| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Google verlinkt mich falschWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
31.03.2011, 15:38
| #1 |
 |  Google verlinkt mich falsch hallo erstmal, immer wenn ich in google bei der suche auf einen Link klike komme ich auf eine andere seite als im link beschreiben. erst beim dritten mal wenn ich den link wähle komme ich auch auf den link. im anhang ist das logfile fon hijackthis. leider hab ich in HijackThis schon was gefixt. danke schon mal im vorraus HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:43:50, on 31.03.2011 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16722) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Program Files\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe C:\Windows\system32\Dwm.exe C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe C:\Windows\Explorer.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\18.5.0.125\IPS\IPSBHO.DLL O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O8 - Extra context menu item: Free YouTube Download - C:\Users\Kobi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- End of file - 7666 bytes |
|
31.03.2011, 18:25
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Google verlinkt mich falsch Bitte beachten => http://www.trojaner-board.de/95173-b...es-posten.html und http://www.trojaner-board.de/69886-a...-beachten.html
__________________ |
|
31.03.2011, 20:26
| #3 |
| | Google verlinkt mich falsch danke für den hinweis.
__________________hier ist der OTL logfile: OTL Logfile: Code:
ATTFilter OTL logfile created on: 31.03.2011 21:08:44 - Run 5 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Kobi\Downloads Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 910,41 Gb Total Space | 332,40 Gb Free Space | 36,51% Space Free | Partition Type: NTFS Drive D: | 20,00 Gb Total Space | 12,05 Gb Free Space | 60,23% Space Free | Partition Type: NTFS Computer Name: KORBINIAN-PC | User Name: Kobi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Kobi\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Programme\Norton AntiVirus\Engine\18.5.0.125\ccsvchst.exe (Symantec Corporation) PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE () PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Programme\Internet Explorer\ielowutil.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\PSIService.exe () ========== Modules (SafeList) ========== MOD - C:\Users\Kobi\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Akamai) -- c:\Programme\Common Files\Akamai\netsession_win_a35e6b9.dll () SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (NAV) -- C:\Program Files\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe (Symantec Corporation) SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (OMSI download service) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe () ========== Driver Services (SafeList) ========== DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110331.003\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110331.003\NAVENG.SYS (Symantec Corporation) DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110330.001\IDSvix86.sys (Symantec Corporation) DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110309.001\BHDrvx86.sys (Symantec Corporation) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation) DRV - (SymNetS) -- C:\Windows\System32\Drivers\NAV\1205000.07D\SYMNETS.SYS (Symantec Corporation) DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation ) DRV - (SRTSP) -- C:\Windows\System32\Drivers\NAV\1205000.07D\SRTSP.SYS (Symantec Corporation) DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\NAV\1205000.07D\SRTSPX.SYS (Symantec Corporation) DRV - (SymEFA) -- C:\Windows\system32\drivers\NAV\1205000.07D\SYMEFA.SYS (Symantec Corporation) DRV - (SymIRON) -- C:\Windows\system32\drivers\NAV\1205000.07D\Ironx86.SYS (Symantec Corporation) DRV - (SymDS) -- C:\Windows\system32\drivers\NAV\1205000.07D\SYMDS.SYS (Symantec Corporation) DRV - (LWMouCon) -- C:\Windows\System32\drivers\lwmoucon.ram () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH) DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV - (s217unic) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM) -- C:\Windows\System32\drivers\s217unic.sys (MCCI) DRV - (s217mgmt) Sony Ericsson Device 217 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s217mgmt.sys (MCCI Corporation) DRV - (s217obex) -- C:\Windows\System32\drivers\s217obex.sys (MCCI Corporation) DRV - (s217nd5) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (NDIS) -- C:\Windows\System32\drivers\s217nd5.sys (MCCI Corporation) DRV - (s217mdm) -- C:\Windows\System32\drivers\s217mdm.sys (MCCI Corporation) DRV - (s217bus) Sony Ericsson Device 217 driver (WDM) -- C:\Windows\System32\drivers\s217bus.sys (MCCI Corporation) DRV - (s217mdfl) -- C:\Windows\System32\drivers\s217mdfl.sys (MCCI Corporation) DRV - (acedrv09) -- C:\Windows\System32\drivers\acedrv09.sys (Protect Software GmbH) DRV - (acehlp09) -- C:\Windows\System32\drivers\acehlp09.sys (Protect Software GmbH) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8 FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.49 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - prefs.js..extensions.enabledItems: chromifox@altmusictv.com:3.6.5 FF - prefs.js..extensions.enabledItems: {8225d6f0-dfca-11df-85ca-0800200c9a66}:1.0.4.8 FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.03.20 14:35:48 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.03.20 14:35:48 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn\ [2011.03.22 22:09:07 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.27 13:08:23 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.24 22:33:54 | 000,000,000 | ---D | M] [2011.03.20 14:52:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kobi\AppData\Roaming\mozilla\Extensions [2011.03.28 19:34:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kobi\AppData\Roaming\mozilla\Firefox\Profiles\vtkrlqy8.default\extensions [2011.03.20 14:52:49 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Kobi\AppData\Roaming\mozilla\Firefox\Profiles\vtkrlqy8.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.03.20 14:52:50 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Users\Kobi\AppData\Roaming\mozilla\Firefox\Profiles\vtkrlqy8.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3} [2011.03.20 14:52:50 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Kobi\AppData\Roaming\mozilla\Firefox\Profiles\vtkrlqy8.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2011.03.27 13:08:23 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.03.20 14:37:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.03.20 14:37:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} File not found (No name found) -- [2011.03.20 14:37:33 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.03.20 14:37:34 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.03.22 22:09:07 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPLGN () (No name found) -- C:\USERS\KOBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTKRLQY8.DEFAULT\EXTENSIONS\{A0D7CCB3-214D-498B-B4AA-0E8FDA9A7BF7}.XPI () (No name found) -- C:\USERS\KOBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTKRLQY8.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011.03.18 19:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll [2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton AntiVirus\Engine\18.5.0.125\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Free YouTube Download - C:\Users\Kobi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab (Microsoft Genuine Advantage Self Support Tool) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O27 - HKLM IFEO\AcroRd32.