Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
In Google werden andere Seiten geöffnet als angeklickt!

In Google werden andere Seiten geöffnet als angeklickt!


Log-Analyse und Auswertung: In Google werden andere Seiten geöffnet als angeklickt!

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Thema geschlossen
Alt 27.05.2011, 12:05   #1
hrvatffm
 
In Google werden andere Seiten geöffnet als angeklickt! - Standard

In Google werden andere Seiten geöffnet als angeklickt!


Hallo, habe ein nicht so unbekanntes Problem.
Bin durch Google auf dieses Board gestoßen und habe gesehen, dass ich nicht der einzige mit dem oben genannten Problem bin.
Mein Computer ist extrem langsam geworden und es werden in Google andere Seiten geöffnet als angeklickt. Außerdem hängt der Computer sich ab und zu auf, so dass es nur im abgesicherten Modus einigermaßen stabil läuft.
Anti Vir findet Viren, aber nachdem ich Sie in Quarantäne verschiebe, passiert nichts. Habe mir auch Norton runtergeladen, aber findet nichts.

MalbareBytes spuckt foldendes aus:

Zitat:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6691

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

27.05.2011 12:31:18
mbam-log-2011-05-27 (12-31-18).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 195760
Laufzeit: 6 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 10

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.1262804504 (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{003541A1-3BC0-1B1C-AAF3-040114001C01} (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SwUpdate (Trojan.Agent) -> Value: SwUpdate -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NvCplDaemonTool (Trojan.Agent.WIMP) -> Value: NvCplDaemonTool -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Agent) -> Bad: (C:\PROGRA~2\ppData\Local\Temp\MACROM~1\SWFUPD~1\swfupdate.dll) Good: () -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\program files\1262804504\ante1262804504l.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
c:\programdata\ppData\Local\Temp\macromedia\swfupdate\swfupdate.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Ante\AppData\Local\Temp\0.9817288530058716.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Ante\AppData\Local\Temp\jar_cache431359080628980544.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\Ante\AppData\Local\Temp\Rar$EX00.294\norton_2010_crack _complet.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
c:\Users\Ante\AppData\Roaming\dhxiuw.dat (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\Ante\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\scandisk.lnk (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\scandisk.lnk (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Ante\AppData\Roaming\Adobe\plugs\mmc230.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\hload42.dll (Trojan.Agent.WIMP) -> Quarantined and deleted successfully.
Danach hab ich das Programm noch einmal laufen lassen und es kam folgendes raus:

Zitat:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6691

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

27.05.2011 13:15:34
mbam-log-2011-05-27 (13-15-34).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 195809
Laufzeit: 5 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 8

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Windows\System32\config\systemprofile\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\scanudiskzc80.dll (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Windows\System32\hloads57.dll (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\hloads57.dll (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Local\Temp\0.2465704264087999.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Local\Temp\868D.tmp (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Local\Temp\jar_cache3575292722677540632.tmp (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Ante\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\scandisk.lnk (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\scandisk.lnk (Trojan.Downloader) -> Quarantined and deleted successfully.
Kann mit jemand sagen, wo ich OLT runterladen kann? Der Link im Board ist offline und in Google finde ich auch nichts gescheites, aber kann auch nicht richtig suchen, da ich Google momentan nicht richtig benutzen kann...


Hier der HijackThis Log

HiJackthis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:24:04, on 27.05.2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16766)
Boot mode: Safe mode with network support

Running processes:
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\windows\system32\NOTEPAD.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\windows\system32\config\systemprofile\Downloads\HiJackThis204.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.0.0.136\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\windows\system32\Macromed\Flash\FlashUtil10k_Plugin.exe -update plugin
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\windows\system32\Macromed\Flash\FlashUtil10k_Plugin.exe -update plugin (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\windows\system32\Macromed\Flash\FlashUtil10k_Plugin.exe -update plugin (User 'Default user')
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\17.0.0.136\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\windows\system32\nvvsvc.exe
O23 - Service: Oberon Media Game Console service (OberonGameConsoleService) - Unknown owner - C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe

--
End of file - 8718 bytes
--- --- ---
Geändert von hrvatffm (27.05.2011 um 12:25 Uhr)

Alt 27.05.2011, 18:17   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
In Google werden andere Seiten geöffnet als angeklickt! - Standard

In Google werden andere Seiten geöffnet als angeklickt!


