![]() |
Plagegeister aller Art und deren Bekämpfung: Firefox leitet auf falsche google-Links weiter und öffnet sich selbst in Popups neu.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() |
![]() | #1 |
| ![]() Firefox leitet auf falsche google-Links weiter und öffnet sich selbst in Popups neu. Hallo Board-Spezialisten. Seit ca. 10-14 Tagen habe ich folgendes Problem: Wenn ich nach einer google-Suche auf die Links der Suchergebnisse klicke, werde ich auf vollkommen andere Seiten gelenkt. Dies ist nicht in 100 % der Fälle der Fall aber so bei ca. 60-70 %. Manchmal komme ich sogar dahin, wo der Link hinführen sollte. Tätige ich bei offenem Firefox längere Zeit keine Eingabe, öffnet sich Firefox in einem Popup erneut und versucht einen Link zu öffnen, in dem auf jeden Fall die von mir bei der vorigen Suche enthaltenen Begriffe enthalten sind. Zudem: Wenn ich firefox starte, dann öffnet er sich oft erst nach dem 3., 4. oder 5. mal. Es sind dann zwar entsprechend viele Prozesse im Taskmanager, aber nur 1 Fenster geöffnet. Das Problem wird hier oft geschildert, daher hoffte ich, durch Selbststudium in intensive Arbiet und durch geduldiges Surfen eine Lösung zu finden. Dem ist jedoch nicht so. Ich bin Fortgeschrittener Anwender, baue meine Rechner selbst und versuche stets, meine aufgeführten SW auf aktuellstem Stand zu halten und wenn ich sie nicht mehr benötige, zu löschen. Ich verwende täglich mehrfach CCleaner und Registry-Mechanic, um Temporäre Dateien und Registrierungsleichen zu säubern. Ich surfe bewusst auf sicheren Seiten und gehöre nicht zu denen, die leichtfertig bei Systemfragen oder dem Surfen im Netz auf "JA" klicken. Ich habe schon intensiv mit folgenden Programmen an der Problemlösung gearbeitet (kleine Auswahl): Code:
ATTFilter AntiVir OTL HiJackThis Malwarebytes Anti-Malware Symantec DE-Cleaner (AntiBot) Look2Me-Destroyer F-Secure BlackLight Gmer (xsmhtl5n.exe) Bootkit Remover (eSage) ESET onlineScanner SecurityTaskManager Navilog1 Panda Secure Online Scan CCleaner Registry Mechanic Code:
ATTFilter Betriebsystemname Microsoft Windows 7 Professional Version 6.1.7600 Build 7600 Weitere Betriebsystembeschreibung Nicht verfügbar Betriebsystemhersteller Microsoft Corporation Systemname MEIN-PC Systemhersteller Gigabyte Technology Co., Ltd. Systemmodell EP45-UD3LR Systemtyp x64-basierter PC Prozessor Intel(R) Core(TM)2 Quad CPU Q9400 @ 2.66GHz, 2667 MHz, 4 Kern(e), 4 logische(r) Prozessor(en) BIOS-Version/-Datum Award Software International, Inc. F11, 22.04.2010 SMBIOS-Version 2.4 Windows-Verzeichnis C:\Windows Systemverzeichnis C:\Windows\system32 Startgerät \Device\HarddiskVolume5 Gebietsschema Deutschland Hardwareabstraktionsebene Version = "6.1.7600.16385" Benutzername Mein-PC\Mustermann Zeitzone Mitteleuropäische Zeit Installierter physikalischer Speicher (RAM) 6,00 GB Gesamter realer Speicher 6,00 GB Verfügbarer realer Speicher 4,53 GB Gesamter virtueller Speicher 6,39 GB Verfügbarer virtueller Speicher 4,77 GB Größe der Auslagerungsdatei 400 MB Auslagerungsdatei C:\pagefile.sys OTL Logfile: Code:
ATTFilter OTL logfile created on: 25.11.2010 21:51:43 - Run 3 OTL by OldTimer - Version Folder = C:\Users\Mustermann\Desktop 64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 6,00 Gb Total Physical Memory | 5,00 Gb Available Physical Memory | 76,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): c:\pagefile.sys 400 480 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 69,24 Gb Total Space | 19,72 Gb Free Space | 28,48% Space Free | Partition Type: NTFS Drive D: | 698,64 Gb Total Space | 463,01 Gb Free Space | 66,27% Space Free | Partition Type: NTFS Drive E: | 931,51 Gb Total Space | 247,54 Gb Free Space | 26,57% Space Free | Partition Type: NTFS Drive F: | 931,51 Gb Total Space | 80,10 Gb Free Space | 8,60% Space Free | Partition Type: NTFS Drive G: | 931,51 Gb Total Space | 77,84 Gb Free Space | 8,36% Space Free | Partition Type: NTFS Computer Name: MEIN-PC | User Name: Mustermann | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2010.11.25 17:20:22 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Mustermann\Desktop\OTL.exe PRC - [2010.10.27 07:13:18 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2010.08.10 11:46:58 | 002,483,808 | ---- | M] (Lavalys, Inc.) -- C:\Programme Eigene\Everest 550 2224\EVEREST Ultimate Edition 5.50.2224 NL\everest.exe PRC - [2010.08.02 16:09:38 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2010.08.02 16:09:32 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.08.02 16:09:32 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2010.06.11 17:14:24 | 001,280,344 | ---- | M] (IObit) -- C:\Programme Eigene\Malwarescanner IObit\IObit Security 360\is360tray.exe PRC - [2010.06.11 17:14:22 | 000,312,152 | ---- | M] (IObit) -- C:\Programme Eigene\Malwarescanner IObit\IObit Security 360\is360srv.exe PRC - [2008.11.07 06:08:14 | 000,431,472 | ---- | M] (Juniper Networks) -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe PRC - [2007.03.18 23:05:02 | 000,630,784 | ---- | M] () -- C:\Programme Eigene\RocketDock\RocketDock.exe ========== Modules (SafeList) ========== MOD - [2010.11.25 17:20:22 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Mustermann\Desktop\OTL.exe MOD - [2010.10.12 22:58:08 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll MOD - [2009.07.14 02:15:31 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imagehlp.dll MOD - [2009.07.14 02:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.08.04 02:51:20 | 000,203,264 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2010.10.17 23:43:02 | 000,099,048 | ---- | M] (SANDBOXIE L.T.D) [Disabled | Stopped] -- C:\Programme Eigene\Sandboxie\SbieSvc.exe -- (SbieSvc) SRV - [2010.08.02 16:09:38 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.08.02 16:09:32 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.06.11 17:14:22 | 000,312,152 | ---- | M] (IObit) [Auto | Running] -- C:\Programme Eigene\Malwarescanner IObit\IObit Security 360\is360srv.exe -- (IS360service) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009.06.18 15:19:30 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.11.07 06:08:14 | 000,431,472 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService) SRV - [2008.10.25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme Eigene\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2007.05.31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - File not found [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd) DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\9389.tmp -- (MEMSWEEP2) DRV:64bit: - [2010.11.22 13:25:04 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2010.08.04 03:22:36 | 007,451,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2010.08.04 03:22:36 | 007,451,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.08.04 02:15:44 | 000,268,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.08.02 16:09:46 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2010.07.21 