| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: firefox öffnet werbefenster, hoher downloadWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
08.03.2011, 16:49
| #1 |
 |  firefox öffnet werbefenster, hoher download Hallo liebe Trojaner und Trojanerinnen Ich habe seit 3 Wochen einen neuen Compi und schon die ersten Probleme  Der firefox öffnet plötzlich Werbefenster und es werden dauernd Daten runter- und raufgeladen (überwache unseren Datentrqansfer mit NetMeter da wir etwas abseits wohnen und Internet über SAT mit 5 GB pro Monat haben). Virenscanner Kapersky Internet Security 2010 Betriebssystem Windows 7 (64-Bit) Habe nun versucht die Logs gemäss Anleitung zu erstellen, ich hoffe jemand kann mir da weiter helfen (darf meine 2 Teenies nicht mehr auf den Compi lassen  )Liebe Grüsse Chrisi Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5982 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 07.03.2011 20:33:28 mbam-log-2011-03-07 (20-33-28).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|) Durchsuchte Objekte: 284548 Laufzeit: 27 Minute(n), 42 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden)OTL Logfile: Code:
ATTFilter OTL logfile created on: 3/8/2011 12:01:57 PM - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\fueri\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free 7.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 285.30 Gb Total Space | 242.03 Gb Free Space | 84.84% Space Free | Partition Type: NTFS Computer Name: FUERI-PC | User Name: fueri | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/03/08 07:15:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\fueri\Downloads\OTL.exe PRC - [2011/02/21 06:26:45 | 000,340,520 | ---- | M] (Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe PRC - [2011/01/29 23:11:36 | 003,372,856 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe PRC - [2010/12/10 13:29:00 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe PRC - [2010/12/10 13:28:56 | 000,247,144 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe PRC - [2010/09/08 04:06:25 | 000,232,912 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_ActiveX.exe PRC - [2010/08/11 02:06:16 | 000,975,952 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2010/08/11 02:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe PRC - [2010/08/11 02:06:16 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe PRC - [2010/07/16 01:05:48 | 000,600,688 | ---- | M] (Chicony) -- C:\Program Files (x86)\Video Web Camera\traybar.exe PRC - [2010/06/28 23:23:24 | 000,263,936 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe PRC - [2010/06/28 23:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe PRC - [2010/06/10 03:54:04 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe PRC - [2010/04/24 01:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2010/04/24 01:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2010/03/03 23:42:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010/03/03 23:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010/01/29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe PRC - [2010/01/08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe PRC - [2009/10/09 05:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe PRC - [2009/08/09 15:08:02 | 000,293,888 | ---- | M] () -- C:\Program Files (x86)\NetMeter\NetMeter.exe PRC - [2009/02/28 01:10:32 | 000,349,544 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe PRC - [2004/06/15 09:00:00 | 000,118,784 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files (x86)\WinZip\WZQKPICK.EXE ========== Modules (SafeList) ========== MOD - [2011/03/08 07:15:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\fueri\Downloads\OTL.exe MOD - [2010/08/21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010/06/11 23:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc) SRV:64bit: - [2010/01/29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service) SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2011/02/21 06:26:45 | 000,340,520 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe -- (AVP) SRV - [2011/02/19 17:44:17 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010/12/10 13:29:00 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2010/08/11 02:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2010/06/28 23:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2010/06/01 23:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU) SRV - [2010/04/24 01:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2010/04/24 01:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010/04/04 00:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/03/03 23:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2010/03/03 23:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2010/01/30 00:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2010/01/15 22:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2010/01/08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe -- (GREGService) SRV - [2009/10/09 05:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0) SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011/02/21 06:26:45 | 000,353,296 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2010/06/10 21:57:20 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor) DRV:64bit: - [2010/06/08 13:36:18 | 000,406,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM) DRV:64bit: - [2010/05/12 03:11:38 | 002,229,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010/04/24 01:10:32 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2010/04/24 01:10:28 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2010/04/24 01:10:28 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2010/04/24 01:10:20 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2010/04/21 20:18:44 | 010,326,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010/03/04 03:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010/02/27 01:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2010/02/03 15:38:30 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV:64bit: - [2009/12/19 14:20:44 | 000,126,440 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qcusbser.sys -- (qcusbser) DRV:64bit: - [2009/10/14 20:18:38 | 000,040,464 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\klbg.sys -- (KLBG) DRV:64bit: - [2009/10/02 18:39:32 | 000,021,008 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt) DRV:64bit: - [2009/09/18 05:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009/09/17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R) DRV:64bit: - [2009/09/14 13:46:42 | 000,027,152 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:64bit: - [2009/09/04 16:38:28 | 000,031,744 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\androidusb.sys -- (androidusb) DRV:64bit: - [2009/09/01 14:29:56 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1) DRV:64bit: - [2009/07/14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009/07/14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009/06/20 03:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20) DRV:64bit: - [2009/06/10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009/06/10 21:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/06 00:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2009/05/06 00:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2008/06/16 03:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.bluewin.ch/" FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736 FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3 FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2010/11/11 08:28:12 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/11/11 08:28:14 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/11/11 08:28:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/03/02 18:03:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/03/05 19:52:26 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/03/05 19:52:26 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2011/02/19 18:14:29 | 000,000,000 | ---D | M] [2011/03/04 21:52:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2011/03/04 21:52:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2011/03/07 06:37:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3y9s9qq4.default\extensions [2011/03/05 19:52:30 | 000,000,000 | ---D | M] ("Garmin Communicator") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3y9s9qq4.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2011/02/22 06:40:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011/02/22 06:40:31 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru [2011/03/05 19:52:19 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011/03/05 19:52:19 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011/03/05 19:52:19 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011/03/05 19:52:19 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011/03/05 19:52:19 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\ievkbd.dll (Kaspersky Lab) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files (x86)\Video Web Camera\traybar.exe (Chicony) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) O4 - HKCU..