Zitat:
Habe mir auch Norton runtergeladen, aber findet nichts.
Ja, von einer Super-Quelle!

Zitat:
c:\Users\Ante\AppData\Local\Temp\Rar$EX00.294\norton_2010_crack _complet.exe (Backdoor.Agent)
Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!
__________________

__________________
Alt 27.05.2011, 18:36   #3
hrvatffm
 
In Google werden andere Seiten geöffnet als angeklickt! - Standard

In Google werden andere Seiten geöffnet als angeklickt!


Ja, aber ich hatte den Virus schon vorher und habe mir deshalb Norton runtergeladen, was aber nichts gebracht hat...
Gerne bin ich dazu bereit Norton wieder zu deinstallieren und sämtliche Cracks zu löschen, falls es ein Problem darstellt!

OTL Log

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 5/27/2011 7:58:41 PM - Run 1
OTL by OldTimer - Version 3.2.23.0     Folder = C:\Windows\System32\config\systemprofile\Downloads
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.99 Gb Total Physical Memory | 2.51 Gb Available Physical Memory | 83.82% Memory free
5.99 Gb Paging File | 5.55 Gb Available in Paging File | 92.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 141.49 Gb Total Space | 34.06 Gb Free Space | 24.07% Space Free | Partition Type: NTFS
Drive D: | 141.50 Gb Total Space | 141.40 Gb Free Space | 99.93% Space Free | Partition Type: NTFS
 
Computer Name: ANTE-PC | User Name: Ante | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Windows\System32\config\systemprofile\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Windows\System32\config\systemprofile\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (NAV) -- C:\Program Files\Norton AntiVirus\Engine\17.0.0.136\ccSvcHst.exe (Symantec Corporation)
SRV - (OberonGameConsoleService) -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe ()
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (sptd) -- C:\windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (SPLITCAM) -- C:\Windows\System32\drivers\splitcam.sys (LoteSoft Co.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (SYMTDIv) -- C:\windows\system32\drivers\NAV\1100000.088\SYMTDIV.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\windows\system32\drivers\NAV\1100000.088\SYMEFA.SYS (Symantec Corporation)
DRV - (SymDS) -- C:\windows\system32\drivers\NAV\1100000.088\SYMDS.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\windows\system32\drivers\NAV\1100000.088\Ironx86.SYS (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20090828.002\IDSVix86.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20090829.001\BHDrvx86.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\windows\system32\drivers\NAV\1100000.088\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\windows\system32\drivers\NAV\1100000.088\SRTSPX.SYS (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20090829.019\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20090829.019\NAVENG.SYS (Symantec Corporation)
DRV - (ccHP) -- C:\windows\system32\drivers\NAV\1100000.088\ccHPx86.sys (Symantec Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (XPADFL02) -- C:\Windows\System32\drivers\xPADFL02.sys (Compuware Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?rd=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E4 CC 54 6E 57 1C CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.transfermarkt.de/"
FF - prefs.js..extensions.enabledItems: {ca0849e8-2c76-42ae-9abe-34e14d337acf}:1.91
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?FORM=IEFM1&q="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\IPSFFPlgn\ [2011/05/26 20:32:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/22 22:46:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/30 13:16:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/22 22:46:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/30 13:16:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/22 22:46:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/30 13:16:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/22 22:46:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/30 13:16:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/22 22:46:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/30 13:16:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/22 22:46:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/30 13:16:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/22 22:46:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/30 13:16:32 | 000,000,000 | ---D | M]
 