15:58:50 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2010.07.15 13:47:42 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2010.07.07 17:18:58 | 000,051,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB) DRV:64bit: - [2009.10.27 11:10:18 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem) DRV:64bit: - [2009.10.26 01:43:18 | 000,038,944 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832UUSB.sys -- (RTL2832UUSB) DRV:64bit: - [2009.10.26 01:43:16 | 000,117,152 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832UBDA.sys -- (RTL2832UBDA) DRV:64bit: - [2009.10.05 20:22:20 | 000,044,320 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID) DRV:64bit: - [2009.09.30 15:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.09.23 02:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2009.09.23 02:46:17 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2009.09.23 02:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2009.09.23 02:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2009.07.30 12:58:42 | 000,236,544 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.07.23 09:37:36 | 000,096,768 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PciPPorts.sys -- (PciPPorts) DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009.06.19 16:07:44 | 000,020,992 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp) DRV:64bit: - [2009.06.10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.08 10:56:26 | 000,053,632 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motodrv.sys -- (MotDev) DRV:64bit: - [2009.02.24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus) DRV:64bit: - [2009.01.29 16:18:12 | 000,009,216 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl) DRV:64bit: - [2008.12.19 04:55:34 | 000,122,880 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PciSPorts.sys -- (PciSPorts) DRV:64bit: - [2008.11.07 05:51:14 | 000,029,184 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dsNcAdX64.sys -- (dsNcAdpt) DRV:64bit: - [2008.03.13 08:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam) DRV:64bit: - [2007.08.31 15:05:30 | 012,528,768 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD) DRV - [2010.11.01 18:33:55 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2010.10.17 23:42:58 | 000,145,512 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Stopped] -- C:\Programme Eigene\Sandboxie\SbieDrv.sys -- (SbieDrv) DRV - [2010.07.30 15:50:08 | 000,026,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Programme Eigene\Everest 550 2224\EVEREST Ultimate Edition 5.50.2224 NL\kerneld.amd64 -- (EverestDriver) DRV - [2009.10.26 09:43:18 | 000,038,944 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RTL2832UUSB.sys -- (RTL2832UUSB) DRV - [2009.10.26 09:43:16 | 000,117,152 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RTL2832UBDA.sys -- (RTL2832UBDA) DRV - [2009.10.05 20:22:20 | 000,044,320 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID) DRV - [2009.02.24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus) DRV - [2007.09.05 12:48:24 | 012,212,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8A 7E 7A 3D A7 4E CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "about:mozilla" FF - prefs.js..extensions.enabledItems: YoutubeDownloader@PeterOlayev.com:1.5 FF - prefs.js..extensions.enabledItems: web2pdfextension@web2pdf.adobedotcom:1.0 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}: FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1 FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908 FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}: FF - HKLM\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Programme Eigene\Adobe XPro Installed\Acrobat\Browser\WCFirefoxExtn [2010.11.21 00:36:13 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.11.17 16:45:05 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.11.21 00:37:02 | 000,000,000 | ---D | M] [2010.11.17 16:46:08 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\mozilla\Extensions [2010.11.25 17:22:48 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\mozilla\Firefox\Profiles\6csi3ie1.default\extensions [2010.11.21 23:37:12 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Mustermann\AppData\Roaming\mozilla\Firefox\Profiles\6csi3ie1.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2010.11.21 23:37:12 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Mustermann\AppData\Roaming\mozilla\Firefox\Profiles\6csi3ie1.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2010.11.21 23:37:12 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Mustermann\AppData\Roaming\mozilla\Firefox\Profiles\6csi3ie1.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2010.11.21 23:37:12 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Mustermann\AppData\Roaming\mozilla\Firefox\Profiles\6csi3ie1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.11.17 17:08:25 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\mozilla\Firefox\Profiles\6csi3ie1.default\extensions\YoutubeDownloader@PeterOlayev.com [2010.11.17 16:45:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2010.10.27 06:44:13 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.10.27 06:44:13 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.10.27 06:44:13 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.10.27 06:44:13 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.10.27 06:44:13 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.11.21 22:14:47 | 000,002,336 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: localhost O1 - Hosts: activate.adobe.com O1 - Hosts: practivate.adobe.com O1 - Hosts: adobeereg.com O1 - Hosts: www.adobeereg.com O1 - Hosts: activate-sea.adobe.com O1 - Hosts: activate-sjc0.adobe.com O1 - Hosts: wwis-dubc1-vip60.adobe.com O1 - Hosts: activate.adobe.com:443 O1 - Hosts: 3dns.adobe.com O1 - Hosts: 3dns-1.adobe.com O1 - Hosts: 3dns-2.adobe.com O1 - Hosts: 3dns-3.adobe.com O1 - Hosts: 3dns-4.adobe.com O1 - Hosts: O1 - Hosts: adobe-dns.adobe.com O1 - Hosts: adobe-dns-1.adobe.com O1 - Hosts: adobe-dns-2.adobe.com O1 - Hosts: adobe-dns-3.adobe.com O1 - Hosts: adobe-dns-4.adobe.com O1 - Hosts: adobe-dns-5.adobe.com O1 - Hosts: ereg.wip3.adobe.com O1 - Hosts: ereg.adobe.com O1 - Hosts: wip3.adobe.com O1 - Hosts: wwis-dubc1-vip60.adobe.com O1 - Hosts: 26 more lines... O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme Eigene\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme Eigene\Java Runtime Engine\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [IObit Security 360] C:\Programme Eigene\Malwarescanner IObit\IObit Security 360\IS360tray.exe (IObit) O4 - HKCU..\Run: [RocketDock] C:\Programme Eigene\RocketDock\RocketDock.