® Camera-Treiber-->"C:\Programme\Gemeinsame Dateien\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Acronis*True*Image*Home-->MsiExec.exe /X{D1E0E859-F46D-4708-A41D-ED90C0C1822A}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin
Adobe Reader 9.3.3 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A93000000001}
Agere Systems HDA Modem-->agrsmdel
Apple Application Support-->MsiExec.exe /I{553255F3-78FD-40F1-A6F8-6882140265FE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI - Dienstprogramm zur Deinstallation der Software-->C:\Programme\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->MsiExec.exe /I{FF698806-06EA-4C79-A944-329BF041B614}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Audacity 1.3.12 (Unicode)-->"C:\Programme\Audacity 1.3 Beta (Unicode)\unins000.exe"
CDBurnerXP-->"D:\Programme\CDBurnerXP\unins000.exe"
Compatibility Pack für 2007 Office System-->MsiExec.exe /X{90120000-0020-0407-0000-0000000FF1CE}
CPUID CPU-Z 1.55-->"C:\Programme\CPUID\CPU-Z\unins000.exe"
DAEMON Tools Toolbar-->C:\Programme\DAEMON Tools Toolbar\uninst.exe
DivX-Setup-->C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com
eReg-->MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
FFmpeg 2009-01-08 for Audacity-->"C:\Programme\FFmpeg for Audacity\unins000.exe"
Firefox Preloader-->C:\Programme\FirefoxPreloader\unins000.exe
Flexbeta Firetweaker-->C:\Programme\Emilsoft Software\Flexbeta Firetweaker\uninstall.exe
Free Audio CD Burner version 1.3-->"C:\Programme\DVDVideoSoft\Free Audio CD Burner\unins000.exe"
Free YouTube to MP3 Converter version 3.5-->"C:\Programme\DVDVideoSoft\Free YouTube to MP3 Converter\unins000.exe"
G Data AntiVirus 2011-->MsiExec.exe /I{A7FB84F1-FA4F-4B50-9AEC-4F83AB1DFEBE}
Genius Politik-->"C:\Programme\Cornelsen\Genius Politik\uninstall.exe"
grafstat4-->"C:\Programme\grafstat4\unins000.exe"
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix für Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
LAME v3.98.2 for Audacity-->"C:\Programme\Lame for Audacity\unins000.exe"
Logitech Audio Echo Cancellation Component-->MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}
Logitech SetPoint 6.0-->C:\Programme\Gemeinsame Dateien\LogiShrd\SP6_Uninstall\setup.exe
Logitech Video Enumerator-->MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2}
Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile DEU Language Pack-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1031 /parameterfolder ClientLP
Microsoft .NET Framework 4 Client Profile DEU Language Pack-->MsiExec.exe /X{F750C986-5310-3A5A-95F8-4EC71C8AC01C}
Microsoft .NET Framework 4 Client Profile-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft .NET Framework 4 Extended DEU Language Pack-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\ExtendedLP\Setup.exe /repair /x86 /lcid 1031 /parameterfolder ExtendedLP
Microsoft .NET Framework 4 Extended DEU Language Pack-->MsiExec.exe /X{C911A0C2-2236-3164-AA47-F2566C01AE5E}
Microsoft .NET Framework 4 Extended-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\Setup.exe /repair /x86 /parameterfolder Extended
Microsoft .NET Framework 4 Extended-->MsiExec.exe /X{0A0CADCF-78DA-33C4-A350-CD51849B9702}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9-->"C:\WINDOWS\$NtUninstallWdf01009$\spuninst\spuninst.exe"
Microsoft Office XP Professional mit FrontPage-->MsiExec.exe /I{90280407-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.6.8)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
NCH Tone Generator-->C:\Programme\NCH Software\ToneGen\uninst.exe
OpenVPN 2.1.1-->C:\Programme\OpenVPN\Uninstall.exe
Opera 10.61-->MsiExec.exe /X{70858C67-8761-4444-895A-0A8B2E9E144E}
Paint.NET v3.5.5-->MsiExec.exe /X{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}
pcwRunAs 0.4-->"C:\Programme\PC-WELT\pcwRunAs4\unins000.exe"
PDFCreator-->D:\Programme\PDFCreator\unins000.exe
pdfforge Toolbar v1.1.2-->MsiExec.exe /X{5791B7D3-8B34-4218-9750-6A8E45D0AD32}
PDF-Viewer-->"C:\Programme\Tracker Software\PDF Viewer\unins000.exe"
Phase 5 HTML-Editor-->MsiExec.exe /I{20B1B020-DEAE-48D1-9960-D4C3185D758B}
QuickTime-->MsiExec.exe /I{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x7  -removeonly
Revo Uninstaller 1.88-->C:\Programme\VS Revo Group\Revo Uninstaller\uninst.exe
Samsung New PC Studio-->"C:\Programme\InstallShield Installation Information\{F193FC0E-9E18-40FC-A974-509A1BDD240A}\setup.exe" -runfromtemp -l0x0407 -removeonly
Samsung New PC Studio-->MsiExec.exe /X{F193FC0E-9E18-40FC-A974-509A1BDD240A}
Samsung S5230 Wallpaper Creator-->MsiExec.exe /I{88BFE745-3D1F-4B80-8C40-E626E5A8E613}
SAMSUNG USB Driver for Mobile Phones-->C:\Programme\SAMSUNG\USB Drivers\Uninstall.exe
Sandboxie 3.46-->"C:\WINDOWS\Installer\SandboxieInstall32.exe" /remove
Sicherheitsupdate für Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB979402)-->"C:\WINDOWS\$NtUninstallKB979402_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB2286198)-->"C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Spybot - Search & Destroy-->"C:\Programme\Spybot - Search & Destroy\unins000.exe"
Test Tone Generator 4.32-->"C:\Programme\Test Tone Generator\unins000.exe"
TuneUp Utilities-->C:\Programme\TuneUp Utilities 2010\TUInstallHelper.exe --Trigger-Uninstall
UMVPLStandalone-->MsiExec.exe /X{8AC049F7-1383-45C3-9E7D-F93CA667F9E1}
Uninstall 1.0.0.1-->"C:\Programme\Gemeinsame Dateien\DVDVideoSoft\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update für Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update für Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"
Update für Windows Internet Explorer 8 (KB980302)-->"C:\WINDOWS\ie8updates\KB980302-IE8\spuninst\spuninst.exe"
Update für Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update für Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update für Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
VLC media player 1.1.2-->D:\Programme\VideoLAN\VLC\uninstall.exe
WinAce Archiver-->"C:\Programme\WinAce\SXUNINST.EXE" "C:\Programme\WinAce\SXUNINST.INI"
Winamp-->"D:\Programme\Winamp\UninstWA.exe"
Windows Driver Package - Intel (w29n51) net  (09/12/2005 9.0.3.9)-->C:\PROGRA~1\DIFX\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\w29n51_B4DB085D140C6265DCA5E78CC26122444CD2D577\w29n51.inf
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
XMind-->C:\Programme\XMind\uninstall.exe
X-Print 4.0 Client-->"C:\Programme\Schomaecker\XPrint-Client\unins000.exe"

