"Goolge Suche" unter Vista/Mozilla Firefox verlinkt Falsch
 

óla Community.
Nun habe ich nach langem suchen doch ein Thema eröffnet. Bis jetzt ist es für mich hier noch etwas unübersichtlich.
Bitte weist mich darauf hin, wenn ich absolut Müll baue durch falsches Posten im falschen Unterforum!
/Edit: Sorry, aber ich bekomme leider weder durch löschen der [Url] noch durch den Button am obrigen Fenster der die URL auflößt die URL weg.

On Topic

Google unter Vista/Mozilla Firefox verlinkt Falsch. Derzeit 2 Seiten. Eine davon ist Ebay.

Nachdem ich mich über Google informiert hatte, was das Problem sei, habe ich mir vorgenommen hier um Rat zu beten. Denn:

"Das Problem soll eine IP. aus der Ukraine sein (Trojaner), welche immense Probleme bereiten kann, wenn man z.B. Homebanking tätigt etc."
Es wurde sogar manchem empfohlen, das System neu zu Installieren. Wobei ich davor etwas Panik habe, da ich viel Data auf dem Rechner habe, die mir sehr am Herzen liegt. Darunter viele Ausarbeitungen und Photographien.

Ich würde mich um Hilfe und eine Lösung des Problems sehr freuen!

Hier mal meine Hijack.log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:38:09, on 21.07.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\svchost.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Users\Solced\Desktop\MegaIEMn.dll (file missing)
O4 - HKLM\..\Run: [TPwrMain] REM %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SynTPStart] REM C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] REM C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [svchost] C:\Windows\svchost.exe
O4 - HKCU\..\Run: [Sidebar] REM C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [Speech Recognition] REM "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [msnmsgr] REM "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Nokia.PCSync] REM "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] REM "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Programme 2\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: a-squared Free Service a2freeAeLookupSvc (a2freeAeLookupSvc) - Unknown owner - C:\Windows\TEMP\qpimqqxtbn.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SecureDZone Helper Service (SecureDZoneService) - Softwareentwicklung Remus - C:\Program Files\ArchiCrypt\Shredder 4\SecureDZoneService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

--
End of file - 7342 bytes

Re:

Gerade lasse ich Antivir durchlaufen und habe mir STOPzilla herunter geladen, was parallel läuft.

Mit Antivir habe ich gerade diese Meldung bekommen:

Virus/Unerwünschtes Programm: C:\fixwareout\fundt\nircmd.exe
Enthält Erkennungsmuster der Anwendung APPL/NIRCDM.2

was hat das zu bedeuten?

/edit: Okay. Fixwareout scheint eine normale Anwendung zu sein.
Hoffe jmnd. ist so freundlich sich mir anzunehmen. Meine Amateurhafte Forscherei dauert ewig und bringt nichts :schmoll:

Okay.
STOPzilla ist nicht zu empfehlen, da man sich registrieren muss, was geld kostet, um die gefundene Bad-Data zu removen!

Jedoch zeigt STOPzilla nach Suchverlauf (der ewig dauert!) alle Bad-Data und dessen Pfad an. Wobei ich nicht weiß, ob ich diese manuell entfernen kann. Ich lasse gerade noch einmal davon ab, und habe Prevx 3.0 genutzt, was im gegensatz zu STOPzilla (42) nur 9 infizierte Dateien gefunden hat.
Außerdem will Pevx 3.0 auch eine Registration
Als nächstes lasse ich noch SPYBOT - Searc and Destroy durchlaufen. Hoffe es hilft! Werde berichten!



SPYBOT Search and Destroy ist freeware und sauber!
Habe es durchlaufen lassen. Dieses Programm hatte ein mittleres Ergebnis von 23 infizierten Data. welche gleich behoben werden können.
Außerdem erstellt Spybot nach Anfrage auf Wunsch eine Kopie der Registry, fals etwas fehl laufen sollte, wie z.B. das löschen falschter Data.

Ich hoffe mein Google-Prob. ist dadurch ggf. gelößt. Ich sende eine neue HijackThis.log und erhoffe mir trotz meiner eigenen bemühungen noch eine Rückmeldung von jmnd. der mehr bewandert ist als ich!




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:17:44, on 21.07.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Users\Solced\Desktop\MegaIEMn.dll (file missing)
O4 - HKLM\..\Run: [TPwrMain] REM %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SynTPStart] REM C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] REM C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [SpybotDeletingA4375] command.com /c del "C:\Program Files\Mozilla Firefox\components\iamfamous.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3095] cmd.exe /c del "C:\Program Files\Mozilla Firefox\components\iamfamous.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1040] command.com /c del "C:\Windows\System32\drivers\SKYNETrvxwttur.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1399] cmd.exe /c del "C:\Windows\System32\drivers\SKYNETrvxwttur.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5812] command.com /c del "C:\Windows\System32\SKYNETcipkxvfx.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3068] cmd.exe /c del "C:\Windows\System32\SKYNETcipkxvfx.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1885] command.com /c del "C:\Windows\System32\SKYNETxrdvipdm.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6062] cmd.exe /c del "C:\Windows\System32\SKYNETxrdvipdm.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2133] command.com /c del "C:\Windows\temp\SKYNETcoqqpdgmkj.tmp"
O4 - HKLM\..\RunOnce: [SpybotDeletingC27] cmd.exe /c del "C:\Windows\temp\SKYNETcoqqpdgmkj.tmp"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9528] command.com /c del "C:\Windows\System32\SKYNETjscxsqvj.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9573] cmd.exe /c del "C:\Windows\System32\SKYNETjscxsqvj.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6731] command.com /c del "C:\Windows\System32\SKYNETrqspmpii.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC94] cmd.exe /c del "C:\Windows\System32\SKYNETrqspmpii.dat"
O4 - HKCU\..\Run: [Sidebar] REM C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [Speech Recognition] REM "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [msnmsgr] REM "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Nokia.PCSync] REM "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] REM "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Programme 2\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB6153] command.com /c del "C:\Program Files\Mozilla Firefox\components\iamfamous.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD793] cmd.exe /c del "C:\Program Files\Mozilla Firefox\components\iamfamous.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8993] command.com /c del "C:\Windows\System32\drivers\SKYNETrvxwttur.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingD424] cmd.exe /c del "C:\Windows\System32\drivers\SKYNETrvxwttur.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8097] command.com /c del "C:\Windows\System32\SKYNETcipkxvfx.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1671] cmd.exe /c del "C:\Windows\System32\SKYNETcipkxvfx.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9959] command.com /c del "C:\Windows\System32\SKYNETxrdvipdm.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6074] cmd.exe /c del "C:\Windows\System32\SKYNETxrdvipdm.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8594] command.com /c del "C:\Windows\temp\SKYNETcoqqpdgmkj.tmp"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1399] cmd.exe /c del "C:\Windows\temp\SKYNETcoqqpdgmkj.tmp"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6468] command.com /c del "C:\Windows\System32\SKYNETjscxsqvj.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3411] cmd.exe /c del "C:\Windows\System32\SKYNETjscxsqvj.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9983] command.com /c del "C:\Windows\System32\SKYNETrqspmpii.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5483] cmd.exe /c del "C:\Windows\System32\SKYNETrqspmpii.dat"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service a2freeAeLookupSvc (a2freeAeLookupSvc) - Unknown owner - C:\Windows\TEMP\qpimqqxtbn.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SecureDZone Helper Service (SecureDZoneService) - Softwareentwicklung Remus - C:\Program Files\ArchiCrypt\Shredder 4\SecureDZoneService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

--
End of file - 9929 bytes

Ich führe hier über den Tag hin ein Thema ganz allein für mich ^^
Nunja.

Ich möchte sagen, das Spybot - Search and Destroy (bis jetzt) erfolgreich meinen Rechner von dem Google-link problem bereinigt hat.
Daher meine erste Empfehlung.
Natürlich muss ich das im Verlauf weiter hin beobachten, da vlt. nicht alles gefunden worde sein muss. Jedoch ist es jetzt schon mal besser.
Für Ratschläge und weiteren Tipps bin ich gerne offen!
Denn jetzt geht es daran herauszufinden, woher ich diese Trojaner bzw. Spyware hatte und wie ich mich dagegen besser schützen kann.

Hallo und :hallo:

Du hast da einen fiesen Rootkit und eines kann Spybot ganz sicher nicht: Ihn entfernen. :)

1.) Poste bitte beide Logs von RSIT => http://www.trojaner-board.de/74910-a...tion-tool.html

2.) http://www.trojaner-board.de/51187-a...i-malware.html

3.) http://www.trojaner-board.de/51871-a...tispyware.html (Punkt 1-3 der Anleitung)

ciao, andreas

RSIT.log (Teil 1)

Logfile of random's system information tool 1.06 (written by random/random)
Run by Solced at 2009-07-21 19:50:26
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 22 GB (19%) free of 113 GB
Total RAM: 2046 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:50:28, on 21.07.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Solced\Downloads\RSIT.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Solced\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Solced.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Users\Solced\Desktop\MegaIEMn.dll (file missing)
O4 - HKLM\..\Run: [TPwrMain] REM %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SynTPStart] REM C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] REM C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] REM C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [Speech Recognition] REM "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [msnmsgr] REM "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Nokia.PCSync] REM "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] REM "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Programme 2\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service a2freeAeLookupSvc (a2freeAeLookupSvc) - Unknown owner - C:\Windows\TEMP\qpimqqxtbn.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SecureDZone Helper Service (SecureDZoneService) - Softwareentwicklung Remus - C:\Program Files\ArchiCrypt\Shredder 4\SecureDZoneService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

--
End of file - 6932 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll [2007-12-14 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}]
IeMonitorBho Class - C:\Users\Solced\Desktop\MegaIEMn.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
SITEguard

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TPwrMain"=REM C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE []
"avgnt"=C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe [2008-05-23 262401]
"SynTPStart"=REM C:\Program Files\Synaptics\SynTP\SynTPStart.exe []
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-06-13 4489216]
"SynTPEnh"=REM C:\Program Files\Synaptics\SynTP\SynTPEnh.exe []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"MobileConnect"=C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [2008-03-13 2060288]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-11-13 86016]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-11-13 8497696]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-11-13 81920]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=REM C:\Program Files\Windows Sidebar\sidebar.exe /autoRun []
"TOSCDSPD"=TOSCDSPD.EXE []
"Speech Recognition"=REM C:\Windows\Speech\Common\sapisvr.exe -SpeechUX -Startup []
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe -scheduler []
"msnmsgr"=REM C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background []
"Nokia.PCSync"=REM C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe /NoDialog []
"PC Suite Tray"=REM C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe -onlytray []
"AlcoholAutomount"=D:\Programme 2\Alcohol 120\axcmd.exe /automount []
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-18 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2007-05-22 538744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArchiCrypt Aufgabenstarter]
REM []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArchiCrypt Secure D Zone]
REM []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArchiCrypt Shredder4]
REM []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
REM C:\Windows\ehome\ehTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]
C:\Program Files\TOSHIBA\TBS\HSON.exe [2006-12-07 55416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
REM C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe -scheduler []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeNotify]
REM C:\Program Files\TOSHIBA\Utilities\KeNotify.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]
NDSTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\Windows\system32\NvMcTray.dll [2007-11-13 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
C:\Windows\system32\nvsvc.dll [2007-11-13 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]
C:\Program Files\Protector Suite QL\launcher.exe [2006-12-03 49168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Windows\RtHDVCpl.exe [2007-06-13 4489216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2007-05-23 509496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVPWUTIL]
REM C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
REM C:\Program Files\Synaptics\SynTP\SynTPEnh.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]
REM C:\Program Files\Synaptics\SynTP\SynTPStart.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toscdspd]
TOSCDSPD.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-18 1008184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\Windows\system32\psqlpwd.dll [2006-12-03 90112]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
psqlpwd

RSIT.log (Teil 2)

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"undockwithoutlogon"=1
"DisableCAD"=1
"EnableUIADesktopToggle"=0
"ShutdownWithoutLogon"=1
"NoDispSettingsPage"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveTrack"=
"NoViewContextMenu"=
"NoFileAssociate"=
"NoFind"=
"NoRun"=
"NoClose"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{526aa56e-ceb2-11dd-9010-0013e84a5a5b}]
shell\AutoRun\command - E:\System\Security\DriveGuard.exe -run
shell\Explore\command - E:\System\Security\DriveGuard.exe -run
shell\Open\command - E:\System\Security\DriveGuard.exe -run

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53aa4179-081a-11de-9933-0013e84a5a5b}]
shell\AutoRun\command - E:\wd_windows_tools\WDSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5593cbb6-cfa7-11dd-a447-001b381acfc1}]
shell\AutoRun\command - E:\System\Security\DriveGuard.exe -run
shell\Explore\command - E:\System\Security\DriveGuard.exe -run
shell\Open\command - E:\System\Security\DriveGuard.exe -run

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6efa96f5-d106-11dd-aad6-001b381acfc1}]
shell\AutoRun\command - E:\System\Security\DriveGuard.exe -run
shell\Explore\command - E:\System\Security\DriveGuard.exe -run
shell\Open\command - E:\System\Security\DriveGuard.exe -run

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ba87a77-076f-11de-b65d-0013e84a5a5b}]
shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ba87a7c-076f-11de-b65d-0013e84a5a5b}]
shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8bddc0d9-3c63-11de-93b2-001b381acfc1}]
shell\AutoRun\command - E:\System\Security\DriveGuard.exe -run
shell\Explore\command - E:\System\Security\DriveGuard.exe -run
shell\Open\command - E:\System\Security\DriveGuard.exe -run


======File associations======

.txt - open -

======List of files/folders created in the last 1 months======

2009-07-21 19:48:21 ----D---- C:\rsit
2009-07-21 16:51:15 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-07-21 16:51:15 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-07-21 16:49:12 ----D---- C:\Program Files\Prevx
2009-07-21 16:49:09 ----D---- C:\ProgramData\PrevxCSI
2009-07-21 16:49:08 ----A---- C:\Windows\wininit.ini
2009-07-21 15:17:03 ----D---- C:\ProgramData\SITEguard
2009-07-21 15:16:34 ----D---- C:\ProgramData\STOPzilla!
2009-07-21 15:16:34 ----D---- C:\Program Files\Common Files\iS3
2009-07-11 19:01:07 ----A---- C:\Windows\system32\mshtml.dll
2009-07-11 19:01:05 ----A---- C:\Windows\system32\ieframe.dll
2009-07-11 19:01:04 ----A---- C:\Windows\system32\wininet.dll
2009-07-11 19:01:04 ----A---- C:\Windows\system32\urlmon.dll
2009-07-11 19:01:04 ----A---- C:\Windows\system32\iertutil.dll
2009-07-11 19:01:03 ----A---- C:\Windows\system32\occache.dll
2009-07-11 19:01:03 ----A---- C:\Windows\system32\mstime.dll
2009-07-11 19:01:03 ----A---- C:\Windows\system32\msfeeds.dll
2009-07-11 19:01:03 ----A---- C:\Windows\system32\ieUnatt.exe
2009-07-11 19:01:03 ----A---- C:\Windows\system32\ieencode.dll
2009-07-11 19:01:03 ----A---- C:\Windows\system32\iedkcs32.dll
2009-07-11 19:01:03 ----A---- C:\Windows\system32\ieaksie.dll
2009-07-11 19:01:02 ----A---- C:\Windows\system32\jsproxy.dll
2009-07-11 18:56:58 ----A---- C:\Windows\system32\rpcrt4.dll
2009-07-11 16:16:00 ----D---- C:\ProgramData\TrackMania
2009-06-27 14:13:53 ----D---- C:\Program Files\Sierra On-Line
2009-06-27 14:09:51 ----D---- C:\Sierra
2009-06-26 16:50:22 ----D---- C:\Program Files\Valve

======List of files/folders modified in the last 1 months======

2009-07-21 19:42:09 ----D---- C:\Program Files\Mozilla Firefox
2009-07-21 19:21:00 ----A---- C:\Windows\ntbtlog.txt
2009-07-21 18:49:08 ----D---- C:\Windows\Temp
2009-07-21 18:49:01 ----D---- C:\Windows\System32
2009-07-21 18:47:37 ----D---- C:\Windows\registration
2009-07-21 17:14:24 ----D---- C:\RECYCLER
2009-07-21 16:56:17 ----SHD---- C:\Windows\Installer
2009-07-21 16:56:17 ----RD---- C:\Program Files
2009-07-21 16:56:17 ----HD---- C:\Config.Msi
2009-07-21 16:56:17 ----D---- C:\Windows\system32\drivers
2009-07-21 16:51:15 ----HD---- C:\ProgramData
2009-07-21 16:49:08 ----D---- C:\Windows
2009-07-21 15:20:46 ----D---- C:\Program Files\Common Files
2009-07-21 15:14:48 ----AD---- C:\ProgramData\TEMP
2009-07-21 15:14:47 ----D---- C:\Windows\Prefetch
2009-07-21 13:25:12 ----A---- C:\Windows\NeroDigital.ini
2009-07-20 21:04:41 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-07-20 21:04:40 ----D---- C:\Windows\inf
2009-07-11 19:10:01 ----D---- C:\Program Files\Internet Explorer
2009-07-11 19:02:03 ----D---- C:\Windows\winsxs
2009-07-11 19:01:50 ----D---- C:\Windows\system32\catroot
2009-07-11 18:59:41 ----D---- C:\Windows\system32\catroot2
2009-07-11 11:01:18 ----D---- C:\Windows\Minidump
2009-07-04 12:56:09 ----D---- C:\Users\AppData\Roaming\Xfire
2009-07-03 21:34:47 ----D---- C:\Program Files\Common Files\Steam
2009-07-03 21:29:52 ----D---- C:\ProgramData\Xfire
2009-06-28 22:22:09 ----D---- C:\Program Files\Full Tilt Poker
2009-06-27 14:46:43 ----A---- C:\Windows\SIERRA.INI
2009-06-26 20:34:28 ----D---- C:\Users\AppData\Roaming\Skype
2009-06-26 18:45:27 ----D---- C:\Users\AppData\Roaming\skypePM
2009-06-26 16:56:39 ----SD---- C:\Users\AppData\Roaming\Microsoft
2009-06-25 21:52:27 ----D---- C:\Users\AppData\Roaming\dvdcss