[2011/02/27 23:02:09 | 000,001,819 | ---- | M] () -- \Users\Ante\AppData\Roaming\Mozilla\Firefox\Profiles\gioj3fyp.default\searchplugins\bing.xml
[2011/05/24 11:44:30 | 000,000,950 | ---- | M] () -- \Users\Ante\AppData\Roaming\Mozilla\Firefox\Profiles\gioj3fyp.default\searchplugins\icqplugin-1.xml
[2010/10/28 21:41:06 | 000,000,950 | ---- | M] () -- \Users\Ante\AppData\Roaming\Mozilla\Firefox\Profiles\gioj3fyp.default\searchplugins\icqplugin-2.xml
[2010/12/10 23:53:06 | 000,000,950 | ---- | M] () -- \Users\Ante\AppData\Roaming\Mozilla\Firefox\Profiles\gioj3fyp.default\searchplugins\icqplugin-3.xml
[2011/03/07 18:35:25 | 000,000,950 | ---- | M] () -- \Users\Ante\AppData\Roaming\Mozilla\Firefox\Profiles\gioj3fyp.default\searchplugins\icqplugin-4.xml
[2011/03/24 10:17:19 | 000,000,950 | ---- | M] () -- \Users\Ante\AppData\Roaming\Mozilla\Firefox\Profiles\gioj3fyp.default\searchplugins\icqplugin-5.xml
[2011/04/30 13:16:52 | 000,000,950 | ---- | M] () -- \Users\Ante\AppData\Roaming\Mozilla\Firefox\Profiles\gioj3fyp.default\searchplugins\icqplugin-6.xml
[2010/10/11 16:07:10 | 000,000,168 | ---- | M] () -- \Users\Ante\AppData\Roaming\Mozilla\Firefox\Profiles\gioj3fyp.default\searchplugins\icqplugin.gif
[2010/10/11 16:07:10 | 000,000,618 | ---- | M] () -- \Users\Ante\AppData\Roaming\Mozilla\Firefox\Profiles\gioj3fyp.default\searchplugins\icqplugin.src
[2010/10/19 01:20:13 | 000,001,056 | ---- | M] () -- \Users\Ante\AppData\Roaming\Mozilla\Firefox\Profiles\gioj3fyp.default\searchplugins\icqplugin.xml
[2011/05/26 23:21:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2010/06/19 20:15:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/11 16:07:10 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\USERS\ANTE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GIOJ3FYP.DEFAULT\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07}
[2010/02/21 22:36:22 | 000,000,000 | ---D | M] ("BabelFish") -- C:\USERS\ANTE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GIOJ3FYP.DEFAULT\EXTENSIONS\{CA0849E8-2C76-42AE-9ABE-34E14D337ACF}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/07/12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011/03/07 18:35:07 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/03/07 18:35:07 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/03/07 18:35:07 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/03/07 18:35:07 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/03/07 18:35:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011/05/26 20:52:42 | 000,001,162 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 	mynortonaccount.conxion.com
O1 - Hosts: 127.0.0.1 	lcsitemain.conxion.com
O1 - Hosts: 127.0.0.1 	lc1alt.symantec.com
O1 - Hosts: 127.0.0.1 	lcsitemain.symantec.com
O1 - Hosts: 127.0.0.1 	subsync.symantec.com
O1 - Hosts: 127.0.0.1 	webact.symantec.com
O1 - Hosts: 127.0.0.1 	www-secure.symantec.com
O1 - Hosts: 127.0.0.1 	www.mynortonaccount.com
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.0.0.136\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\windows\System32\Macromed\Flash\FlashUtil10k_Plugin.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found
O13 - gopher Prefix: missing
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/05/27 15:58:42 | 000,000,000 | -HSD | C] -- C:\windows\System32\%APPDATA%
[2011/05/27 12:24:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2011/05/27 12:24:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/27 12:24:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/27 12:24:16 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2011/05/27 12:24:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/26 23:34:56 | 000,000,000 | ---D | C] -- C:\windows\System32\%LocalAppData%
[2011/05/26 20:52:45 | 000,000,000 | ---D | C] -- C:\Program Files\1262804504
[2011/05/26 20:33:42 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2011/05/26 20:32:04 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\SYMEVENT.SYS
[2011/05/26 20:32:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/05/26 20:32:03 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/05/26 20:31:51 | 000,338,480 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NAV\1100000.088\symtdiv.sys
[2011/05/26 20:31:51 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NAV\1100000.088\SymDS.sys
[2011/05/26 20:31:51 | 000,169,008 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NAV\1100000.088\SymEFA.sys
[2011/05/26 20:31:50 | 000,325,168 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NAV\1100000.088\srtsp.sys
[2011/05/26 20:31:50 | 000,043,696 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NAV\1100000.088\srtspx.sys
[2011/05/26 20:31:49 | 000,114,736 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NAV\1100000.088\Ironx86.sys
[2011/05/26 20:31:44 | 000,501,888 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NAV\1100000.088\ccHPx86.sys
[2011/05/26 20:31:22 | 000,000,000 | ---D | C] -- C:\windows\System32\drivers\NAV
[2011/05/26 20:31:22 | 000,000,000 | ---D | C] -- C:\windows\System32\drivers\NAV\1100000.088
[2011/05/26 20:31:19 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus
[2011/05/26 20:31:19 | 000,000,000 | ---D | C] -- C:\Program Files\Norton AntiVirus
[2011/05/26 20:30:46 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/05/26 10:34:06 | 000,000,000 | ---D | C] -- C:\ProgramData\ppData
[2011/05/24 11:39:02 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\poqexec.exe
[2011/05/11 15:21:05 | 003,957,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
[2011/05/11 15:21:05 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
 