======Security center information======

AV: G Data AntiVirus 2011

======System event log======

Computer Name: CHANGEME
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Multiprocessor Free.

Record Number: 3939
Source Name: EventLog
Time Written: 20100710134429.000000+270
Event Type: Informationen
User: 

Computer Name: CHANGEME
Event Code: 6006
Message: Der Ereignisprotokolldienst wurde beendet.

Record Number: 3938
Source Name: EventLog
Time Written: 20100710132107.000000+270
Event Type: Informationen
User: 

Computer Name: CHANGEME
Event Code: 7036
Message: Dienst "RAS-Verbindungsverwaltung" befindet sich jetzt im Status "Ausgeführt".

Record Number: 3937
Source Name: Service Control Manager
Time Written: 20100710132059.000000+270
Event Type: Informationen
User: 

Computer Name: CHANGEME
Event Code: 7036
Message: Dienst "Ati HotKey Poller" befindet sich jetzt im Status "Beendet".

Record Number: 3936
Source Name: Service Control Manager
Time Written: 20100710132057.000000+270
Event Type: Informationen
User: 

Computer Name: CHANGEME
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "RAS-Verbindungsverwaltung" gesendet.

Record Number: 3935
Source Name: Service Control Manager
Time Written: 20100710132054.000000+270
Event Type: Informationen
User: CHANGEME\Moritz Eingeschränkt

=====Application event log=====

Computer Name: CHANGEME
Event Code: 1
Message: X-Print 4.0 Client Service starting...