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys [2007-02-27 11840]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2008-05-23 79424]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2008-05-23 21248]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2008-01-20 278728]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2008-01-20 25416]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888]
R3 avgntflt;avgntflt; \??\C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys [2008-05-23 49472]
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-18 14208]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-06-12 1787816]
R3 NETw4v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-09-26 2251776]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-11-13 7610592]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-04-30 81408]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-18 88576]
R3 StillCam;Treiber für serielle Digitalkamera; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-18 9216]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-04-03 199600]
R3 TcUsb;TC USB Kernel Driver; C:\Windows\System32\Drivers\tcusb.sys [2006-12-03 39056]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 16128]
R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [2007-01-24 290304]
R3 tosrfec;Bluetooth ACPI; C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-23 9216]
R3 usbvideo;Chicony USB 2.0 Camera; C:\Windows\System32\Drivers\usbvideo.sys [2008-01-18 134016]
R3 UVCFTR;UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [2007-04-16 11776]
S1 Tosrfcom;Bluetooth RFCOMM; C:\Windows\System32\Drivers\tosrfcom.sys [2005-08-01 64896]
S3 athr;Atheros Extensible Drahtlos-LAN-Gerätetreiber; C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 467456]
S3 BthEnum;Bluetooth-Auflistungsdienst; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-18 19456]
S3 BthPan;Bluetooth-Gerät (PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-18 92160]
S3 BTHPORT;Bluetooth-Porttreiber; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160]
S3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 gmer;gmer; C:\Windows\System32\DRIVERS\gmer.sys [2008-01-04 70001]
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2008-03-07 101504]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCASp50.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-18 49664]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-18 8192]
S3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver; C:\Windows\System32\Drivers\tascusb2.sys [2007-12-18 360448]
S3 TASCAM_US144_MIDI;TASCAM US-144 WDM MIDI Device; C:\Windows\system32\drivers\tscusb2m.sys [2007-12-18 18944]
S3 TASCAM_US144_WDM;TASCAM US-144 WDM; C:\Windows\system32\drivers\tscusb2a.sys [2007-12-18 33792]
S3 tosporte;Bluetooth COM Port; C:\Windows\system32\DRIVERS\tosporte.sys [2006-10-10 41600]
S3 Tosrfbd;Bluetooth RFBUS; C:\Windows\system32\DRIVERS\tosrfbd.sys [2007-02-22 113920]
S3 tosrfbnp;Bluetooth RFBNEP; C:\Windows\System32\Drivers\tosrfbnp.sys [2006-11-20 36480]
S3 Tosrfhid;Bluetooth RFHID; C:\Windows\system32\DRIVERS\Tosrfhid.sys [2007-03-01 73728]
S3 tosrfnds;Bluetooth Personal Area Network; C:\Windows\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
S3 TosRfSnd;Bluetooth Audio; C:\Windows\system32\drivers\tosrfsnd.sys [2007-01-22 53376]
S3 Tosrfusb;Bluetooth USB Controller; C:\Windows\system32\DRIVERS\tosrfusb.sys [2007-02-28 41344]
S3 TpChoice;Touch Pad Detection Filter driver; C:\Windows\system32\DRIVERS\TpChoice.sys []
S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-18 35328]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S4 KR10I;KR10I; C:\Windows\system32\drivers\kr10i.sys [2007-01-18 219392]
S4 KR10N;KR10N; C:\Windows\system32\drivers\kr10n.sys [2007-01-18 211072]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2freeAeLookupSvc;a-squared Free Service a2freeAeLookupSvc; C:\Windows\TEMP\qpimqqxtbn.exe [2009-07-06 23552]
R2 AntiVirService;AntiVir PersonalEdition Classic Guard; C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe [2008-05-23 147201]
R2 AppHostSvc;Anwendungshost-Hilfsdienst; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-08-01 196608]
R2 SecureDZoneService;SecureDZone Helper Service; C:\Program Files\ArchiCrypt\Shredder 4\SecureDZoneService.exe [2008-04-08 531968]
R2 VMCService;Vodafone Mobile Connect Service; C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-03-13 24576]
R2 WAS;Windows-Prozessaktivierungsdienst; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S3 AntiVirScheduler;AntiVir PersonalEdition Classic Planer; C:\Program Files\AntiVir PersonalEdition Classic\sched.exe [2008-05-23 68865]
S3 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2006-11-14 40960]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe []
S3 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2007-02-12 355096]
S3 NetMsmqActivator;Net.Msmq-Listeneradapter; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-01-05 122880]
S3 NetPipeActivator;Net.Pipe-Listeneradapter; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-01-05 122880]
S3 NetTcpActivator;Net.Tcp-Listeneradapter; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-01-05 122880]
S3 NtmsSvc;Wechselmedien; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-07-03 316664]
S3 TNaviSrv;TOSHIBA Navi Support Service; C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [2007-04-27 114688]
S3 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2006-05-25 114688]
S3 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2007-03-29 427576]
S3 usnjsvc;Messenger USN Journal Reader-Service für freigegebene Ordner; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S4 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2008-05-23 587384]
S4 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216]
S4 CSIScanner;CSIScanner; C:\Program Files\Prevx\prevx.exe [2009-07-21 4368952]
S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe []
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S4 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]

-----------------EOF-----------------

RSIT.info (Teil 1.)


Computer Name: Mein-PC
Event Code: 537
Message: Auf diesem Computer konnte kein kompatibles TPM-Sicherheitsgerät (Trusted Platform Module) gefunden werden. TBS konnte nicht gestartet werden.
Record Number: 182586
Source Name: Microsoft-Windows-TBS
Time Written: 20090721165107.930753-000
Event Type: Informationen
User: NT-AUTORITÄT\LOKALER DIENST

Computer Name: Mein-PC
Event Code: 10029
Message: DCOM hat den Dienst BITS mit den Argumenten "" gestartet, um den Server auszuführen:
{4991D34B-80A1-4291-83B6-3328366B9097}
Record Number: 182587
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20090721165154.000000-000
Event Type: Informationen
User:

Computer Name: Mein-PC
Event Code: 7036
Message: Dienst "Intelligenter Hintergrundübertragungsdienst" befindet sich jetzt im Status "Ausgeführt".
Record Number: 182588
Source Name: Service Control Manager
Time Written: 20090721165155.000000-000
Event Type: Informationen
User:

Computer Name: Mein-PC
Event Code: 7036
Message: Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" befindet sich jetzt im Status "Beendet".
Record Number: 182589
Source Name: Service Control Manager
Time Written: 20090721170541.000000-000
Event Type: Informationen
User:

RSIT.info (Teil 2.)


=====Application event log=====

Computer Name: Mein-PC
Event Code: 103
Message: WinMail (4028) WindowsMail0: Das Datenbankmodul hat die Instanz (0) beendet.
Record Number: 47797
Source Name: ESENT
Time Written: 20090721171215.000000-000
Event Type: Informationen
User:

Computer Name: Mein-PC
Event Code: 0
Message: VOLUME ARRIVAL
Record Number: 47798
Source Name: VMCService
Time Written: 20090721172100.000000-000
Event Type: Informationen
User:

Computer Name: Mein-PC
Event Code: 0
Message: INFO: dom=<MEIN-PC>; usr=<SOLCED>
Record Number: 47799
Source Name: VMCService
Time Written: 20090721172101.000000-000
Event Type: Informationen
User:

Computer Name: Mein-PC
Event Code: 0
Message: SEND: id=3168; type=DeviceEventVolume
Record Number: 47800
Source Name: VMCService
Time Written: 20090721172101.000000-000
Event Type: Informationen
User:

Computer Name: Mein-PC
Event Code: 0
Message: VOLUME REMOVAL
Record Number: 47801
Source Name: VMCService
Time Written: 20090721172135.000000-000
Event Type: Informationen
User:

=====Security event log=====

Computer Name: Mein-PC
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 73981
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090721174829.513153-000
Event Type: Überwachung gescheitert
User:

Computer Name: Mein-PC
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 73982
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090721174829.549153-000
Event Type: Überwachung gescheitert
User:

Computer Name: Mein-PC
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 73983
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090721174829.584153-000
Event Type: Überwachung gescheitert
User:

Computer Name: Mein-PC
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 73984
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090721174829.621153-000
Event Type: Überwachung gescheitert
User:

Computer Name: Mein-PC
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 73985
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090721174829.658153-000
Event Type: Überwachung gescheitert
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 10, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0f0a
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"DEVMGR_SHOW_NONPRESENT_DEVICES"=1
"DEVMGR_SHOW_DETAILS"=1

-----------------EOF-----------------

Hi @ john.doe

ich danke dir sehr für deine ausgiebige Hilfsbereitschaft!
Aber etwas skeptisch soviel Daten preis zu geben, bin ich schon ^^
Darf ich sie nach Lösung des Problems jmnd. zum löschen vormerken lassen?

Klar, musst dich allerdings an die Moderatoren wenden, nur die können löschen.
Du musst hier überhaupt nichts preisgeben, aber wenn du Hilfe möchtest, dann brauchen wir genügend Informationen, um helfen zu können.

Du gehst doch nicht zum Arzt und sagst, nein, so genau sollen sie mich nicht untersuchen, aber heilen sollen sie mich schon?

Es fehlt noch der obere Teil der info.txt. Wir brauchen die Softwareliste um auf Aktualität und schädlichen Programmen zu suchen.

ciao, andreas

Ging davon aus, das RSIT.info TEIL 1 der obere teil ist. habe ihn eigentlich ab oben kopiert. Mach es aber gerne nochmal. lasse aber gerade noch Malwarebytes durchlaufen. RSIT zeigt die info.txt. nicht an wenn es im hintergrund läuft. deswegen hoffe ich das malwarebytes schnellstens durch ist

Du kannst ihn jederzeit aufrufen, auch wenn MBAM läuft.

Start => Ausführen => c:\rsit\info.txt => OK

ciao, andreas

Ich danke dir von herzen für deine schnellen Antworten und Hilfen, Andreas.
Hier ist der Rest der RSIT.info.


/Edit: Die Log./Info. txt. von Superantispyware erübrigt sich, ja?
Kann ich SuperAntiSpy mit Malwarebytes zugleich laufen lassen?

RSIT.info (Teil 0.1)

info.txt logfile of random's system information tool 1.06 2009-07-21 19:48:33

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
ActiveNote -->"C:\Program Files\ActiveNote 4.01\anote.exe" /deinst
ActiveNote 4.01-->C:\Program Files\ActiveNote 4.01\Uninst.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.5 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81300000003}
Adobe Shockwave Player-->C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log
ArchiCrypt Shredder Version 4.4.5.6039-->"C:\Program Files\ArchiCrypt\Shredder 4\unins000.exe"
Ashampoo WinOptimizer 4.51-->"C:\Program Files\Ashampoo\Ashampoo WinOptimizer 4\unins000.exe"
a-squared Free 3.0-->"C:\Program Files\a-squared Free\unins000.exe"
Autostart-Manager 2006-->MsiExec.exe /I{3B11379A-9196-4228-981A-BB255E13109E}
Avira AntiVir Personal – Free Antivirus-->C:\Program Files\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Bluetooth Monitor 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{61539202-097E-487E-9237-B291AB56D54C}\setup.exe" -l0x9 -removeonly
Camera Assistant Software for Toshiba-->C:\Program Files\InstallShield Installation Information\{37C866E4-AA67-4725-9E95-A39968DD7960}\setup.exe -runfromtemp -l0x0007
CBL Daten-Shredder-->MsiExec.exe /I{560E96B3-356D-4572-9FE3-B44F9AB92622}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CD/DVD Drive Acoustic Silencer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\setup.exe" -l0x7
Cobra 11 - Crash Time (remove only)-->"C:\Program Files\Cobra 11 - Crash Time\Uninstall.exe"
Counter-Strike(TM)-->MsiExec.exe /I{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}
DataRecovery-->C:\Program Files\DataRecovery\Uninst.exe
Day of Defeat-->"C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/30
Desktop SMS-->MsiExec.exe /I{5980B928-1C95-4B3E-957B-B02D8147FF9E}
Emdedded IR Driver-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{A6D4234C-CB02-4048-AC3E-AD09404FA35A}
FEAR-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2B653229-9854-4989-B780-D978F5F13EAB}\setup.exe" -l0x7 /zU -removeonly
Fiesta Online(EU_German) 1.02.004-->C:\Program Files\Gamigo Games\Fiesta Online(EU_German)\uninst.exe
Fraps-->"D:\Programme 2\Fraps\uninstall.exe"
Free Video Converter V 2.0-->"C:\Program Files\Free Video Converter\unins000.exe"
Full Tilt Poker-->"C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -runfromtemp -l0x0007 -removeonly
GIMP 2.6.4-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
Gothic 3 Gametool 3.0.2 Rev. 89-->"C:\Program Files\JoWooD\Gothic 3 Gametool\unins000.exe"
Gothic II-->C:\PROGRA~1\JoWooD\GOTHIC~1\UNWISE.EXE C:\PROGRA~1\JoWooD\GOTHIC~1\INSTALL.LOG
Gothic III - Götterdämmerung 1.0.7 Patch-->MsiExec.exe /I{A4ED5256-CF3F-4DEA-9101-E2C87545478B}
Gothic III-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{02B244A2-7F6A-42E8-A36F-8C385D7A1625}\setup.exe" -l0x7 -removeonly
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
ICQ6.5-->"C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
Intel Matrix Storage Manager-->C:\Windows\system32\imsmudlg.exe -uninstall
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
Java(TM) 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Kalender 2.1-->C:\Program Files\Kalender\Uninstal.exe
Kane and Lynch: Dead Men-->MsiExec.exe /X{A66C4716-7E10-4A53-8101-00C3C11D6A9C}
MAGIX Xtreme Foto Designer 6 6.0.19.0 (D)-->C:\Program Files\MAGIX\Xtreme_Foto_Designer_6\instslct.exe
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Sunbird (0.7)-->C:\Program Files\Mozilla Sunbird\uninstall\uninst.exe
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser und SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Nero 7-->MsiExec.exe /X{CF097717-F174-4144-954A-FBC4BF301031}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nokia Connectivity Cable Driver-->MsiExec.exe /X{4F1DCA42-2030-437C-A94E-736692A499C1}
Nokia PC Suite-->C:\ProgramData\Installations\{9C05FA75-0337-4523-AA57-9D3511018887}\Nokia_PC_Suite_rel_6_86_9_3_ger.exe
Nokia PC Suite-->MsiExec.exe /I{9C05FA75-0337-4523-AA57-9D3511018887}
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
OpenOffice.org 3.0-->MsiExec.exe /I{04B45310-A5FE-4425-BFCA-1A6D8920DE74}
PC Connectivity Solution-->MsiExec.exe /I{AC599724-5755-48C1-ABE7-ABB857652930}
PC Wizard 2008.1.84-->"C:\Program Files\PC Wizard 2008\unins000.exe"
PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
Prevx 3.0-->"C:\Program Files\Prevx\prevx.exe" /prop UNINSTALL=Y
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0007 -removeonly
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
ScummVM 0.13.0-->"C:\Program Files\ScummVM\unins000.exe"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Media Encoder (KB954156)-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} MSIPATCHREMOVE={E836F1B7-43FB-46B0-A0D9-E4D2A5951659} /qb
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam(TM)-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Syncrosoft Lizenz Kontrolle-->C:\PROGRA~1\SYNCRO~1\UNWISE.EXE C:\PROGRA~1\SYNCRO~1\INSTALL.LOG
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\Program Files\InstallShield Installation Information\{DB780B85-B4B5-4864-A49C-9B706B169C93}\setup.exe -runfromtemp -l0x0407
TOSHIBA Assist-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\setup.exe" -l0x7
TOSHIBA ConfigFree-->C:\Program Files\InstallShield Installation Information\{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}\setup.exe -runfromtemp -l0x0007 uninstall -removeonly
TOSHIBA Disc Creator-->MsiExec.exe /X{5DA0E02F-970B-424B-BF41-513A5018E4C0}
TOSHIBA DVD PLAYER-->C:\Program Files\InstallShield Installation Information\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}\setup.exe -runfromtemp -l0x0007 -ADDREMOVE -removeonly
TOSHIBA Extended Tiles for Windows Mobility Center-->C:\Program Files\InstallShield Installation Information\{617C36FD-0CBE-4600-84B2-441CEB12FADF}\setup.exe -runfromtemp -l0x0407
TOSHIBA Flash Cards Support Utility-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{620BBA5E-F848-4D56-8BDA-584E44584C5E}
TOSHIBA Hardware Setup-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5279374D-87FE-4879-9385-F17278EBB9D3} /l1031
TOSHIBA SD Memory Utilities-->MsiExec.exe /X{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}
TOSHIBA Software Modem-->Tosmreg -U
TOSHIBA Supervisorkennwort-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE} /l1031
TOSHIBA Value Added Package-->C:\Program Files\InstallShield Installation Information\{FEDD27A0-B306-45EF-BF58-B527406B42C8}\setup.exe -runfromtemp -l0x0407
TrackMania Nations Forever-->"C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/11020
US-122L / US-144 driver-->C:\Windows\usb-audio.deTascam\Setup.exe /l0
Vampire - The Masquerade Bloodlines-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{C4E2A4A7-B623-40CB-8EEA-72F577E49D56} /l1031
VideoLAN VLC media player 0.8.6e-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Vodafone Mobile Connect Lite Huawei-->MsiExec.exe /X{F7C0163D-9CD8-4F5F-BAC8-3E45A0000AFF}
WinAce Archiver-->"C:\Program Files\WinAce\SXUNINST.EXE" "C:\Program Files\WinAce\SXUNINST.INI"
Windows Live Messenger-->MsiExec.exe /X{2B091530-69AA-442E-AB09-39ED06B58220}
Windows Media Encoder 9-Reihe-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9-Reihe-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf
Xfire (remove only)-->"D:\Programme 2\Xfire\uninst.exe"
XviD MPEG-4 Video Codec-->"C:\Program Files\XviD\unins000.exe"

=====HijackThis Backups=====

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe [2007-09-17]
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing) [2007-09-17]
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing) [2007-09-17]
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba...//www.ebay.de/ (file missing) [2007-09-17]
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.de/scan_de/scan8/oscan8.cab [2007-09-17]
O13 - Gopher Prefix: [2007-09-23]
O9 - Extra button: (no name) - AutorunsDisabled - (no file) [2008-01-12]
O3 - Toolbar: &Browser Radio - {55E52620-3354-4C57-A179-62D5500A01E4} - browserradio.dll (file missing) [2008-01-12]
O3 - Toolbar: &RadioJockey.NET Radiotoolbar - {DFE52DAF-0CD2-4227-BB56-37564E637861}} - brard.DLL (file missing) [2008-01-12]
O3 - Toolbar: (no name) - {DFE52DAF-0CD2-4227-BB56-37564E637861} - (no file) [2008-01-12]
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (file missing) [2008-01-24]
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user') [2008-02-16]
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (file missing) [2008-02-16]
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM') [2008-02-16]
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-03-01]
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) [2008-03-01]
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2008-04-02]
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) [2008-04-10]

======Security center information======

AV: Avira AntiVir PersonalEdition
AV: Norton Internet Security (disabled) (outdated)
FW: Norton Internet Security (disabled)
AS: Avira AntiVir PersonalEdition
AS: Windows-Defender
AS: Norton Internet Security (outdated)

======System event log======

Computer Name: Mein-PC
Event Code: 7036
Message: Dienst "Windows Update" befindet sich jetzt im Status "Ausgeführt".
Record Number: 182585
Source Name: Service Control Manager
Time Written: 20090721165109.000000-000
Event Type: Informationen
User:

Beginnen wir mit der Deinstallationsorgie.