\Run: [C:\Program Files (x86)\NetMeter\NetMeter.exe] C:\Program Files (x86)\NetMeter\NetMeter.exe () O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKCU..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm () O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab) O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll (Kaspersky Lab) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll (Kaspersky Lab) O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll (Kaspersky Lab) O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll (Kaspersky Lab) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/03/07 21:11:16 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\MFTools [2011/03/07 19:59:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2011/03/07 19:59:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011/03/07 19:59:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/03/07 19:59:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011/03/07 19:59:27 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011/03/07 19:59:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011/03/07 09:15:31 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Betrieb [2011/03/06 12:53:51 | 000,000,000 | ---D | C] -- C:\unzipped [2011/03/05 19:53:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\GARMIN [2011/03/04 21:53:06 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\TomTom [2011/03/04 21:53:04 | 000,000,000 | ---D | C] -- C:\ProgramData\TomTom [2011/03/04 21:52:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TomTom [2011/03/04 21:52:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\TomTom [2011/03/04 21:52:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom [2011/03/04 21:52:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TomTom International B.V [2011/03/04 21:52:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TomTom HOME 2 [2011/03/04 12:57:34 | 000,000,000 | ---D | C] -- C:\Users\fueri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mein 1 x 1 Trainer [2011/03/04 12:57:34 | 000,000,000 | ---D | C] -- C:\1x1_Trainer_Einzel [2011/03/04 12:57:27 | 000,446,464 | ---- | C] (MatchWare) -- C:\Windows\UniInstall34.exe [2011/03/03 13:11:37 | 001,355,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSVBVM50.DLL [2011/03/03 13:11:37 | 000,244,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSFLXGRD.OCX [2011/03/03 13:11:37 | 000,099,866 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB5DE.DLL [2011/03/03 13:11:37 | 000,089,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB5DB.DLL [2011/03/03 13:11:37 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FLXGDDE.DLL [2011/03/03 13:11:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mathe1x1 [2011/03/03 13:11:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mathe1x1 [2011/03/03 09:58:50 | 000,674,280 | ---- | C] (ScreenTime Media) -- C:\Windows\SysWow64\Weingarten das Meer 2010.scr [2011/03/03 09:58:50 | 000,674,280 | ---- | C] (ScreenTime Media) -- C:\Windows\SysNative\Weingarten das Meer 2010.scr [2011/03/03 09:58:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Screentime [2011/03/03 09:58:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Screentime [2011/03/03 09:57:33 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache [2011/03/02 18:20:01 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG [2011/03/02 18:15:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\HP [2011/03/02 18:15:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\HP [2011/03/02 18:03:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\HpUpdate [2011/03/02 18:02:21 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant [2011/03/02 18:00:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP [2011/03/02 18:00:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP [2011/03/02 17:59:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard [2011/03/02 17:58:35 | 001,408,000 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hpost_p04b.dll [2011/03/02 17:58:35 | 001,175,552 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hposwia_p04b.dll [2011/03/02 17:58:35 | 000,521,216 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hposc_p04a.dll [2011/03/02 17:58:24 | 000,643,200 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpzids40.dll [2011/03/02 17:58:20 | 000,138,752 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\SysNative\hpf3l101.dll [2011/03/02 17:57:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP [2011/03/02 17:57:50 | 000,000,000 | -H-D | C] -- C:\Config.Msi [2011/03/02 17:55:10 | 000,000,000 | ---D | C] -- C:\ProgramData\HP [2011/03/01 15:14:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TeamViewer [2011/03/01 15:14:08 | 000,000,000 | ---D | C] -- C:\Users\***\temp [2011/03/01 14:50:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ElevatedDiagnostics [2011/03/01 13:57:03 | 000,000,000 | ---D | C] -- C:\AGROPLUS [2011/02/25 09:57:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Samsung [2011/02/25 09:56:55 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\samsung [2011/02/25 09:55:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung [2011/02/25 09:55:45 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll [2011/02/25 09:55:33 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\SysWow64\dgderapi.dll [2011/02/25 09:55:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny [2011/02/25 09:54:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Samsung [2011/02/25 09:54:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung [2011/02/25 09:54:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung [2011/02/25 09:54:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Downloaded Installations [2011/02/24 08:27:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2011/02/24 08:26:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works [2011/02/24 08:26:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2011/02/24 08:23:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft Help [2011/02/24 08:23:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2011/02/23 15:15:14 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications [2011/02/23 15:10:32 | 000,000,000 | R--D | C] -- C:\Users\***\Documents\Scanned Documents [2011/02/23 15:10:32 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Fax [2011/02/23 12:49:08 | 000,000,000 | RH-D | C] -- C:\MSOCache [2011/02/23 12:43:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\SoftGrid Client [2011/02/23 12:43:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\SoftGrid Client [2011/02/23 12:43:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (Deutsch) [2011/02/23 12:43:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2011/02/23 12:43:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2011/02/23 12:43:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Application Virtualization Client [2011/02/23 12:43:02 | 000,000,000 | ---D | C] -- C:\Users\fueri\AppData\Roaming\TP [2011/02/23 07:06:34 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2011/02/23 07:06:34 | 000,475,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2011/02/23 07:06:34 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2011/02/23 07:06:34 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2011/02/22 11:18:33 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet [2011/02/22 09:06:43 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat [2011/02/22 09:06:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat [2011/02/22 09:04:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3 [2011/02/22 09:04:15 | 000,000,000 | ---D | C] -- C:\Users\fueri\AppData\Local\Google [2011/02/22 09:04:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2011/02/22 09:02:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\C-CHANNEL e-banking [2011/02/22 09:02:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\C-CHANNEL [2011/02/22 09:02:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\C-CHANNEL [2011/02/22 09:02:29 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\C-CHANNEL [2011/02/22 09:02:29 | 000,000,000 | ---D | C] -- C:\ProgramData\C-CHANNEL [2011/02/22 09:01:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE [2011/02/22 09:00:49 | 000,000,000 | ---D | C] -- C:\installation [2011/02/22 06:50:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2011/02/22 06:48:51 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll [2011/02/22 06:48:51 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll [2011/02/22 06:48:51 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe [2011/02/22 06:48:51 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe [2011/02/22 06:48:51 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll [2011/02/22 06:48:51 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll [2011/02/22 06:48:51 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll [2011/02/22 06:48:51 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll [2011/02/22 06:48:43 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe [2011/02/21 19:09:26 | 000,000,000 | ---D | C] -- C:\Windows\acerePowerTemp [2011/02/21 14:39:36 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\WMBackups [2011/02/21 14:38:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Heiko Schröder Software [2011/02/21 14:38:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heiko Schröder Software [2011/02/21 14:38:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WMBackup [2011/02/21 07:20:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2011/02/21 07:20:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2011/02/21 07:20:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2011/02/21 07:19:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apple [2011/02/21 07:19:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2011/02/21 07:19:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2011/02/21 07:19:29 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2011/02/21 07:19:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2011/02/21 07:19:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2011/02/21 07:19:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2011/02/21 06:52:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Mozilla [2011/02/21 06:52:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Mozilla [2011/02/21 06:52:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox [2011/02/21 06:52:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2011/02/21 06:45:49 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2011/02/21 06:45:49 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2011/02/21 06:45:49 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2011/02/21 06:45:49 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2011/02/21 06:45:49 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011/02/21 06:45:49 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2011/02/21 06:45:49 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2011/02/21 06:45:48 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2011/02/21 06:45:48 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2011/02/21 06:45:48 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011/02/21 06:45:48 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2011/02/21 06:45:48 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2011/02/21 06:44:45 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll [2011/02/21 06:44:45 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll [2011/02/21 06:44:44 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll [2011/02/21 06:44:41 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll [2011/02/21 06:44:41 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll [2011/02/21 06:44:41 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll [2011/02/21 06:44:41 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll [2011/02/21 06:44:41 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe [2011/02/21 06:44:41 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll [2011/02/21 06:44:41 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schtasks.exe [2011/02/21 06:44:41 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schtasks.exe [2011/02/21 06:44:36 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll [2011/02/21 06:30:57 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll [2011/02/21 06:30:57 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll [2011/02/21 06:30:57 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll [2011/02/21 06:30:57 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax [2011/02/21 06:30:57 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax [2011/02/21 06:30:57 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax [2011/02/21 06:30:57 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax [2011/02/21 06:27:47 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll [2011/02/21 06:27:36 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\upnp.dll [2011/02/21 06:27:36 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\upnp.dll [2011/02/21 06:27:35 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll [2011/02/21 06:27:35 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\davclnt.dll [2011/02/21 06:27:35 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll [2011/02/21 06:27:35 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll [2011/02/21 06:27:35 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll [2011/02/21 06:27:34 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2011/02/21 06:27:34 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011/02/21 06:27:34 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll [2011/02/21 06:25:52 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll [2011/02/21 06:25:10 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll [2011/02/21 06:25:10 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll [2011/02/21 06:23:53 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll [2011/02/21 06:23:53 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll [2011/02/21 06:22:41 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2011/02/21 06:22:41 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2011/02/21 06:22:41 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2011/02/21 06:21:26 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll [2011/02/21 06:08:46 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2011/02/21 06:08:44 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll [2011/02/21 06:08:43 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll [2011/02/21 06:08:42 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll [2011/02/21 06:08:26 | 005,510,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2011/02/21 06:08:25 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2011/02/21 06:08:25 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2011/02/21 06:08:25 | 001,739,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2011/02/21 06:08:10 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2011/02/21 06:08:10 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2011/02/21 06:08:10 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2011/02/21 06:08:10 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2011/02/21 06:08:04 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys [2011/02/21 06:08:02 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll [2011/02/21 06:08:02 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll [2011/02/21 06:07:58 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll [2011/02/21 06:07:57 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll [2011/02/21 06:07:56 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL [2011/02/21 06:07:56 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL [2011/02/21 06:07:52 | 000,112,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe [2011/02/21 06:07:51 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll [2011/02/21 06:07:51 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll [2011/02/19 19:50:56 | 000,000,000 | R-SD | C] -- C:\Users\***\Documents\My Stationery [2011/02/19 19:37:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Access Runtime [2011/02/19 19:37:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AGRO-TWIN [2011/02/19 19:37:09 | 000,000,000 | ---D | C] -- C:\AgroTwin [2011/02/19 19:35:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip [2011/02/19 19:34:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip [2011/02/19 18:14:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2011/02/19 18:14:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab [2011/02/19 18:14:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2010 [2011/02/19 18:14:13 | 000,353,296 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2011/02/19 18:05:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files [2011/02/19 18:05:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\NetMeter [2011/02/19 18:05:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetMeter [2011/02/19 18:05:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NetMeter [2011/02/19 17:59:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Adobe [2011/02/19 17:56:01 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink [2011/02/19 17:56:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\SNS [2011/02/19 17:44:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Packard Bell [2011/02/19 17:44:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared [2011/02/19 17:44:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Adobe [2011/02/19 17:43:57 | 000,055,024 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\PxHlpa64.sys [2011/02/19 17:41:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared [2011/02/19 17:41:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine [2011/02/19 17:40:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2011/02/19 17:38:15 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll [2011/02/19 17:38:15 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll [2011/02/19 17:37:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition [2011/02/19 17:37:02 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft [2011/02/19 17:36:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive [2011/02/19 17:36:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live [2011/02/19 17:36:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live [2011/02/19 17:36:21 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2011/02/19 17:34:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Macromedia [2011/02/19 17:34:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live [2011/02/19 17:31:46 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2011/02/19 17:31:46 | 000,000,000 | R--D | C] -- C:\Users\***\Searches [2011/02/19 17:31:46 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2011/02/19 17:29:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Identities [2011/02/19 17:28:46 | 000,000,000 | R--D | C] -- C:\Users\***\Contacts [2011/02/19 17:28:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\VirtualStore [2011/02/19 17:24:27 | 000,000,000 | --SD | C] -- C:\Users\***\AppData\Roaming\Microsoft [2011/02/19 17:24:27 | 000,000,000 | R--D | C] -- C:\Users\***\Videos [2011/02/19 17:24:27 | 000,000,000 | R--D | C] -- C:\Users\***\Saved Games [2011/02/19 17:24:27 | 000,000,000 | R--D | C] -- C:\Users\***\Pictures [2011/02/19 17:24:27 | 000,000,000 | R--D | C] -- C:\Users\***\Music [2011/02/19 17:24:27 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2011/02/19 17:24:27 | 000,000,000 | R--D | C] -- C:\Users\***\Links [2011/02/19 17:24:27 | 000,000,000 | R--D | C] -- C:\Users\***\Favorites [2011/02/19 17:24:27 | 000,000,000 | R--D | C] -- C:\Users\***\Downloads [2011/02/19 17:24:27 | 000,000,000 | R--D | C] -- C:\Users\***\Documents [2011/02/19 17:24:27 | 000,000,000 | R--D | C] -- C:\Users\***\Desktop [2011/02/19 17:24:27 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2011/02/19 17:24:27 | 000,000,000 | -HSD | C] -- C:\Users\***\Vorlagen [2011/02/19 17:24:27 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Verlauf [2011/02/19 17:24:27 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Temporary Internet Files [2011/02/19 17:24:27 | 000,000,000 | -HSD | C] -- C:\Users\***\Startmenü [2011/02/19 17:24:27 | 000,000,000 | -HSD | C] -- C:\Users\***\SendTo [2011/02/19 17:24:27 | 000,000,000 | -HSD | C] -- C:\Users\***\Recent [2011/02/19 17:24:27 | 000,000,000 | -HSD | C] -- C:\Users\***\Netzwerkumgebung [2011/02/19 17:24:27 | 000,000,000 | -HSD | C] -- C:\Users\***\Lokale Einstellungen [2011/02/19 17:24:27 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Videos [2011/02/19 17:24:27 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Musik [2011/02/19 17:24:27 | 000,000,000 | -HSD | C] -- C:\Users\***\Eigene Dateien [2011/02/19 17:24:27 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Bilder [2011/02/19 17:24:27 | 000,000,000 | -HSD | C] -- C:\Users\***\Druckumgebung [2011/02/19 17:24:27 | 000,000,000 | -HSD | C] -- C:\Users\***\Cookies [2011/02/19 17:24:27 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Anwendungsdaten [2011/02/19 17:24:27 | 000,000,000 | -HSD | C] -- C:\Users\***\Anwendungsdaten [2011/02/19 17:24:27 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData [2011/02/19 17:24:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Temp [2011/02/19 17:24:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft [2011/02/19 17:24:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Media Center Programs [2011/02/19 17:23:00 | 000,000,000 | -HSD | C] -- C:\Recovery ========== Files - Modified Within 30 Days ========== [2011/03/08 11:50:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/03/08 06:32:28 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/03/08 06:32:28 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/03/08 06:24:33 | 2960,519,168 | -HS- | M] () -- C:\hiberfil.sys [2011/03/07 19:59:32 | 000,001,125 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/03/07 11:09:00 | 000,073,911 | ---- | M] () -- C:\Users\Public\Documents\CC4Backup20110307_110900.zip [2011/03/07 11:04:14 | 000,143,356 | ---- | M] () -- C:\Users\fueri\Documents\110307_WS_A_MIDI_1_E_6077077.pdf [2011/03/07 10:04:55 | 000,146,748 | ---- | M] () -- C:\Users\fueri\Documents\110307_WS_A_STANDARD_4_E_6076414.pdf [2011/03/07 09:10:59 | 001,500,018 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011/03/07 09:10:59 | 000,654,610 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011/03/07 09:10:59 | 000,616,452 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011/03/07 09:10:59 | 000,130,192 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011/03/07 09:10:59 | 000,106,574 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011/03/05 19:32:08 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_androidusb_01005.Wdf [2011/03/04 12:57:35 | 000,001,637 | ---- | M] () -- C:\Users\fueri\Desktop\Mein 1 x 1 Trainer.lnk [2011/03/03 14:10:55 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET [2011/03/03 13:11:37 | 000,001,041 | ---- | M] () -- C:\Users\***\Desktop\Mathe1x1.lnk [2011/03/03 13:02:53 | 000,075,122 | ---- | M] () -- C:\Users\Public\Documents\CC4Backup20110303_130253.zip [2011/03/03 09:58:50 | 000,674,280 | ---- | M] (ScreenTime Media) -- C:\Windows\SysWow64\Weingarten das Meer 2010.scr [2011/03/03 09:58:50 | 000,674,280 | ---- | M] (ScreenTime Media) -- C:\Windows\SysNative\Weingarten das Meer 2010.scr [2011/03/03 08:11:24 | 000,316,408 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011/03/02 18:18:58 | 000,233,464 | ---- | M] () -- C:\Windows\hpoins47.dat [2011/03/02 18:03:05 | 000,001,201 | ---- | M] () -- C:\Users\Public\Desktop\Shop für HP Zubehör.lnk [2011/03/02 18:02:13 | 000,001,363 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk [2011/03/02 18:01:48 | 000,002,111 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2011/03/02 18:00:57 | 000,002,006 | ---- | M] () -- C:\Users\Public\Desktop\HP ePrinterCenter.lnk [2011/03/02 10:09:43 | 000,160,705 | ---- | M] () -- C:\Users\***\Documents\rezept basler mehlsuppe.pdf [2011/03/01 13:38:41 | 000,070,724 | ---- | M] () -- C:\Users\Public\Documents\CC4Backup20110301_133841.zip [2011/03/01 10:27:14 | 000,000,000 | ---- | M] () -- C:\Windows\ccwinpay.INI [2011/02/25 09:56:46 | 000,001,969 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk [2011/02/24 20:54:25 | 001,500,444 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/02/24 13:08:52 | 000,002,703 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office Excel 2007.lnk [2011/02/24 13:08:46 | 000,002,697 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office Word 2007.lnk [2011/02/22 09:04:19 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk [2011/02/22 09:02:55 | 000,001,878 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\C-CHANNEL OnlineUpdate.lnk [2011/02/22 09:02:55 | 000,001,806 | ---- | M] () -- C:\Users\Public\Desktop\C-CHANNEL OnlineUpdate.lnk [2011/02/22 09:02:45 | 000,002,141 | ---- | M] () -- C:\Users\Public\Desktop\NetBanking BCV Edition.lnk [2011/02/21 14:38:29 | 000,000,959 | ---- | M] () -- C:\Users\Public\Desktop\WMBackup.lnk [2011/02/21 07:20:11 | 000,001,857 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2011/02/21 06:52:47 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat [2011/02/21 06:52:43 | 000,001,955 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011/02/21 06:26:45 | 000,353,296 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2011/02/21 06:26:42 | 000,150,083 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat [2011/02/21 06:26:42 | 000,107,075 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat [2011/02/20 10:19:51 | 000,002,254 | ---- | M] () -- C:\Users\***\Desktop\Windows Live Mail.lnk [2011/02/20 08:21:21 | 000,052,953 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2011/02/20 08:21:21 | 000,052,953 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2011/02/19 19:37:13 | 000,002,715 | ---- | M] () -- C:\Users\Public\Desktop\AGRO-TWIN.lnk [2011/02/19 19:35:11 | 000,001,853 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk [2011/02/19 19:35:11 | 000,001,055 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk [2011/02/19 17:45:54 | 000,000,202 | ---- | M] () -- C:\Windows\USER.XML [2011/02/19 17:44:26 | 000,000,213 | ---- | M] () -- C:\Windows\Factory.xml [2011/02/19 17:43:59 | 000,001,225 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 