Record Number: 364
Source Name: XPrint-Client-Service
Time Written: 20100604110846.000000+270
Event Type: Informationen
User: 

Computer Name: CHANGEME
Event Code: 1
Message: X-Print 4.0 Client Service initialized.

Record Number: 363
Source Name: XPrint-Client-Service
Time Written: 20100604110845.000000+270
Event Type: Informationen
User: 

Computer Name: CHANGEME
Event Code: 1516
Message: Die Registrierung des Benutzers CHANGEME\Moritz Admin wurde entladen, nachdem eine Benachrichtigung empfangen wurde, das keine Anwendungen bzw. Dienste dieses Profil verwenden.

Record Number: 362
Source Name: Userenv
Time Written: 20100603184728.000000+270
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: CHANGEME
Event Code: 4097
Message: Die Anwendung "C:\DOKUME~1\MORITZ~1\LOKALE~1\Temp\~AceTemp\Filemon\Filemon.exe" hat einen Programmfehler verursacht.
Datum und Zeit des Fehlers: 03.06.2010 um 18:46:50.078
Ausnahme: c0000005 an Adresse 00412247 (Filemon)

Record Number: 361
Source Name: DrWatson
Time Written: 20100603184650.000000+270
Event Type: Informationen
User: 

Computer Name: CHANGEME
Event Code: 1000
Message: Fehlgeschlagene Anwendung filemon.exe, Version 7.3.0.0, fehlgeschlagenes Modul filemon.exe, Version 7.3.0.0, Fehleradresse 0x00012247.

Record Number: 360
Source Name: Application Error
Time Written: 20100603184648.000000+270
Event Type: Fehler
User: 

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Programme\Gemeinsame Dateien\Acronis\SnapAPI\;C:\Programme\OpenVPN\bin;C:\Programme\Gemeinsame Dateien\Teleca Shared;C:\Programme\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Programme\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Programme\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

hier log.txt

Code:

ATTFilter

Logfile of random's system information tool 1.08 (written by random/random)
Run by Moritz Admin at 2010-08-22 13:20:04
Microsoft Windows XP Professional Service Pack 3
System drive C: has 11 GB (46%) free of 24 GB
Total RAM: 1022 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:20:20, on 22.08.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Sandboxie\SbieSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
C:\Programme\Application Updater\ApplicationUpdater.exe
C:\Programme\Gemeinsame Dateien\G Data\AVKProxy\AVKProxy.exe
C:\Programme\G Data\AntiVirus\AVK\AVKService.exe
C:\Programme\G Data\AntiVirus\AVK\AVKWCtl.exe
C:\WINDOWS\system32\FsUsbExService.Exe
D:\Programme\CDBurnerXP\NMSAccessU.exe
C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Programme\Schomaecker\XPrint-Client\XPrint-Client-Service\XPrint-Client-Service.exe
C:\Programme\Gemeinsame Dateien\G Data\GDScan\GDScan.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Dokumente und Einstellungen\Moritz Eingeschränkt\Desktop\RSIT.exe
C:\Programme\trend micro\Moritz Admin.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: G Data WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\AntiVirus\WebFilter\AvkWebIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
O3 - Toolbar: pcwPrivilegien - {1D7A52EE-FBCB-4F46-AD2A-9C0ABAA20BC0} - C:\PROGRA~1\PC-WELT\PCWRUN~1\PCWPRI~1.DLL
O3 - Toolbar: G Data WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\AntiVirus\WebFilter\AvkWebIE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LVCOMSX] "C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [EvtMgr6] C:\Programme\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [G Data AntiVirus Tray Application] C:\Programme\G Data\AntiVirus\AVKTray\AVKTray.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Programme\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SandboxieControl] "C:\Programme\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-21-1935655697-838170752-1644491937-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Moritz Eingeschränkt')
O4 - HKUS\S-1-5-21-1935655697-838170752-1644491937-1005\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime (User 'Moritz Eingeschränkt')
O4 - HKUS\S-1-5-21-1935655697-838170752-1644491937-1005\..\Run: [SandboxieControl] "C:\Programme\Sandboxie\SbieCtrl.exe" (User 'Moritz Eingeschränkt')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Firefox Preloader.lnk = C:\Programme\FirefoxPreloader\FirefoxPreloader.exe
O4 - Global Startup: xprint-client.lnk = C:\Programme\Schomaecker\XPrint-Client\XPrint-Client-GUI\XPrint-Client-GUI.exe
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\Moritz Admin\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Programme\Application Updater\ApplicationUpdater.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: G Data AntiVirus Proxy (AVKProxy) - G Data Software AG - C:\Programme\Gemeinsame Dateien\G Data\AVKProxy\AVKProxy.exe
O23 - Service: G Data Scheduler (AVKService) - G Data Software AG - C:\Programme\G Data\AntiVirus\AVK\AVKService.exe
O23 - Service: G Data Dateisystem Wächter (AVKWCtl) - G Data Software AG - C:\Programme\G Data\AntiVirus\AVK\AVKWCtl.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: G Data Scanner (GDScan) - G Data Software AG - C:\Programme\Gemeinsame Dateien\G Data\GDScan\GDScan.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech - C:\Programme\Gemeinsame Dateien\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NMSAccess - Unknown owner - D:\Programme\CDBurnerXP\NMSAccessU.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Programme\OpenVPN\bin\openvpnserv.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Programme\Sandboxie\SbieSvc.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software - C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: XPrint-Client-Service - Schomäcker GmbH - C:\Programme\Schomaecker\XPrint-Client\XPrint-Client-Service\XPrint-Client-Service.exe