1.) Deinstalliere:

• Adobe Flash Player 10 Plugin (veraltet)
• Adobe Flash Player ActiveX (veraltet)
• Adobe Reader 8.1.5 (veraltet)
• Adobe Shockwave Player (veraltet)
• a-squared Free 3.0 (taugt nicht)
• Java(TM) 6 Update 4 (veraltet)
• Java(TM) SE Runtime Environment 6 (veraltet)
• Mozilla Firefox (3.0.11) (veraltet)
• Mozilla Sunbird (0.7) (veraltet)
• Skype™ 3.8 (veraltet)
• Spybot - Search & Destroy (Schrott)
• VideoLAN VLC media player 0.8.6e (veraltet)

2.) Download und Ausführung des Norton-Entfernungsprogramms (nur Schritt 1+2 ;))

3.) Installiere (Toolbars immer abwählen, Haken weg):

• Adobe Reader oder besser FoxIt Reader
• Adobe - Adobe Flash Player
• Java-Downloads für alle Betriebssysteme - Sun Microsystems
• Skype herunterladen und kostenlose Skype-to-Skype Telefonate führen
• Mozilla Sunbird und Lightning [DE] - Downloads
• Webbrowser Firefox | Schneller, sicherer & anpassbar | Mozilla Europe
• VLC media player - Overview oder besser KMPlayer

ciao, andreas

okay. ich werde zugleich deinem Rat folgen.
Jedoch noch ein paar Fragen:

Ich stöbere durch meinen C/Programme Ordner und denke mir, dass jegliches doch upgedated ist, wie z.B. Mozilla. Installiert er nicht drüber? Und wenn nicht, wohin installiert er die neuen Versionen und lässt die alten liegen?

Weiter: Kann ich jegliche Programme manuell über die systemsteuerung ausfindig machen und dort restlos löschen? Denn zu manchen finde ich die Datei nicht (Wie bei Adobe)
Wenn ich Mozilla lösche, besteht mein derzeitiges Mozilla noch, das ja eigentlich upgedated sein sollte?


/EDIT: Norton war schon auf dem rechner drauf.
Die Sache ist. Was mache ich ohne Freeware-Norton? Dann wäre ich erst einmal ungesichert! Und Geld für ein Antivirenprog. kann ich nicht ausgeben



Danke!

Solced

Nein.
Nicht zu empfehlen, die Scanzeit steigt immens an und die Programme können abstürzen.
Falsch gedenkt. ;)
Alte Version deinstallieren, neue Version installieren, genau an die Reihenfolge halten.
Nein, aber in der info.txt steht drin, wie du es deinstallieren kannst.

Start => Ausführen => [uninstallstring eingeben] => OK
Start => Ausführen => C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe => OK
Start => Ausführen => MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81300000003} => OK
Üblicherweise wird beim Deinstallieren nicht alles gelöscht, sondern nur das Programm, die meisten Einstellungen bleiben erhalten. Wenn du sicher sein möchtest, dann exportiere vorher alles (z.B. Lesezeichen/Favoriten) und importiere es nach der Neuinstallation.

Gesund und glücklich leben. :D

Du hast Avira, niemals mehr als ein Antivirenprogramm einsetzen. BTW: Ich habe überhaupt keines.

ciao, andreas

o.k Andreas.
Ich ergebe mich vollends im vertrauen und ziehe das install und deinstall paket durch. ich kann nur von lernen.
Sunbird brauch ich im Grunde ja nicht. Der fliegt raus.
VLC ging mir sowieso auf die nerven und der andere player sieht nach gelungener Frische aus.
Zur Zeit läuft Superantispy und Malwarebytes sauber nebeneinander her. sind auch schon recht weit. Zudem deinstalliere ich.. alles locker und sauber bis jetzt. ich hoffe das passt irgendwie. denn mir fehlt auch etwas die zeit. ich brauch schlaf und könnte ohne nen geregelten rechner nicht zu bette gehen :sleepy:

Edit: Mir fehlt die Zeit. Andreas. Danke bis hier. Ich werde morgen, insofern ich überhaupt die Zeit finde, Malwarebytes und Superantispy komplett nacheinander durchlaufen und dir die log. data hier im Forum posten.
Bis dato habe ich auch erstmal dreck deinstalliert und sauberes installiert. somit auch vlt. etwas platz geschaffen und die progs brauchen nicht so lange.
Danke! Auf Bald


Hier das Derzeitige Scanprotokoll von Superantispyware: Ich lasse es morgen noch einmal komplett durchrasseln.
Vlt. schaffts Malwarebytes heute noch.
Ich lasse es von Superantspy löschen.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/21/2009 at 10:07 PM

Application Version : 4.26.1006

Core Rules Database Version : 4008
Trace Rules Database Version: 1948

Scan type : Complete Scan
Total Scan Time : 01:30:47

Memory items scanned : 636
Memory threats detected : 1
Registry items scanned : 6754
Registry threats detected : 2
File items scanned : 43847
File threats detected : 24

Rootkit.Agent/Gen-Skynet
\?\GLOBALROOT\C:\WINDOWS\SYSTEM32\SKYNETCIPKXVFX.DLL
\?\GLOBALROOT\C:\WINDOWS\SYSTEM32\SKYNETCIPKXVFX.DLL

Adware.Tracking Cookie
C:\Users\Solced\AppData\Roaming\Microsoft\Windows\Cookies\solced@toplist[3].txt
C:\Users\Solced\AppData\Roaming\Microsoft\Windows\Cookies\solced@tacoda[2].txt
C:\Users\Solced\AppData\Roaming\Microsoft\Windows\Cookies\solced@tracking.quisma[1].txt
C:\Users\Solced\AppData\Roaming\Microsoft\Windows\Cookies\solced@serving-sys[2].txt
C:\Users\Solced\AppData\Roaming\Microsoft\Windows\Cookies\solced@webmasterplan[2].txt
C:\Users\Solced\AppData\Roaming\Microsoft\Windows\Cookies\solced@bs.serving-sys[1].txt
C:\Users\Solced\AppData\Roaming\Microsoft\Windows\Cookies\solced@spylog[1].txt
C:\Users\Solced\AppData\Roaming\Microsoft\Windows\Cookies\solced@doubleclick[1].txt
C:\Users\Solced\AppData\Roaming\Microsoft\Windows\Cookies\solced@rambler[2].txt
C:\Users\Solced\AppData\Roaming\Microsoft\Windows\Cookies\solced@atwola[2].txt
C:\Users\Solced\AppData\Roaming\Microsoft\Windows\Cookies\solced@ad.71i[2].txt
C:\Users\Solced\AppData\Roaming\Microsoft\Windows\Cookies\solced@zbox.zanox[2].txt
C:\Users\Solced\AppData\Roaming\Microsoft\Windows\Cookies\solced@adserver.71i[1].txt
C:\Users\Solced\AppData\Roaming\Microsoft\Windows\Cookies\solced@toplist[2].txt
C:\Users\Solced\AppData\Roaming\Microsoft\Windows\Cookies\solced@www.stopzilla[1].txt
C:\Users\Solced\AppData\Roaming\Microsoft\Windows\Cookies\solced@oberon-media[2].txt
C:\Users\Solced\AppData\Roaming\Microsoft\Windows\Cookies\solced@ad.zanox[2].txt
C:\Users\Solced\AppData\Roaming\Microsoft\Windows\Cookies\solced@adfarm1.adition[2].txt
C:\Users\Solced\AppData\Roaming\Microsoft\Windows\Cookies\solced@atdmt[2].txt
C:\Users\Solced\AppData\Roaming\Microsoft\Windows\Cookies\solced@sevenoneintermedia.112.2o7[1].txt
C:\Users\Solced\AppData\Roaming\Microsoft\Windows\Cookies\solced@stopzilla[1].txt
C:\Users\Solced\AppData\Roaming\Microsoft\Windows\Cookies\solced@ads.outspark[2].txt
C:\Users\Solced\AppData\Roaming\Microsoft\Windows\Cookies\solced@2o7[2].txt

Trojan.Agent/Gen-AlerterALG
HKU\.DEFAULT\Software\S45
HKU\S-1-5-18\Software\S45

Hier noch die Maleware log. Maleware hat es zum Ende geschafft!

Malwarebytes' Anti-Malware 1.39
Datenbank Version: 2474
Windows 6.0.6001 Service Pack 1

21.07.2009 22:17:38
mbam-log-2009-07-21 (22-17-38).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 261172
Laufzeit: 2 hour(s), 9 minute(s), 45 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Windows\System32\drivers\gaopdxserv.sys (Trojan.Agent) -> Quarantined and deleted successfully.

Gleich zwei Rootkits, da müssen wir schärfer ran. Deinstalliere SuperAntiSpyware.

Solltest du noch irgendetwas mit dem Computer verbinden, wie Memorysticks, Speicherkarten, Digitalkameras, Handy, externe Laufwerke, ... dann stecke vor dem Scan alles an.

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

• Lade dir das Tool hier herunter auf den Desktop -> KLICK

Das Programm jedoch noch nicht starten sondern zuerst folgendes tun:

• Schliesse alle Anwendungen und Programme, vor allem deine Antiviren-Software und andere Hintergrundwächter, sowie deinen Internetbrowser.
  Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

• Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

• Starte nun die combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen und lass dein System durchsuchen.
  
  Sollte sich ComboFix nicht starten lassen, dann benenne es um in cofi.exe und versuche es nocheinmal.

• Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte abkopieren und in deinen Beitrag einfügen. Das log findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Hinweis: Combofix verhindert die Autostart Funktion aller CD / DVD und USB - Laufwerken um so eine Verbeitung einzudämmen. Wenn es hierdurch zu Problemen kommt, diese im Thread posten.

ciao, andreas

Okay. Wird gemacht. Ich bin sehr beeindruckt das du dich um deine art Schützlinge so sehr bemühst.
Ich habe nun ersteinmal alles deinstalliert und von dir geratene installiert.
Jetzt deinstalliere ich SuperAntiSpyware.
Combofix ist herunter geladen und ruht.
Ich werde Combofix morgen Abend durchführen.
Doch jetzt brauch ich schlaf, denn ich muss morgen früh um 8h hellwach in der Kita sein (;

Thx!! und auf morgen!

Solced

Wie? So jung bist du noch? :)

http://www.hofnik.omb-systems.com/pics/abinsbett.JPG

Gute Nacht,
Andreas

schoen wäre´s ^^
2 Sachen:
Die Erste ist, dass ich Combofix erst morgen abend gegen 17.30 durchlaufen lassen kann. Hatte heute einen randvollen Tag und muss nun noch ein paar Sachen ausarbeiten.
Zweitens habe ich heute einen Schwarz/Weiß Film in der Hand gehabt, welcher john.doe hieß. Ich liebe S/W-Filme ^^

Sind wir jetzt verlobt? :D

ciao, andreas

insofern du das wünscht (;

Okay. Habe combofix durchlaufen lassen.
Hier mal die log. TEIL I





ComboFix 09-07-23.01 - Solced 23.07.2009 19:12.1.2 - NTFSx86
ausgeführt von:: c:\users\Solced\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\X\AppData\Roaming\ezpinst.log
c:\users\X\AppData\Roaming\inst.exe
c:\windows\Installer\WMEncoder.msi
c:\windows\is-VOJQ7.exe
c:\windows\system32\drivers\SKYNETrvxwttur.sys
c:\windows\system32\SKYNETcipkxvfx.dll
c:\windows\system32\SKYNETjscxsqvj.dat
c:\windows\system32\SKYNETrqspmpii.dat
c:\windows\system32\SKYNETxrdvipdm.dll
c:\windows\system32\tmp.reg
c:\windows\TEMP\qpimqqxtbn.exe
D:\install.exe

.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SKYNETvybedbbo
-------\Service_a2freeAeLookupSvc


((((((((((((((((((((((( Dateien erstellt von 2009-06-23 bis 2009-07-23 ))))))))))))))))))))))))))))))
.

2009-07-23 17:22 . 2009-07-23 17:25 -------- d-----w- c:\users\Solced\AppData\Local\temp
2009-07-21 20:55 . 2009-07-21 20:55 -------- d-----w- c:\program files\The KMPlayer
2009-07-21 20:43 . 2009-07-21 20:43 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-21 20:43 . 2009-07-21 20:43 -------- d-----w- c:\program files\Java
2009-07-21 20:39 . 2009-07-21 20:39 -------- d-----w- c:\program files\FoxitReader30_enu
2009-07-21 20:27 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-21 20:27 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-21 20:27 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-21 20:27 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-21 19:47 . 2009-07-21 19:47 -------- d-----w- c:\programdata\NortonInstaller
2009-07-21 18:20 . 2009-07-21 18:20 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-07-21 18:20 . 2009-07-21 20:52 -------- d-----w- c:\users\Solced\AppData\Roaming\SUPERAntiSpyware.com
2009-07-21 18:20 . 2009-07-21 20:52 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-21 18:05 . 2009-07-21 18:05 -------- d-----w- c:\users\Solced\AppData\Roaming\Malwarebytes
2009-07-21 18:05 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-21 18:05 . 2009-07-21 18:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-21 18:05 . 2009-07-21 18:05 -------- d-----w- c:\programdata\Malwarebytes
2009-07-21 18:05 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-21 17:48 . 2009-07-21 17:48 -------- d-----w- C:\rsit
2009-07-21 15:02 . 2009-07-21 15:02 -------- d-----w- c:\users\Solced\AppData\Local\Toshiba
2009-07-21 14:51 . 2009-07-21 18:50 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-07-21 13:17 . 2009-07-21 14:47 -------- d-----w- c:\programdata\SITEguard
2009-07-21 13:16 . 2009-07-21 14:56 -------- d-----w- c:\programdata\STOPzilla!
2009-07-21 13:16 . 2009-07-21 13:16 -------- d-----w- c:\program files\Common Files\iS3
2009-07-11 17:00 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-07-11 16:59 . 2008-12-06 04:42 376832 ----a-w- c:\windows\system32\winhttp.dll
2009-07-11 16:59 . 2008-06-06 03:27 562176 ----a-w- c:\windows\system32\msdtcprx.dll
2009-07-11 16:59 . 2008-06-06 03:27 38912 ----a-w- c:\windows\system32\xolehlp.dll
2009-07-11 16:56 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-07-11 14:16 . 2009-07-21 09:25 -------- d-----w- c:\programdata\TrackMania
2009-06-27 12:13 . 2009-06-27 12:13 -------- d-----w- c:\program files\Sierra On-Line
2009-06-27 12:09 . 2009-06-27 12:09 -------- d-----w- C:\Sierra
2009-06-26 14:50 . 2009-06-26 14:50 -------- d-----w- c:\program files\Valve

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-21 21:22 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-21 20:52 . 2009-02-11 18:18 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-21 20:34 . 2007-09-23 09:56 12 ----a-w- c:\windows\bthservsdp.dat
2009-07-21 20:32 . 2008-12-21 21:07 -------- d-----w- c:\programdata\Skype
2009-07-21 20:28 . 2008-02-25 00:49 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-21 18:50 . 2007-11-26 22:40 -------- d-----w- c:\program files\Mozilla Sunbird
2009-07-21 17:11 . 2009-03-05 20:02 1 ----a-w- c:\users\Solced\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-07-21 14:23 . 2009-07-21 13:22 2200 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2009-07-21 13:23 . 2009-07-21 13:23 296 ----a-w- c:\windows\system32\drivers\kgpfr2.cfg
2009-07-20 19:04 . 2006-11-02 15:33 673866 ----a-w- c:\windows\system32\perfh007.dat
2009-07-20 19:04 . 2006-11-02 15:33 139086 ----a-w- c:\windows\system32\perfc007.dat
2009-07-04 10:56 . 2009-05-12 20:05 -------- d-----w- c:\users\Solced\AppData\Roaming\Xfire
2009-07-03 19:34 . 2009-01-15 16:12 -------- d-----w- c:\program files\Common Files\Steam
2009-07-03 19:29 . 2009-05-12 20:05 -------- d-----w- c:\programdata\Xfire
2009-06-28 20:22 . 2009-01-01 18:00 -------- d-----w- c:\program files\Full Tilt Poker
2009-06-26 16:45 . 2008-12-21 21:09 -------- d-----w- c:\users\Solced\AppData\Roaming\skypePM
2009-06-25 19:52 . 2009-01-07 15:04 -------- d-----w- c:\users\Solced\AppData\Roaming\dvdcss
2009-06-12 10:45 . 2009-06-12 10:41 -------- d-----w- c:\program files\ICQ6.5
2009-06-11 22:29 . 2009-06-11 22:29 41808 ----a-w- c:\windows\system32\xfcodec.dll
2009-06-01 15:30 . 2007-04-16 05:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-27 17:05 . 2009-05-27 17:05 -------- d-----w- c:\program files\Gamigo Games
2009-04-30 12:37 . 2009-07-11 17:00 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-04-30 12:37 . 2009-07-11 17:00 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-07-15 21:31 . 2009-07-21 20:37 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2007-08-07 18:47 . 2007-08-07 18:47 397312 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6000.16480_none_ef1b6bb652cf8744\WinMail.exe
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2006-12-03 15:03 2854912 ----a-w- c:\program files\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2006-12-03 15:03 2854912 ----a-w- c:\program files\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="REM" [X]
"Speech Recognition"="REM" [X]
"msnmsgr"="REM" [X]
"Nokia.PCSync"="REM" [X]
"PC Suite Tray"="REM" [X]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPwrMain"="REM" [X]
"SynTPStart"="REM" [X]
"SynTPEnh"="REM" [X]
"avgnt"="c:\program files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-05-23 262401]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-03-13 2060288]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-13 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-13 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-13 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-21 148888]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-06-13 4489216]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 1232896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"DisableCAD"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-12-03 14:50 90112 ----a-w- c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi6"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1012844329-1309873292-53014512-1000]
"EnableNotificationsRef"=dword:00000001