8.0.lnk [2011/02/19 17:34:27 | 000,000,212 | RHS- | M] () -- C:\Preload.rev [2011/02/19 17:34:27 | 000,000,167 | ---- | M] () -- C:\Windows\WisLangCode.ini [2011/02/19 17:28:25 | 000,000,926 | ---- | M] () -- C:\Windows\MOD01SET74DE0N0003.XML ========== Files Created - No Company Name ========== [2011/03/07 19:59:32 | 000,001,125 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/03/07 11:09:00 | 000,073,911 | ---- | C] () -- C:\Users\Public\Documents\CC4Backup20110307_110900.zip [2011/03/07 11:04:14 | 000,143,356 | ---- | C] () -- C:\Users\***\Documents\110307_WS_A_MIDI_1_E_6077077.pdf [2011/03/07 10:04:55 | 000,146,748 | ---- | C] () -- C:\Users\***\Documents\110307_WS_A_STANDARD_4_E_6076414.pdf [2011/03/05 19:32:08 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_androidusb_01005.Wdf [2011/03/04 12:57:35 | 000,001,637 | ---- | C] () -- C:\Users\***\Desktop\Mein 1 x 1 Trainer.lnk [2011/03/03 13:11:37 | 000,001,041 | ---- | C] () -- C:\Users\***\Desktop\Mathe1x1.lnk [2011/03/03 13:02:53 | 000,075,122 | ---- | C] () -- C:\Users\Public\Documents\CC4Backup20110303_130253.zip [2011/03/02 18:03:05 | 000,001,201 | ---- | C] () -- C:\Users\Public\Desktop\Shop für HP Zubehör.lnk [2011/03/02 18:02:13 | 000,001,363 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk [2011/03/02 18:01:48 | 000,002,111 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2011/03/02 18:00:57 | 000,002,006 | ---- | C] () -- C:\Users\Public\Desktop\HP ePrinterCenter.lnk [2011/03/02 17:55:53 | 000,233,464 | ---- | C] () -- C:\Windows\hpoins47.dat [2011/03/02 10:09:43 | 000,160,705 | ---- | C] () -- C:\Users\***\Documents\rezept basler mehlsuppe.pdf [2011/03/01 13:58:50 | 000,000,683 | ---- | C] () -- C:\Users\Public\Desktop\AGROPLUS.LNK [2011/03/01 13:38:41 | 000,070,724 | ---- | C] () -- C:\Users\Public\Documents\CC4Backup20110301_133841.zip [2011/03/01 10:27:14 | 000,000,000 | ---- | C] () -- C:\Windows\ccwinpay.INI [2011/02/25 09:56:46 | 000,001,969 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk [2011/02/24 13:08:52 | 000,002,703 | ---- | C] () -- C:\Users\***\Desktop\Microsoft Office Excel 2007.lnk [2011/02/24 13:08:46 | 000,002,697 | ---- | C] () -- C:\Users\***\Desktop\Microsoft Office Word 2007.lnk [2011/02/23 12:43:24 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/02/22 09:04:19 | 000,001,122 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk [2011/02/22 09:02:55 | 000,001,878 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\C-CHANNEL OnlineUpdate.lnk [2011/02/22 09:02:55 | 000,001,806 | ---- | C] () -- C:\Users\Public\Desktop\C-CHANNEL OnlineUpdate.lnk [2011/02/22 09:02:45 | 000,002,141 | ---- | C] () -- C:\Users\Public\Desktop\NetBanking BCV Edition.lnk [2011/02/21 14:38:29 | 000,000,959 | ---- | C] () -- C:\Users\Public\Desktop\WMBackup.lnk [2011/02/21 07:20:11 | 000,001,857 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2011/02/21 07:19:57 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2011/02/21 06:52:47 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011/02/21 06:52:43 | 000,001,955 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011/02/20 10:19:51 | 000,002,254 | ---- | C] () -- C:\Users\***\Desktop\Windows Live Mail.lnk [2011/02/19 19:37:13 | 000,002,715 | ---- | C] () -- C:\Users\Public\Desktop\AGRO-TWIN.lnk [2011/02/19 19:35:11 | 000,001,853 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk [2011/02/19 19:35:11 | 000,001,055 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk [2011/02/19 19:05:13 | 000,013,030 | ---- | C] () -- C:\PDOXUSRS.NET [2011/02/19 19:04:24 | 000,000,683 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AGROPLUS.LNK [2011/02/19 18:14:47 | 000,150,083 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat [2011/02/19 18:14:47 | 000,107,075 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat [2011/02/19 17:43:59 | 000,001,237 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 8.0.lnk [2011/02/19 17:43:59 | 000,001,225 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 8.0.lnk [2011/02/19 17:40:10 | 000,002,435 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk [2011/02/19 17:34:40 | 000,001,455 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2011/02/19 17:34:40 | 000,001,421 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2011/02/19 17:28:31 | 000,000,926 | ---- | C] () -- C:\Windows\MOD01SET74DE0N0003.XML [2011/01/29 17:00:24 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011/01/29 17:00:22 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011/01/29 17:00:22 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011/01/29 17:00:22 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011/01/29 17:00:22 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2010/11/11 08:49:41 | 000,000,266 | ---- | C] () -- C:\Windows\LaunApp.ini [2010/11/11 08:47:45 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2010/11/11 08:47:45 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll [2010/11/11 08:47:45 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll [2010/11/11 08:47:45 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2010/11/11 08:47:45 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2010/11/11 08:47:20 | 000,001,370 | ---- | C] () -- C:\Windows\WPatchProgress.ini [2010/11/11 08:27:14 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe [2010/11/11 08:27:14 | 000,000,302 | ---- | C] () -- C:\Windows\PidList_C.ini [2010/09/08 04:16:07 | 000,000,325 | ---- | C] () -- C:\Windows\Prelaunch.ini [2010/09/08 04:16:07 | 000,000,271 | ---- | C] () -- C:\Windows\WisPriority.ini [2010/09/08 04:16:07 | 000,000,167 | ---- | C] () -- C:\Windows\WisLangCode.ini [2010/04/01 00:39:01 | 000,000,574 | ---- | C] () -- C:\Windows\hpomdl47.dat [2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 22:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin [2009/07/13 22:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin [2009/07/13 22:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin [2009/07/13 22:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin [2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2008/07/22 21:27:42 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\PTQL5F.DLL ========== LOP Check ========== [2011/03/05 22:16:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GARMIN [2011/02/19 18:08:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NetMeter [2011/02/25 09:54:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung [2011/02/19 17:56:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SNS [2011/02/23 17:29:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client [2011/03/01 15:14:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer [2011/03/04 21:52:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TomTom [2011/02/23 12:44:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP [2011/03/07 09:57:25 | 000,012,414 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > |
|
09.03.2011, 15:21
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | firefox öffnet werbefenster, hoher download Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle davon posten. Du findest diese im Reiter Logdateien in Malwarebytes.
__________________
__________________ |
|
09.03.2011, 18:42
| #3 |
| | firefox öffnet werbefenster, hoher download Hallo Arne
__________________Habe heute morten nochmals einen Scann gemacht da hat Malware eine infizierte Datei gefunden und diese ist nun in Quarantäne. Dank dir für deine Hilfe. Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes Datenbank Version: 5996 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 09.03.2011 07:55:16 mbam-log-2011-03-09 (07-55-16).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|) Durchsuchte Objekte: 280619 Laufzeit: 29 Minute(n), 57 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\***\AppData\Local\microsoft\Windows\temporary internet files\Low\Content.IE5\DX8SW3TB\TFC[1].exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully. |
|
10.03.2011, 11:36
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | firefox öffnet werbefenster, hoher download Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
[2011/02/19 17:28:25 | 000,000,926 | ---- | M] () -- C:\Windows\MOD01SET74DE0N0003.XML
O4 - HKLM..\Run: [] File not found
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
10.03.2011, 13:53
| #5 |
| | firefox öffnet werbefenster, hoher download Danke habe ich so gemacht... zuerst wurde eine Fehlermeldung eingeblendet... (war leider weg bevor ich notieren konnte) danach wurde folgende Log geöffnet: Files\Folders moved on Reboot... File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot. Registry entries deleted on Reboot... Kann das alles sein? Compi wurde nocht neu gebootet. Grüsse Chrisi |
|
10.03.2011, 17:12
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | firefox öffnet werbefenster, hoher download Probier den Fix bitte nochmal. Ich vermute du hast irgendwas falsch gemacht.