========== Files - Modified Within 30 Days ==========
 
[2011/05/27 19:31:52 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/05/27 19:31:21 | 2411,679,744 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/27 12:36:04 | 000,000,640 | ---- | M] () -- C:\scandisk.lnk
[2011/05/27 12:33:32 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/27 12:31:44 | 000,054,016 | ---- | M] () -- C:\windows\System32\drivers\msfmy.sys
[2011/05/27 12:24:19 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/26 22:46:04 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/26 22:46:04 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/26 21:22:00 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/26 21:00:17 | 001,128,094 | ---- | M] () -- C:\windows\System32\drivers\NAV\1100000.088\Cat.DB
[2011/05/26 20:52:42 | 000,001,162 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts
[2011/05/26 20:33:35 | 317,468,266 | ---- | M] () -- C:\windows\MEMORY.DMP
[2011/05/26 20:32:03 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\windows\System32\drivers\SYMEVENT.SYS
[2011/05/26 20:32:03 | 000,007,443 | ---- | M] () -- C:\windows\System32\drivers\SYMEVENT.CAT
[2011/05/26 20:32:03 | 000,000,805 | ---- | M] () -- C:\windows\System32\drivers\SYMEVENT.INF
[2011/05/26 20:32:00 | 000,002,402 | ---- | M] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
 