TEIL II


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{BB980586-677E-40CB-B41F-9880906DE2D4}"= Profile=Private|c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{D693FD80-E933-4156-81F9-66A8B444D643}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= Disabled:UDP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"UDP Query User{D1FBFF98-F375-4238-AE67-BB95BEA2FE19}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= Disabled:TCP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"TCP Query User{9489D34C-E3D3-4081-991D-CB3FA13DD38F}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{3EA63B76-68C7-439F-B969-1857B72BAE9A}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{F2D661C9-3F61-4796-B60A-F23ADDE3E56A}c:\\program files\\icq6\\icq.exe"= Disabled:UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{A2DC48E8-EDE4-4EB2-A59E-035560BA04C4}c:\\program files\\icq6\\icq.exe"= Disabled:TCP:c:\program files\icq6\icq.exe:ICQ Library
"{9243BB5D-08FE-4865-8ACB-A4E37AA651C6}"= Disabled:UDP:c:\program files\THQ\Juiced2_HIN\Juiced2_HIN.exe:Juiced2_HIN
"{8D1D40F4-E132-4595-8C1C-520E6BFBA96D}"= Disabled:TCP:c:\program files\THQ\Juiced2_HIN\Juiced2_HIN.exe:Juiced2_HIN
"TCP Query User{BF7345A5-B7C0-44D4-B4B9-3E135A8189B8}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{84B757CD-AE0E-4515-BAAD-260F8195CB4E}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{8A2C9F09-4F09-41FF-A264-E6F81AB9DF07}"= Profile=Private|c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{E55BAB8D-7FE1-4E16-9A27-C2D0B6441D00}c:\\program files\\flightgear\\bin\\win32\\fgfs.exe"= Disabled:UDP:c:\program files\flightgear\bin\win32\fgfs.exe:fgfs
"UDP Query User{92612533-B1BE-4089-820D-E36461D65DB9}c:\\program files\\flightgear\\bin\\win32\\fgfs.exe"= Disabled:TCP:c:\program files\flightgear\bin\win32\fgfs.exe:fgfs
"{8A597623-D0E8-4C8C-B8F8-D856E4E185DB}"= Disabled:c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{222774B3-86F3-4E48-965C-2D9C203E4A45}c:\\program files\\lucasarts\\star wars jk ii jedi outcast\\gamedata\\jk2mp.exe"= UDP:c:\program files\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe:jk2mp
"UDP Query User{726B9BE1-B37E-45A2-AB55-F8DCC716526D}c:\\program files\\lucasarts\\star wars jk ii jedi outcast\\gamedata\\jk2mp.exe"= TCP:c:\program files\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe:jk2mp
"{C715306C-79AF-4376-8607-5875E78E48C0}"= UDP:c:\program files\Windows Live\Messenger\msnmsgr.exe:Windows Live Messenger
"{18F6A95C-796A-4063-BFA0-B31E8A0ACB74}"= TCP:c:\program files\Windows Live\Messenger\msnmsgr.exe:Windows Live Messenger
"{6D853470-151D-49E4-AB4D-2B93F839E01F}"= UDP:c:\program files\Microsoft Games for Windows - LIVE\Client\GFWLive.exe:Games for Windows - LIVE
"{3C07032E-5A87-45D8-810D-58A78FFE2ACE}"= TCP:c:\program files\Microsoft Games for Windows - LIVE\Client\GFWLive.exe:Games for Windows - LIVE
"TCP Query User{401B3B43-5D40-42BC-AB59-C58DA4B7A35A}c:\\program files\\microsoft games for windows - live\\eidos\\kane and lynch dead men\\kaneandlynch.exe"= UDP:c:\program files\microsoft games for windows - live\eidos\kane and lynch dead men\kaneandlynch.exe:Kane & Lynch - Dead Men
"UDP Query User{F640DB72-67DB-4510-BA07-8720AAE5D6EB}c:\\program files\\microsoft games for windows - live\\eidos\\kane and lynch dead men\\kaneandlynch.exe"= TCP:c:\program files\microsoft games for windows - live\eidos\kane and lynch dead men\kaneandlynch.exe:Kane & Lynch - Dead Men
"TCP Query User{C607A43A-27A8-48C2-9615-044F8452FCD9}c:\\program files\\microsoft games for windows - live\\eidos\\kane and lynch dead men\\kaneandlynch.exe"= UDP:c:\program files\microsoft games for windows - live\eidos\kane and lynch dead men\kaneandlynch.exe:Kane & Lynch - Dead Men
"UDP Query User{704CFF66-85D0-4D07-A084-03D6A386387A}c:\\program files\\microsoft games for windows - live\\eidos\\kane and lynch dead men\\kaneandlynch.exe"= TCP:c:\program files\microsoft games for windows - live\eidos\kane and lynch dead men\kaneandlynch.exe:Kane & Lynch - Dead Men
"{32D59623-2550-4E9F-A3C1-CA32E214F691}"= UDP:c:\program files\Valve\Steam\Steam.exe:Steam
"{7FADD213-6EE3-46B1-A7AC-06908A6C01BB}"= TCP:c:\program files\Valve\Steam\Steam.exe:Steam
"TCP Query User{66E9EB07-FB04-4111-A6DB-B81F229B6CA9}c:\\program files\\novalogic\\delta force black hawk down\\update.exe"= UDP:c:\program files\novalogic\delta force black hawk down\update.exe:UPDATE
"UDP Query User{5F514F26-A3D9-4512-B1A2-C8576AB1A421}c:\\program files\\novalogic\\delta force black hawk down\\update.exe"= TCP:c:\program files\novalogic\delta force black hawk down\update.exe:UPDATE
"TCP Query User{226E942B-B6AE-495F-B41E-BE4B6C6EC2CC}c:\\program files\\sierra\\fear\\fpupdate.exe"= UDP:c:\program files\sierra\fear\fpupdate.exe:fpupdate
"UDP Query User{9BBB656A-DF7C-4119-9BFE-AB94EE52DF71}c:\\program files\\sierra\\fear\\fpupdate.exe"= TCP:c:\program files\sierra\fear\fpupdate.exe:fpupdate
"TCP Query User{6619EF38-C387-484C-B892-8B5DD5EFCA17}c:\\program files\\sierra\\fear\\fearserver.exe"= UDP:c:\program files\sierra\fear\fearserver.exe:F.E.A.R. - Stand-Alone Server
"UDP Query User{974B05E9-F9D2-4D91-83F3-4E057FD780B1}c:\\program files\\sierra\\fear\\fearserver.exe"= TCP:c:\program files\sierra\fear\fearserver.exe:F.E.A.R. - Stand-Alone Server
"{8EA4E7CE-AC7A-49C0-99F5-54DCB56A1E01}"= UDP:c:\program files\Sierra\FEAR\FEAR.exe:FEAR
"{84E3A3C7-6E62-4208-9A6E-E788DDDC7D93}"= TCP:c:\program files\Sierra\FEAR\FEAR.exe:FEAR
"{07E4232C-7A56-4698-9186-22F7D17355E7}"= UDP:c:\program files\Sierra\FEAR\FEARMP.exe:FEAR
"{83FEFE00-7F99-4F45-A034-5FE505298AFB}"= TCP:c:\program files\Sierra\FEAR\FEARMP.exe:FEAR
"TCP Query User{724706AD-09FE-4032-9801-6C32F2293181}d:\\programme 2\\doom 3\\doom3ded.exe"= UDP:d:\programme 2\doom 3\doom3ded.exe:DOOM 3
"UDP Query User{08966DCC-4C48-4037-9592-03267CAA2EC8}d:\\programme 2\\doom 3\\doom3ded.exe"= TCP:d:\programme 2\doom 3\doom3ded.exe:DOOM 3
"TCP Query User{B1E6870F-AAE7-4FF1-B68C-075016976576}d:\\programme 2\\xfire\\xfire.exe"= UDP:d:\programme 2\xfire\xfire.exe:Xfire
"UDP Query User{34F082A0-F425-41DA-8A8C-BC87AB8364CB}d:\\programme 2\\xfire\\xfire.exe"= TCP:d:\programme 2\xfire\xfire.exe:Xfire
"TCP Query User{51AFA22C-4FFA-46D3-8213-1F7A802DBA0B}c:\\program files\\savage 2 - a tortured soul\\savage2.exe"= UDP:c:\program files\savage 2 - a tortured soul\savage2.exe:savage2
"UDP Query User{C04D9A2D-9E08-42A6-8B72-5B31E2B34ECF}c:\\program files\\savage 2 - a tortured soul\\savage2.exe"= TCP:c:\program files\savage 2 - a tortured soul\savage2.exe:savage2
"TCP Query User{3C8D0CC7-8412-4E9B-962B-C1FBE85C0DEA}d:\\programme 2\\xfire\\xfire.exe"= UDP:d:\programme 2\xfire\xfire.exe:Xfire
"UDP Query User{BDDBAD50-BC64-4B80-A440-8F9240815CCC}d:\\programme 2\\xfire\\xfire.exe"= TCP:d:\programme 2\xfire\xfire.exe:Xfire
"TCP Query User{8DACD63C-BDB5-42F6-8242-3E468C205C54}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ
"UDP Query User{4F0DCF49-43E5-42E3-AAF2-8FE24F759992}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ
"TCP Query User{42B7F61C-4EF1-4685-9E27-ADD5BB23A3BF}c:\\program files\\valve\\steam\\steamapps\\solced\\condition zero\\hl.exe"= UDP:c:\program files\valve\steam\steamapps\solced\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{FE0D4CC6-585F-4AB3-940B-0A4CE7E6C4F5}c:\\program files\\valve\\steam\\steamapps\\solced\\condition zero\\hl.exe"= TCP:c:\program files\valve\steam\steamapps\solced\condition zero\hl.exe:Half-Life Launcher
"TCP Query User{B2734F68-0737-4172-8946-020CC368559C}c:\\program files\\valve\\steam\\steamapps\\solced\\counter-strike\\hl.exe"= UDP:c:\program files\valve\steam\steamapps\solced\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{745C66C0-68DF-44DB-917E-BFAECE148641}c:\\program files\\valve\\steam\\steamapps\\solced\\counter-strike\\hl.exe"= TCP:c:\program files\valve\steam\steamapps\solced\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{63778396-D537-4AA5-A0B0-9A9641766108}c:\\program files\\valve\\steam\\steamapps\\solced\\ricochet\\hl.exe"= UDP:c:\program files\valve\steam\steamapps\solced\ricochet\hl.exe:Half-Life Launcher
"UDP Query User{CDD320FB-830E-4224-82E1-AD85B6AA9C57}c:\\program files\\valve\\steam\\steamapps\\solced\\ricochet\\hl.exe"= TCP:c:\program files\valve\steam\steamapps\solced\ricochet\hl.exe:Half-Life Launcher
"{82C0497B-8927-4673-BCA2-AF7A7F25DF95}"= UDP:c:\program files\Valve\Steam\SteamApps\common\trackmania nations forever\TmForever.exe:TrackMania Nations Forever
"{79230E82-B47C-44A6-923E-ADD9355520F4}"= TCP:c:\program files\Valve\Steam\SteamApps\common\trackmania nations forever\TmForever.exe:TrackMania Nations Forever
"{084ED45A-DCD9-4B22-B7A6-6AC394063E6C}"= UDP:c:\program files\Valve\Steam\SteamApps\common\trackmania nations forever\TmForeverLauncher.exe:TrackMania Nations Forever
"{0F195E34-DE6D-41B8-8621-FB7710AF34F5}"= TCP:c:\program files\Valve\Steam\SteamApps\common\trackmania nations forever\TmForeverLauncher.exe:TrackMania Nations Forever
"TCP Query User{0EC73DEC-EA6D-4F4A-A763-12E1D415D692}c:\\program files\\valve\\steam\\steamapps\\solced\\day of defeat\\hl.exe"= UDP:c:\program files\valve\steam\steamapps\solced\day of defeat\hl.exe:Half-Life Launcher
"UDP Query User{18D57237-8D16-401A-8429-FDEDB676BA2A}c:\\program files\\valve\\steam\\steamapps\\solced\\day of defeat\\hl.exe"= TCP:c:\program files\valve\steam\steamapps\solced\day of defeat\hl.exe:Half-Life Launcher
"{0511B375-E35E-4139-9736-A4C523379658}"= UDP:c:\users\Solced\AppData\Local\Temp\7zS2647.tmp\SymNRT.exe:Norton Removal Tool
"{A55C8DEE-F44D-48CF-9028-CC7F994FC8C2}"= TCP:c:\users\Solced\AppData\Local\Temp\7zS2647.tmp\SymNRT.exe:Norton Removal Tool
"{E31FA021-1D41-4873-B969-6DF15041994C}"= UDP:c:\users\Solced\AppData\Local\Temp\7zSC60F.tmp\SymNRT.exe:Norton Removal Tool
"{779850CA-D84D-40A2-A0FB-E0970637B27F}"= TCP:c:\users\Solced\AppData\Local\Temp\7zSC60F.tmp\SymNRT.exe:Norton Removal Tool

R0 CplIR;Embedded IR Driver;c:\windows\System32\drivers\CplIR.sys [06.03.2007 15:01 14848]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [05.07.2006 14:46 63352]
R2 SecureDZoneService;SecureDZone Helper Service;c:\program files\ArchiCrypt\Shredder 4\SecureDZoneService.exe [29.08.2007 19:58 531968]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [13.03.2008 20:08 24576]
S2 a2freeAeLookupSvcAeLookupSvc;a-squared Free Service a2freeAeLookupSvc a2freeAeLookupSvcAeLookupSvc;c:\windows\TEMP\strhbsptwe.exe service --> c:\windows\TEMP\strhbsptwe.exe service [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe --> c:\program files\MAGIX\Common\Database\bin\fbserver.exe [?]
S3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;c:\windows\System32\drivers\tascusb2.sys [22.02.2009 22:44 360448]
S3 TASCAM_US144_MIDI;TASCAM US-144 WDM MIDI Device;c:\windows\System32\drivers\tscusb2m.sys [22.02.2009 22:44 18944]
S3 TASCAM_US144_WDM;TASCAM US-144 WDM;c:\windows\System32\drivers\tscusb2a.sys [22.02.2009 22:44 33792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
rsmsvcs REG_MULTI_SZ ntmssvc
bthsvcs REG_MULTI_SZ BthServ
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

Toolbar-SITEguard - (no file)
HKCU-Run-ISUSPM - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
HKCU-Run-AlcoholAutomount - d:\programme 2\Alcohol 120\axcmd.exe
HKCU-Run-TOSCDSPD - TOSCDSPD.EXE


.
------- Zusätzlicher Suchlauf -------
.
FF - ProfilePath - c:\users\Solced\AppData\Roaming\Mozilla\Firefox\Profiles\s4l8g8q6.default\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************
Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien:

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\.Default\Software\S45\Par]
@DACL=(02 0000)
"ID"=dword:002e9399
"RA"=dword:64686b59
"RP"=dword:00006009
"CheckPort25DateTime"=dword:0038d549
"CheckPort25Result"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OOSAFEERASE03.00.00.01MSWINDOWS"="3A5C9F3ACA990BBFD2630D95ED5064A5930E8E3DD83014A8E0EAB938ACBBD15121DBB918F5093A47E48D604941FA852C63888973FD9A937DCB4 646633673C1905A5CE10D0F8D13164C39AF1A2168ADAD15ECAD0598931B137085FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9 E127BECC74CA6A0AC4980AC7933A2D97226D213B555A6171C11EC38DE3DC038D530D6EB3452E235B17676DADEE841ED34EFF840B2EFF8637757E74C26EB239FD90EB7DAF0D8E7CDF19706A 14B7D235135AA5ED6FBC550F7EBD9D6E8342C4FB974BE74C140B3F282DAC1E6227AF5DF1539E98F81A1B7C177EFC0580CF11B4772284261A38E51F21FA7E3F1F641EDBE07F824482B08BB0 ACEDA2A2F11EC265BF9878163E7393AEEB5C9CFD1BAE92A1A38E0B29BC0846C78AFB31C70552B63F042D7C63702919A0098E2390610B38EDF7D1154EB33E2886F12BA7C063CA488FD8394C 5EA635D4353DFCABA631B4FA411F1DE2D73F86172E6AE5F17AC2CC3F31239EC12E083D42A29690E529183E21C456F52413E8BB4336904489AF7106A244A214222CF5F26E6D853EA608BF58 9C5A69A277CAC6803F496D44E9C4C566BBC5CBF2C53C37670374904D5292125CE977356CFACF411670523A6FE11E4F1108610DA73669A4BC9FB7921F5D877C2B82C7ECB6F849E0C705753C 21DD54E5913ECC27E997F0765BA3A7918277B840A39402C695E1907E1A10305391D29E907A47F63F9CD288F53C11BEF99F70294B63D36F8DF2967DE2171C3A6DA29306E7A6972F7DF78CA0 FA0CDE91519AC4248882114F2A391CB2ADBCB763BBE1D70E6B4F81E1788B3B93564451937CE3D759345B704B96E0B09C3A50F1FD9BD0C56AD3EDF7D6C8DCDA7843401BDB6B754393CB5465 3073D3F46569A0E65AE763C3077201E31BA4E4AAE532CCD8F0992520FDF258775A3D10A0D63561113F8CCA433C9E926FD546FDDC8CB6CEC6C36634ADBED652AFD6DB0FA4DBFFBD1968A64F 4757CAEE1C9A3D575596E199355DEF48369A9CB4E28D623D6D615307F84CCA88DF2BE04ADA2222F2D238CD7E96EB0CF79662B2F8B52E63518E1DD1D3E1339478589928457B5E1E7594ECDD 68D7F73465C61DEEC6C7D373BE8096CF0A29CDFB3A47E4DD0A4D906367FE7AB431078FEEC0FD183666C4FF6462B49E55CBB9F6322E8F89888CD05C88E5B6076D27468C11BA9112DFE00926 6337386C21604C07C8D0404F255FC53F32D5A8B50BC37043BEC775CC3A18B35DD1C8985CFD5F1C5F535DB8E2DDED38569129E22AF3BC12582C1F75382B7EA47C664E9F2AD5BEA1AAD19896 D6DD6E57F9D7E7FC0600FF7C7C0BE5E7EFA34EA819F3046DB50E6CACC18025B56AD6D3C4818FB086700FBAC8D31CC13C40F8B4D3CFA688231813F5F8FBCF7D1653C5A"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'lsass.exe'(680)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infra.dll

- - - - - - - > 'Explorer.exe'(4016)
c:\program files\Protector Suite QL\farchns.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Nokia\Nokia PC Suite 6\phonebrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_ger.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Protector Suite QL\upeksvr.exe
c:\program files\AntiVir PersonalEdition Classic\avguard.exe
c:\windows\System32\dllhost.exe
c:\windows\System32\conime.exe
c:\windows\System32\rundll32.exe
c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2009-07-23 19:31 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2009-07-23 17:31

Vor Suchlauf: 14 Verzeichnis(se), 27.694.002.176 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 27.501.719.552 Bytes frei

341 --- E O F --- 2009-07-23 17:01

1.) Deinstalliere (falls möglich):

• SuperAntiSpyware
• Spybot

2.) Scripten mit Combofix

• Öffne den Editor (Start => Zubehör => Editor ) kopiere nun folgenden Text in das weiße Feld:

Speichere diese Datei nun auf dem Desktop unter -> cfscript.txt

• Nun die Datei cfscript.txt auf das Sysmbol von Combofix ziehen!