__________________ --> firefox öffnet werbefenster, hoher download |
|
10.03.2011, 17:31
| #7 |
| | firefox öffnet werbefenster, hoher download Hallo Arne, ich habs nochmals probiert, Resultat ist das Gleiche  Hab dir Bilder angehängt, vielleicht kannst du ja erkennen was und ob ich etwas falsch mache??????????  Gruss Chrisi |
|
10.03.2011, 17:39
| #8 |
| | firefox öffnet werbefenster, hoher download Ups sorry, die Dateien habe ich nicht angehängt... |
|
10.03.2011, 18:19
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | firefox öffnet werbefenster, hoher download Hast du OTL per Rechtsklick als Administrator ausgeführt?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.03.2011, 07:59
| #10 |
| | firefox öffnet werbefenster, hoher download Guten Morgen Arne Ich habe gestern nochmals das OTL (Maus rechts/Administrator ausgeführt, wieder die Fehlermeldung und unten in der Stauszeile hat gestanden er arbeite gerade mit den HOSTS und ich solle den Vorgang nicht unterbrechen.... habe den Compi die ganze Nacht laufen lassen...... war heute morgen immer noch gleich... Habe gesehen das mein Sohn noch den CCleaner installiert hat, gopf nun habe ich den Compi gesperrt bis alles wieder ok ist. Was meinst du soll ich als nächsten Schritt tun? Grüsse Chrisi |
|
11.03.2011, 09:44
| #11 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | firefox öffnet werbefenster, hoher download Nimm mal den Text zum Fix mit OTL: Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.03.2011, 10:18
| #12 |
| | firefox öffnet werbefenster, hoher download super, nun hat sich etwas getan und der Compi hat auch einen Neustart gemacht.Hier das LOG: All processes killed ========== OTL ========== File C:\Windows\MOD01SET74DE0N0003.XML not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: *** ->Temp folder emptied: 2249171 bytes ->Temporary Internet Files folder emptied: 18252240 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 456 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 317032 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50501 bytes RecycleBin emptied: 17688661 bytes Total Files Cleaned = 37.00 mb OTL by OldTimer - Version 3.2.22.3 log created on 03112011_101206 Files\Folders moved on Reboot... C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot. Registry entries deleted on Reboot... |
|
11.03.2011, 10:32
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | firefox öffnet werbefenster, hoher download Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.03.2011, 11:26
| #14 |
| | firefox öffnet werbefenster, hoher download Vielen Dank. Hier schon mal das LOG von combofix: CCleaner folgt später. Combofix Logfile: Code:
ATTFilter ComboFix 11-03-10.02 - *** 11.03.2011 11:06:04.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.41.1031.18.3764.2560 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\cofi.exe
AV: Kaspersky Internet Security *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
AV: Kaspersky Internet Security *Disabled/Updated* {AE1D740B-8F0F-D137-211D-873D44B3F4AE}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
FW: Kaspersky Internet Security *Disabled* {9626F52E-C560-D06F-0A42-2E08BA60B3D5}
SP: Kaspersky Internet Security *Disabled/Outdated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Kaspersky Internet Security *Disabled/Updated* {157C95EF-A935-DEB9-1BAD-BC4F3F34BE13}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\***\AppData\Local\Temp\2C0F.tmp
c:\windows\SysWow64\muzapp.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-02-11 bis 2011-03-11 ))))))))))))))))))))))))))))))
.
.
2011-03-11 10:10 . 2011-03-11 10:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-10 12:46 . 2011-03-10 12:46 -------- d-----w- C:\_OTL
2011-03-10 07:39 . 2011-03-10 07:39 -------- d-----w- c:\program files\CCleaner
2011-03-10 06:13 . 2011-03-10 06:13 -------- d-----w- c:\program files (x86)\X-NetStat Professional
2011-03-10 05:42 . 2011-03-10 16:55 -------- d-----w- C:\Musik
2011-03-10 05:38 . 2011-03-10 05:38 -------- d-----w- c:\program files\7-Zip
2011-03-09 05:48 . 2011-02-11 07:30 7947600 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{727F91A8-7BC4-4647-AEB6-F643B8F1EF35}\mpengine.dll
2011-03-09 05:47 . 2010-12-18 06:12 3138048 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 05:47 . 2010-12-18 06:08 1097216 ----a-w- c:\windows\system32\mstsc.exe
2011-03-09 05:47 . 2010-12-18 05:30 2690560 ----a-w- c:\windows\SysWow64\mstscax.dll
2011-03-09 05:47 . 2010-12-18 05:26 1034240 ----a-w- c:\windows\SysWow64\mstsc.exe
2011-03-09 05:47 . 2010-12-23 06:07 1118720 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 05:47 . 2010-12-23 06:07 961024 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-09 05:47 . 2010-12-23 06:07 723968 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 05:47 . 2010-12-23 06:02 259072 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 05:47 . 2010-12-23 05:28 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
2011-03-09 05:47 . 2010-12-23 05:28 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-03-09 05:47 . 2010-12-23 05:28 850432 ----a-w- c:\windows\SysWow64\sbe.dll
2011-03-09 05:47 . 2010-12-23 05:24 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax
2011-03-07 18:59 . 2011-03-07 18:59 -------- d-----w- c:\programdata\Malwarebytes
2011-03-07 18:59 . 2010-12-20 17:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-07 18:59 . 2011-03-07 18:59 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-03-07 18:59 . 2010-12-20 17:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-06 11:53 . 2011-03-06 12:37 -------- d-----w- C:\unzipped
2011-03-04 20:53 . 2011-03-04 20:53 -------- d-----w- c:\programdata\TomTom
2011-03-04 20:52 . 2011-03-04 20:52 -------- d-----w- c:\program files (x86)\TomTom International B.V
2011-03-04 20:52 . 2011-03-04 20:52 -------- d-----w- c:\program files (x86)\TomTom HOME 2
2011-03-04 11:57 . 2011-03-04 11:57 -------- d-----w- C:\1x1_Trainer_Einzel
2011-03-04 11:57 . 2009-01-04 15:07 446464 ----a-w- c:\windows\UniInstall34.exe
2011-03-03 12:11 . 2011-03-03 12:11 -------- d-----w- c:\program files (x86)\Mathe1x1
2011-03-03 12:11 . 2003-02-26 22:26 42496 ----a-w- c:\windows\SysWow64\FLXGDDE.DLL
2011-03-03 12:11 . 2000-05-22 00:00 244416 ----a-w- c:\windows\SysWow64\MSFLXGRD.OCX
2011-03-03 12:11 . 1999-05-05 21:22 99866 ----a-w- c:\windows\SysWow64\VB5DE.DLL
2011-03-03 12:11 . 1999-05-05 21:22 1355776 ----a-w- c:\windows\SysWow64\MSVBVM50.DLL
2011-03-03 12:11 . 1998-06-17 23:00 89360 ----a-w- c:\windows\SysWow64\VB5DB.DLL
2011-03-03 08:58 . 2011-03-03 08:58 674280 ----a-w- c:\windows\system32\Weingarten das Meer 2010.scr
2011-03-03 08:58 . 2011-03-03 08:58 674280 ------w- c:\windows\SysWow64\Weingarten das Meer 2010.scr