========== Files Created - No Company Name ==========
 
[2011/05/27 12:31:44 | 000,054,016 | ---- | C] () -- C:\windows\System32\drivers\msfmy.sys
[2011/05/27 12:24:19 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/26 22:46:53 | 000,000,640 | ---- | C] () -- C:\scandisk.lnk
[2011/05/26 22:46:53 | 000,000,640 | ---- | C] () -- \scandisk.lnk
[2011/05/26 20:33:35 | 317,468,266 | ---- | C] () -- C:\windows\MEMORY.DMP
[2011/05/26 20:32:06 | 001,128,094 | ---- | C] () -- C:\windows\System32\drivers\NAV\1100000.088\Cat.DB
[2011/05/26 20:32:04 | 000,007,443 | ---- | C] () -- C:\windows\System32\drivers\SYMEVENT.CAT
[2011/05/26 20:32:04 | 000,000,805 | ---- | C] () -- C:\windows\System32\drivers\SYMEVENT.INF
[2011/05/26 20:32:00 | 000,002,402 | ---- | C] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2011/05/26 20:31:30 | 000,003,375 | R--- | C] () -- C:\windows\System32\drivers\NAV\1100000.088\SymEFA.inf
[2011/05/26 20:31:30 | 000,002,793 | R--- | C] () -- C:\windows\System32\drivers\NAV\1100000.088\SymDS.inf
[2011/05/26 20:31:30 | 000,001,756 | R--- | C] () -- C:\windows\System32\drivers\NAV\1100000.088\ccHPx86.inf
[2011/05/26 20:31:30 | 000,001,475 | R--- | C] () -- C:\windows\System32\drivers\NAV\1100000.088\SymNetV.inf
[2011/05/26 20:31:30 | 000,001,447 | R--- | C] () -- C:\windows\System32\drivers\NAV\1100000.088\SymNet.inf
[2011/05/26 20:31:30 | 000,001,389 | R--- | C] () -- C:\windows\System32\drivers\NAV\1100000.088\srtspx.inf
[2011/05/26 20:31:30 | 000,001,383 | R--- | C] () -- C:\windows\System32\drivers\NAV\1100000.088\srtsp.inf
[2011/05/26 20:31:30 | 000,000,743 | R--- | C] () -- C:\windows\System32\drivers\NAV\1100000.088\Iron.inf
[2011/05/26 20:31:22 | 000,007,787 | R--- | C] () -- C:\windows\System32\drivers\NAV\1100000.088\symnetv.cat
[2011/05/26 20:31:22 | 000,007,438 | R--- | C] () -- C:\windows\System32\drivers\NAV\1100000.088\srtsp.cat
[2011/05/26 20:31:22 | 000,007,431 | R--- | C] () -- C:\windows\System32\drivers\NAV\1100000.088\SymEFA.cat
[2011/05/26 20:31:22 | 000,007,429 | R--- | C] () -- C:\windows\System32\drivers\NAV\1100000.088\srtspx.cat
[2011/05/26 20:31:22 | 000,007,425 | R--- | C] () -- C:\windows\System32\drivers\NAV\1100000.088\SymDS.cat
[2011/05/26 20:31:22 | 000,007,424 | R--- | C] () -- C:\windows\System32\drivers\NAV\1100000.088\iron.cat
[2011/05/26 20:31:22 | 000,007,396 | R--- | C] () -- C:\windows\System32\drivers\NAV\1100000.088\cchpx86.cat
[2011/05/26 20:31:22 | 000,007,355 | R--- | C] () -- C:\windows\System32\drivers\NAV\1100000.088\SymNet.cat
[2011/05/26 20:31:22 | 000,000,172 | ---- | C] () -- C:\windows\System32\drivers\NAV\1100000.088\isolate.ini
[2010/12/15 22:16:20 | 000,034,308 | ---- | C] () -- C:\windows\System32\BASSMOD.dll
[2010/07/05 20:28:11 | 000,000,612 | ---- | C] () -- C:\windows\eReg.dat
[2010/06/17 22:43:33 | 000,000,032 | --S- | C] () -- C:\windows\System32\1714199777.dat
[2010/03/11 18:01:52 | 000,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2010/03/07 02:34:53 | 001,970,176 | ---- | C] () -- C:\windows\System32\d3dx9.dll
[2010/02/10 17:17:14 | 000,593,920 | -HS- | C] () -- \scanwdiskyn08.dll
[2010/02/10 17:17:14 | 000,056,880 | ---- | C] () -- C:\windows\System32\scvideo.dll
[2010/01/14 02:46:50 | 000,000,182 | ---- | C] () -- C:\windows\System32\EBPPORT.DAT
[2010/01/06 21:20:17 | 000,000,002 | ---- | C] () -- C:\windows\HotFixList.ini
[2010/01/06 21:04:09 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2009/09/23 19:57:29 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS
[2009/09/23 19:57:29 | 000,000,000 | RHS- | C] () -- \IO.SYS
[2009/09/23 00:05:23 | 000,714,646 | ---- | C] () -- C:\windows\System32\perfh007.dat
[2009/09/23 00:05:23 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat
[2009/09/23 00:05:23 | 000,154,542 | ---- | C] () -- C:\windows\System32\perfc007.dat
[2009/09/23 00:05:23 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat
[2009/09/22 23:14:01 | 3215,577,088 | -HS- | C] () -- 
[2009/09/22 23:14:01 | 2411,679,744 | -HS- | C] () -- 
[2009/09/22 07:45:54 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 06:33:53 | 000,415,184 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 04:05:48 | 000,665,620 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 04:05:48 | 000,124,754 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 04:04:04 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2009/07/14 04:04:04 | 000,000,010 | ---- | C] () -- \config.sys
[2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/07/14 00:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2009/07/14 00:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2009/07/14 00:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin
[2009/07/14 00:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:E1F04E8D