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

• Danach das Log von Combofix ohne zu Editieren posten. Nur wenn dein Vor- und Nachname ersichtlich ist, dann entferne ihn.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann.

ciao, andreas

Und da kommt das nächste Log.
Könnte mich mit ComboFix anfreunden!

TEIL I


ComboFix 09-07-23.01 - Solced 23.07.2009 20:51.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.2046.1288 [GMT 2:00]
ausgeführt von:: c:\users\Solced\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Solced\Desktop\cfscript.txt
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Avira AntiVir PersonalEdition *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\Wise Installation Wizard
c:\program files\Common Files\Wise Installation Wizard\WISA4ED5256CF3F4DEA9101E2C87545478B_1_0_0.MSI
c:\program files\SUPERAntiSpyware
c:\programdata\NortonInstaller
c:\programdata\NortonInstaller\Logs\07-21-2009-21h47m34s\SymNRT-07-21-2009-21h47m34s.log
c:\programdata\NortonInstaller\Logs\07-21-2009-21h47m34s\SymNRT.1.mft.7z
c:\programdata\NortonInstaller\Settings\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}.7z
c:\programdata\SITEguard
c:\programdata\SITEguard\siteguard.db
c:\programdata\Spybot - Search & Destroy
c:\programdata\Spybot - Search & Destroy\Logs\Checks.090721-1713.txt
c:\programdata\Spybot - Search & Destroy\Logs\Fixes.090721-1714.txt
c:\programdata\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled.zip
c:\programdata\Spybot - Search & Destroy\Recovery\WinAgentfox.zip
c:\programdata\Spybot - Search & Destroy\Recovery\WinTDSSrtk.zip
c:\programdata\Spybot - Search & Destroy\Recovery\WinTDSSrtk1.zip
c:\programdata\Spybot - Search & Destroy\Recovery\WinTDSSrtk10.zip
c:\programdata\Spybot - Search & Destroy\Recovery\WinTDSSrtk2.zip
c:\programdata\Spybot - Search & Destroy\Recovery\WinTDSSrtk3.zip
c:\programdata\Spybot - Search & Destroy\Recovery\WinTDSSrtk4.zip
c:\programdata\Spybot - Search & Destroy\Recovery\WinTDSSrtk5.zip
c:\programdata\Spybot - Search & Destroy\Recovery\WinTDSSrtk6.zip
c:\programdata\Spybot - Search & Destroy\Recovery\WinTDSSrtk7.zip
c:\programdata\Spybot - Search & Destroy\Recovery\WinTDSSrtk8.zip
c:\programdata\Spybot - Search & Destroy\Recovery\WinTDSSrtk9.zip
c:\programdata\STOPzilla!
c:\programdata\STOPzilla!\modules_scanned.db
c:\programdata\STOPzilla!\modules_scanned.db.bak
c:\programdata\STOPzilla!\scanner.log
c:\programdata\STOPzilla!\sgdefs.db
c:\programdata\STOPzilla!\sgdwc.db
c:\programdata\STOPzilla!\userdata.db
c:\programdata\STOPzilla!\zilla5.log
c:\programdata\SUPERAntiSpyware.com
C:\rsit
c:\rsit\info.txt
c:\rsit\log.txt
c:\users\Solced\AppData\Roaming\SUPERAntiSpyware.com

.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_a2freeAeLookupSvcAeLookupSvc


((((((((((((((((((((((( Dateien erstellt von 2009-06-23 bis 2009-07-23 ))))))))))))))))))))))))))))))
.

2009-07-23 18:57 . 2009-07-23 18:57 -------- d-----w- c:\users\Solced\AppData\Local\VirtualStore
2009-07-23 18:55 . 2009-07-23 18:58 -------- d-----w- c:\users\Solced\AppData\Local\temp
2009-07-23 18:55 . 2009-07-23 18:55 -------- d-----w- c:\users\Mehmet\AppData\Local\temp
2009-07-21 20:55 . 2009-07-21 20:55 -------- d-----w- c:\program files\The KMPlayer
2009-07-21 20:43 . 2009-07-21 20:43 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-21 20:43 . 2009-07-21 20:43 -------- d-----w- c:\program files\Java
2009-07-21 20:39 . 2009-07-21 20:39 -------- d-----w- c:\program files\FoxitReader30_enu
2009-07-21 20:27 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-21 20:27 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-21 20:27 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-21 20:27 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-21 18:05 . 2009-07-21 18:05 -------- d-----w- c:\users\Solced\AppData\Roaming\Malwarebytes
2009-07-21 18:05 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-21 18:05 . 2009-07-21 18:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-21 18:05 . 2009-07-21 18:05 -------- d-----w- c:\programdata\Malwarebytes
2009-07-21 18:05 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-21 15:02 . 2009-07-21 15:02 -------- d-----w- c:\users\Solced\AppData\Local\Toshiba
2009-07-21 13:16 . 2009-07-21 13:16 -------- d-----w- c:\program files\Common Files\iS3
2009-07-11 17:00 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-07-11 16:59 . 2008-12-06 04:42 376832 ----a-w- c:\windows\system32\winhttp.dll
2009-07-11 16:59 . 2008-06-06 03:27 562176 ----a-w- c:\windows\system32\msdtcprx.dll
2009-07-11 16:59 . 2008-06-06 03:27 38912 ----a-w- c:\windows\system32\xolehlp.dll
2009-07-11 16:56 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-07-11 14:16 . 2009-07-21 09:25 -------- d-----w- c:\programdata\TrackMania
2009-06-27 12:13 . 2009-06-27 12:13 -------- d-----w- c:\program files\Sierra On-Line
2009-06-27 12:09 . 2009-06-27 12:09 -------- d-----w- C:\Sierra
2009-06-26 14:50 . 2009-06-26 14:50 -------- d-----w- c:\program files\Valve

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-21 21:22 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-21 20:34 . 2007-09-23 09:56 12 ----a-w- c:\windows\bthservsdp.dat
2009-07-21 20:32 . 2008-12-21 21:07 -------- d-----w- c:\programdata\Skype
2009-07-21 20:28 . 2008-02-25 00:49 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-21 18:50 . 2007-11-26 22:40 -------- d-----w- c:\program files\Mozilla Sunbird
2009-07-21 17:11 . 2009-03-05 20:02 1 ----a-w- c:\users\Solced\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-07-21 14:23 . 2009-07-21 13:22 2200 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2009-07-21 13:23 . 2009-07-21 13:23 296 ----a-w- c:\windows\system32\drivers\kgpfr2.cfg
2009-07-20 19:04 . 2006-11-02 15:33 673866 ----a-w- c:\windows\system32\perfh007.dat
2009-07-20 19:04 . 2006-11-02 15:33 139086 ----a-w- c:\windows\system32\perfc007.dat
2009-07-04 10:56 . 2009-05-12 20:05 -------- d-----w- c:\users\Solced\AppData\Roaming\Xfire
2009-07-03 19:34 . 2009-01-15 16:12 -------- d-----w- c:\program files\Common Files\Steam
2009-07-03 19:29 . 2009-05-12 20:05 -------- d-----w- c:\programdata\Xfire
2009-06-28 20:22 . 2009-01-01 18:00 -------- d-----w- c:\program files\Full Tilt Poker
2009-06-26 16:45 . 2008-12-21 21:09 -------- d-----w- c:\users\Solced\AppData\Roaming\skypePM
2009-06-25 19:52 . 2009-01-07 15:04 -------- d-----w- c:\users\Solced\AppData\Roaming\dvdcss
2009-06-12 10:45 . 2009-06-12 10:41 -------- d-----w- c:\program files\ICQ6.5
2009-06-11 22:29 . 2009-06-11 22:29 41808 ----a-w- c:\windows\system32\xfcodec.dll
2009-06-01 15:30 . 2007-04-16 05:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-27 17:05 . 2009-05-27 17:05 -------- d-----w- c:\program files\Gamigo Games
2009-04-30 12:37 . 2009-07-11 17:00 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-04-30 12:37 . 2009-07-11 17:00 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-07-15 21:31 . 2009-07-21 20:37 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2007-08-07 18:47 . 2007-08-07 18:47 397312 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6000.16480_none_ef1b6bb652cf8744\WinMail.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-07-23_17.25.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-04-16 05:35 . 2009-07-23 18:59 74336 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-07-23 18:59 96100 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-12-21 17:19 . 2009-07-23 18:59 11484 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1012844329-1309873292-53014512-1001_UserData.bin
+ 2009-04-05 18:41 . 2009-07-23 18:48 41446 c:\windows\System32\config\systemprofile\AppData\Roaming\nvModes.dat
- 2009-04-05 18:41 . 2009-07-23 17:15 41446 c:\windows\System32\config\systemprofile\AppData\Roaming\nvModes.dat
- 2009-07-23 17:24 . 2009-07-23 17:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-07-23 18:57 . 2009-07-23 18:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-07-23 18:57 . 2009-07-23 18:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-23 17:24 . 2009-07-23 17:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
.

Wie schnell du auch da drüber rauschst! ^^

TEIL II



(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2006-12-03 15:03 2854912 ----a-w- c:\program files\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2006-12-03 15:03 2854912 ----a-w- c:\program files\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-05-23 262401]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-03-13 2060288]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-13 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-13 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-13 81920]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-06-13 4489216]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 1232896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-12-03 14:50 90112 ----a-w- c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi6"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1012844329-1309873292-53014512-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{BB980586-677E-40CB-B41F-9880906DE2D4}"= Profile=Private|c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{D693FD80-E933-4156-81F9-66A8B444D643}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= Disabled:UDP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"UDP Query User{D1FBFF98-F375-4238-AE67-BB95BEA2FE19}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= Disabled:TCP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"TCP Query User{9489D34C-E3D3-4081-991D-CB3FA13DD38F}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{3EA63B76-68C7-439F-B969-1857B72BAE9A}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{F2D661C9-3F61-4796-B60A-F23ADDE3E56A}c:\\program files\\icq6\\icq.exe"= Disabled:UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{A2DC48E8-EDE4-4EB2-A59E-035560BA04C4}c:\\program files\\icq6\\icq.exe"= Disabled:TCP:c:\program files\icq6\icq.exe:ICQ Library
"{9243BB5D-08FE-4865-8ACB-A4E37AA651C6}"= Disabled:UDP:c:\program files\THQ\Juiced2_HIN\Juiced2_HIN.exe:Juiced2_HIN
"{8D1D40F4-E132-4595-8C1C-520E6BFBA96D}"= Disabled:TCP:c:\program files\THQ\Juiced2_HIN\Juiced2_HIN.exe:Juiced2_HIN
"TCP Query User{BF7345A5-B7C0-44D4-B4B9-3E135A8189B8}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{84B757CD-AE0E-4515-BAAD-260F8195CB4E}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{8A2C9F09-4F09-41FF-A264-E6F81AB9DF07}"= Profile=Private|c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{E55BAB8D-7FE1-4E16-9A27-C2D0B6441D00}c:\\program files\\flightgear\\bin\\win32\\fgfs.exe"= Disabled:UDP:c:\program files\flightgear\bin\win32\fgfs.exe:fgfs
"UDP Query User{92612533-B1BE-4089-820D-E36461D65DB9}c:\\program files\\flightgear\\bin\\win32\\fgfs.exe"= Disabled:TCP:c:\program files\flightgear\bin\win32\fgfs.exe:fgfs
"{8A597623-D0E8-4C8C-B8F8-D856E4E185DB}"= Disabled:c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{222774B3-86F3-4E48-965C-2D9C203E4A45}c:\\program files\\lucasarts\\star wars jk ii jedi outcast\\gamedata\\jk2mp.exe"= UDP:c:\program files\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe:jk2mp
"UDP Query User{726B9BE1-B37E-45A2-AB55-F8DCC716526D}c:\\program files\\lucasarts\\star wars jk ii jedi outcast\\gamedata\\jk2mp.exe"= TCP:c:\program files\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe:jk2mp
"{C715306C-79AF-4376-8607-5875E78E48C0}"= UDP:c:\program files\Windows Live\Messenger\msnmsgr.exe:Windows Live Messenger
"{18F6A95C-796A-4063-BFA0-B31E8A0ACB74}"= TCP:c:\program files\Windows Live\Messenger\msnmsgr.exe:Windows Live Messenger
"{6D853470-151D-49E4-AB4D-2B93F839E01F}"= UDP:c:\program files\Microsoft Games for Windows - LIVE\Client\GFWLive.exe:Games for Windows - LIVE
"{3C07032E-5A87-45D8-810D-58A78FFE2ACE}"= TCP:c:\program files\Microsoft Games for Windows - LIVE\Client\GFWLive.exe:Games for Windows - LIVE
"TCP Query User{401B3B43-5D40-42BC-AB59-C58DA4B7A35A}c:\\program files\\microsoft games for windows - live\\eidos\\kane and lynch dead men\\kaneandlynch.exe"= UDP:c:\program files\microsoft games for windows - live\eidos\kane and lynch dead men\kaneandlynch.exe:Kane & Lynch - Dead Men
"UDP Query User{F640DB72-67DB-4510-BA07-8720AAE5D6EB}c:\\program files\\microsoft games for windows - live\\eidos\\kane and lynch dead men\\kaneandlynch.exe"= TCP:c:\program files\microsoft games for windows - live\eidos\kane and lynch dead men\kaneandlynch.exe:Kane & Lynch - Dead Men
"TCP Query User{C607A43A-27A8-48C2-9615-044F8452FCD9}c:\\program files\\microsoft games for windows - live\\eidos\\kane and lynch dead men\\kaneandlynch.exe"= UDP:c:\program files\microsoft games for windows - live\eidos\kane and lynch dead men\kaneandlynch.exe:Kane & Lynch - Dead Men
"UDP Query User{704CFF66-85D0-4D07-A084-03D6A386387A}c:\\program files\\microsoft games for windows - live\\eidos\\kane and lynch dead men\\kaneandlynch.exe"= TCP:c:\program files\microsoft games for windows - live\eidos\kane and lynch dead men\kaneandlynch.exe:Kane & Lynch - Dead Men
"{32D59623-2550-4E9F-A3C1-CA32E214F691}"= UDP:c:\program files\Valve\Steam\Steam.exe:Steam
"{7FADD213-6EE3-46B1-A7AC-06908A6C01BB}"= TCP:c:\program files\Valve\Steam\Steam.exe:Steam
"TCP Query User{66E9EB07-FB04-4111-A6DB-B81F229B6CA9}c:\\program files\\novalogic\\delta force black hawk down\\update.exe"= UDP:c:\program files\novalogic\delta force black hawk down\update.exe:UPDATE
"UDP Query User{5F514F26-A3D9-4512-B1A2-C8576AB1A421}c:\\program files\\novalogic\\delta force black hawk down\\update.exe"= TCP:c:\program files\novalogic\delta force black hawk down\update.exe:UPDATE
"TCP Query User{226E942B-B6AE-495F-B41E-BE4B6C6EC2CC}c:\\program files\\sierra\\fear\\fpupdate.exe"= UDP:c:\program files\sierra\fear\fpupdate.exe:fpupdate
"UDP Query User{9BBB656A-DF7C-4119-9BFE-AB94EE52DF71}c:\\program files\\sierra\\fear\\fpupdate.exe"= TCP:c:\program files\sierra\fear\fpupdate.exe:fpupdate
"TCP Query User{6619EF38-C387-484C-B892-8B5DD5EFCA17}c:\\program files\\sierra\\fear\\fearserver.exe"= UDP:c:\program files\sierra\fear\fearserver.exe:F.E.A.R. - Stand-Alone Server
"UDP Query User{974B05E9-F9D2-4D91-83F3-4E057FD780B1}c:\\program files\\sierra\\fear\\fearserver.exe"= TCP:c:\program files\sierra\fear\fearserver.exe:F.E.A.R. - Stand-Alone Server
"{8EA4E7CE-AC7A-49C0-99F5-54DCB56A1E01}"= UDP:c:\program files\Sierra\FEAR\FEAR.exe:FEAR
"{84E3A3C7-6E62-4208-9A6E-E788DDDC7D93}"= TCP:c:\program files\Sierra\FEAR\FEAR.exe:FEAR
"{07E4232C-7A56-4698-9186-22F7D17355E7}"= UDP:c:\program files\Sierra\FEAR\FEARMP.exe:FEAR
"{83FEFE00-7F99-4F45-A034-5FE505298AFB}"= TCP:c:\program files\Sierra\FEAR\FEARMP.exe:FEAR
"TCP Query User{724706AD-09FE-4032-9801-6C32F2293181}d:\\programme 2\\doom 3\\doom3ded.exe"= UDP:d:\programme 2\doom 3\doom3ded.exe:DOOM 3
"UDP Query User{08966DCC-4C48-4037-9592-03267CAA2EC8}d:\\programme 2\\doom 3\\doom3ded.exe"= TCP:d:\programme 2\doom 3\doom3ded.exe:DOOM 3
"TCP Query User{B1E6870F-AAE7-4FF1-B68C-075016976576}d:\\programme 2\\xfire\\xfire.exe"= UDP:d:\programme 2\xfire\xfire.exe:Xfire
"UDP Query User{34F082A0-F425-41DA-8A8C-BC87AB8364CB}d:\\programme 2\\xfire\\xfire.exe"= TCP:d:\programme 2\xfire\xfire.exe:Xfire
"TCP Query User{51AFA22C-4FFA-46D3-8213-1F7A802DBA0B}c:\\program files\\savage 2 - a tortured soul\\savage2.exe"= UDP:c:\program files\savage 2 - a tortured soul\savage2.exe:savage2
"UDP Query User{C04D9A2D-9E08-42A6-8B72-5B31E2B34ECF}c:\\program files\\savage 2 - a tortured soul\\savage2.exe"= TCP:c:\program files\savage 2 - a tortured soul\savage2.exe:savage2
"TCP Query User{3C8D0CC7-8412-4E9B-962B-C1FBE85C0DEA}d:\\programme 2\\xfire\\xfire.exe"= UDP:d:\programme 2\xfire\xfire.exe:Xfire
"UDP Query User{BDDBAD50-BC64-4B80-A440-8F9240815CCC}d:\\programme 2\\xfire\\xfire.exe"= TCP:d:\programme 2\xfire\xfire.exe:Xfire
"TCP Query User{8DACD63C-BDB5-42F6-8242-3E468C205C54}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ
"UDP Query User{4F0DCF49-43E5-42E3-AAF2-8FE24F759992}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ
"TCP Query User{42B7F61C-4EF1-4685-9E27-ADD5BB23A3BF}c:\\program files\\valve\\steam\\steamapps\\solced\\condition zero\\hl.exe"= UDP:c:\program files\valve\steam\steamapps\solced\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{FE0D4CC6-585F-4AB3-940B-0A4CE7E6C4F5}c:\\program files\\valve\\steam\\steamapps\\solced\\condition zero\\hl.exe"= TCP:c:\program files\valve\steam\steamapps\solced\condition zero\hl.exe:Half-Life Launcher
"TCP Query User{B2734F68-0737-4172-8946-020CC368559C}c:\\program files\\valve\\steam\\steamapps\\solced\\counter-strike\\hl.exe"= UDP:c:\program files\valve\steam\steamapps\solced\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{745C66C0-68DF-44DB-917E-BFAECE148641}c:\\program files\\valve\\steam\\steamapps\\solced\\counter-strike\\hl.exe"= TCP:c:\program files\valve\steam\steamapps\solced\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{63778396-D537-4AA5-A0B0-9A9641766108}c:\\program files\\valve\\steam\\steamapps\\solced\\ricochet\\hl.exe"= UDP:c:\program files\valve\steam\steamapps\solced\ricochet\hl.exe:Half-Life Launcher
"UDP Query User{CDD320FB-830E-4224-82E1-AD85B6AA9C57}c:\\program files\\valve\\steam\\steamapps\\solced\\ricochet\\hl.exe"= TCP:c:\program files\valve\steam\steamapps\solced\ricochet\hl.exe:Half-Life Launcher
"{82C0497B-8927-4673-BCA2-AF7A7F25DF95}"= UDP:c:\program files\Valve\Steam\SteamApps\common\trackmania nations forever\TmForever.exe:TrackMania Nations Forever
"{79230E82-B47C-44A6-923E-ADD9355520F4}"= TCP:c:\program files\Valve\Steam\SteamApps\common\trackmania nations forever\TmForever.exe:TrackMania Nations Forever
"{084ED45A-DCD9-4B22-B7A6-6AC394063E6C}"= UDP:c:\program files\Valve\Steam\SteamApps\common\trackmania nations forever\TmForeverLauncher.exe:TrackMania Nations Forever
"{0F195E34-DE6D-41B8-8621-FB7710AF34F5}"= TCP:c:\program files\Valve\Steam\SteamApps\common\trackmania nations forever\TmForeverLauncher.exe:TrackMania Nations Forever
"TCP Query User{0EC73DEC-EA6D-4F4A-A763-12E1D415D692}c:\\program files\\valve\\steam\\steamapps\\solced\\day of defeat\\hl.exe"= UDP:c:\program files\valve\steam\steamapps\solced\day of defeat\hl.exe:Half-Life Launcher
"UDP Query User{18D57237-8D16-401A-8429-FDEDB676BA2A}c:\\program files\\valve\\steam\\steamapps\\solced\\day of defeat\\hl.exe"= TCP:c:\program files\valve\steam\steamapps\solced\day of defeat\hl.exe:Half-Life Launcher