--
End of file - 8995 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0124123D-61B4-456f-AF86-78C53A0790C5}]
G Data WebFilter - C:\Programme\G Data\AntiVirus\WebFilter\AvkWebIE.dll [2010-03-31 657480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Programme\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
pdfforge Toolbar - C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll [2010-01-08 700416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2010-05-03 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
C:\Programme\pdfforge Toolbar\SearchSettings.dll [2010-01-08 1109504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-05-03 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]
{B922D405-6D13-4A2B-AE89-08A030DA4402} - pdfforge Toolbar - C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll [2010-01-08 700416]
{1D7A52EE-FBCB-4F46-AD2A-9C0ABAA20BC0} - pcwPrivilegien - C:\PROGRA~1\PC-WELT\PCWRUN~1\PCWPRI~1.DLL [2005-09-01 229376]
{0124123D-61B4-456f-AF86-78C53A0790C5} - G Data WebFilter - C:\Programme\G Data\AntiVirus\WebFilter\AvkWebIE.dll [2010-03-31 657480]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-02-27 16005120]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"LVCOMSX"=C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\LVComSX.exe [2006-07-20 237568]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2006-03-16 88204]
"Adobe ARM"=C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"EvtMgr6"=C:\Programme\Logitech\SetPointP\SetPoint.exe [2010-01-27 1312848]
"TrueImageMonitor.exe"=C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe [2009-05-15 4393112]
"AcronisTimounterMonitor"=C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe [2009-05-15 962640]
"Acronis Scheduler2 Service"=C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe [2009-05-15 377640]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"G Data AntiVirus Tray Application"=C:\Programme\G Data\AntiVirus\AVKTray\AVKTray.exe [2010-03-31 963144]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe [2010-04-29 437584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=D:\Programme\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SandboxieControl"=C:\Programme\Sandboxie\SbieCtrl.exe [2010-07-04 398568]
"SpybotSD TeaTimer"=C:\Programme\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
Firefox Preloader.lnk - C:\Programme\FirefoxPreloader\FirefoxPreloader.exe
xprint-client.lnk - C:\Programme\Schomaecker\XPrint-Client\XPrint-Client-GUI\XPrint-Client-GUI.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-02-22 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll [2010-01-30 64592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-11 190464]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
"NoDriveAutoRun"=67108863
"HonorAutorunSetting"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=255