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software) O27 - HKLM IFEO\excel.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software) O27 - HKLM IFEO\iastorui.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software) O27 - HKLM IFEO\infopath.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software) O27 - HKLM IFEO\itunes.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software) O27 - HKLM IFEO\msaccess.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software) O27 - HKLM IFEO\msoxmled.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software) O27 - HKLM IFEO\mspub.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software) O27 - HKLM IFEO\mstore.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software) O27 - HKLM IFEO\onenote.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software) O27 - HKLM IFEO\outlook.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software) O27 - HKLM IFEO\phoenixrc.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software) O27 - HKLM IFEO\phoenixupdateinstaller.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software) O27 - HKLM IFEO\pictureviewer.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software) O27 - HKLM IFEO\powerpnt.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software) O27 - HKLM IFEO\quicktimeplayer.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software) O27 - HKLM IFEO\sepcsuite.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software) O27 - HKLM IFEO\winword.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.03.28 19:37:21 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.03.28 19:37:06 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT [2011.03.27 14:14:48 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2011.03.27 14:14:40 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll [2011.03.27 14:14:40 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2011.03.27 14:14:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011 [2011.03.27 14:14:25 | 000,000,000 | ---D | C] -- C:\Programme\TuneUp Utilities 2011 [2011.03.27 11:51:04 | 000,000,000 | ---D | C] -- C:\Programme\HijackThis [2011.03.27 00:42:14 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2011.03.27 00:34:40 | 000,000,000 | ---D | C] -- C:\Users\Kobi\AppData\Local\Sunbelt Software [2011.03.27 00:32:46 | 000,000,000 | ---D | C] -- C:\Programme\Lavasoft [2011.03.27 00:32:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2011.03.27 00:00:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage [2011.03.25 21:18:45 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2011.03.25 20:03:36 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy [2011.03.25 20:03:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011.03.25 19:54:59 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.03.25 18:44:17 | 000,000,000 | ---D | C] -- C:\Users\Kobi\Documents\FIFA 11 [2011.03.25 18:40:58 | 000,000,000 | ---D | C] -- C:\Programme\EA Sports [2011.03.22 22:07:03 | 000,652,336 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1205000.07D\symefa.sys [2011.03.22 22:07:03 | 000,340,016 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1205000.07D\symds.sys [2011.03.22 22:07:03 | 000,295,032 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1205000.07D\symnets.sys [2011.03.22 22:07:03 | 000,050,168 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1205000.07D\srtspx.sys [2011.03.22 22:07:02 | 000,509,560 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1205000.07D\srtsp.sys [2011.03.22 22:07:02 | 000,136,312 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1205000.07D\ironx86.sys [2011.03.22 22:06:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NAV\1205000.07D [2011.03.22 22:00:05 | 000,126,512 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS [2011.03.22 22:00:05 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Symantec Shared [2011.03.22 22:00:05 | 000,000,000 | ---D | C] -- C:\Programme\Symantec [2011.03.22 21:59:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NAV [2011.03.22 21:59:31 | 000,000,000 | ---D | C] -- C:\Programme\Norton AntiVirus [2011.03.22 21:59:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus [2011.03.22 21:59:25 | 000,000,000 | ---D | C] -- C:\Programme\NortonInstaller [2011.03.22 19:09:03 | 000,240,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys [2011.03.21 21:22:06 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe [2011.03.21 21:21:30 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys [2011.03.21 14:50:49 | 000,000,000 | ---D | C] -- C:\Users\Kobi\Documents\O&O [2011.03.21 14:46:32 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll [2011.03.21 14:46:31 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe [2011.03.21 14:46:31 | 000,197,632 | ---- | C] (Intel(R) Corporation) -- C:\Windows\System32\ir32_32.dll [2011.03.21 14:46:31 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll [2011.03.21 14:46:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2011.03.21 14:46:22 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll [2011.03.21 14:46:22 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax [2011.03.21 14:46:21 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll [2011.03.21 14:46:19 | 002,329,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.03.21 14:46:18 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll [2011.03.21 14:46:18 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll [2011.03.21 14:46:18 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll [2011.03.21 14:46:18 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe [2011.03.21 14:46:17 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll [2011.03.21 14:46:15 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll [2011.03.21 14:46:01 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll [2011.03.21 14:45:59 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll [2011.03.21 14:45:59 | 000,507,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe [2011.03.21 14:45:59 | 000,442,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe [2011.03.21 14:45:53 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll [2011.03.21 14:45:52 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll [2011.03.21 14:45:52 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll [2011.03.21 14:45:51 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.03.21 14:45:51 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.03.21 14:45:44 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2011.03.21 14:45:43 | 000,026,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys [2011.03.21 14:45:33 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.03.21 14:45:33 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.03.21 14:45:33 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.03.21 14:45:33 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.03.21 14:45:33 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.03.21 14:45:33 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.03.21 14:45:33 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.03.21 14:45:33 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.03.21 14:45:32 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.03.21 14:45:24 