R0 CplIR;Embedded IR Driver;c:\windows\System32\drivers\CplIR.sys [06.03.2007 15:01 14848]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [05.07.2006 14:46 63352]
R2 SecureDZoneService;SecureDZone Helper Service;c:\program files\ArchiCrypt\Shredder 4\SecureDZoneService.exe [29.08.2007 19:58 531968]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [13.03.2008 20:08 24576]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe --> c:\program files\MAGIX\Common\Database\bin\fbserver.exe [?]
S3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;c:\windows\System32\drivers\tascusb2.sys [22.02.2009 22:44 360448]
S3 TASCAM_US144_MIDI;TASCAM US-144 WDM MIDI Device;c:\windows\System32\drivers\tscusb2m.sys [22.02.2009 22:44 18944]
S3 TASCAM_US144_WDM;TASCAM US-144 WDM;c:\windows\System32\drivers\tscusb2a.sys [22.02.2009 22:44 33792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
rsmsvcs REG_MULTI_SZ ntmssvc
bthsvcs REG_MULTI_SZ BthServ
.
.
------- Zusätzlicher Suchlauf -------
.
FF - ProfilePath - c:\users\Solced\AppData\Roaming\Mozilla\Firefox\Profiles\s4l8g8q6.default\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-23 20:58
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OOSAFEERASE03.00.00.01MSWINDOWS"="3A5C9F3ACA990BBFD2630D95ED5064A5930E8E3DD83014A8E0EAB938ACBBD15121DBB918F5093A47E48D604941FA852C63888973FD9A937DCB4 646633673C1905A5CE10D0F8D13164C39AF1A2168ADAD15ECAD0598931B137085FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9 E127BECC74CA6A0AC4980AC7933A2D97226D213B555A6171C11EC38DE3DC038D530D6EB3452E235B17676DADEE841ED34EFF840B2EFF8637757E74C26EB239FD90EB7DAF0D8E7CDF19706A 14B7D235135AA5ED6FBC550F7EBD9D6E8342C4FB974BE74C140B3F282DAC1E6227AF5DF1539E98F81A1B7C177EFC0580CF11B4772284261A38E51F21FA7E3F1F641EDBE07F824482B08BB0 ACEDA2A2F11EC265BF9878163E7393AEEB5C9CFD1BAE92A1A38E0B29BC0846C78AFB31C70552B63F042D7C63702919A0098E2390610B38EDF7D1154EB33E2886F12BA7C063CA488FD8394C 5EA635D4353DFCABA631B4FA411F1DE2D73F86172E6AE5F17AC2CC3F31239EC12E083D42A29690E529183E21C456F52413E8BB4336904489AF7106A244A214222CF5F26E6D853EA608BF58 9C5A69A277CAC6803F496D44E9C4C566BBC5CBF2C53C37670374904D5292125CE977356CFACF411670523A6FE11E4F1108610DA73669A4BC9FB7921F5D877C2B82C7ECB6F849E0C705753C 21DD54E5913ECC27E997F0765BA3A7918277B840A39402C695E1907E1A10305391D29E907A47F63F9CD288F53C11BEF99F70294B63D36F8DF2967DE2171C3A6DA29306E7A6972F7DF78CA0 FA0CDE91519AC4248882114F2A391CB2ADBCB763BBE1D70E6B4F81E1788B3B93564451937CE3D759345B704B96E0B09C3A50F1FD9BD0C56AD3EDF7D6C8DCDA7843401BDB6B754393CB5465 3073D3F46569A0E65AE763C3077201E31BA4E4AAE532CCD8F0992520FDF258775A3D10A0D63561113F8CCA433C9E926FD546FDDC8CB6CEC6C36634ADBED652AFD6DB0FA4DBFFBD1968A64F 4757CAEE1C9A3D575596E199355DEF48369A9CB4E28D623D6D615307F84CCA88DF2BE04ADA2222F2D238CD7E96EB0CF79662B2F8B52E63518E1DD1D3E1339478589928457B5E1E7594ECDD 68D7F73465C61DEEC6C7D373BE8096CF0A29CDFB3A47E4DD0A4D906367FE7AB431078FEEC0FD183666C4FF6462B49E55CBB9F6322E8F89888CD05C88E5B6076D27468C11BA9112DFE00926 6337386C21604C07C8D0404F255FC53F32D5A8B50BC37043BEC775CC3A18B35DD1C8985CFD5F1C5F535DB8E2DDED38569129E22AF3BC12582C1F75382B7EA47C664E9F2AD5BEA1AAD19896 D6DD6E57F9D7E7FC0600FF7C7C0BE5E7EFA34EA819F3046DB50E6CACC18025B56AD6D3C4818FB086700FBAC8D31CC13C40F8B4D3CFA688231813F5F8FBCF7D1653C5A"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'lsass.exe'(680)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infra.dll

- - - - - - - > 'Explorer.exe'(2472)
c:\program files\Protector Suite QL\farchns.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Nokia\Nokia PC Suite 6\phonebrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_ger.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Protector Suite QL\upeksvr.exe
c:\program files\AntiVir PersonalEdition Classic\avguard.exe
c:\windows\System32\dllhost.exe
c:\windows\System32\conime.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2009-07-23 21:07 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2009-07-23 19:07
ComboFix2.txt 2009-07-23 17:31

Vor Suchlauf: 13 Verzeichnis(se), 27.544.469.504 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 27.429.523.456 Bytes frei

326 --- E O F --- 2009-07-23 17:01

Das sieht doch schon viel freundlicher aus. :)

Teste, ob es noch Umleitungen bei Google gibt.

1.) Deaktiviere den Wächter von Avira.

2.) Packe den Ordner c:\qoobox mit Zip oder Rar, lade das Archiv bei einem Filehoster hoch (z.B. www.materialordner.de) und schicke mir den Link als Private Nachricht.

3.) Aktiviere den Wächter von Avira.

4.) Start => Ausführen => combofix /u => OK

5.) Kaspersky - Onlinescanner

Dieser Scanner entfernt die Funde nicht, gibt aber einen guten Überblick über die vorhandene Malware.

---> hier herunterladen => Kaspersky Online Scanner
=> Hinweise zu älteren Versionen beachten!
=> Voraussetzung: Internet Explorer 6.0 oder höher
=> die nötigen ActiveX-Steuerelemente installieren => Update der Signaturen => Weiter
=> Scan-Einstellungen => Standard wählen => OK => Link "Arbeitsplatz" anklicken
=> Scan beginnt automatisch => Untersuchung wurde abgeschlossen => Protokoll speichern als
=> Dateityp auf .txt umstellen => auf dem Desktop als Kaspersky.txt speichern => Log hier posten
=> Deinstallation => Systemsteuerung => Software => Kaspersky Online Scanner entfernen

6.) Überprüfe den Rechner mit PrevXCSI. Poste ein Screenshot falls etwas gefunden werden sollte.

ciao, andreas

Komischer weise läd er Kaspersky nach dem anclicken von "Akzeptieren (der AGB)" nicht herunter -.-
Verstehe ich nicht.
Ich versuche möglichst alles nötige noch zu machen, Andreas, bin aber leider noch mit Ausarbeitungen im Verzug. Ich hoffe du nimmst es mir nicht allzuübel, wenn ich heute zu nichts mehr komme!

Gruß
Solced

Kein Problem, aber bitte die Reihenfolge genau einhalten.

ciao, andreas

hey john.doe. bin leider erst ebend wieder zu Hause angekommen und werde heute über den Tag und die Nacht Ausarbeitungen fertig stellen müssen! Werde morgen abend den Rest in angriff nehmen!

Lieber gruß
Solced

Alles klar. :)

ciao, andreas

Hey. john.doe
Tut mir leid, doch hatte ich sehr viel arbeit die Woche. Kita.Schulanfänger-abgangsfeier etc. Werde es richtung WE in angriff nehmen können. Verzeih mir

Kein Problem, ist ja nicht so schlimm, ist ja nicht mein Rechner. :D

ciao, andreas

So. Endlich mal die Antwort!
Also: Google verlinkt nicht mehr Falsch
Hier die Qoobox: http://www.materialordner.de/otJHSZqLttboKDdJwxYDUJbbY2jHBdm.html
Weiter lässt Kaspersky sich nicht herunter laden
Deswegen hier erst einmal die Combofix (Nachtrag:)

:daumenhoc

Vom schlimmsten Plagegeist hat dich ComboFix befreit, jetzt suchen wir noch nach nachgeladenen Schädlingen.
Der zickt häufiger herum. Einfach überspringen und statt dessen den hier nehmen.

Panda Active Scan

Folgende Seite führt dich durch die Installation: PandaActiveScan2.0 Installation

Drücke auf Jetzt Scannen!

Eine Registrierung ist nicht erforderlich!

Nachdem der Scan abgeschlossen ist drücke auf das Text-Icon Export und speichere das log auf dem Desktop.
Öffne die Datei ActiveScan.txt die sich nun auf deinem Desktop befindet und poste uns den Inhalt.

ciao, andreas

Hier einmal Panda:

;***************************************************************************************************************************************************** ******************************
ANALYSIS: 2009-08-04 21:07:49
PROTECTIONS: 3
MALWARE: 11
SUSPECTS: 6
;***************************************************************************************************************************************************** ******************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================== ==============================
Avira AntiVir PersonalEdition 7.0.3.158
Yes Yes
Avira AntiVir PersonalEdition 7.0.3.158
No Yes
Windows-Defender 1.1.1505.0 No Yes
;===================================================================================================================================================== ==============================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================== ==============================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Solced\AppData\Roaming\Microsoft\Windows\Cookies\solced@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Solced\AppData\Roaming\Microsoft\Windows\Cookies\solced@atdmt[2].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\Solced\AppData\Roaming\Microsoft\Windows\Cookies\solced@tradedoubler[1].txt
00149425 Hacktool/Hammer HackTools No 0 Yes No C:\Program Files\Robster Productions\Halflife Logo Creator\HLC.exe
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Solced\AppData\Roaming\Microsoft\Windows\Cookies\solced@serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Solced\AppData\Roaming\Microsoft\Windows\Cookies\solced@bs.serving-sys[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Solced\AppData\Roaming\Microsoft\Windows\Cookies\solced@atwola[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Solced\AppData\Roaming\Microsoft\Windows\Cookies\solced@atwola[2].txt
02059071 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\Qoobox\Quarantine\C\Windows\Temp\qpimqqxtbn.exe.vir
02059071 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\Qoobox.zip[Qoobox/Quarantine/C/Windows/Temp/qpimqqxtbn.exe.vir]
02243827 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\Qoobox.zip[Qoobox/Quarantine/C/Windows/System32/drivers/_SKYNETrvxwttur_.sys.zip][SKYNETrvxwttur.sys]
02243827 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\Qoobox\Quarantine\C\Windows\System32\drivers\SKYNETrvxwttur.sys.vir
02243827 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\Qoobox.zip[Qoobox/Quarantine/C/Windows/System32/drivers/SKYNETrvxwttur.sys.vir]
02243827 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\Qoobox\Quarantine\C\Windows\System32\drivers\_SKYNETrvxwttur_.sys.zip[SKYNETrvxwttur.sys]
02444111 Trj/Alureon.AW Virus/Trojan No 0 Yes No C:\Qoobox.zip[Qoobox/Quarantine/C/ProgramData/STOPzilla!/Quarantine/598134c8-56ef-411c-b383-29cdbb5bf429.pre.vir]
02444111 Trj/Alureon.AW Virus/Trojan No 0 Yes No C:\Qoobox\Quarantine\C\Windows\System32\SKYNETcipkxvfx.dll.vir
02444111 Trj/Alureon.AW Virus/Trojan No 0 Yes No C:\Qoobox\Quarantine\C\ProgramData\STOPzilla!\Quarantine\598134c8-56ef-411c-b383-29cdbb5bf429.pre.vir
02444111 Trj/Alureon.AW Virus/Trojan No 0 Yes No C:\Qoobox.zip[Qoobox/Quarantine/C/Windows/System32/SKYNETcipkxvfx.dll.vir]
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Qoobox\Quarantine\C\Windows\System32\SKYNETxrdvipdm.dll.vir
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Users\Mehmet\Desktop\ff06_v39\FlusiFix-2006 V3.9\ProSpeed.dll
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Qoobox.zip[Qoobox/Quarantine/C/Windows/System32/SKYNETxrdvipdm.dll.vir]
;===================================================================================================================================================== ==============================
SUSPECTS
Sent Location �cAڸ�j �9
;===================================================================================================================================================== ==============================
No C:\Program Files\ArchiCrypt\Shredder 4\ACShredder4.exe �cAڸ�j �9
No C:\Program Files\ArchiCrypt\Shredder 4\Quarantine.exe �cAڸ�j �9
No C:\Program Files\ArchiCrypt\Shredder 4\Scheduler.exe �cAڸ�j �9
No C:\Users\Solced\Downloads\HLC_1_setup.exe �cAڸ�j �9
No D:\Alcohol\Alcohol_120_Percent_v1[1].9.6.5429_Patch\Alcohol 120% 1.9.6.5429 Patch.exe �cAڸ�j �9
No D:\Solced\Neuer Ordner (2)\free-wma-mp3-converter.exe �cAڸ�j �9
;===================================================================================================================================================== ==============================
VULNERABILITIES
Id Severity Description �cAڸ�j �9
;===================================================================================================================================================== ==============================
;===================================================================================================================================================== ==============================


Fetze jetzt noch einmal COMBOFIX drüber und schicke dir die log

Wieso bin ich jetzt stinkend sauer? :koch:

Lies hier => http://www.trojaner-board.de/452276-post7.html

Hier geht es weiter => http://www.trojaner-board.de/51262-a...sicherung.html

Du bist entlassen und ich bin raus,
andreas

Teil I

ComboFix 09-08-04.01 - Solced 04.08.2009 21:21.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.2046.1403 [GMT 2:00]
ausgeführt von:: c:\users\Solced\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Avira AntiVir PersonalEdition *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Windows Live Messenger .lnk

.
((((((((((((((((((((((( Dateien erstellt von 2009-07-04 bis 2009-08-04 ))))))))))))))))))))))))))))))
.