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme Eigene\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme Eigene\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme Eigene\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme Eigene\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme Eigene\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x64/MuCatalogWebControl.cab?1259374367105 (MUCatalogWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\haufereader - No CLSID value found O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme Eigene\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\haufereader - No CLSID value found O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~3\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~3\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~3\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme Eigene\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{59d8886c-cbda-11df-a5c3-00241ddfc0af}\Shell - "" = AutoRun O33 - MountPoints2\{59d8886c-cbda-11df-a5c3-00241ddfc0af}\Shell\AutoRun\command - "" = I:\iStudio.exe -- File not found O33 - MountPoints2\{8192ae99-dba2-11de-aa5b-00241ddfc0af}\Shell - "" = AutoRun O33 - MountPoints2\{8192ae99-dba2-11de-aa5b-00241ddfc0af}\Shell\AutoRun\command - "" = I:\SETUP.EXE -- File not found O33 - MountPoints2\{899adbc7-e5b8-11de-8a08-00241ddfc0af}\Shell - "" = AutoRun O33 - MountPoints2\{899adbc7-e5b8-11de-8a08-00241ddfc0af}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found O33 - MountPoints2\I\Shell - "" = AutoRun O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\autorun.exe [open][1] Call of Duty Black Ops.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.11.25 21:31:59 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010.11.25 21:30:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT [2010.11.25 21:24:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\MFtools [2010.11.25 17:20:21 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Mustermann\Desktop\OTL.exe [2010.11.24 22:52:52 | 000,000,000 | ---D | C] -- C:\Navilog1 [2010.11.24 22:52:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Navilog1 [2010.11.24 22:34:21 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2010.11.24 08:35:41 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Roaming\vlc [2010.11.22 22:27:11 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\Desktop\backups [2010.11.22 09:45:56 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.11.22 09:45:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010.11.21 23:52:16 | 000,000,000 | R--D | C] -- C:\Sandbox [2010.11.21 23:41:20 | 000,083,968 | ---- | C] (eSage Lab) -- C:\Users\Mustermann\Desktop\remover.exe [2010.11.21 22:44:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2010.11.21 20:22:51 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.11.21 19:33:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2010.11.21 19:33:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2010.11.21 19:31:30 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Mustermann\Desktop\spybotsd162.exe [2010.11.21 19:08:49 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Roaming\Apple Computer [2010.11.21 19:08:49 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Local\Apple Computer [2010.11.21 19:08:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2010.11.21 19:06:24 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Local\Apple [2010.11.21 19:06:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2010.11.21 18:56:38 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Roaming\Avira [2010.11.21 18:18:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos [2010.11.21 18:11:00 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2010.11.21 18:11:00 | 000,083,120 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2010.11.21 18:11:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2010.11.21 18:11:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2010.11.21 17:49:00 | 000,000,000 | ---D | C] -- C:\ProgramData\fssg [2010.11.21 17:44:55 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure [2010.11.21 17:26:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Hagel Technologies [2010.11.21 17:01:12 | 001,137,360 | ---- | C] (F-Secure Corporation) -- C:\Users\Mustermann\Desktop\fsbl.exe [2010.11.21 16:12:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2010.11.21 16:12:26 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Local\NPE [2010.11.21 16:09:53 | 005,719,408 | ---- | C] (Symantec Corporation) -- C:\Users\Mustermann\Desktop\de_cleaner.exe [2010.11.21 13:37:50 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Roaming\QuickScan [2010.11.21 13:33:34 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Mustermann\Desktop\HiJackThis204.exe [2010.11.21 13:17:55 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Roaming\Malwarebytes [2010.11.21 13:13:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.11.21 13:13:58 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.11.21 13:13:04 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Mustermann\Desktop\mbam146-setup.exe [2010.11.21 00:46:27 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe [2010.11.21 00:37:38 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Local\Adobe [2010.11.21 00:34:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2010.11.21 00:34:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2010.11.20 23:48:50 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Roaming\Adobe [2010.11.17 16:45:59 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Roaming\Mozilla [2010.11.17 16:45:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2010.11.17 12:13:48 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Local\Activision [2010.11.15 23:27:45 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\Documents\Mercedes CLC Dream Test Drive [2010.11.15 23:27:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx [2010.11.15 15:48:31 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Local\CrashRpt [2010.11.10 22:44:43 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Roaming\Download Manager [2010.11.01 19:32:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2010.11.01 19:31:51 | 002,601,816 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll [2010.11.01 19:31:51 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2010.11.01 19:31:51 | 000,372,936 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2010.11.01 19:31:51 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2010.11.01 19:31:51 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2010.11.01 19:31:51 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2010.11.01 19:31:51 | 000,099,016 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2010.11.01 19:31:50 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll [2010.11.01 19:31:50 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2010.11.01 19:31:50 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2010.11.01 19:31:50 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2010.11.01 19:31:50 | 000,201,928 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2010.11.01 19:31:50 