2011-03-03 08:58 . 2011-03-03 08:58 -------- d-----w- c:\programdata\Screentime
2011-03-03 08:57 . 2011-03-03 08:57 -------- d-sh--w- c:\windows\ftpcache
2011-03-02 17:20 . 2011-03-02 17:20 -------- d-----w- c:\programdata\WEBREG
2011-03-02 17:14 . 2009-10-21 14:38 254464 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpfpp101.dll
2011-03-02 17:02 . 2011-03-02 17:02 -------- d-----w- c:\programdata\HP Product Assistant
2011-03-02 17:00 . 2011-03-02 17:00 -------- d-----w- c:\program files (x86)\Common Files\HP
2011-03-02 16:59 . 2011-03-02 16:59 -------- d-----w- c:\program files (x86)\Common Files\Hewlett-Packard
2011-03-02 16:58 . 2009-09-10 17:44 521216 ----a-w- c:\windows\system32\hposc_p04a.dll
2011-03-02 16:58 . 2009-09-10 17:44 1408000 ----a-w- c:\windows\system32\hpost_p04b.dll
2011-03-02 16:58 . 2009-09-10 17:44 1175552 ----a-w- c:\windows\system32\hposwia_p04b.dll
2011-03-02 16:58 . 2009-10-22 00:55 643200 ----a-w- c:\windows\system32\hpzids40.dll
2011-03-02 16:58 . 2009-10-21 14:39 138752 ----a-w- c:\windows\system32\hpf3l101.dll
2011-03-02 16:57 . 2011-03-02 17:03 -------- d-----w- c:\program files (x86)\HP
2011-03-02 16:55 . 2011-03-02 17:15 -------- d-----w- c:\programdata\HP
2011-03-01 12:57 . 2011-03-01 14:12 -------- d-----w- C:\AGROPLUS
2011-02-25 12:11 . 2009-07-14 01:41 101376 ----a-w- c:\windows\system32\Spool\prtprocs\x64\HPZPPWN7.DLL
2011-02-25 08:56 . 2011-01-03 08:38 177128 ----a-w- c:\windows\system32\drivers\ssadmdm.sys
2011-02-25 08:56 . 2011-01-03 08:38 16872 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys
2011-02-25 08:56 . 2011-01-03 08:38 157160 ----a-w- c:\windows\system32\drivers\ssadbus.sys
2011-02-25 08:56 . 2011-01-03 08:38 13800 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys
2011-02-25 08:56 . 2011-01-03 08:38 13800 ----a-w- c:\windows\system32\drivers\ssadwh.sys
2011-02-25 08:56 . 2011-01-03 08:38 13288 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys
2011-02-25 08:56 . 2011-01-03 08:38 13288 ----a-w- c:\windows\system32\drivers\ssadcm.sys
2011-02-25 08:55 . 2011-01-29 16:00 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2011-02-25 08:55 . 2011-02-25 08:55 -------- d-----w- c:\program files (x86)\MarkAny
2011-02-25 08:55 . 2011-01-29 16:00 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll
2011-02-25 08:54 . 2011-02-25 08:56 -------- d-----w- c:\program files (x86)\Samsung
2011-02-25 08:54 . 2011-02-25 08:56 -------- d-----w- c:\programdata\Samsung
2011-02-24 19:55 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2011-02-24 19:55 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2011-02-24 19:54 . 2011-02-24 19:54 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-02-24 07:26 . 2011-02-27 16:04 -------- d-----w- c:\program files (x86)\Microsoft Works
2011-02-24 07:26 . 2011-03-05 21:12 -------- d-----w- c:\program files (x86)\Microsoft.NET
2011-02-24 07:23 . 2011-02-28 19:52 -------- d-----w- c:\programdata\Microsoft Help
2011-02-23 14:15 . 2011-02-23 14:15 -------- d-----w- c:\programdata\VirtualizedApplications
2011-02-23 11:49 . 2011-02-23 11:49 -------- d-----r- C:\MSOCache
2011-02-23 11:43 . 2011-02-24 19:54 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client
2011-02-23 06:06 . 2011-01-07 08:07 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-23 06:06 . 2011-01-07 08:07 475648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-23 06:06 . 2011-01-07 07:31 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-02-23 06:06 . 2011-01-07 07:31 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-02-22 10:18 . 2011-02-24 12:29 -------- d-----w- c:\programdata\FLEXnet
2011-02-22 08:06 . 2011-02-22 08:06 -------- d-----w- c:\windows\SysWow64\Wat
2011-02-22 08:06 . 2011-02-22 08:06 -------- d-----w- c:\windows\system32\Wat
2011-02-22 08:04 . 2011-02-22 08:04 -------- d-----w- c:\program files (x86)\Google
2011-02-22 08:02 . 2011-02-22 08:02 -------- d-----w- c:\program files (x86)\C-CHANNEL
2011-02-22 08:02 . 2011-02-22 08:02 -------- d-----w- c:\program files (x86)\Common Files\C-CHANNEL
2011-02-22 08:02 . 2011-02-22 08:02 -------- d-----w- c:\programdata\C-CHANNEL
2011-02-22 08:02 . 2001-09-05 12:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2011-02-22 08:02 . 2001-09-05 12:18 225280 ------w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2011-02-22 08:02 . 2001-09-05 12:14 176128 ------w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2011-02-22 08:02 . 2001-09-05 12:13 32768 ------w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2011-02-22 08:02 . 2002-07-25 14:07 614532 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2011-02-22 08:01 . 2011-02-22 08:02 -------- d-----w- c:\program files (x86)\Microsoft WSE
2011-02-22 08:00 . 2011-02-22 08:00 -------- d-----w- C:\installation
2011-02-22 05:50 . 2011-02-22 05:50 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-02-22 05:48 . 2009-11-25 11:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2011-02-22 05:48 . 2009-11-25 11:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2011-02-22 05:48 . 2009-11-25 11:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2011-02-22 05:48 . 2009-11-25 11:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2011-02-22 05:48 . 2009-11-25 11:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2011-02-22 05:48 . 2009-11-25 11:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-02-22 05:48 . 2009-11-25 11:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-02-22 05:48 . 2009-11-25 11:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2011-02-22 05:48 . 2009-11-25 11:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2011-02-22 05:48 . 2009-11-25 11:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-02-22 05:48 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2011-02-21 18:09 . 2011-02-21 18:09 -------- d-----w- c:\windows\acerePowerTemp
2011-02-21 13:38 . 2011-02-21 13:38 -------- d-----w- c:\program files (x86)\WMBackup
2011-02-21 06:20 . 2011-02-21 06:20 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-02-21 06:20 . 2011-02-21 06:20 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-02-21 06:20 . 2011-02-21 06:20 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-02-21 06:20 . 2011-02-21 06:20 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-02-21 06:20 . 2011-02-21 06:20 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-02-21 06:20 . 2011-02-21 06:20 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-02-21 06:20 . 2011-02-21 06:20 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-02-21 06:20 . 2011-02-21 06:20 -------- d-----w- c:\program files (x86)\QuickTime