2009-08-04 19:26 . 2009-08-04 19:26 -------- d-----w- c:\users\Solced\AppData\Local\temp
2009-08-04 17:38 . 2008-06-19 15:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-08-04 17:38 . 2009-08-04 17:38 -------- d-----w- c:\program files\Panda Security
2009-08-04 14:31 . 2009-08-04 14:31 12197745 ----a-w- C:\Qoobox.zip
2009-08-02 23:00 . 2009-08-02 23:01 -------- d-----w- c:\users\Solced\AppData\Roaming\vlc
2009-08-02 22:59 . 2009-08-02 22:59 -------- d-----w- c:\program files\VideoLAN
2009-08-02 18:39 . 2009-08-02 18:39 -------- d-----w- c:\program files\Robster Productions
2009-08-02 18:30 . 2009-08-02 18:30 -------- d-----w- C:\mydecal
2009-08-02 11:34 . 2009-08-02 11:34 -------- d-----w- c:\users\Solced\SystemRequirementsLab
2009-07-29 23:42 . 2009-07-29 23:42 -------- d-----w- c:\users\Solced\AppData\Roaming\JonDo
2009-07-29 23:39 . 2009-07-29 23:40 -------- d-----w- c:\program files\JAP
2009-07-23 18:57 . 2009-07-23 20:39 -------- d-----w- c:\users\Solced\AppData\Local\VirtualStore
2009-07-21 20:55 . 2009-07-21 20:55 -------- d-----w- c:\program files\The KMPlayer
2009-07-21 20:43 . 2009-07-21 20:43 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-21 20:43 . 2009-07-21 20:43 -------- d-----w- c:\program files\Java
2009-07-21 20:39 . 2009-07-21 20:39 -------- d-----w- c:\program files\FoxitReader30_enu
2009-07-21 20:27 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-21 20:27 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-21 20:27 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-21 20:27 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-21 18:05 . 2009-07-21 18:05 -------- d-----w- c:\users\Solced\AppData\Roaming\Malwarebytes
2009-07-21 18:05 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-21 18:05 . 2009-07-21 18:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-21 18:05 . 2009-07-21 18:05 -------- d-----w- c:\progra~2\Malwarebytes
2009-07-21 18:05 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-21 15:02 . 2009-07-21 15:02 -------- d-----w- c:\users\Solced\AppData\Local\Toshiba
2009-07-21 13:16 . 2009-07-21 13:16 -------- d-----w- c:\program files\Common Files\iS3
2009-07-11 17:01 . 2009-02-13 08:49 1255936 ----a-w- c:\windows\system32\lsasrv.dll
2009-07-11 17:01 . 2009-03-17 03:38 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-07-11 17:01 . 2009-03-17 03:38 24064 ----a-w- c:\windows\system32\amxread.dll
2009-07-11 17:01 . 2009-02-13 08:49 72704 ----a-w- c:\windows\system32\secur32.dll
2009-07-11 16:59 . 2008-12-06 04:42 376832 ----a-w- c:\windows\system32\winhttp.dll
2009-07-11 16:59 . 2008-06-06 03:27 562176 ----a-w- c:\windows\system32\msdtcprx.dll
2009-07-11 16:59 . 2008-06-06 03:27 38912 ----a-w- c:\windows\system32\xolehlp.dll
2009-07-11 16:56 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-07-11 14:16 . 2009-07-21 09:25 -------- d-----w- c:\progra~2\TrackMania

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-03 23:55 . 2009-01-07 15:04 -------- d-----w- c:\users\Solced\AppData\Roaming\dvdcss
2009-08-02 11:34 . 2008-02-15 22:04 -------- d-----w- c:\program files\SystemRequirementsLab
2009-07-30 11:54 . 2009-03-05 20:02 1 ----a-w- c:\users\Solced\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-07-21 21:22 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-21 20:34 . 2007-09-23 09:56 12 ----a-w- c:\windows\bthservsdp.dat
2009-07-21 20:32 . 2008-12-21 21:07 -------- d-----w- c:\progra~2\Skype
2009-07-21 20:28 . 2008-02-25 00:49 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-21 18:50 . 2007-11-26 22:40 -------- d-----w- c:\program files\Mozilla Sunbird
2009-07-21 14:23 . 2009-07-21 13:22 2200 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2009-07-21 13:23 . 2009-07-21 13:23 296 ----a-w- c:\windows\system32\drivers\kgpfr2.cfg
2009-07-20 19:04 . 2006-11-02 15:33 673866 ----a-w- c:\windows\system32\perfh007.dat
2009-07-20 19:04 . 2006-11-02 15:33 139086 ----a-w- c:\windows\system32\perfc007.dat
2009-07-18 16:06 . 2009-07-29 09:28 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-07-29 09:28 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-07-29 09:28 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-04 10:56 . 2009-05-12 20:05 -------- d-----w- c:\users\Solced\AppData\Roaming\Xfire
2009-07-03 19:34 . 2009-01-15 16:12 -------- d-----w- c:\program files\Common Files\Steam
2009-07-03 19:29 . 2009-05-12 20:05 -------- d-----w- c:\progra~2\Xfire
2009-06-28 20:22 . 2009-01-01 18:00 -------- d-----w- c:\program files\Full Tilt Poker
2009-06-27 12:13 . 2009-06-27 12:13 -------- d-----w- c:\program files\Sierra On-Line
2009-06-26 16:45 . 2008-12-21 21:09 -------- d-----w- c:\users\Solced\AppData\Roaming\skypePM
2009-06-26 14:50 . 2009-06-26 14:50 -------- d-----w- c:\program files\Valve
2009-06-12 10:45 . 2009-06-12 10:41 -------- d-----w- c:\program files\ICQ6.5
2009-06-11 22:29 . 2009-06-11 22:29 41808 ----a-w- c:\windows\system32\xfcodec.dll
2009-07-15 21:31 . 2009-07-21 20:37 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2007-08-07 18:47 . 2007-08-07 18:47 397312 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6000.16480_none_ef1b6bb652cf8744\WinMail.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-07-23_17.25.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-29 09:28 . 2009-07-18 12:09 52736 c:\windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.21089_none_2a4b88e181591ecb\iebrshim.dll
+ 2009-07-29 09:28 . 2009-07-18 12:10 52736 c:\windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.16890_none_29ae416e684b83a1\iebrshim.dll
+ 2009-07-29 09:28 . 2009-07-18 12:09 56320 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.21089_none_c42672717aa9496e\iesetup.dll
+ 2009-07-29 09:28 . 2009-07-18 12:09 44544 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.21089_none_c42672717aa9496e\iernonce.dll
+ 2009-07-29 09:28 . 2009-07-18 10:02 70656 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.21089_none_c42672717aa9496e\ie4uinit.exe
+ 2009-07-29 09:28 . 2009-07-18 12:10 56320 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16890_none_c3892afe619bae44\iesetup.dll
+ 2009-07-29 09:28 . 2009-07-18 12:10 44544 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16890_none_c3892afe619bae44\iernonce.dll
+ 2009-07-29 09:28 . 2009-07-18 10:00 70656 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16890_none_c3892afe619bae44\ie4uinit.exe
+ 2009-07-29 09:28 . 2009-07-18 09:52 26624 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22475_none_2fa4f48433505a52\ieUnatt.exe
+ 2009-07-29 09:28 . 2009-07-18 09:46 26624 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18294_none_2f04b5b11a43dbec\ieUnatt.exe
+ 2009-07-29 09:28 . 2009-07-18 10:02 26624 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21089_none_2db7bd56362e80c9\ieUnatt.exe
+ 2009-07-29 09:28 . 2009-07-18 10:00 26624 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16890_none_2d1a75e31d20e59f\ieUnatt.exe
+ 2009-07-29 09:28 . 2009-07-18 12:09 63488 c:\windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.21089_none_58f13cb3806e0725\icardie.dll
+ 2009-07-29 09:28 . 2009-07-18 12:10 63488 c:\windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.16890_none_5853f54067606bfb\icardie.dll
+ 2009-07-29 09:28 . 2009-07-18 09:51 48128 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6001.22475_none_f3b07afbd37875ca\mshtmler.dll
+ 2009-07-29 09:28 . 2009-07-18 11:52 78336 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6001.22475_none_f3b07afbd37875ca\ieencode.dll
+ 2006-11-02 07:33 . 2006-11-02 07:33 48128 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6001.18294_none_f3103c28ba6bf764\mshtmler.dll
+ 2009-07-29 09:28 . 2009-07-18 16:01 78336 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6001.18294_none_f3103c28ba6bf764\ieencode.dll
+ 2009-07-29 09:28 . 2009-07-18 08:42 48128 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6000.21089_none_f1c343cdd6569c41\mshtmler.dll
+ 2009-07-29 09:28 . 2009-07-18 12:09 78336 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6000.21089_none_f1c343cdd6569c41\ieencode.dll
+ 2009-07-29 09:28 . 2009-07-18 08:34 48128 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6000.16890_none_f125fc5abd490117\mshtmler.dll
+ 2009-07-29 09:28 . 2009-07-18 12:10 78336 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6000.16890_none_f125fc5abd490117\ieencode.dll
+ 2009-07-29 09:28 . 2009-07-18 11:50 72704 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.22475_none_ae7516482017c315\admparse.dll
+ 2008-04-03 00:47 . 2008-01-18 21:33 72704 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.18294_none_add4d775070b44af\admparse.dll
+ 2009-07-29 09:28 . 2009-07-18 12:06 72704 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.21089_none_ac87df1a22f5e98c\admparse.dll
+ 2009-07-29 09:28 . 2009-07-18 12:07 72704 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.16890_none_abea97a709e84e62\admparse.dll
+ 2009-07-29 09:28 . 2009-07-18 09:36 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.22180_none_04028882b857ddd1\WininetPlugin.dll
+ 2009-07-29 09:28 . 2009-07-18 11:45 27648 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.22180_none_04028882b857ddd1\jsproxy.dll
+ 2009-07-11 17:01 . 2009-04-11 06:28 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.18071_none_0384bbed9f313b6d\WininetPlugin.dll
+ 2009-07-11 17:01 . 2009-04-11 06:28 27648 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.18071_none_0384bbed9f313b6d\jsproxy.dll
+ 2009-07-29 09:28 . 2009-07-18 11:56 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22475_none_022be7f8bb24eb6f\WininetPlugin.dll
+ 2009-07-29 09:28 . 2009-07-18 11:53 28160 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22475_none_022be7f8bb24eb6f\jsproxy.dll
+ 2008-04-12 00:44 . 2008-02-22 05:01 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18294_none_018ba925a2186d09\WininetPlugin.dll
+ 2009-07-29 09:28 . 2009-07-18 16:02 28160 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18294_none_018ba925a2186d09\jsproxy.dll
+ 2009-07-29 09:28 . 2009-07-18 12:16 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.21089_none_003eb0cabe0311e6\WininetPlugin.dll
+ 2009-07-29 09:28 . 2009-07-18 12:10 27648 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.21089_none_003eb0cabe0311e6\jsproxy.dll
+ 2009-07-29 09:28 . 2009-07-18 12:17 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16890_none_ffa16957a4f576bc\WininetPlugin.dll
+ 2009-07-29 09:28 . 2009-07-18 12:11 27648 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16890_none_ffa16957a4f576bc\jsproxy.dll
+ 2009-07-29 09:28 . 2009-07-18 12:15 44544 c:\windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.21089_none_ec1c2c762f9973ef\pngfilt.dll
+ 2009-07-29 09:28 . 2009-07-18 12:15 44544 c:\windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.16890_none_eb7ee503168bd8c5\pngfilt.dll
+ 2007-04-16 05:35 . 2009-08-04 19:14 74616 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-08-04 19:14 96350 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-12-21 17:19 . 2009-08-04 19:14 11698 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1012844329-1309873292-53014512-1001_UserData.bin
+ 2009-07-29 09:28 . 2009-07-18 16:02 28160 c:\windows\System32\jsproxy.dll
- 2009-07-11 17:01 . 2009-04-24 16:02 28160 c:\windows\System32\jsproxy.dll
- 2009-04-05 18:41 . 2009-07-23 17:15 41446 c:\windows\System32\config\systemprofile\AppData\Roaming\nvModes.dat
+ 2009-04-05 18:41 . 2009-08-04 19:18 41446 c:\windows\System32\config\systemprofile\AppData\Roaming\nvModes.dat
+ 2007-08-07 14:39 . 2009-08-02 12:09 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-08-07 14:39 . 2009-07-23 16:53 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-08-07 14:39 . 2009-07-23 16:53 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-08-07 14:39 . 2009-08-02 12:09 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-08-07 14:39 . 2009-08-02 12:09 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-08-07 14:39 . 2009-07-23 16:53 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-09-24 13:28 . 2006-09-24 13:28 5248 c:\windows\System32\speedfan.sys
+ 1996-04-03 19:33 . 1996-04-03 19:33 5248 c:\windows\System32\giveio.sys
- 2009-07-23 17:24 . 2009-07-23 17:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-08-04 19:13 . 2009-08-04 19:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-07-23 17:24 . 2009-07-23 17:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-08-04 19:13 . 2009-08-04 19:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-29 09:28 . 2009-07-18 10:02 301568 c:\windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.21089_none_0b99cb87f04d1d33\ieuser.exe
+ 2009-07-29 09:28 . 2009-07-18 10:01 301568 c:\windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.16890_none_0afc8414d73f8209\ieuser.exe
+ 2009-07-29 09:28 . 2009-07-18 10:02 263168 c:\windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.21089_none_e6f1966badd25d81\ieinstal.exe
+ 2009-07-29 09:28 . 2009-07-18 10:01 263168 c:\windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.16890_none_e6544ef894c4c257\ieinstal.exe
+ 2009-07-29 09:28 . 2009-07-18 09:24 180736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6002.22180_none_66bc01a4c4a3d534\ieui.dll
+ 2009-07-29 09:28 . 2009-07-18 09:20 180736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6002.18071_none_663e350fab7d32d0\ieui.dll
+ 2009-07-29 09:28 . 2009-07-18 11:52 180736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22475_none_64e5611ac770e2d2\ieui.dll
+ 2008-04-03 00:47 . 2008-01-18 21:34 180736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18294_none_64452247ae64646c\ieui.dll
+ 2009-07-29 09:28 . 2009-07-18 12:09 180736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.21089_none_62f829ecca4f0949\ieui.dll
+ 2009-07-29 09:28 . 2009-07-18 12:10 180736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16890_none_625ae279b1416e1f\ieui.dll
+ 2009-07-29 09:28 . 2009-07-18 11:56 129536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22475_none_47e69ed4a5d609cc\sqmapi.dll
+ 2009-07-29 09:28 . 2009-07-18 11:52 271360 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22475_none_47e69ed4a5d609cc\iertutil.dll
+ 2008-04-03 00:46 . 2008-01-18 21:36 129536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18294_none_474660018cc98b66\sqmapi.dll
+ 2009-07-29 09:28 . 2009-07-18 16:01 270848 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18294_none_474660018cc98b66\iertutil.dll
+ 2009-07-29 09:28 . 2009-07-18 12:15 134144 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.21089_none_45f967a6a8b43043\sqmapi.dll
+ 2009-07-29 09:28 . 2009-07-18 12:09 268288 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.21089_none_45f967a6a8b43043\iertutil.dll
+ 2009-07-29 09:28 . 2009-07-18 12:16 134144 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16890_none_455c20338fa69519\sqmapi.dll
+ 2009-07-29 09:28 . 2009-07-18 12:10 268288 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16890_none_455c20338fa69519\iertutil.dll
+ 2009-07-29 09:28 . 2009-07-18 11:55 146432 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6001.22475_none_37695ca72d74ef3a\occache.dll
+ 2009-07-29 09:28 . 2009-07-18 16:04 146432 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6001.18294_none_36c91dd4146870d4\occache.dll
+ 2009-07-29 09:28 . 2009-07-18 12:14 102912 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6000.21089_none_357c2579305315b1\occache.dll
+ 2009-07-29 09:28 . 2009-07-18 12:15 102912 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6000.16890_none_34dede0617457a87\occache.dll
+ 2009-07-29 09:28 . 2009-07-18 11:55 634648 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22475_none_2fa4f48433505a52\iexplore.exe
+ 2009-07-29 09:28 . 2009-07-18 21:39 634648 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18294_none_2f04b5b11a43dbec\iexplore.exe
+ 2009-07-29 09:28 . 2009-07-18 12:16 634648 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21089_none_2db7bd56362e80c9\iexplore.exe
+ 2009-07-29 09:28 . 2009-07-18 12:16 634648 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16890_none_2d1a75e31d20e59f\iexplore.exe