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2010.11.01 19:31:49 | 000,338,336 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2010.07.17 05:34:34 | 000,151,552 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2std.dll ========== Files - Modified Within 30 Days ========== [2010.11.25 21:36:05 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.11.25 21:36:05 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.11.25 21:33:04 | 001,512,298 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.11.25 21:33:04 | 000,660,946 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.11.25 21:33:04 | 000,620,886 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.11.25 21:33:04 | 000,132,318 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.11.25 21:33:04 | 000,108,446 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.11.25 21:30:55 | 000,000,924 | ---- | M] () -- C:\Users\Mustermann\Desktop\NTREGOPT.lnk [2010.11.25 21:30:55 | 000,000,905 | ---- | M] () -- C:\Users\Mustermann\Desktop\ERUNT.lnk [2010.11.25 21:29:38 | 000,000,088 | ---- | M] () -- C:\Windows\SysWow64\everest_cpl.ini [2010.11.25 21:28:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.11.25 21:24:33 | 000,471,560 | ---- | M] () -- C:\Users\Mustermann\Desktop\Load.exe [2010.11.25 21:23:10 | 000,000,162 | -H-- | M] () -- C:\Users\Mustermann\Desktop\~$rwendete AntiProgramme-001.docx [2010.11.25 17:20:22 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Mustermann\Desktop\OTL.exe [2010.11.25 17:02:47 | 000,014,423 | ---- | M] () -- C:\Users\Mustermann\Desktop\verwendete AntiProgramme-001.docx [2010.11.25 13:45:15 | 000,001,634 | ---- | M] () -- C:\Users\Mustermann\AppData\Roaming\SAS7_000.DAT [2010.11.25 12:49:31 | 000,011,776 | ---- | M] () -- C:\Users\Mustermann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.11.24 22:49:26 | 000,231,564 | ---- | M] () -- C:\Users\Mustermann\Desktop\Navilog1.exe [2010.11.24 22:32:36 | 002,053,472 | ---- | M] () -- C:\Users\Mustermann\Desktop\SecurityTaskManager_Setup.exe [2010.11.24 08:35:07 | 000,000,721 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2010.11.22 13:25:04 | 000,083,120 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2010.11.22 09:45:58 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.11.21 23:57:52 | 000,001,654 | ---- | M] () -- C:\Windows\Sandboxie.ini [2010.11.21 20:14:03 | 002,672,312 | ---- | M] () -- C:\Users\Mustermann\Desktop\esetsmartinstaller_deu.exe [2010.11.21 19:31:43 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Mustermann\Desktop\spybotsd162.exe [2010.11.21 18:23:01 | 000,296,448 | ---- | M] () -- C:\Users\Mustermann\Desktop\xsmhtl5n.exe [2010.11.21 17:53:15 | 000,041,624 | ---- | M] () -- C:\Windows\SysWow64\drivers\fsbts.sys [2010.11.21 17:50:29 | 001,551,964 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.11.21 17:32:07 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.11.21 17:32:07 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.11.21 17:32:07 | 000,000,524 | ---- | M] () -- C:\Windows\tasks\NatSpeak Periodic Language Model Optimization.job [2010.11.21 17:32:07 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\NatSpeak Periodic Acoustic Optimization.job [2010.11.21 17:13:28 | 001,137,360 | ---- | M] (F-Secure Corporation) -- C:\Users\Mustermann\Desktop\fsbl.exe [2010.11.21 16:09:54 | 005,719,408 | ---- | M] (Symantec Corporation) -- C:\Users\Mustermann\Desktop\de_cleaner.exe [2010.11.21 13:33:52 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Mustermann\Desktop\HiJackThis204.exe [2010.11.21 13:25:31 | 000,450,216 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010.11.21 13:13:10 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Mustermann\Desktop\mbam146-setup.exe [2010.11.20 18:42:11 | 000,001,572 | ---- | M] () -- C:\Users\Mustermann\Desktop\CoD Black Ops Trainer 11.lnk [2010.11.20 18:41:59 | 000,001,148 | ---- | M] () -- C:\Users\Mustermann\Desktop\CoD Black Ops.lnk [2010.11.16 14:27:56 | 000,002,562 | ---- | M] () -- C:\Windows\diagwrn.xml [2010.11.16 14:27:56 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml [2010.11.16 09:38:55 | 000,007,621 | ---- | M] () -- C:\Users\Mustermann\AppData\Local\Resmon.ResmonCfg [2010.11.08 13:59:45 | 000,094,393 | ---- | M] () -- C:\Users\Mustermann\Documents\Bezahlung nach Branchen und Abschlüssen.pdf ========== Files Created - No Company Name ========== [2010.11.25 21:30:55 | 000,000,924 | ---- | C] () -- C:\Users\Mustermann\Desktop\NTREGOPT.lnk [2010.11.25 21:30:55 | 000,000,905 | ---- | C] () -- C:\Users\Mustermann\Desktop\ERUNT.lnk [2010.11.25 21:24:33 | 000,471,560 | ---- | C] () -- C:\Users\Mustermann\Desktop\Load.exe [2010.11.25 21:23:10 | 000,000,162 | -H-- | C] () -- C:\Users\Mustermann\Desktop\~$rwendete AntiProgramme-001.docx [2010.11.25 16:42:39 | 000,014,423 | ---- | C] () -- C:\Users\Mustermann\Desktop\verwendete AntiProgramme-001.docx [2010.11.24 22:49:25 | 000,231,564 | ---- | C] () -- C:\Users\Mustermann\Desktop\Navilog1.exe [2010.11.24 22:32:33 | 002,053,472 | ---- | C] () -- C:\Users\Mustermann\Desktop\SecurityTaskManager_Setup.exe [2010.11.24 08:35:07 | 000,000,721 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2010.11.22 09:45:58 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.11.21 23:51:25 | 000,001,654 | ---- | C] () -- C:\Windows\Sandboxie.ini [2010.11.21 20:13:13 | 002,672,312 | ---- | C] () -- C:\Users\Mustermann\Desktop\esetsmartinstaller_deu.exe [2010.11.21 18:23:00 | 000,296,448 | ---- | C] () -- C:\Users\Mustermann\Desktop\xsmhtl5n.exe [2010.11.21 17:50:50 | 000,041,624 | ---- | C] () -- C:\Windows\SysWow64\drivers\fsbts.sys [2010.11.20 18:42:13 | 000,001,572 | ---- | C] () -- C:\Users\Mustermann\Desktop\CoD Black Ops Trainer 11.lnk [2010.11.20 18:42:04 | 000,001,148 | ---- | C] () -- C:\Users\Mustermann\Desktop\CoD Black Ops.lnk [2010.11.17 18:27:51 | 000,000,000 | -HS- | C] () -- C:\Users\Mustermann\S-1-5-21-1743698390-660516810-1164774953-1000.rrr.LOG2 [2010.11.17 18:27:51 | 000,000,000 | -HS- | C] () -- C:\Users\Mustermann\S-1-5-21-1743698390-660516810-1164774953-1000.rrr.LOG1 [2010.11.16 14:25:42 | 000,002,562 | ---- | C] () -- C:\Windows\diagwrn.xml [2010.11.16 14:25:42 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml [2010.11.08 13:57:23 | 000,094,393 | ---- | C] () -- C:\Users\Mustermann\Documents\Bezahlung nach Branchen und Abschlüssen.pdf [2010.09.18 21:59:57 | 000,000,036 | ---- | C] () -- C:\Users\Mustermann\AppData\Local\housecall.guid.cache [2010.09.11 22:14:55 | 000,036,054 | ---- | C] () -- C:\ProgramData\NAB_Install.log [2010.08.15 10:57:26 | 000,000,088 | ---- | C] () -- C:\Windows\SysWow64\everest_cpl.ini [2010.08.06 21:10:53 | 000,004,096 | -H-- | C] () -- C:\Users\Mustermann\AppData\Local\keyfile3.drm [2010.07.17 05:34:35 | 012,212,864 | ---- | C] () -- C:\Windows\SysWow64\drivers\snp2sxp.sys [2010.07.17 05:34:35 | 000,025,472 | ---- | C] () -- C:\Windows\SysWow64\drivers\sncamd.sys [2010.07.17 05:34:35 | 000,015,497 | ---- | C] () -- C:\Windows\snp2std.ini [2010.06.26 22:09:49 | 000,004,913 | ---- | C] () -- C:\ProgramData\mxnhytee.feu [2010.06.25 19:04:52 | 000,073,832 | ---- | C] () -- C:\Windows\SysWow64\SuperFrameSplitter.dll [2010.06.25 19:04:52 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\RTKDABMWare.dll [2010.06.21 21:12:04 | 000,000,045 | ---- | C] () -- C:\Windows\Twacker.ini [2010.06.21 20:56:56 | 000,000,041 | ---- | C] () -- C:\Windows\DevCap.ini [2010.04.19 23:42:08 | 000,007,621 | ---- | C] () -- C:\Users\Mustermann\AppData\Local\Resmon.ResmonCfg [2010.03.03 21:28:40 | 000,000,042 | ---- | C] () -- C:\Windows\AlchemyMindworksUpdateList.INI [2010.02.13 04:08:54 | 001,551,964 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.01.31 20:04:03 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2010.01.31 11:07:23 | 000,290,816 | ---- | C] () -- C:\Windows\SysWow64\decdll.dll [2010.01.12 21:18:20 | 001,409,890 | ---- | C] () -- C:\Windows\SysWow64\ffmpegmt.dll [2010.01.12 21:18:18 | 000,882,688 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2010.01.12 21:18:18 | 000,556,491 | ---- | C] () -- C:\Windows\SysWow64\libmplayer.dll [2010.01.12 21:18:16 | 004,507,983 | ---- | C] () -- C:\Windows\SysWow64\libavcodec.dll [2010.01.12 21:18:10 | 000,877,385 | ---- | C] () -- C:\Windows\SysWow64\ff_x264.dll [2010.01.12 21:18:10 | 000,336,384 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll [2010.01.12 21:18:10 | 000,216,576 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll [2010.01.12 21:18:10 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll [2010.01.12 21:18:10 | 000,145,408 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll [2010.01.12 21:18:10 | 000,121,856 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll [2010.01.12 21:18:08 | 000,169,984 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll [2010.01.12 21:18:08 | 000,116,736 | ---- | C] () -- C:\Windows\SysWow64\ff_tremor.dll [2010.01.12 21:18:08 | 000,100,864 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll [2010.01.12 21:18:08 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll [2010.01.12 21:12:36 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2010.01.03 09:10:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.01.01 01:00:00 | 000,324,096 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll [2010.01.01 01:00:00 | 000,248,320 | ---- | C] () -- C:\Windows\SysWow64\ff_kernelDeint.dll [2009.12.27 21:35:44 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll [2009.12.27 21:35:44 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll [2009.12.22 22:46:49 | 000,001,634 | ---- | C] () -- C:\Users\Mustermann\AppData\Roaming\SAS7_000.DAT [2009.12.22 15:53:52 | 000,011,776 | ---- | C] () -- C:\Users\Mustermann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.11.29 01:24:11 | 000,000,170 | ---- | C] () -- C:\Users\Mustermann\AppData\Roaming\default.rss [2009.11.28 23:46:49 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini [2009.11.28 00:23:55 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll [2009.11.27 23:04:27 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2009.11.27 22:05:21 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2009.11.14 19:37:08 | 000,154,112 | ---- | C] () -- C:\Windows\SysWow64\ts.dll [2009.11.14 19:33:38 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll [2009.11.14 19:11:50 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\avss.dll [2009.11.14 19:11:42 | 000,150,016 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll [2009.11.14 19:11:42 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll [2009.11.14 19:11:40 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll [2009.11.14 19:11:40 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\avi.dll [2009.11.14 19:11:38 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\avs.dll [2009.11.14 19:11:32 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll [2009.11.14 19:11:32 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.19 20:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2009.04.08 15:25:44 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\BH_DATA120VC8.dll [2009.04.08 07:17:48 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\FKStampPainter20.dll [2009.02.02 20:11:40 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\LXPrnUtil10.dll [2009.02.02 20:10:14 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\dnt27VC8.dll [2009.02.02 20:08:36 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\dntvmc27VC8.dll [2009.02.02 20:08:22 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dntvm27VC8.dll [2009.01.10 23:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\mmfinfo.dll [2008.12.03 23:11:50 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2008.11.06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll [2007.10.13 10:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini [2006.12.18 19:16:51 | 000,000,000 | -H-- | C] () -- C:\ProgramData\sdpsenv.dat [2006.04.21 10:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\HtmlHelp.dll [2005.04.08 03:16:43 | 000,053,689 | -H-- | C] () -- C:\Users\Mustermann\AppData\Roaming\Mustermannlog.dat ========== LOP Check ========== [2010.11.21 17:32:07 | 000,000,510 | ---- | M] () -- C:\Windows\Tasks\NatSpeak Periodic Acoustic Optimization.job [2010.11.21 17:32:07 | 000,000,524 | ---- | M] () -- C:\Windows\Tasks\NatSpeak Periodic Language Model Optimization.job [2010.11.01 19:33:19 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 160 bytes -> C:\ProgramData\sdpsenv.dat:naughtypirates @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:D1B5B4F1 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:F35A93AD < End of report > OTL-Extras: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 25.11.2010 17:23:16 - Run 1 OTL by OldTimer - Version Folder = C:\Users\xxx\Desktop 64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 6,00 Gb Total Physical Memory | 5,00 Gb Available Physical Memory | 76,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 74,00% Paging File free Paging file location(s): c:\pagefile.sys 400 480 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 69,24 Gb Total Space | 19,76 Gb Free Space | 28,54% Space Free | Partition Type: NTFS Drive D: | 698,64 Gb Total Space | 463,01 Gb Free Space | 66,27% Space Free | Partition Type: NTFS Drive E: | 931,51 Gb Total Space | 247,54 Gb Free Space | 26,57% Space Free | Partition Type: NTFS Drive F: | 931,51 Gb Total Space | 80,10 Gb Free Space | 8,60% Space Free | Partition Type: NTFS Drive G: | 931,51 Gb Total Space | 77,84 Gb Free Space | 8,36% Space Free | Partition Type: NTFS Computer Name: MEIN-PC | User Name: Mustermann| Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation) .js[@ = JSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation) .jse[@ = JSEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation) .vbe[@ = VBEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation) .vbs[@ = VBSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation) .wsf[@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation) .js [@ = JSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation) .jse [@ = JSEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation) .vbe [@ = VBEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation) .vbs [@ = VBSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation) .wsf [@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Programme Eigene\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Programme Eigene\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) jsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation) jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation) vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation) wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation) Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PR9EA2~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Programme Eigene\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Programme Eigene\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) jsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation) jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation) vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation) wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation) Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PR9EA2~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{08347912-0AA5-C85E-BC02-416568E741B4}" = AMD Drag and Drop Transcoding "{0A54DE51-CD51-BF86-81EB-ED2D663FFBD1}" = ATI AVIVO64 Codecs "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{109BF2A4-013B-7B67-C7EA-F387EF1BD302}" = ATI Catalyst Install Manager "{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode "{1DD64A9C-846F-4180-B34C-3090459E32E1}" = 7-Clean "{4A5A427F-BA39-4BF0-9A47-7777FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking 64bit (x64) "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{563F041C-DFDB-437B-A1E8-E141E0906076}" = Microsoft IntelliPoint 8.0 "{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{914C25C6-603C-16C9-BE33-8A09E5632350}" = ccc-utility64 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{98C8DF59-BE5F-4EC2-9B12-FD2A54928EDB}" = Microsoft IntelliType Pro 8.0 "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID-Anmelde-Assistent "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64 "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "EPSON Stylus SX200 Series" = EPSON Stylus SX200 Series Printer Uninstall "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Sandboxie" = Sandboxie 3.50 (64-bit) "Unlocker" = Unlocker 1.9.0-x64 "WinRAR archiver" = WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{02627EE5-EACA-4742-A9CC-E687631773E4}" = Nero ShowTime "{086A7D8C-0A38-4C7F-819A-620275550D5C}" = Nero Burning ROM Help "{086c3940-5775-4daa-8072-dda88eeb1980}" = Nero 9 "{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics "{0C7B9FAF-9C93-4E3A-9EC5-DE553B5771F0}" = Linguatec Voice Reader Studio "{0E58BC91-B789-0D1B-9A75-017D04741F97}" = HydraVision "{10CCF16B-F1C9-4B24-9570-B4CCEE42392D}" = LightScribe System Software "{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration "{12444FB2-997D-7BB2-0CEB-453E31307929}" = ccc-core-static "{19B822A6-372A-43E2-9230-0AFA4EC84F8C}" = Lexware buchhalter 2009 "{1C00C7C5-E615-4139-B817-7F4003DE68C0}" = Nero PhotoSnap Help "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help "{225C12AE-BB37-4EE3-8935-583E2F0E6644}" = Lexware reisekosten 2009 "{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder "{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 19 "{2F3ABBBF-D85B-41C2-8E44-0DDB66E0FE0A}" = QuickSteuer DELUXE Wissens-Center 2010 "{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed "{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode "{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent "{3E981E45-833E-44C4-AB75-3668AA77F8EC}" = Adobe Flash Media Live Encoder 3 "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth "{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision "{44046312-696F-4E29-82C8-3F29F81DD11F}" = Lexware Elster "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4D12D805-50B2-4287-B3B9-AD4D74F85693}" = BOINC "{4F2F5589-0217-43A6-91E9-B0F172D32CC9}_is1" = MF Shutdown Manager Full Edition 0.9.6 Beta "{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12 "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{56FDB311-6511-11DE-832F-0050560400B1}" = Haufe iDesk-Browser "{57456DD2-4CDD-4245-A5E6-D865CD8E0238}" = Lexware reisekosten 2009 "{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress "{59624372-3B85-47f4-9B04-4911E551DF1E}" = Lexware Info Service "{5D9BE3C1-8BA4-4E7E-82FD-9F74FA6815D1}" = Nero Vision Help "{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX "{5E08ECD1-C98E-4711-BF65-8FD736B3F969}" = Nero RescueAgent Help "{60C731FB-C951-41CE-AD41-8E54C8594609}" = Nero Disc Copy Gadget Help "{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner "{62B7C52C-CAB6-48B1-8245-52356C141C92}" = RENESIS® Player Browser Plugins "{65C043EC-BEB5-4791-8EB3-EF9EDBEDA7DB}" = QuickSteuer Wissens-Center 2009 "{69BA7792-853B-45A3-A29F-539C0D7A2A62}" = Myst Uru - Complete Chronicles "{707790EF-9E51-1548-F90C-57B38065F38C}" = Catalyst Control Center Graphics Previews Vista "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72CCBEA1-8D57-4981-A337-81019F28C5BA}" = Microsoft .NET Compact Framework 3.5 "{73182AC3-5CC3-4161-AE97-F23E09B13147}" = Vallen JPegger "{74292F90-895A-4FC6-A692-9641532B1B63}" = ArcSoft TotalMedia 3.5 "{75438C0E-9925-412E-AD85-D0E71C6CE2ED}" = USB2.0 PC Camera "{76F79738-4234-45E8-80AA-F56F8FCD4FBE}" = QuickSteuer 2009 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart "{77E33D87-255E-413E-9C8D-EED2A7F9BEBF}" = Nero Live Help "{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights "{7B5999EE-F2DD-4677-675D-51F11C6F6181}" = Catalyst Control Center Graphics Previews Common "{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help "{85243696-5E58-4357-9CF8-3498C609941D}" = NeroLiveGadget Help "{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{889E44CE-435C-4D37-B302-A7E43339E5FA}_is1" = Mouse Recorder Pro 2 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ULTIMATER_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ULTIMATER_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_PRJPRO_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Project 2007 Service Pack 2 (SP2) "{90120000-002A-0000-1000-0000000FF1CE}_PRJPRO_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002A-0000-1000-0000000FF1CE}_ULTIMATER_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002A-0407-1000-0000000FF1CE}_ULTIMATER_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002A-0409-1000-0000000FF1CE}_PRJPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office Project 