2011-02-21 06:20 . 2011-02-21 06:20 -------- d-----w- c:\programdata\Apple Computer
2011-02-21 06:19 . 2011-02-21 06:19 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-02-21 06:19 . 2011-02-21 06:19 -------- d-----w- c:\program files\Common Files\Apple
2011-02-21 06:19 . 2011-02-21 06:19 -------- d-----w- c:\program files\Bonjour
2011-02-21 06:19 . 2011-02-21 06:19 -------- d-----w- c:\program files (x86)\Bonjour
2011-02-21 06:19 . 2011-02-21 06:19 -------- d-----w- c:\program files (x86)\Common Files\Apple
2011-02-21 06:19 . 2011-02-21 06:19 -------- d-----w- c:\programdata\Apple
2011-02-21 05:44 . 2010-12-18 06:11 714752 ----a-w- c:\windows\system32\kerberos.dll
2011-02-21 05:42 . 2010-03-04 07:57 2080256 ----a-w- c:\program files\Windows Mail\msoe.dll
2011-02-21 05:42 . 2010-03-04 07:57 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-02-21 05:42 . 2010-03-04 07:33 1619968 ----a-w- c:\program files (x86)\Windows Mail\msoe.dll
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-29 22:16 . 2011-01-29 22:16 30056 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe
2011-01-29 16:00 . 2011-01-29 16:00 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2011-01-29 16:00 . 2011-01-29 16:00 325552 ----a-w- c:\windows\MASetupCaller.dll
2011-01-29 16:00 . 2011-01-29 16:00 30568 ----a-w- c:\windows\MusiccityDownload.exe
2011-01-29 16:00 . 2011-01-29 16:00 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll
2011-01-29 16:00 . 2011-01-29 16:00 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll
2011-01-29 16:00 . 2011-01-29 16:00 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll
2011-01-29 16:00 . 2011-01-29 16:00 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll
2011-01-29 16:00 . 2011-01-29 16:00 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll
2011-01-29 16:00 . 2011-01-29 16:00 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll
2011-01-29 16:00 . 2011-01-29 16:00 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax
2011-01-29 16:00 . 2011-01-29 16:00 491520 ----a-w- c:\windows\SysWow64\muzapp.dll
2011-01-29 16:00 . 2011-01-29 16:00 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll
2011-01-29 16:00 . 2011-01-29 16:00 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll
2011-01-29 16:00 . 2011-01-29 16:00 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll
2011-01-29 16:00 . 2011-01-29 16:00 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll
2011-01-29 16:00 . 2011-01-29 16:00 40960 ----a-w- c:\windows\SysWow64\MAMACExtract.dll
2011-01-29 16:00 . 2011-01-29 16:00 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll
2011-01-29 16:00 . 2011-01-29 16:00 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax
2011-01-29 16:00 . 2011-01-29 16:00 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll
2011-01-29 16:00 . 2011-01-29 16:00 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll
2011-01-29 16:00 . 2011-01-29 16:00 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll
2011-01-29 16:00 . 2011-01-29 16:00 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax
2011-01-29 16:00 . 2011-01-29 16:00 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll
2011-01-29 16:00 . 2011-01-29 16:00 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax
2011-01-29 16:00 . 2011-01-29 16:00 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax
2011-01-29 16:00 . 2011-01-29 16:00 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll
2011-01-29 16:00 . 2011-01-29 16:00 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c:\program files (x86)\NetMeter\NetMeter.exe"="c:\program files (x86)\NetMeter\NetMeter.exe" [2009-08-09 293888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-11 975952]
"Camera Assistant Software"="c:\program files (x86)\Video Web Camera\traybar.exe" [2010-07-16 600688]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2011-02-21 340520]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~2\KASPER~1\KASPER~1\sbhook.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 qcusbser;Garmin-Asus USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\qcusbser.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\DRIVERS\klbg.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-11 321104]
S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2010-06-11 868896]
S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-01-08 23584]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2010-06-28 255744]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-12-10 92008]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-01-28 243232]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-06-10 324608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-07 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-07 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-07 413208]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-29 11101800]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-06-10 206208]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2010-06-11 861216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\x64\sbhook64.dll c:\progra~2\KASPER~1\KASPER~1\x64\kloehk.dll
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://packardbell.msn.com
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://packardbell.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Hinzufügen zu Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\3y9s9qq4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bluewin.ch/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - user.js: general.useragent.extra.brc -
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Launch Manager\LMworker.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-03-11 11:16:52 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-03-11 10:16
.
Vor Suchlauf: 15 Verzeichnis(se), 257'828'192'256 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 257'690'468'352 Bytes frei
.
- - End Of File - - 63CFFAE0845E025192F5559FBAD186C6
|
|
11.03.2011, 11:34
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | firefox öffnet werbefenster, hoher download Bitte nun Logs mit GMER und mbrcheck erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg Anleitung zu mbrcheck: Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu firefox öffnet werbefenster, hoher download |
| 64-bit, autorun, bho, bonjour, defender, error, excel, firefox, format, google, home, iastor.sys, internet, kaspersky, launch, location, logfile, media center, microsoft office word, mozilla, oldtimer, packard bell, picasa, programdata, realtek, registry, scan, searchplugins, security, senden, software, start menu, symantec, syswow64, tastatur, trojaner, webcheck, werbefenster, windows |
Linear-Darstellung