< End of report >
--- --- ---


und


OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 5/27/2011 7:58:41 PM - Run 1
OTL by OldTimer - Version 3.2.23.0     Folder = C:\Windows\System32\config\systemprofile\Downloads
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.99 Gb Total Physical Memory | 2.51 Gb Available Physical Memory | 83.82% Memory free
5.99 Gb Paging File | 5.55 Gb Available in Paging File | 92.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 141.49 Gb Total Space | 34.06 Gb Free Space | 24.07% Space Free | Partition Type: NTFS
Drive D: | 141.50 Gb Total Space | 141.40 Gb Free Space | 99.93% Space Free | Partition Type: NTFS
 
Computer Name: ANTE-PC | User Name: Ante | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00718491-55BF-46C6-83EF-4B3B95AC807A}" = SplitCam
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1148E85C-E1AF-48E0-A29C-68DACE07E054}" = Pro Evolution Soccer 2011
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{20E1786B-1B87-43F7-B696-5221B332A365}" = FBP - Facebook Blaster Pro
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25DE52ED-9E51-4C50-AE16-E258836ADF83}" = HP Deskjet 2050 J510 series - Grundlegende Software für das Gerät
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 20
"{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{4D2121FE-5CCC-4D47-B3A0-BF56045A5099}" = Samsung Support Center
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{63eafc52-b963-4297-a7eb-d412944e7065}_is1" = Game Pack
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series Hilfe
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}" = Go-Go Gourmet
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115246907}" = Elf Bowling Hawaiian Vacation
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7581D39-EA20-4883-A480-80C21047052B}" = Easy Network Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA703982C580418795BF4001AA9D7061}" = DivX Plus Media Foundation Components
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F9835182-794B-4F24-902A-E2CA9D43380F}" = NVIDIA PhysX
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"Cheat Engine 5.6_is1" = Cheat Engine 5.6
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"FileZilla Client" = FileZilla Client 3.2.7.1
"GameSaike SixaxisDriver_is1" = SixaxisDriver 0.91
"HyperCam 2" = HyperCam 2
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"IsoBuster_is1" = IsoBuster 2.7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"NAV" = Norton AntiVirus
"NVIDIA Drivers" = NVIDIA Drivers
"SMAC 2.0" = SMAC 2.0
"StuffPlug3" = StuffPlug 3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.0.3
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.2.9
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 4/8/2011 9:24:14 AM | Computer Name = Ante-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1794839
 
Error - 4/8/2011 4:08:24 PM | Computer Name = Ante-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 4/8/2011 4:08:24 PM | Computer Name = Ante-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1482
 
Error - 4/8/2011 4:08:24 PM | Computer Name = Ante-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1482
 
Error - 4/8/2011 4:08:25 PM | Computer Name = Ante-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 4/8/2011 4:08:25 PM | Computer Name = Ante-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2543
 
Error - 4/8/2011 4:08:25 PM | Computer Name = Ante-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2543
 