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007 "{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{9E73617F-2F38-4864-BD61-BB2DDFE43323}" = Microsoft Office Project 2007 Service Pack 2 (SP2) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ULTIMATER_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_PRJPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office Project 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2007 "{90120000-00B4-0407-0000-0000000FF1CE}_PMUI.de-de_{16809599-3C53-4A9A-A7E2-74A6D0D2C007}" = Microsoft Office Project 2007 Service Pack 2 (SP2) "{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007 "{90120000-00B4-0409-0000-0000000FF1CE}_PRJPRO_{27A9D316-D332-433B-8EB1-1D93EE49F26D}" = Microsoft Office Project 2007 Service Pack 2 (SP2) "{90120000-00B5-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2007 "{90120000-00B5-0407-0000-0000000FF1CE}_PMUI.de-de_{16809599-3C53-4A9A-A7E2-74A6D0D2C007}" = Microsoft Office Project 2007 Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007 "{90120000-0101-0407-0000-0000000FF1CE}_PMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_PRJPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office Project 2007 Service Pack 2 (SP2) "{90120000-0116-0409-1000-0000000FF1CE}_PRJPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office Project 2007 Service Pack 2 (SP2) "{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage "{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007 "{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{95120000-0052-0407-0000-0000000FF1CE}" = Microsoft Office Visio Viewer 2007 "{96F702F3-7CA4-41B5-A70A-4F348DF99A9A}" = Myst IV - Revelation "{98A67610-A3B5-4098-A423-3708040026D3}" = "Nero SoundTrax Help "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap "{9E9FDDE6-2C26-492A-85A0-05646B3F2795}" = NeroLiveGadget "{9F05B89E-2873-11D5-9E9D-0050DA1EA555}" = Myst III: Exile "{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A589DA26-51BD-475D-8C32-E19E34145842}" = Camtasia Studio 6 "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch "{AD6BC5CC-2EF0-49C4-B33D-CDC8B2C4DC80}" = Nero Recode Help "{AE096DBF-8878-6943-3858-7EE9D54D70B7}" = CCC Help English "{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles "{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS Ver.2.06 "{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center "{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit "{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT "{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter "{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax "{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help "{CC23FF9A-989C-4DEB-8970-50E6E4862315}" = EOSInfo "{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help "{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D961CF08-AB06-4AC5-BCBA-76D12C4DB5EC}" = Linguatec Voice Reader Studio "{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime "{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding "{DDBB7C89-1A09-441E-AA0F-6AA465755C17}" = REALTEK DTV USB DEVICE "{DEE03A90-C723-4E3D-A661-86651D6F0668}" = QuickSteuer Deluxe 2010 "{DF6A95F5-ADC1-406A-BDC6-2AA7CC0182AA}" = Nero Live "{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit "{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help "{E7712E53-7A7F-46EB-AA13-70D5987D30F2}" = Dragon NaturallySpeaking 10 "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer "{EB5AE940-8E5D-11DE-992A-005056B12123}" = Haufe iDesk-Service "{EC25B803-4BDB-47F7-B877-FCE7D7966C0F}" = Visual C++ CRT 9.0 SP1 "{EE5BCA77-F9B8-4896-BB04-6CBE587BC8CE}" = QuickSteuer 2009 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget "{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help "{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "3D Poker Bandit" = 3D Poker Bandit 2.1.2 "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Biet-O-Matic v2.12.5" = Biet-O-Matic v2.12.5 "BitTorrent" = BitTorrent "Call of Duty: Black Ops_is1" = Call of Duty: Black Ops "CCleaner" = CCleaner "Citavi" = Citavi 2.5 "ContextEdit_is1" = ContextEdit (PC Magazine) "DVB Dream_is1" = DVB Dream version 1.4i "DVD Shrink" = DVD Shrink "EPSON Scanner" = EPSON Scan "Free Video Converter_is1" = Free Video Converter V 2.5 "FreeCommander_is1" = FreeCommander 2009.02a "GIF Construction Set Professional 3" = GIF Construction Set Professional 3 "GrabIt_is1" = GrabIt 1.7.2 Beta 4 (build 997) "IObit Security 360_is1" = IObit Security 360 "Juniper Network Connect 6.2.0" = Juniper Networks Network Connect 6.2.0 "Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control "MagicDisc 2.7.106" = MagicDisc 2.7.106 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "ManyCam" = ManyCam 2.4 (remove only) "Media Player - Codec Pack" = Media Player Codec Pack 3.9.2 "Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12) "PCViewer BX1000 TAXI_is1" = PCViewer BX1000 TAXI "PhotoScape" = PhotoScape "PMUI.de-de" = Microsoft Office Project Language Pack 2007 - German/Deutsch "PRJPRO" = Microsoft Office Project Professional 2007 "QuickTime" = QuickTime "ratDVD" = ratDVD 0.78.1444 "Registry Mechanic_is1" = Registry Mechanic "Security Task Manager" = Security Task Manager 1.8c "Star Defender 2" = Star Defender 2 "Star Defender 2_is1" = Star Defender 2 "Star Defender 3_is1" = Star Defender 3 "Star Defender 4_is1" = Star Defender 4 "SUPER ©" = SUPER © Version 2010.bld.37 (Jan 2, 2010) "Timers" = Timers "Totalcmd" = Total Commander (Remove or Repair) "TreeSize Free_is1" = TreeSize Free V2.3.3 "ULTIMATER" = Microsoft Office Ultimate 2007 "VLC media player" = VLC media player 1.1.5 "Weather Pulse" = Weather Pulse "Winamp" = Winamp ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Groschengrab Deluxe" = Groschengrab Deluxe "Juniper_Setup_Client" = Juniper Networks Setup Client "Winamp Detect" = Winamp Anwendungserkennung ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > Malwarebytes-LOG: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 5190 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 25.11.2010 21:37:06 mbam-log-2010-11-25 (21-37-06).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 163397 Laufzeit: 4 Minute(n), 30 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Aber ich würde gerne wissen, was das Problem ist, wie es möglicherweise auf den Rechner kam und wie es ggf. behebbar wäre. Ich habe schon sehr intensiv mit dem SecurityTask Manger aber auch dem Windows Taskmanager die laufenden Prozesse und Dienste beobachtet (auch beim Starten von Firefox und dessen Verwendung etc.). Es sind einfach keine Dienste/Prozesse erkennbar, die dieses manipulierte Verhalten von Firefox auslösen können. Selbstverständlich habe ich Firefox bereits mehrfach neu aufgesetzt (auch in unterschiedlichen Versionen). Dann würde ich gerne mit Eurer Hilfe versuchen, das Problem zu beheben, um daraus zu Lernen, damit ich u. a. mein zukünftiges Verhalten auf diese Sicherheitslücke anpassen kann und die jetzige (dann reparierte) Systemfestplatte als "Notfallsystem" behalten kann, auch wenn ich auf einer SSD mein System neu aufsetze. Viele Grüße neuanboard Hier noch der Gmer-Log: GMER Logfile: Code:
ATTFilter GMER - hxxp://www.gmer.net Rootkit scan 2010-11-26 00:03:13 Windows 6.1.7600 Running: xsmhtl5n.exe ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x48 0xE0 0x5F 0x15 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme Eigene\Daemon Lite 43560091\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x63 0x05 0xBD 0xD9 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD7 0x3B 0x37 0x51 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x37 0x6D 0x49 0x37 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x48 0xE0 0x5F 0x15 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme Eigene\Daemon Lite 43560091\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x63 0x05 0xBD 0xD9 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD7 0x3B 0x37 0x51 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x37 0x6D 0x49 0x37 ... ---- EOF - GMER 1.0.15 ---- --- --- --- Ich nehme an, der fehlt noch, für eine Bearbeitung?! Also hier der HiJackThis-Log: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:35:15, on 25.11.2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16671) Boot mode: Normal Running processes: C:\Programme Eigene\RocketDock\RocketDock.exe C:\Programme Eigene\Malwarescanner IObit\IObit Security 360\is360tray.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Programme Eigene\Microsoft Office\Office12\WINWORD.EXE C:\Program Files (x86)\Microsoft\Office Live\OfficeLiveSignIn.exe C:\Users\Mustermann\Desktop\HiJackThis204.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme Eigene\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme Eigene\Java Runtime Engine\bin\jp2ssv.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O4 - HKLM\..\Run: [IObit Security 360] "C:\Programme Eigene\Malwarescanner IObit\IObit Security 360\IS360tray.exe" /autostart O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [RocketDock] "C:\Programme Eigene\RocketDock\RocketDock.exe" O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PR9EA2~1\MICROS~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PR9EA2~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PR9EA2~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PR9EA2~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PR9EA2~1\MICROS~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme Eigene\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: haufereader - (no CLSID) - (no file) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~3\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: Boonty Games - Unknown owner - C:\Program Files (x86)\Common Files\BOONTY Shared\Service\Boonty.exe (file missing) O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: IS360service - IObit - C:\Programme Eigene\Malwarescanner IObit\IObit Security 360\IS360srv.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 8219 bytes Vielleicht könnte Ihr nun etwas Erstes herausfinden? vg neuanboard |
![]() | #2 |
| ![]() Thread und Mitgliedschaft bitte so bald wie möglich löschen. AN DIE ADMINS / MODERATOREN.
__________________DIESEN THREAD BITTE LÖSCHEN, damit es nicht zu einem Cross-Board-Post kommt Da von Eurer Seite aus keine Kommunikation erfolgt, werde ich auf einem anderen Board um Hilfe bitten. P.S.: Kleines Feedback: Die Posts von Ratsuchenden Mitgliedern ungefragt, unkommentiert und ohne ersichtlichen Grund zu kürzen oder Teile zu löschen, macht wenig Sinn. |
![]() | #3 | |
![]() ![]() ![]() ![]() ![]() | ![]() Firefox leitet auf falsche google-Links weiter und öffnet sich selbst in Popups neu. Moin
![]() MFG
__________________ |
![]() | #4 |
| ![]() Firefox leitet auf falsche google-Links weiter und öffnet sich selbst in Popups neu. Dann sagt das einfach direkt und löscht die Beiträge vollständig, anstatt die Leute in der Luft hängen zu lassen. Man kann sich dann direkt an Boards wenden, die sich nicht als "Lizenzgewissen" des WWW verstehen. Zudem: Wenn das der Grund für die Ignoranz, die Ihr meinem Thread gegenüber gezeigt habt, war, dann müsstet Ihr (wenigstens) 90 % aller Anfragen hier ignorieren... Das erkenne sogar ich, wenn ich mir die Logs der Poster ansehe... Ich habe entsprechende Einträge in den Logs nicht manipuliert, weil es hier üblich zu sein schien, diese auch mit zu posten. Wie dem auch sei... Ciao an das "Kompetenzteam" ![]() |
![]() | #5 | |||
/// Winkelfunktion /// TB-Süch-Tiger™ ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Firefox leitet auf falsche google-Links weiter und öffnet sich selbst in Popups neu.Zitat:
Im Übrigen ist es hier so, dass jeder, der mit illegaler Software erwischt wird und Hilfe haben will, diese nur noch in Form von format c: bekommt. ![]()
__________________ Logfiles bitte immer in CODE-Tags posten ![]() |
![]() | #6 |
| ![]() Firefox leitet auf falsche google-Links weiter und öffnet sich selbst in Popups neu. Und was war jetzt so schwer, entweder direkt zu posten: "Hau ab... hier gibts für so Leute wie Dich nix..." oder aber in den Nutzungsbedingungen, die man bei der Anmeldung zu lesen hat, diesen Vermerk direkt gut sichtbar einzupflegen? Ihr könnt die Regel Eures Boards gerne so machen, wie Ihr möchtet - damit habe ich nicht das geringste Problem - aber lasst es einen doch wissen... und vielleicht wäre eine konsequente und einheitliche Vorgehensweise der "Helfer" angebracht, denn es wird hier mit Anfragenden gearbeitet, bei denen die Software-/Lizenzkonstellation erheblich "kritischer" ist, als bei mir. Nichts für ungut. Löscht bitte meine Threads und den Account, damit ich nicht als "Cross-Board-Poster" auf dem nächsten Board verschrien bin. |
![]() | #7 | ||
/// Winkelfunktion /// TB-Süch-Tiger™ ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Firefox leitet auf falsche google-Links weiter und öffnet sich selbst in Popups neu.Zitat:
![]() Zitat:
Dazu gibt es das ![]()
__________________ Logfiles bitte immer in CODE-Tags posten ![]() |
![]() |
Themen zu Firefox leitet auf falsche google-Links weiter und öffnet sich selbst in Popups neu. |
0x00000001, 64-bit, adblock, alternate, autorun, avgntflt.sys, avira, bearbeitung, bho, c:\windows\system32\rundll32.exe, call of duty, converter, de-cleaner, error, excel.exe, firefox, flash player, helper, hängen, ieframe.dll, install.exe, iobit, langs, lexware, location, locker, logfile, microsoft office word, mozilla, neu aufgesetzt, office 2007, oldtimer, physikalischer speicher, plug-in, popup, problem, programdata, prozesse, realtek, rootkit maleware firefox google weiterleitung, rundll, safer networking, saver, searchplugins, security update, senden, server, shell32.dll, shortcut, software, sptd.sys, system neu, system restore, syswow64, taskmanager, temporäre dateien, total commander, usb, video converter, viele prozesse, webcheck, windows, windows xp |