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\Skype\Plugin Manager\skypePM.exe"="C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Programme\Opera\opera.exe"="C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe"="C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server"
"C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe"="C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-08-22 13:20:05 ----D---- C:\Programme\trend micro
2010-08-22 13:20:04 ----D---- C:\rsit
2010-08-22 13:02:54 ----D---- C:\Dokumente und Einstellungen\Moritz Admin\Anwendungsdaten\Malwarebytes
2010-08-22 13:02:41 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-08-22 13:02:37 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-08-22 13:02:37 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-08-22 13:02:36 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2010-08-21 17:27:24 ----D---- C:\Programme\Spybot - Search & Destroy
2010-08-21 17:27:24 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2010-08-09 17:22:45 ----A---- C:\WINDOWS\system32\drivers\cpuz134_x32.sys
2010-08-09 17:22:43 ----D---- C:\Programme\CPUID
2010-08-09 16:22:51 ----A---- C:\WINDOWS\system32\regclass.dll
2010-08-09 16:22:50 ----D---- C:\Programme\FirefoxPreloader
2010-08-08 14:42:20 ----A---- C:\WINDOWS\system32\drivers\GRD.sys
2010-08-04 12:08:14 ----RD---- C:\Sandbox
2010-08-04 12:07:01 ----A---- C:\WINDOWS\Sandboxie.ini
2010-08-04 12:05:39 ----D---- C:\Programme\Sandboxie
2010-08-04 11:50:03 ----D---- C:\Dokumente und Einstellungen\Moritz Admin\Anwendungsdaten\vlc
2010-08-03 11:20:30 ----A---- C:\WINDOWS\system32\drivers\GDTdiIcpt.sys
2010-08-03 11:20:26 ----A---- C:\WINDOWS\system32\drivers\HookCentre.sys
2010-08-03 11:19:56 ----A---- C:\WINDOWS\system32\drivers\MiniIcpt.sys
2010-08-03 11:19:55 ----A---- C:\WINDOWS\system32\drivers\GDBehave.sys
2010-08-03 11:18:37 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\G DATA
2010-08-03 11:18:34 ----D---- C:\Programme\Gemeinsame Dateien\G Data
2010-08-03 11:18:34 ----D---- C:\Programme\G Data
2010-08-03 11:17:56 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2010-08-03 11:05:10 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$