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll [2011.03.21 14:45:21 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll [2011.03.21 14:45:21 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll [2011.03.21 14:45:17 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll [2011.03.21 14:45:17 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll [2011.03.21 14:45:17 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2011.03.21 14:45:17 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2011.03.21 14:45:15 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll [2011.03.21 14:45:11 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2011.03.21 14:45:11 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.03.21 14:45:11 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2011.03.21 14:45:11 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll [2011.03.21 14:45:11 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.03.21 14:45:05 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011.03.21 14:45:05 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011.03.21 14:45:04 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2011.03.21 14:45:04 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2011.03.21 14:45:04 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2011.03.21 14:45:04 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2011.03.21 14:45:03 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL [2011.03.21 14:45:03 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll [2011.03.21 14:45:03 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2011.03.21 14:45:03 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll [2011.03.21 14:45:03 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2011.03.21 14:45:03 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll [2011.03.21 14:44:52 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\upnp.dll [2011.03.21 14:44:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.03.21 14:44:51 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll [2011.03.21 14:44:51 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll [2011.03.21 14:44:51 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.03.21 14:44:51 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll [2011.03.21 14:44:49 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll [2011.03.21 14:44:49 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe [2011.03.21 14:44:48 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll [2011.03.21 14:44:48 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll [2011.03.21 14:44:48 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe [2011.03.21 14:44:48 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe [2011.03.21 14:44:48 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe [2011.03.21 14:44:48 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe [2011.03.21 14:44:48 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll [2011.03.21 14:44:48 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll [2011.03.21 14:44:44 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys [2011.03.21 14:44:44 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2011.03.20 18:12:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.03.20 18:11:37 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll [2011.03.20 18:11:22 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2011.03.20 18:11:07 | 000,000,000 | ---D | C] -- C:\Programme\Apple Software Update [2011.03.20 18:09:53 | 000,000,000 | ---D | C] -- C:\Users\Kobi\AppData\Roaming\Malwarebytes [2011.03.20 18:09:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.03.20 15:19:21 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe [2011.03.20 15:19:21 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll [2011.03.20 15:19:21 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll [2011.03.20 15:17:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2011.03.20 15:17:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2011.03.20 15:17:01 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien [2011.03.20 15:17:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2011.03.20 15:17:01 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2011.03.20 15:17:01 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2011.03.20 15:17:01 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2011.03.20 15:17:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2011.03.20 15:17:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2011.03.20 14:33:42 | 000,000,000 | --SD | C] -- C:\Users\Kobi\AppData\Roaming\Microsoft [2011.03.20 14:33:42 | 000,000,000 | R--D | C] -- C:\Users\Kobi\Videos [2011.03.20 14:33:42 | 000,000,000 | R--D | C] -- C:\Users\Kobi\Saved Games [2011.03.20 14:33:42 | 000,000,000 | R--D | C] -- C:\Users\Kobi\Pictures [2011.03.20 14:33:42 | 000,000,000 | R--D | C] -- C:\Users\Kobi\Music [2011.03.20 14:33:42 | 000,000,000 | R--D | C] -- C:\Users\Kobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2011.03.20 14:33:42 | 000,000,000 | R--D | C] -- C:\Users\Kobi\Links [2011.03.20 14:33:42 | 000,000,000 | R--D | C] -- C:\Users\Kobi\Favorites [2011.03.20 14:33:42 | 000,000,000 | R--D | C] -- C:\Users\Kobi\Downloads [2011.03.20 14:33:42 | 000,000,000 | R--D | C] -- C:\Users\Kobi\Documents [2011.03.20 14:33:42 | 000,000,000 | R--D | C] -- C:\Users\Kobi\Desktop [2011.03.20 14:33:42 | 000,000,000 | R--D | C] -- C:\Users\Kobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2011.03.20 14:33:42 | 000,000,000 | -HSD | C] -- C:\Users\Kobi\Vorlagen [2011.03.20 14:33:42 | 000,000,000 | -HSD | C] -- C:\Users\Kobi\AppData\Local\Verlauf [2011.03.20 14:33:42 | 000,000,000 | -HSD | C] -- C:\Users\Kobi\AppData\Local\Temporary Internet Files [2011.03.20 14:33:42 | 000,000,000 | -HSD | C] -- C:\Users\Kobi\Startmenü [2011.03.20 14:33:42 | 000,000,000 | -HSD | C] -- C:\Users\Kobi\SendTo [2011.03.20 14:33:42 | 000,000,000 | -HSD | C] -- C:\Users\Kobi\Recent [2011.03.20 14:33:42 | 000,000,000 | -HSD | C] -- C:\Users\Kobi\Netzwerkumgebung [2011.03.20 14:33:42 | 000,000,000 | -HSD | C] -- C:\Users\Kobi\Lokale Einstellungen [2011.03.20 14:33:42 | 000,000,000 | -HSD | C] -- C:\Users\Kobi\Documents\Eigene Videos [2011.03.20 14:33:42 | 000,000,000 | -HSD | C] -- C:\Users\Kobi\Documents\Eigene Musik [2011.03.20 14:33:42 | 000,000,000 | -HSD | C] -- C:\Users\Kobi\Eigene Dateien [2011.03.20 14:33:42 | 000,000,000 | -HSD | C] -- C:\Users\Kobi\Documents\Eigene Bilder [2011.03.20 14:33:42 | 000,000,000 | -HSD | C] -- C:\Users\Kobi\Druckumgebung [2011.03.20 14:33:42 | 000,000,000 | -HSD | C] -- C:\Users\Kobi\Cookies [2011.03.20 14:33:42 | 000,000,000 | -HSD | C] -- C:\Users\Kobi\AppData\Local\Anwendungsdaten [2011.03.20 14:33:42 | 000,000,000 | -HSD | C] -- C:\Users\Kobi\Anwendungsdaten [2011.03.20 14:33:42 | 000,000,000 | -H-D | C] -- C:\Users\Kobi\AppData [2011.03.20 14:33:42 | 000,000,000 | ---D | C] -- C:\Users\Kobi\AppData\Local\Temp [2011.03.20 14:33:42 | 000,000,000 | ---D | C] -- C:\Users\Kobi\AppData\Local\Microsoft [2011.03.20 14:33:42 | 000,000,000 | ---D | C] -- C:\Users\Kobi\AppData\Roaming\Media Center Programs [2011.03.20 14:32:42 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM [2011.03.20 14:32:42 | 000,000,000 | ---D | C] -- C:\Programme\Realtek [2011.03.20 14:32:18 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2011.03.20 14:32:10 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2011.03.20 14:32:07 | 000,000,000 | ---D | C] -- C:\Programme\NVIDIA Corporation [2011.03.20 14:30:58 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2011.03.20 14:28:56 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2011.03.20 14:09:15 | 000,000,000 | -H-D | C] -- C:\$WINDOWS.