Error - 4/8/2011 5:10:36 PM | Computer Name = Ante-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 4/8/2011 5:10:36 PM | Computer Name = Ante-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3732901
 
Error - 4/8/2011 5:10:36 PM | Computer Name = Ante-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3732901
 
[ Media Center Events ]
Error - 9/20/2010 7:40:34 AM | Computer Name = Ante-PC | Source = MCUpdate | ID = 0
Description = 13:40:34 - Fehler beim Herstellen der Internetverbindung.  13:40:34 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 10/1/2010 2:30:02 PM | Computer Name = Ante-PC | Source = MCUpdate | ID = 0
Description = 20:30:01 - Fehler beim Herstellen der Internetverbindung.  20:30:01 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 10/1/2010 2:30:33 PM | Computer Name = Ante-PC | Source = MCUpdate | ID = 0
Description = 20:30:31 - Fehler beim Herstellen der Internetverbindung.  20:30:31 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 2/4/2011 11:04:18 AM | Computer Name = Ante-PC | Source = MCUpdate | ID = 0
Description = 16:04:15 - Broadband konnte nicht abgerufen werden (Fehler: Timeout
 für Vorgang überschritten)  
 
Error - 2/10/2011 11:43:47 AM | Computer Name = Ante-PC | Source = MCUpdate | ID = 0
Description = 16:43:43 - Broadband konnte nicht abgerufen werden (Fehler: Die Verbindung
 mit dem Remoteserver kann nicht hergestellt werden.)  
 
Error - 3/23/2011 4:34:12 AM | Computer Name = Ante-PC | Source = MCUpdate | ID = 0
Description = 09:34:12 - Fehler beim Herstellen der Internetverbindung.  09:34:12 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 3/23/2011 4:34:48 AM | Computer Name = Ante-PC | Source = MCUpdate | ID = 0
Description = 09:34:42 - Fehler beim Herstellen der Internetverbindung.  09:34:42 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ OSession Events ]
Error - 1/13/2010 9:13:55 PM | Computer Name = Ante-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2014
 seconds with 780 seconds of active time.  This session ended with a crash.
 
Error - 10/22/2010 6:26:18 AM | Computer Name = Ante-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 49
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 5/27/2011 6:48:44 AM | Computer Name = Ante-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 5/27/2011 1:31:10 PM | Computer Name = Ante-PC | Source = sptd | ID = 262148
Description = Der Treiber hat einen internen Fehler in seinen Datenstrukturen für
  festgestellt.
 
Error - 5/27/2011 1:31:54 PM | Computer Name = Ante-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?27.?05.?2011 um 18:33:06 unerwartet heruntergefahren.
 
Error - 5/27/2011 1:32:05 PM | Computer Name = Ante-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "BHDrvx86" ist vom Dienst "Symantec Hash Provider" abhängig,
 der aufgrund folgenden Fehlers nicht gestartet wurde:   %%31
 
Error - 5/27/2011 1:32:08 PM | Computer Name = Ante-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   avipbb  ccHP  discache  eeCtrl  IDSVix86  SABI  spldr  sptd  SRTSPX  ssmdrv  SymIRON  SYMTDIv  Wanarpv6
 
Error - 5/27/2011 1:32:13 PM | Computer Name = Ante-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 5/27/2011 1:32:21 PM | Computer Name = Ante-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 5/27/2011 1:32:24 PM | Computer Name = Ante-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 5/27/2011 1:32:25 PM | Computer Name = Ante-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 5/27/2011 1:32:27 PM | Computer Name = Ante-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >
--- --- ---
__________________
Geändert von hrvatffm (27.05.2011 um 19:12 Uhr)

Alt 27.05.2011, 19:33   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
In Google werden andere Seiten geöffnet als angeklickt! - Standard

In Google werden andere Seiten geöffnet als angeklickt!