======List of files/folders modified in the last 1 months======

2010-08-22 13:20:10 ----D---- C:\WINDOWS\Prefetch
2010-08-22 13:20:09 ----D---- C:\WINDOWS\Temp
2010-08-22 13:20:05 ----RD---- C:\Programme
2010-08-22 13:02:41 ----D---- C:\WINDOWS\system32\drivers
2010-08-22 12:55:19 ----D---- C:\WINDOWS
2010-08-22 10:53:16 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-21 18:44:31 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-17 14:34:22 ----D---- C:\WINDOWS\repair
2010-08-17 14:34:04 ----D---- C:\WINDOWS\Registration
2010-08-17 13:18:17 ----SHD---- C:\WINDOWS\Installer
2010-08-17 13:18:00 ----D---- C:\Programme\Opera
2010-08-11 17:27:37 ----D---- C:\WINDOWS\Minidump
2010-08-09 16:22:51 ----D---- C:\WINDOWS\system32
2010-08-08 14:41:04 ----D---- C:\WINDOWS\system32\Lang
2010-08-04 11:44:11 ----D---- C:\Programme\Mozilla Firefox
2010-08-03 12:23:49 ----HD---- C:\WINDOWS\inf
2010-08-03 11:18:34 ----D---- C:\Programme\Gemeinsame Dateien
2010-08-03 11:09:12 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
2010-08-03 11:08:01 ----D---- C:\WINDOWS\system32\CatRoot
2010-08-03 11:05:28 ----A---- C:\WINDOWS\imsins.BAK
2010-08-03 11:05:15 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-08-03 11:04:05 ----HD---- C:\WINDOWS\$hf_mig$
2010-07-27 10:57:23 ----A---- C:\WINDOWS\system32\shell32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 GDBehave;GDBehave; C:\WINDOWS\system32\drivers\GDBehave.sys [2010-08-03 33480]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-03-31 44944]
R0 snapman;Acronis Snapshots Manager; C:\WINDOWS\system32\DRIVERS\snapman.sys [2010-05-19 138208]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-05-16 691696]
R0 tdrpman228;Acronis Try&Decide and Restore Points filter (build 228); C:\WINDOWS\system32\DRIVERS\tdrpm228.sys [2010-05-19 902592]
R0 timounter;Acronis True Image Backup Archive Explorer; C:\WINDOWS\system32\DRIVERS\timntr.sys [2010-05-19 540000]
R1 GDMnIcpt;GDMnIcpt; \??\C:\WINDOWS\system32\drivers\MiniIcpt.sys []
R1 GRD;G Data Rootkit Detector Driver; \??\C:\WINDOWS\system32\drivers\GRD.sys []
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 WmiAcpi;Microsoft Windows-Verwaltungsschnittstelle für ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 GDTdiInterceptor;GDTdiInterceptor; \??\C:\WINDOWS\system32\drivers\GDTdiIcpt.sys []
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2010-05-19 44704]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-03-16 1124097]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-02-22 1505792]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HookCentre;HookCentre; \??\C:\WINDOWS\system32\drivers\HookCentre.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-02-27 4241920]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2009-11-10 35984]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2009-11-10 37392]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2009-11-10 28560]
R3 lv321av;Logitech USB PC Camera (VC0321); C:\WINDOWS\system32\DRIVERS\lv321av.sys [2006-11-22 1097728]
R3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2006-07-20 1955200]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2006-07-20 17792]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2006-11-22 39424]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]
R3 rtl8139;NT-Treiber für Realtek RTL8139(A/B/C)-basierten PCI-Fast Ethernet-Adapter; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-04-13 20992]
R3 SbieDrv;SbieDrv; \??\C:\Programme\Sandboxie\SbieDrv.sys []
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
R3 tap0901;TAP-Win32 Adapter V9; C:\WINDOWS\system32\DRIVERS\tap0901.sys [2009-12-12 25984]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys []
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-11-27 1427968]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 a3qcxacu;a3qcxacu; C:\WINDOWS\system32\drivers\a3qcxacu.sys []
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\system32\DRIVERS\k750bus.sys [2005-02-11 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys [2005-02-11 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k750mdm.sys [2005-02-11 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k750mgmt.sys [2005-02-11 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k750obex.sys [2005-02-11 79488]
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2006-07-20 1581952]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 s115bus;Sony Ericsson Device 115 driver (WDM); C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\WINDOWS\system32\DRIVERS\ss_bbus.sys [2009-09-21 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys [2009-09-21 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys [2009-09-21 121856]
S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2007-10-25 5632]
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbstor;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe [2009-05-15 619336]
R2 Application Updater;Application Updater; C:\Programme\Application Updater\ApplicationUpdater.exe [2010-01-08 380928]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-02-22 405504]
R2 AVKProxy;G Data AntiVirus Proxy; C:\Programme\Gemeinsame Dateien\G Data\AVKProxy\AVKProxy.exe [2010-04-30 1147976]
R2 AVKService;G Data Scheduler; C:\Programme\G Data\AntiVirus\AVK\AVKService.exe [2010-03-31 410696]
R2 AVKWCtl;G Data Dateisystem Wächter; C:\Programme\G Data\AntiVirus\AVK\AVKWCtl.exe [2010-03-15 1279816]
R2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2009-12-17 238952]
R2 LVPrcSrv;Logitech Process Monitor; c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe [2006-07-20 94208]
R2 NMSAccess;NMSAccess; D:\Programme\CDBurnerXP\NMSAccessU.exe [2010-03-04 71096]
R2 SbieSvc;Sandboxie Service; C:\Programme\Sandboxie\SbieSvc.exe [2010-07-04 75496]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-05-07 1051976]
R2 UxTuneUp;TuneUp Designerweiterung; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 XPrint-Client-Service;XPrint-Client-Service; C:\Programme\Schomaecker\XPrint-Client\XPrint-Client-Service\XPrint-Client-Service.exe [2008-08-28 1144320]
R3 GDScan;G Data Scanner; C:\Programme\Gemeinsame Dateien\G Data\GDScan\GDScan.exe [2010-04-22 339016]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 LVSrvLauncher;LVSrvLauncher; C:\Programme\Gemeinsame Dateien\Logitech\SrvLnch\SrvLnch.exe [2006-07-20 86016]
S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2010-04-12 153376]
S3 LBTServ;Logitech Bluetooth Service; C:\Programme\Gemeinsame Dateien\LogiShrd\Bluetooth\lbtserv.exe [2010-01-30 292944]
S3 OpenVPNService;OpenVPN Service; C:\Programme\OpenVPN\bin\openvpnserv.exe [2009-12-12 36352]
S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst; C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-05-16 435016]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Danke im vorraus

unerwünschte Weiterleitung bei Googel

Log-Analyse und Auswertung: unerwünschte Weiterleitung bei Googel

unerwünschte Weiterleitung bei Googel

Ähnliche Themen: unerwünschte Weiterleitung bei Googel