~Q [2011.03.20 14:03:32 | 000,000,000 | -H-D | C] -- C:\$INPLACE.~TR [2011.03.19 21:30:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2011.03.19 21:28:59 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2011.03.14 19:23:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft [2011.03.14 19:20:54 | 000,000,000 | ---D | C] -- C:\Users\Kobi\Documents\Any Video Converter [2011.03.14 19:20:44 | 000,000,000 | ---D | C] -- C:\Programme\AnvSoft [2011.03.14 15:47:16 | 000,000,000 | ---D | C] -- C:\Users\Kobi\AppData\Roaming\DVDVideoSoft [2011.03.13 21:44:53 | 000,000,000 | ---D | C] -- C:\Users\Kobi\Documents\Stardock [2011.03.13 21:44:45 | 000,000,000 | ---D | C] -- C:\Users\Kobi\AppData\Roaming\Stardock [2011.03.12 14:48:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Bluefish Media [2011.03.12 14:48:35 | 000,000,000 | ---D | C] -- C:\Programme\Bluefish Games [2011.03.10 12:52:18 | 000,000,000 | ---D | C] -- C:\Users\Kobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Convar [2011.03.04 17:49:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft [2011.03.04 16:42:47 | 000,000,000 | ---D | C] -- C:\ProgramData\SlySoft [2011.03.04 16:32:02 | 000,000,000 | ---D | C] -- C:\Programme\Elaborate Bytes [2011.03.03 18:49:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\N360_BACKUP [2011.03.02 17:02:39 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core [2011.03.02 16:38:14 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour [1 C:\Users\Kobi\Desktop\*.tmp files -> C:\Users\Kobi\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.03.31 21:11:04 | 000,657,438 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.03.31 21:11:04 | 000,618,714 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.03.31 21:11:04 | 000,130,810 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.03.31 21:11:04 | 000,107,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.03.31 21:04:45 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.03.31 21:04:31 | 000,000,306 | -HS- | M] () -- C:\Windows\tasks\Knpt.job [2011.03.31 21:04:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.03.31 18:16:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.03.31 15:29:25 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.03.31 15:29:25 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.03.30 15:47:37 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2011.03.30 15:45:28 | 001,048,730 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1205000.07D\Cat.DB [2011.03.27 14:14:39 | 000,002,163 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2011.03.27 14:14:39 | 000,002,143 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk [2011.03.27 12:43:21 | 000,001,404 | ---- | M] () -- C:\Users\Kobi\Desktop\HijackThis - Verknüpfung.lnk [2011.03.27 00:42:14 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2011.03.27 00:03:43 | 000,012,627 | ---- | M] () -- C:\Users\Kobi\Desktop\Windows Mediaplayer.lnk [2011.03.25 18:42:19 | 000,000,192 | ---- | M] () -- C:\Users\Kobi\Desktop\FIFA 11 Demo.lnk [2011.03.22 22:08:56 | 000,002,334 | ---- | M] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk [2011.03.22 22:00:05 | 000,126,512 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS [2011.03.22 22:00:05 | 000,007,456 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT [2011.03.22 22:00:05 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF [2011.03.22 15:01:35 | 003,842,904 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.03.21 20:35:58 | 000,281,760 | ---- | M] () -- C:\Windows\System32\drivers\atksgt.sys [2011.03.21 20:35:58 | 000,025,888 | ---- | M] () -- C:\Windows\System32\drivers\lirsgt.sys [2011.03.20 18:12:29 | 000,001,757 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.03.20 15:46:42 | 000,000,017 | ---- | M] () -- C:\Users\Kobi\AppData\Local\resmon.resmoncfg [2011.03.20 15:36:41 | 000,000,668 | ---- | M] () -- C:\Users\Kobi\Desktop\Kobi.lnk [2011.03.20 15:36:33 | 000,000,355 | ---- | M] () -- C:\Users\Kobi\Desktop\Computer.lnk [2011.03.20 15:09:37 | 000,052,953 | ---- | M] () -- C:\Windows\System32\license.rtf [2011.03.20 15:01:42 | 000,021,532 | ---- | M] () -- C:\Windows\System32\emptyregdb.dat [2011.03.20 14:33:12 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_point32_01009.Wdf [2011.03.20 14:33:00 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_dc3d_01009.Wdf [2011.03.20 14:32:03 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf [2011.03.20 13:30:48 | 000,002,544 | ---- | M] () -- C:\Windows\diagwrn.xml [2011.03.20 13:30:46 | 000,001,890 | ---- | M] () -- C:\Windows\diagerr.xml [2011.03.19 21:51:56 | 000,155,648 | RHS- | M] () -- C:\Windows\System32\wavemspb.dll [2011.03.16 16:19:26 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.03.14 19:23:38 | 000,001,202 | ---- | M] () -- C:\Users\Kobi\Desktop\Any Video Converter.lnk [2011.03.14 15:48:17 | 000,001,205 | ---- | M] () -- C:\Users\Kobi\Desktop\DVDVideoSoft Free Studio.lnk [1 C:\Users\Kobi\Desktop\*.tmp files -> C:\Users\Kobi\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.03.27 14:14:39 | 000,002,163 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2011.03.27 14:14:38 | 000,002,143 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk [2011.03.27 14:14:34 | 000,002,155 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011.lnk [2011.03.27 13:08:29 | 000,001,112 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.03.27 12:43:21 | 000,001,404 | ---- | C] () -- C:\Users\Kobi\Desktop\HijackThis - Verknüpfung.lnk [2011.03.27 00:03:43 | 000,012,627 | ---- | C] () -- C:\Users\Kobi\Desktop\Windows Mediaplayer.lnk [2011.03.25 18:42:19 | 000,000,192 | ---- | C] () -- C:\Users\Kobi\Desktop\FIFA 11 Demo.lnk [2011.03.22 22:08:14 | 001,048,730 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\Cat.DB [2011.03.22 22:07:03 | 000,007,458 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\symnet.cat [2011.03.22 22:07:03 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\symefa.cat [2011.03.22 22:07:03 | 000,007,450 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\symds.cat [2011.03.22 22:07:03 | 000,003,374 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\symefa.inf [2011.03.22 22:07:03 | 000,002,792 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\symds.inf [2011.03.22 22:07:03 | 000,001,446 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\symnet.inf [2011.03.22 22:07:02 | 000,007,528 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\iron.cat [2011.03.22 22:07:02 | 000,007,454 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\srtspx.cat [2011.03.22 22:07:02 | 000,007,450 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\srtsp.cat [2011.03.22 22:07:02 | 000,001,389 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\srtspx.inf [2011.03.22 22:07:02 | 000,001,383 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\srtsp.inf [2011.03.22 22:07:02 | 000,000,742 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\iron.inf [2011.03.22 22:06:58 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\isolate.ini [2011.03.22 22:00:05 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT [2011.03.22 22:00:05 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF [2011.03.22 22:00:03 | 000,002,334 | ---- | C] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk [2011.03.22 19:11:37 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif [2011.03.20 18:12:29 | 000,001,757 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.03.20 15:46:42 | 000,000,017 | ---- | C] () -- C:\Users\Kobi\AppData\Local\resmon.resmoncfg [2011.03.20 15:36:41 | 000,000,668 | ---- | C] () -- C:\Users\Kobi\Desktop\Kobi.lnk [2011.03.20 15:36:33 | 000,000,355 | ---- | C] () -- C:\Users\Kobi\Desktop\Computer.lnk [2011.03.20 15:18:25 | 000,001,417 | ---- | C] () -- C:\Users\Kobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2011.03.20 15:01:42 | 000,021,532 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat [2011.03.20 14:33:28 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2011.03.20 14:33:25 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2011.03.20 14:33:12 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_point32_01009.Wdf [2011.03.20 14:33:00 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_dc3d_01009.Wdf [2011.03.20 14:32:03 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf [2011.03.20 13:30:46 | 000,002,544 | ---- | C] () -- C:\Windows\diagwrn.xml [2011.03.20 13:30:46 | 000,001,890 | ---- | C] () -- C:\Windows\diagerr.xml [2011.03.19 21:51:57 | 000,000,306 | -HS- | C] () -- C:\Windows\tasks\Knpt.job [2011.03.19 21:51:56 | 000,155,648 | RHS- | C] () -- C:\Windows\System32\wavemspb.dll [2011.03.14 19:23:38 | 000,001,202 | ---- | C] () -- C:\Users\Kobi\Desktop\Any Video Converter.lnk [2011.02.22 16:54:02 | 000,110,080 | ---- | C] () -- C:\Windows\System32\advd.dll [2011.02.22 16:54:02 | 000,023,040 | ---- | C] () -- C:\Windows\System32\auth.dll [2011.01.21 16:05:11 | 000,053,248 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010.12.20 18:27:09 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll [2010.11.26 16:26:34 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2010.11.26 16:26:26 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010.11.26 16:26:21 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2010.11.04 23:49:19 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2010.11.02 15:40:49 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.11.02 12:17:41 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2010.10.17 20:33:38 | 000,003,764 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys [2010.10.17 20:33:38 | 000,000,008 | RHS- | C] () -- C:\Windows\System32\4191328E39.sys [2010.09.07 09:42:03 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2010.09.04 13:41:51 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2010.09.04 13:41:51 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2010.06.24 16:54:57 | 002,163,383 | -HS- | C] () -- C:\Windows\System32\aepics.sys [2010.06.18 15:26:45 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ACCTRESa.sys [2010.06.13 09:58:11 | 000,000,609 | ---- | C] () -- C:\Windows\7THLEVEL.INI [2010.06.13 09:43:55 | 000,000,857 | ---- | C] () -- C:\Windows\XLMSoft.ini [2010.06.13 08:51:45 | 000,000,604 | ---- | C] () -- C:\Windows\Thps3.INI [2010.06.12 09:53:50 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI [2010.06.08 21:27:01 | 000,000,501 | --S- | C] () -- C:\Windows\System32\711303030.dat [2010.06.06 20:25:51 | 000,000,000 | ---- | C] () -- C:\Windows\musiceditor.INI [2010.05.20 18:18:52 | 000,180,988 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2010.04.21 17:04:22 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll [2010.04.21 17:04:22 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll [2010.04.09 20:35:11 | 000,380,928 | ---- | C] () -- C:\Windows\System32\server.dll [2010.04.09 20:35:11 | 000,022,016 | ---- | C] () -- C:\Windows\System32\setup.exe [2010.04.09 20:34:44 | 000,000,258 | ---- | C] () -- C:\Windows\System32\dat.bin [2010.04.09 20:34:43 | 000,720,896 | ---- | C] () -- C:\Windows\System32\EAInstall.dll [2010.04.09 20:34:35 | 007,577,600 | ---- | C] () -- C:\Windows\System32\nfsc_demo.exe [2010.04.07 09:36:52 | 000,002,856 | ---- | C] () -- C:\Windows\mgxoschk.ini [2010.03.04 17:19:25 | 000,028,672 | ---- | C] () -- C:\Windows\System32\nnr.dll [2010.02.19 10:57:19 | 000,000,000 | ---- | C] () -- C:\Users\Kobi\AppData\Roaming\wklnhst.dat [2009.12.03 10:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2009.11.20 12:16:02 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2009.11.16 15:24:46 | 000,000,037 | ---- | C] () -- C:\Windows\System32\drivers\VERSION.DAT [2009.08.03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.08.03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009.07.14 10:47:43 | 000,657,438 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 10:47:43 | 000,130,810 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 06:33:53 | 003,842,904 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 04:05:48 | 000,618,714 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 04:05:48 | 000,107,034 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.07.14 01:19:28 | 000,009,232 | ---- | C] () -- C:\Windows\System32\amxreadn.dat [2009.07.14 01:19:28 | 000,009,232 | ---- | C] () -- C:\Windows\System32\ActionCenterCPLr.dat [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2007.06.05 14:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe < End of report > |
|
01.04.2011, 11:31
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google verlinkt mich falschZitat:
1.) TuneUp ist völlig unnützer Ballast. TuneUp zieht sich - warum auch immer - fast durchgängig durch alle Logs hier, warum weiß ich nicht, denn TuneUp ist eigentlich der letzte Schrott => TuneUp: Wundermittel oder Placebo Reloaded | DerFisch.de 2.) Zwei Virenscanner wie Norton und AntiVir gehen garnicht! Deinstalliere einen der beiden! 3.) Was ist mit den anderen Logs? Malwarebytes?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
02.04.2011, 17:01
| #5 |
| | Google verlinkt mich falsch danke für die schnelle Antwort hier ist die logdatei von Malwarebytes PHP-Code: |
|
03.04.2011, 13:44
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google verlinkt mich falsch Ein Virenscanner ist deinstalliert? TuneUp auch? Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________ --> Google verlinkt mich falsch |
|
03.04.2011, 20:31
| #7 |
| | Google verlinkt mich falsch ja virenscaner und tuneup sind deaktiviert. hier ist die andere logdatei von malwarebytes PHP-Code: |
|
04.04.2011, 09:03
| #8 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google verlinkt mich falschZitat:
Poste alle Logs, die im Reiter Logdateien zu sehen sind.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.04.2011, 14:56
| #9 |
| | Google verlinkt mich falsch hier ist das neueste logfile PHP-Code: |
|
04.04.2011, 15:09
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google verlinkt mich falsch Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.04.2011, 15:17
| #11 |
| | Google verlinkt mich falsch hier ist die datei Combofix Logfile: Code:
ATTFilter ComboFix 11-04-04.02 - Kobi 05.04.2011 14:33:51.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3063.2156 [GMT 2:00]
ausgeführt von:: c:\users\Kobi\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kobi\AppData\Roaming\Microsoft\Windows\Recent\Thumbs.db
c:\users\Kobi\AppData\Roaming\OfferBox
c:\users\Kobi\AppData\Roaming\OfferBox\config.xml
c:\windows\system32\711303030.dat
c:\windows\system32\AutoRun.inf
c:\windows\system32\server.dll
c:\windows\system32\setup.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-03-05 bis 2011-04-05 ))))))))))))))))))))))))))))))
.
.