Zitat:
deshalb Norton runtergeladen, was aber nichts gebracht hat...
Das ist kein Grund auf illegale Software zurückzugreifen. Ist eh schon ziemlich absurd sich mit einer gecrackten Version Sicherheit zu versprechen. Diese Programme aus dubiosen Crackquellen können auf alle mögliche Art und Weise manipuliert sein.

Es bleibt bei Neuinstallation des Betriebssystems.

__________________
Logfiles bitte immer in CODE-Tags posten

Thema geschlossen

Themen zu In Google werden andere Seiten geöffnet als angeklickt!
adobe, anti-malware, appdata, avgnt, backdoor.agent, bingbar, computer, dateien, explorer, google, heuristics.shuriken, hkus\s-1-5-18, hängt, intrusion prevention, jar_cache, langsam, link, malwarebytes, microsoft, plug-in, roaming, seite, seiten, seiten geöffnet, services, software, start, start menu, suche, system, system32, tan, temp, trojan.agent, trojan.agent.wimp, viren


« pc läuft langsam... | Festplatte angeblich leer »


Ähnliche Themen: In Google werden andere Seiten geöffnet als angeklickt!


  1. Dateien werden gelöscht anstatt geöffnet und andere Probleme
    Plagegeister aller Art und deren Bekämpfung - 02.08.2013 (3)
  2. Google Redirect ? Suchergebnisse werden auf andere Seiten umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 23.03.2013 (7)
  3. Falsche seiten werden geöffnet
    Plagegeister aller Art und deren Bekämpfung - 15.12.2012 (67)
  4. google öffnet andere seiten
    Plagegeister aller Art und deren Bekämpfung - 24.09.2012 (7)
  5. Google.de nicht erreichbar - andere Seiten sehr langsam - andere normal DNS-Provider Problem oder Trojaner?
    Log-Analyse und Auswertung - 05.09.2012 (2)
  6. firefox öffnet sich selbst und irgendwelche seiten, links in google werden fehlerhaft geöffnet
    Plagegeister aller Art und deren Bekämpfung - 10.11.2011 (6)
  7. Google leitet auf andere Seiten um
    Log-Analyse und Auswertung - 05.04.2011 (1)
  8. Anfänger: Google ergebnisse werden auf andere seiten umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 08.01.2011 (17)
  9. Google seiten werden auf verschiedene seiten umgeleitet oder nicht geladen
    Log-Analyse und Auswertung - 05.10.2010 (28)
  10. Google leitet auf andere Seiten um, Seiten wollen sich ungefragt öffnen. Gelöst(?) Sicher?
    Plagegeister aller Art und deren Bekämpfung - 26.07.2010 (8)
  11. Google öffnet andere Seiten als angeklickt
    Log-Analyse und Auswertung - 19.06.2010 (20)
  12. Google öffnet andere Seiten
    Log-Analyse und Auswertung - 02.02.2010 (94)
  13. Falsche Seiten werden beim IE8 geöffnet
    Log-Analyse und Auswertung - 14.06.2009 (1)
  14. Rechner fährt neu hoch, es werden andere Internetseiten geöffnet
    Log-Analyse und Auswertung - 12.03.2009 (0)
  15. Google arbeitet nicht mehr und ständig werden einfach Seiten geöffnet
    Log-Analyse und Auswertung - 01.12.2008 (1)
  16. Google verlinkt auf andere Seiten
    Log-Analyse und Auswertung - 01.10.2008 (4)
  17. Google, Studivz, Yahoo und andere Seiten werden nicht mehr geladen
    Log-Analyse und Auswertung - 16.07.2008 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema In Google werden andere Seiten geöffnet als angeklickt! - Hallo, habe ein nicht so unbekanntes Problem. Bin durch Google auf dieses Board gestoßen und habe gesehen, dass ich nicht der einzige mit dem oben genannten Problem bin. Mein Computer - In Google werden andere Seiten geöffnet als angeklickt!...
Archiv
Du betrachtest: In Google werden andere Seiten geöffnet als angeklickt! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55