2011-04-05 12:39 . 2011-04-05 12:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-05 12:24 . 2011-04-05 12:24 -------- d-----w- c:\program files\CCleaner
2011-04-01 14:50 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-01 14:50 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-28 17:37 . 2011-03-28 17:37 -------- d-----w- c:\program files\ERUNT
2011-03-26 22:42 . 2011-03-26 22:42 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-03-26 22:32 . 2011-03-27 05:31 -------- d-----w- c:\programdata\Lavasoft
2011-03-26 22:32 . 2011-03-26 22:32 -------- d-----w- c:\program files\Lavasoft
2011-03-25 18:03 . 2011-03-25 18:47 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-03-25 18:03 . 2011-03-25 18:47 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-25 17:54 . 2011-04-01 14:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-25 16:40 . 2011-03-25 16:40 -------- d-----w- c:\program files\EA Sports
2011-03-22 17:09 . 2010-04-09 07:24 240008 ----a-w- c:\windows\system32\drivers\netio.sys
2011-03-21 19:26 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2011-03-21 19:22 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2011-03-21 19:21 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2011-03-21 19:21 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-03-21 12:45 . 2009-09-03 07:04 1320960 ----a-w- c:\windows\system32\CertEnroll.dll
2011-03-20 16:11 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-03-20 16:11 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-03-20 16:11 . 2011-03-20 16:11 -------- d-----w- c:\program files\iPod
2011-03-20 16:11 . 2011-03-20 16:11 -------- d-----w- c:\program files\Apple Software Update
2011-03-20 16:09 . 2011-03-20 16:09 -------- d-----w- c:\programdata\Malwarebytes
2011-03-20 13:21 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll
2011-03-20 13:21 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2011-03-20 13:19 . 2009-11-25 11:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-03-20 13:19 . 2009-11-25 11:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-03-20 13:19 . 2009-11-25 11:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-03-20 13:19 . 2009-11-25 11:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-03-20 13:19 . 2009-11-25 11:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-03-20 13:16 . 2011-04-05 12:15 -------- d-----w- c:\windows\system32\wbem\Performance
2011-03-20 12:56 . 2011-03-20 12:56 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-03-20 12:33 . 2011-03-30 13:03 -------- d-----w- c:\users\Kobi
2011-03-20 12:32 . 2011-03-20 12:32 -------- d-----w- c:\windows\system32\RTCOM
2011-03-20 12:32 . 2011-03-20 12:32 -------- d-----w- c:\program files\Realtek
2011-03-20 12:32 . 2011-03-20 12:32 -------- d-----w- c:\programdata\NVIDIA
2011-03-20 12:32 . 2011-04-01 14:37 -------- d-sh--w- c:\windows\Installer
2011-03-20 12:32 . 2011-03-20 12:39 -------- d-----w- c:\program files\NVIDIA Corporation
2011-03-20 12:28 . 2011-03-20 13:17 -------- d-----w- c:\windows\Panther
2011-03-20 12:09 . 2011-03-20 13:02 -------- d-----w- C:\$WINDOWS.~Q
2011-03-20 12:03 . 2011-03-20 12:06 -------- d-----w- C:\$INPLACE.~TR
2011-03-19 19:51 . 2011-03-19 19:51 155648 --sha-r- c:\windows\system32\wavemspb.dll
2011-03-19 19:30 . 2011-04-01 14:46 -------- d-----w- c:\programdata\Norton
2011-03-18 15:37 . 2011-02-11 06:54 5943120 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E69125E6-EEAD-47E4-89DA-9E9CFEB47D00}\mpengine.dll
2011-03-14 17:20 . 2011-03-20 12:35 -------- d-----w- c:\program files\AnvSoft
2011-03-12 12:48 . 2011-03-20 12:42 -------- d-----w- c:\programdata\Bluefish Media
2011-03-12 12:48 . 2011-03-12 13:49 -------- d-----w- c:\program files\Bluefish Games
2011-03-12 11:28 . 2011-03-12 11:28 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-03-12 11:28 . 2011-03-12 11:28 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-27 09:19 . 2010-05-19 14:50 2300696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-03-27 09:18 . 2010-05-19 14:50 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-03-27 09:18 . 2010-02-18 08:19 1220416 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-03-21 18:35 . 2010-09-04 11:41 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2011-03-21 18:35 . 2010-09-04 11:41 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2011-03-21 15:58 . 2010-02-05 14:52 1220416 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-03-16 14:19 . 2011-02-19 21:36 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-01-21 14:05 . 2011-01-21 14:05 53248 ----a-w- c:\windows\system32\unrar.dll
2011-01-10 13:23 . 2011-02-19 21:36 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-01-07 14:55 . 2011-01-07 14:55 40800 ----a-w- c:\windows\system32\drivers\point32.sys
2011-01-06 18:37 . 2011-01-06 18:37 44416 ----a-w- c:\windows\system32\drivers\dc3d.sys
2011-01-06 18:37 . 2011-01-06 18:37 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2011-01-06 16:31 . 2010-11-08 16:34 103424 ----a-w- c:\windows\system32\PowerUp3_nat.dll
2011-03-18 17:56 . 2011-03-27 11:08 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 1797488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 14:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2009-08-04 15:17 7703072 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R0 sptd;sptd; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-21 135664]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-11-12 66664]
S1 LWMouCon;LWMouCon; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 acedrv09;acedrv09;c:\windows\system32\drivers\acedrv09.sys [2007-06-18 373568]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2009-01-19 277544]
S2 acehlp09;acehlp09;c:\windows\system32\drivers\acehlp09.sys [2007-05-30 201696]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-01-06 44416]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 603240]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-21 15:01]
.
2011-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-21 15:01]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\Kobi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Kobi\AppData\Roaming\Mozilla\Firefox\Profiles\vtkrlqy8.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OOSE05.00.00.01PRO"="8092E1CB116445857736E8BAA23EF748B32F55DEBC17BF3589968D5DDD320A42505133009E53DB7AA6B886FE60B95BCF07E62358C82430FBAD0605320D76B968462F64D38ED709B47D6158AEC975B53E4603576E10CA7CC50B73F9A6967C309499AC16834FC0F9C26DF9A414195C6B04C0B37D9E3CAC5C056F99DC8831BF1C58332E3FCC460375F79E2D867F027BF754F70F75E96B0E9F6E5B17F2AA89DD4389AFF8A9F149B5D1EBEA8D6D4429026626268D7153AE59A8FA83ED53E0BCFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98089DB7CE019D40AA5C5D575E7D6A3B9808C038D530D6EB34520FB35DAA78F93578F9E42D7C009F167EC01BA6F14F9DE29CB535455936DAED6A70433C6B94A299D461695331A435C766648E58B7E89B49E76FE197971352E44CCBA272448DBF70EBE14A77B48C7F779091F311D62E7970D51E2648D3B2CA7FCE295912A237FB57083BE1A8F20F8D9255E11A82D7224DB5E8546549D4E0FE2E40B47FEBAC4758ECE7D49FBE8CEC44897F94E3A3782BFEFC194B19D1944EFE63E840431BB9D42856BC38045057C6DCD24C8DC9AE2B954F2CD25ECC5CC20FAB967F4064F9D25F143DAC12273CD9A4646770D2D4219390CD2E770CA029411CBD4433CDBA28B9C6174E5236B123D16F3AC59290273E0D2F60F0D9FA49BB27D0BEEB2226AC0CE15280393B19E2E930F695EECC14718A25E942E841718FD9BDEE8C90E32939CC71AAF433E8D50C3B18EC7CE830507B519C1A008B6B5B4E8F849ADBBA81DC7155455CEB74D1291502E2E7CD3D3EDC2221E880FA5386C877AC2FDA3275F66A79D7EB5931BAE075F6F01CE139F9EEF5D34B33C1E9BEB86D8DC2221D6C50B49C0DC6AAF5E4C5F2C0BFFB863843B02B7713E45A62565297A12AA978B236DE2066F65BF66DF95A5BB513DD943046F554E5F74BEE509E91B062797C804E93B9145C9912FCDD3940DDA0A691706FEC65BD69AD193659F38A05CCBA1B3D895C7B5BB66AA91CC5BDC536F3435A757EB91AAB4BF3B32B32DAC98626C32765E03BC537537126E80C773B93C64A3CB34C01385BF91CBDF97130611ED77B8964B22DB85E32CD51A97AAAF395D0AA01F02C6BE4FB8990A404911FE9A7EA5FEB564606FE77F8AF375B3D6D4A5371ECB52555F448AE31C915DEF32A7DF3127EBE8F426D43A2EE5C26ABE72D9AD52BA92BFCDFEF908CCA5880D5DA27B9C41F7EB316B3DCB4ED03AD34FE6D2AC41C239176D84B00EF1FD4DF1F646E3F42D50B9543258A2308DFC590B96E29F6AC19A164F04D7A9E1DE6F395E8BDB8723DCFF192A82A9BE4F4F0EA06D042D67A3D3297FA3823B2174F55ED489C46AA8FD5D413D3E1C79E96B50FCC235A7C99F2E1BF15BC2C56208C46522ED3BD"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-04-05 14:40:41
ComboFix-quarantined-files.txt 2011-04-05 12:40
.
Vor Suchlauf: 5 Verzeichnis(se), 354.070.548.480 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 353.977.888.768 Bytes frei
.
- - End Of File - - D4C6205268B268F2A243CB685EBC04E1
|
|
05.04.2011, 17:28
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google verlinkt mich falsch Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Driver::
LWMouCon
Seccenter::
AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.04.2011, 20:30
| #13 |
| | Google verlinkt mich falsch hier ist das logfile und danke für die schnellen antworten Combofix Logfile: Code:
ATTFilter ComboFix 11-04-04.04 - Kobi 05.04.2011 19:56:04.2.4 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3063.1675 [GMT 2:00]
ausgeführt von:: c:\users\Kobi\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Kobi\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_LWMOUCON
-------\Service_LWMouCon
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-03-05 bis 2011-04-05 ))))))))))))))))))))))))))))))
.
.
2011-04-05 18:09 . 2011-04-05 18:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-05 14:31 . 2011-02-19 05:33 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-04-05 14:31 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-04-05 14:31 . 2011-02-19 05:32 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-04-05 14:22 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CFBEAE47-C6C7-4B33-B0ED-63FBA7C0F493}\mpengine.dll
2011-04-05 12:24 . 2011-04-05 12:24 -------- d-----w- c:\program files\CCleaner
2011-04-01 14:50 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-01 14:50 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-28 17:37 . 2011-03-28 17:37 -------- d-----w- c:\program files\ERUNT
2011-03-26 22:42 . 2011-03-26 22:42 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-03-26 22:32 . 2011-03-27 05:31 -------- d-----w- c:\programdata\Lavasoft
2011-03-26 22:32 . 2011-03-26 22:32 -------- d-----w- c:\program files\Lavasoft
2011-03-25 18:03 . 2011-03-25 18:47 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-03-25 18:03 . 2011-03-25 18:47 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-25 17:54 . 2011-04-01 14:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-25 16:40 . 2011-03-25 16:40 -------- d-----w- c:\program files\EA Sports
2011-03-22 17:09 . 2010-04-09 07:24 240008 ----a-w- c:\windows\system32\drivers\netio.sys
2011-03-21 19:26 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2011-03-21 19:22 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2011-03-21 19:21 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2011-03-21 19:21 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-03-21 12:45 . 2009-09-03 07:04 1320960 ----a-w- c:\windows\system32\CertEnroll.dll
2011-03-20 16:11 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-03-20 16:11 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-03-20 16:11 . 2011-03-20 16:11 -------- d-----w- c:\program files\iPod
2011-03-20 16:11 . 2011-03-20 16:11 -------- d-----w- c:\program files\Apple Software Update
2011-03-20 16:09 . 2011-03-20 16:09 -------- d-----w- c:\programdata\Malwarebytes
2011-03-20 13:21 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll
2011-03-20 13:21 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2011-03-20 13:19 . 2009-11-25 11:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-03-20 13:19 . 2009-11-25 11:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-03-20 13:19 . 2009-11-25 11:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-03-20 13:19 . 2009-11-25 11:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-03-20 13:19 . 2009-11-25 11:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-03-20 13:16 . 2011-04-05 18:14 -------- d-----w- c:\windows\system32\wbem\Performance
2011-03-20 12:56 . 2011-03-20 12:56 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-03-20 12:33 . 2011-03-30 13:03 -------- d-----w- c:\users\Kobi
2011-03-20 12:32 . 2011-03-20 12:32 -------- d-----w- c:\windows\system32\RTCOM
2011-03-20 12:32 . 2011-03-20 12:32 -------- d-----w- c:\program files\Realtek
2011-03-20 12:32 . 2011-03-20 12:32 -------- d-----w- c:\programdata\NVIDIA
2011-03-20 12:32 . 2011-04-01 14:37 -------- d-sh--w- c:\windows\Installer
2011-03-20 12:32 . 2011-03-20 12:39 -------- d-----w- c:\program files\NVIDIA Corporation
2011-03-20 12:28 . 2011-03-20 13:17 -------- d-----w- c:\windows\Panther
2011-03-20 12:09 . 2011-03-20 13:02 -------- d-----w- C:\$WINDOWS.~Q
2011-03-20 12:03 . 2011-03-20 12:06 -------- d-----w- C:\$INPLACE.~TR
2011-03-19 19:51 . 2011-03-19 19:51 155648 --sha-r- c:\windows\system32\wavemspb.dll
2011-03-19 19:30 . 2011-04-01 14:46 -------- d-----w- c:\programdata\Norton
2011-03-14 17:20 . 2011-03-20 12:35 -------- d-----w- c:\program files\AnvSoft
2011-03-12 12:48 . 2011-03-20 12:42 -------- d-----w- c:\programdata\Bluefish Media
2011-03-12 12:48 . 2011-03-12 13:49 -------- d-----w- c:\program files\Bluefish Games
2011-03-12 11:28 . 2011-03-12 11:28 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-03-12 11:28 . 2011-03-12 11:28 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-27 09:19 . 2010-05-19 14:50 2300696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-03-27 09:18 . 2010-05-19 14:50 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-03-27 09:18 . 2010-02-18 08:19 1220416 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-03-21 18:35 . 2010-09-04 11:41 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2011-03-21 18:35 . 2010-09-04 11:41 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2011-03-21 15:58 . 2010-02-05 14:52 1220416 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-03-16 14:19 . 2011-02-19 21:36 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-02-02 16:11 . 2009-11-16 10:03 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-21 14:05 . 2011-01-21 14:05 53248 ----a-w- c:\windows\system32\unrar.dll
2011-01-10 13:23 . 2011-02-19 21:36 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-01-07 14:55 . 2011-01-07 14:55 40800 ----a-w- c:\windows\system32\drivers\point32.sys
2011-01-06 18:37 . 2011-01-06 18:37 44416 ----a-w- c:\windows\system32\drivers\dc3d.sys
2011-01-06 18:37 . 2011-01-06 18:37 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2011-01-06 16:31 . 2010-11-08 16:34 103424 ----a-w- c:\windows\system32\PowerUp3_nat.dll
2011-03-18 17:56 . 2011-03-27 11:08 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 1797488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 14:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2009-08-04 15:17 7703072 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R0 sptd;sptd; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-21 135664]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-11-12 66664]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 acedrv09;acedrv09;c:\windows\system32\drivers\acedrv09.sys [2007-06-18 373568]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2009-01-19 277544]
S2 acehlp09;acehlp09;c:\windows\system32\drivers\acehlp09.sys [2007-05-30 201696]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-01-06 44416]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 603240]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-21 15:01]
.
2011-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-21 15:01]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\Kobi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Kobi\AppData\Roaming\Mozilla\Firefox\Profiles\vtkrlqy8.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OOSE05.00.00.01PRO"="8092E1CB116445857736E8BAA23EF748B32F55DEBC17BF3589968D5DDD320A42505133009E53DB7AA6B886FE60B95BCF07E62358C82430FBAD0605320D76B968462F64D38ED709B47D6158AEC975B53E4603576E10CA7CC50B73F9A6967C309499AC16834FC0F9C26DF9A414195C6B04C0B37D9E3CAC5C056F99DC8831BF1C58332E3FCC460375F79E2D867F027BF754F70F75E96B0E9F6E5B17F2AA89DD4389AFF8A9F149B5D1EBEA8D6D4429026626268D7153AE59A8FA83ED53E0BCFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98089DB7CE019D40AA5C5D575E7D6A3B9808C038D530D6EB34520FB35DAA78F93578F9E42D7C009F167EC01BA6F14F9DE29CB535455936DAED6A70433C6B94A299D461695331A435C766648E58B7E89B49E76FE197971352E44CCBA272448DBF70EBE14A77B48C7F779091F311D62E7970D51E2648D3B2CA7FCE295912A237FB57083BE1A8F20F8D9255E11A82D7224DB5E8546549D4E0FE2E40B47FEBAC4758ECE7D49FBE8CEC44897F94E3A3782BFEFC194B19D1944EFE63E840431BB9D42856BC38045057C6DCD24C8DC9AE2B954F2CD25ECC5CC20FAB967F4064F9D25F143DAC12273CD9A4646770D2D4219390CD2E770CA029411CBD4433CDBA28B9C6174E5236B123D16F3AC59290273E0D2F60F0D9FA49BB27D0BEEB2226AC0CE15280393B19E2E930F695EECC14718A25E942E841718FD9BDEE8C90E32939CC71AAF433E8D50C3B18EC7CE830507B519C1A008B6B5B4E8F849ADBBA81DC7155455CEB74D1291502E2E7CD3D3EDC2221E880FA5386C877AC2FDA3275F66A79D7EB5931BAE075F6F01CE139F9EEF5D34B33C1E9BEB86D8DC2221D6C50B49C0DC6AAF5E4C5F2C0BFFB863843B02B7713E45A62565297A12AA978B236DE2066F65BF66DF95A5BB513DD943046F554E5F74BEE509E91B062797C804E93B9145C9912FCDD3940DDA0A691706FEC65BD69AD193659F38A05CCBA1B3D895C7B5BB66AA91CC5BDC536F3435A757EB91AAB4BF3B32B32DAC98626C32765E03BC537537126E80C773B93C64A3CB34C01385BF91CBDF97130611ED77B8964B22DB85E32CD51A97AAAF395D0AA01F02C6BE4FB8990A404911FE9A7EA5FEB564606FE77F8AF375B3D6D4A5371ECB52555F448AE31C915DEF32A7DF3127EBE8F426D43A2EE5C26ABE72D9AD52BA92BFCDFEF908CCA5880D5DA27B9C41F7EB316B3DCB4ED03AD34FE6D2AC41C239176D84B00EF1FD4DF1F646E3F42D50B9543258A2308DFC590B96E29F6AC19A164F04D7A9E1DE6F395E8BDB8723DCFF192A82A9BE4F4F0EA06D042D67A3D3297FA3823B2174F55ED489C46AA8FD5D413D3E1C79E96B50FCC235A7C99F2E1BF15BC2C56208C46522ED3BD"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\PSIService.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-04-05 21:25:32 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-04-05 19:25
ComboFix2.txt 2011-04-05 12:40
.
Vor Suchlauf: 17 Verzeichnis(se), 353.126.141.952 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 352.266.457.088 Bytes frei
.
- - End Of File - - 6AF1A2C50448B154AE842866DAB62A2F
|
|
06.04.2011, 08:08
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google verlinkt mich falsch Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.04.2011, 13:19
| #15 |
| | Google verlinkt mich falsch da ist nur ein tool von norman und ein anderes. also das von norman oder das andere  |
|
| Themen zu Google verlinkt mich falsch |
| andere, anhang, falsch, google, hijack, intrusion prevention, link, logfile, plug-in, seite, suche, verlinkt, wähle |
Linear-Darstellung