Teil II

+ 2009-07-29 09:28 . 2009-07-18 12:12 477696 c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.21089_none_467ea6b45f94c4f4\mshtmled.dll
+ 2009-07-29 09:28 . 2009-07-18 12:13 477696 c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.16890_none_45e15f41468729ca\mshtmled.dll
+ 2009-07-29 09:28 . 2009-07-18 11:54 458240 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_6.0.6001.22475_none_60297ec753c83e27\msfeeds.dll
+ 2009-07-29 09:28 . 2009-07-18 16:02 458240 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_6.0.6001.18294_none_5f893ff43abbbfc1\msfeeds.dll
+ 2009-07-29 09:28 . 2009-07-18 12:12 459264 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_6.0.6000.21089_none_5e3c479956a6649e\msfeeds.dll
+ 2009-07-29 09:28 . 2009-07-18 12:13 459264 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_6.0.6000.16890_none_5d9f00263d98c974\msfeeds.dll
+ 2009-07-29 09:28 . 2009-07-18 12:08 214528 c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.21089_none_961c0c5c9dd41267\dxtrans.dll
+ 2009-07-29 09:28 . 2009-07-18 12:08 347136 c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.21089_none_961c0c5c9dd41267\dxtmsft.dll
+ 2009-07-29 09:28 . 2009-07-18 12:09 214528 c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16890_none_957ec4e984c6773d\dxtrans.dll
+ 2009-07-29 09:28 . 2009-07-18 12:09 347136 c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16890_none_957ec4e984c6773d\dxtmsft.dll
+ 2009-07-29 09:28 . 2009-07-18 12:09 380928 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.21089_none_f9e7d3a487ee8c39\ieapfltr.dll
+ 2009-07-29 09:28 . 2009-07-18 12:10 380928 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16890_none_f94a8c316ee0f10f\ieapfltr.dll
+ 2009-07-29 09:28 . 2009-07-18 11:52 161792 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.22475_none_ae7516482017c315\ieakui.dll
+ 2009-07-29 09:28 . 2009-07-18 11:52 230400 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.22475_none_ae7516482017c315\ieaksie.dll
+ 2006-11-02 07:27 . 2006-11-02 09:39 161792 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.18294_none_add4d775070b44af\ieakui.dll
+ 2009-07-29 09:28 . 2009-07-18 16:01 230400 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.18294_none_add4d775070b44af\ieaksie.dll
+ 2009-07-29 09:28 . 2009-07-18 12:09 161792 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.21089_none_ac87df1a22f5e98c\ieakui.dll
+ 2009-07-29 09:28 . 2009-07-18 12:09 230400 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.21089_none_ac87df1a22f5e98c\ieaksie.dll
+ 2009-07-29 09:28 . 2009-07-18 12:10 161792 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.16890_none_abea97a709e84e62\ieakui.dll
+ 2009-07-29 09:28 . 2009-07-18 12:10 230400 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.16890_none_abea97a709e84e62\ieaksie.dll
+ 2009-07-29 09:28 . 2009-07-18 11:52 389120 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_6.0.6001.22475_none_749360f470cf0c36\iedkcs32.dll
+ 2009-07-29 09:28 . 2009-07-18 16:01 389120 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_6.0.6001.18294_none_73f3222157c28dd0\iedkcs32.dll
+ 2009-07-29 09:28 . 2009-07-18 12:09 388608 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_6.0.6000.21089_none_72a629c673ad32ad\iedkcs32.dll
+ 2009-07-29 09:28 . 2009-07-18 12:10 385024 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_6.0.6000.16890_none_7208e2535a9f9783\iedkcs32.dll
+ 2009-07-29 09:28 . 2009-07-18 11:47 828928 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.22180_none_04028882b857ddd1\wininet.dll
+ 2009-07-29 09:28 . 2009-07-18 11:35 828416 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.18071_none_0384bbed9f313b6d\wininet.dll
+ 2009-07-29 09:28 . 2009-07-18 11:56 828416 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22475_none_022be7f8bb24eb6f\wininet.dll
+ 2009-07-29 09:28 . 2009-07-18 16:06 827904 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18294_none_018ba925a2186d09\wininet.dll
+ 2009-07-29 09:28 . 2009-07-18 12:16 828928 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.21089_none_003eb0cabe0311e6\wininet.dll
+ 2009-07-29 09:28 . 2009-07-18 12:17 827392 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16890_none_ffa16957a4f576bc\wininet.dll
+ 2009-07-29 09:28 . 2009-07-18 11:54 671232 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.22475_none_e1089b1f95c4844b\mstime.dll
+ 2009-07-29 09:28 . 2009-07-18 16:03 671232 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.18294_none_e0685c4c7cb805e5\mstime.dll
+ 2009-07-29 09:28 . 2009-07-18 12:13 671232 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.21089_none_df1b63f198a2aac2\mstime.dll
+ 2009-07-29 09:28 . 2009-07-18 12:13 671232 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.16890_none_de7e1c7e7f950f98\mstime.dll
+ 2009-07-29 09:28 . 2009-07-18 12:06 124928 c:\windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.21089_none_aa2122c70f008df0\advpack.dll
+ 2009-07-29 09:28 . 2009-07-18 12:07 124928 c:\windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.16890_none_a983db53f5f2f2c6\advpack.dll
+ 2007-04-16 07:24 . 2009-08-04 16:45 271474 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-29 09:28 . 2009-07-18 16:04 146432 c:\windows\System32\occache.dll
- 2009-07-11 17:01 . 2009-04-24 16:03 671232 c:\windows\System32\mstime.dll
+ 2009-07-29 09:28 . 2009-07-18 16:03 671232 c:\windows\System32\mstime.dll
+ 2009-07-29 09:28 . 2009-07-18 16:02 458240 c:\windows\System32\msfeeds.dll
- 2009-07-11 17:01 . 2009-04-24 16:03 458240 c:\windows\System32\msfeeds.dll
- 2009-07-11 17:01 . 2009-04-24 16:02 270848 c:\windows\System32\iertutil.dll
+ 2009-07-29 09:28 . 2009-07-18 16:01 270848 c:\windows\System32\iertutil.dll
- 2009-07-11 17:01 . 2009-04-24 16:02 389120 c:\windows\System32\iedkcs32.dll
+ 2009-07-29 09:28 . 2009-07-18 16:01 389120 c:\windows\System32\iedkcs32.dll
- 2009-07-11 17:01 . 2009-04-24 16:02 230400 c:\windows\System32\ieaksie.dll
+ 2009-07-29 09:28 . 2009-07-18 16:01 230400 c:\windows\System32\ieaksie.dll
+ 2009-07-29 09:28 . 2009-07-18 11:45 6081024 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6002.22180_none_66bc01a4c4a3d534\ieframe.dll
+ 2009-07-29 09:28 . 2009-07-18 11:32 6079488 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6002.18071_none_663e350fab7d32d0\ieframe.dll
+ 2009-07-29 09:28 . 2009-07-18 09:55 6072832 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22475_none_64e5611ac770e2d2\ieframe.dll
+ 2009-07-29 09:28 . 2009-07-18 16:01 6069248 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18294_none_64452247ae64646c\ieframe.dll
+ 2009-07-29 09:28 . 2009-07-18 12:09 6070784 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.21089_none_62f829ecca4f0949\ieframe.dll
+ 2009-07-29 09:28 . 2009-07-18 12:10 6067200 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16890_none_625ae279b1416e1f\ieframe.dll
+ 2009-07-29 09:28 . 2009-07-18 11:45 3600384 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6002.22180_none_155ca7a138ae4707\mshtml.dll
+ 2009-07-29 09:28 . 2009-07-18 11:33 3599360 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6002.18071_none_14dedb0c1f87a4a3\mshtml.dll
+ 2009-07-29 09:28 . 2009-07-18 11:54 3584512 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22475_none_138607173b7b54a5\mshtml.dll
+ 2009-07-29 09:28 . 2009-07-18 16:02 3583488 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18294_none_12e5c844226ed63f\mshtml.dll
+ 2009-07-29 09:28 . 2009-07-18 12:12 3600384 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.21089_none_1198cfe93e597b1c\mshtml.dll
+ 2009-07-29 09:28 . 2009-07-18 12:13 3597824 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16890_none_10fb8876254bdff2\mshtml.dll
+ 2009-07-29 09:28 . 2009-06-18 06:56 2452872 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.21089_none_f9e7d3a487ee8c39\ieapfltr.dat
+ 2009-07-29 09:28 . 2009-06-18 06:57 2452872 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16890_none_f94a8c316ee0f10f\ieapfltr.dat
+ 2009-07-29 09:28 . 2009-07-18 11:47 1167872 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6002.22180_none_b6fcace0ed4eb73e\urlmon.dll
+ 2009-07-29 09:28 . 2009-07-18 11:34 1167872 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6002.18071_none_b67ee04bd42814da\urlmon.dll
+ 2009-07-29 09:28 . 2009-07-18 11:56 1166848 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22475_none_b5260c56f01bc4dc\urlmon.dll
+ 2009-07-29 09:28 . 2009-07-18 16:06 1166336 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18294_none_b485cd83d70f4676\urlmon.dll
+ 2009-07-29 09:28 . 2009-07-18 12:16 1163264 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.21089_none_b338d528f2f9eb53\urlmon.dll
+ 2009-07-29 09:28 . 2009-07-18 12:16 1159680 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16890_none_b29b8db5d9ec5029\urlmon.dll
- 2009-07-11 17:01 . 2009-04-24 16:05 1166336 c:\windows\System32\urlmon.dll
+ 2009-07-29 09:28 . 2009-07-18 16:06 1166336 c:\windows\System32\urlmon.dll
- 2006-11-02 10:22 . 2009-07-22 22:13 6291456 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2006-11-02 10:22 . 2009-07-30 01:02 6291456 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2009-07-29 09:28 . 2009-07-18 16:02 3583488 c:\windows\System32\mshtml.dll
+ 2009-07-29 09:28 . 2009-07-18 16:01 6069248 c:\windows\System32\ieframe.dll
- 2009-07-11 17:01 . 2009-04-24 16:02 6069248 c:\windows\System32\ieframe.dll
+ 2009-07-22 20:07 . 2009-07-29 09:26 61444888 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
-- Snapshot auf jetziges Datum zurückgesetzt --
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2006-12-03 15:03 2854912 ----a-w- c:\program files\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2006-12-03 15:03 2854912 ----a-w- c:\program files\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-13 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-13 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-13 81920]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-06-13 4489216]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 1232896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-12-03 14:50 90112 ----a-w- c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi6"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1012844329-1309873292-53014512-1000]
"EnableNotificationsRef"=dword:00000001

TEIL III


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{BB980586-677E-40CB-B41F-9880906DE2D4}"= Profile=Private|c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{D693FD80-E933-4156-81F9-66A8B444D643}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= Disabled:UDP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"UDP Query User{D1FBFF98-F375-4238-AE67-BB95BEA2FE19}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= Disabled:TCP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"TCP Query User{9489D34C-E3D3-4081-991D-CB3FA13DD38F}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{3EA63B76-68C7-439F-B969-1857B72BAE9A}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{F2D661C9-3F61-4796-B60A-F23ADDE3E56A}c:\\program files\\icq6\\icq.exe"= Disabled:UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{A2DC48E8-EDE4-4EB2-A59E-035560BA04C4}c:\\program files\\icq6\\icq.exe"= Disabled:TCP:c:\program files\icq6\icq.exe:ICQ Library
"{9243BB5D-08FE-4865-8ACB-A4E37AA651C6}"= Disabled:UDP:c:\program files\THQ\Juiced2_HIN\Juiced2_HIN.exe:Juiced2_HIN
"{8D1D40F4-E132-4595-8C1C-520E6BFBA96D}"= Disabled:TCP:c:\program files\THQ\Juiced2_HIN\Juiced2_HIN.exe:Juiced2_HIN
"TCP Query User{BF7345A5-B7C0-44D4-B4B9-3E135A8189B8}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{84B757CD-AE0E-4515-BAAD-260F8195CB4E}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{8A2C9F09-4F09-41FF-A264-E6F81AB9DF07}"= Profile=Private|c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{E55BAB8D-7FE1-4E16-9A27-C2D0B6441D00}c:\\program files\\flightgear\\bin\\win32\\fgfs.exe"= Disabled:UDP:c:\program files\flightgear\bin\win32\fgfs.exe:fgfs
"UDP Query User{92612533-B1BE-4089-820D-E36461D65DB9}c:\\program files\\flightgear\\bin\\win32\\fgfs.exe"= Disabled:TCP:c:\program files\flightgear\bin\win32\fgfs.exe:fgfs
"{8A597623-D0E8-4C8C-B8F8-D856E4E185DB}"= Disabled:c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{222774B3-86F3-4E48-965C-2D9C203E4A45}c:\\program files\\lucasarts\\star wars jk ii jedi outcast\\gamedata\\jk2mp.exe"= UDP:c:\program files\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe:jk2mp
"UDP Query User{726B9BE1-B37E-45A2-AB55-F8DCC716526D}c:\\program files\\lucasarts\\star wars jk ii jedi outcast\\gamedata\\jk2mp.exe"= TCP:c:\program files\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe:jk2mp
"{C715306C-79AF-4376-8607-5875E78E48C0}"= UDP:c:\program files\Windows Live\Messenger\msnmsgr.exe:Windows Live Messenger
"{18F6A95C-796A-4063-BFA0-B31E8A0ACB74}"= TCP:c:\program files\Windows Live\Messenger\msnmsgr.exe:Windows Live Messenger
"{6D853470-151D-49E4-AB4D-2B93F839E01F}"= UDP:c:\program files\Microsoft Games for Windows - LIVE\Client\GFWLive.exe:Games for Windows - LIVE
"{3C07032E-5A87-45D8-810D-58A78FFE2ACE}"= TCP:c:\program files\Microsoft Games for Windows - LIVE\Client\GFWLive.exe:Games for Windows - LIVE
"TCP Query User{401B3B43-5D40-42BC-AB59-C58DA4B7A35A}c:\\program files\\microsoft games for windows - live\\eidos\\kane and lynch dead men\\kaneandlynch.exe"= UDP:c:\program files\microsoft games for windows - live\eidos\kane and lynch dead men\kaneandlynch.exe:Kane & Lynch - Dead Men
"UDP Query User{F640DB72-67DB-4510-BA07-8720AAE5D6EB}c:\\program files\\microsoft games for windows - live\\eidos\\kane and lynch dead men\\kaneandlynch.exe"= TCP:c:\program files\microsoft games for windows - live\eidos\kane and lynch dead men\kaneandlynch.exe:Kane & Lynch - Dead Men
"TCP Query User{C607A43A-27A8-48C2-9615-044F8452FCD9}c:\\program files\\microsoft games for windows - live\\eidos\\kane and lynch dead men\\kaneandlynch.exe"= UDP:c:\program files\microsoft games for windows - live\eidos\kane and lynch dead men\kaneandlynch.exe:Kane & Lynch - Dead Men
"UDP Query User{704CFF66-85D0-4D07-A084-03D6A386387A}c:\\program files\\microsoft games for windows - live\\eidos\\kane and lynch dead men\\kaneandlynch.exe"= TCP:c:\program files\microsoft games for windows - live\eidos\kane and lynch dead men\kaneandlynch.exe:Kane & Lynch - Dead Men
"{32D59623-2550-4E9F-A3C1-CA32E214F691}"= UDP:c:\program files\Valve\Steam\Steam.exe:Steam
"{7FADD213-6EE3-46B1-A7AC-06908A6C01BB}"= TCP:c:\program files\Valve\Steam\Steam.exe:Steam
"TCP Query User{66E9EB07-FB04-4111-A6DB-B81F229B6CA9}c:\\program files\\novalogic\\delta force black hawk down\\update.exe"= UDP:c:\program files\novalogic\delta force black hawk down\update.exe:UPDATE
"UDP Query User{5F514F26-A3D9-4512-B1A2-C8576AB1A421}c:\\program files\\novalogic\\delta force black hawk down\\update.exe"= TCP:c:\program files\novalogic\delta force black hawk down\update.exe:UPDATE
"TCP Query User{226E942B-B6AE-495F-B41E-BE4B6C6EC2CC}c:\\program files\\sierra\\fear\\fpupdate.exe"= UDP:c:\program files\sierra\fear\fpupdate.exe:fpupdate
"UDP Query User{9BBB656A-DF7C-4119-9BFE-AB94EE52DF71}c:\\program files\\sierra\\fear\\fpupdate.exe"= TCP:c:\program files\sierra\fear\fpupdate.exe:fpupdate
"TCP Query User{6619EF38-C387-484C-B892-8B5DD5EFCA17}c:\\program files\\sierra\\fear\\fearserver.exe"= UDP:c:\program files\sierra\fear\fearserver.exe:F.E.A.R. - Stand-Alone Server
"UDP Query User{974B05E9-F9D2-4D91-83F3-4E057FD780B1}c:\\program files\\sierra\\fear\\fearserver.exe"= TCP:c:\program files\sierra\fear\fearserver.exe:F.E.A.R. - Stand-Alone Server
"{8EA4E7CE-AC7A-49C0-99F5-54DCB56A1E01}"= UDP:c:\program files\Sierra\FEAR\FEAR.exe:FEAR
"{84E3A3C7-6E62-4208-9A6E-E788DDDC7D93}"= TCP:c:\program files\Sierra\FEAR\FEAR.exe:FEAR
"{07E4232C-7A56-4698-9186-22F7D17355E7}"= UDP:c:\program files\Sierra\FEAR\FEARMP.exe:FEAR
"{83FEFE00-7F99-4F45-A034-5FE505298AFB}"= TCP:c:\program files\Sierra\FEAR\FEARMP.exe:FEAR
"TCP Query User{724706AD-09FE-4032-9801-6C32F2293181}d:\\programme 2\\doom 3\\doom3ded.exe"= UDP:d:\programme 2\doom 3\doom3ded.exe:DOOM 3
"UDP Query User{08966DCC-4C48-4037-9592-03267CAA2EC8}d:\\programme 2\\doom 3\\doom3ded.exe"= TCP:d:\programme 2\doom 3\doom3ded.exe:DOOM 3
"TCP Query User{B1E6870F-AAE7-4FF1-B68C-075016976576}d:\\programme 2\\xfire\\xfire.exe"= UDP:d:\programme 2\xfire\xfire.exe:Xfire
"UDP Query User{34F082A0-F425-41DA-8A8C-BC87AB8364CB}d:\\programme 2\\xfire\\xfire.exe"= TCP:d:\programme 2\xfire\xfire.exe:Xfire
"TCP Query User{51AFA22C-4FFA-46D3-8213-1F7A802DBA0B}c:\\program files\\savage 2 - a tortured soul\\savage2.exe"= UDP:c:\program files\savage 2 - a tortured soul\savage2.exe:savage2
"UDP Query User{C04D9A2D-9E08-42A6-8B72-5B31E2B34ECF}c:\\program files\\savage 2 - a tortured soul\\savage2.exe"= TCP:c:\program files\savage 2 - a tortured soul\savage2.exe:savage2
"TCP Query User{3C8D0CC7-8412-4E9B-962B-C1FBE85C0DEA}d:\\programme 2\\xfire\\xfire.exe"= UDP:d:\programme 2\xfire\xfire.exe:Xfire
"UDP Query User{BDDBAD50-BC64-4B80-A440-8F9240815CCC}d:\\programme 2\\xfire\\xfire.exe"= TCP:d:\programme 2\xfire\xfire.exe:Xfire
"TCP Query User{8DACD63C-BDB5-42F6-8242-3E468C205C54}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ
"UDP Query User{4F0DCF49-43E5-42E3-AAF2-8FE24F759992}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ
"TCP Query User{42B7F61C-4EF1-4685-9E27-ADD5BB23A3BF}c:\\program files\\valve\\steam\\steamapps\\solced\\condition zero\\hl.exe"= UDP:c:\program files\valve\steam\steamapps\solced\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{FE0D4CC6-585F-4AB3-940B-0A4CE7E6C4F5}c:\\program files\\valve\\steam\\steamapps\\solced\\condition zero\\hl.exe"= TCP:c:\program files\valve\steam\steamapps\solced\condition zero\hl.exe:Half-Life Launcher
"TCP Query User{B2734F68-0737-4172-8946-020CC368559C}c:\\program files\\valve\\steam\\steamapps\\solced\\counter-strike\\hl.exe"= UDP:c:\program files\valve\steam\steamapps\solced\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{745C66C0-68DF-44DB-917E-BFAECE148641}c:\\program files\\valve\\steam\\steamapps\\solced\\counter-strike\\hl.exe"= TCP:c:\program files\valve\steam\steamapps\solced\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{63778396-D537-4AA5-A0B0-9A9641766108}c:\\program files\\valve\\steam\\steamapps\\solced\\ricochet\\hl.exe"= UDP:c:\program files\valve\steam\steamapps\solced\ricochet\hl.exe:Half-Life Launcher
"UDP Query User{CDD320FB-830E-4224-82E1-AD85B6AA9C57}c:\\program files\\valve\\steam\\steamapps\\solced\\ricochet\\hl.exe"= TCP:c:\program files\valve\steam\steamapps\solced\ricochet\hl.exe:Half-Life Launcher
"{82C0497B-8927-4673-BCA2-AF7A7F25DF95}"= UDP:c:\program files\Valve\Steam\SteamApps\common\trackmania nations forever\TmForever.exe:TrackMania Nations Forever
"{79230E82-B47C-44A6-923E-ADD9355520F4}"= TCP:c:\program files\Valve\Steam\SteamApps\common\trackmania nations forever\TmForever.exe:TrackMania Nations Forever
"{084ED45A-DCD9-4B22-B7A6-6AC394063E6C}"= UDP:c:\program files\Valve\Steam\SteamApps\common\trackmania nations forever\TmForeverLauncher.exe:TrackMania Nations Forever
"{0F195E34-DE6D-41B8-8621-FB7710AF34F5}"= TCP:c:\program files\Valve\Steam\SteamApps\common\trackmania nations forever\TmForeverLauncher.exe:TrackMania Nations Forever
"TCP Query User{0EC73DEC-EA6D-4F4A-A763-12E1D415D692}c:\\program files\\valve\\steam\\steamapps\\solced\\day of defeat\\hl.exe"= UDP:c:\program files\valve\steam\steamapps\solced\day of defeat\hl.exe:Half-Life Launcher
"UDP Query User{18D57237-8D16-401A-8429-FDEDB676BA2A}c:\\program files\\valve\\steam\\steamapps\\solced\\day of defeat\\hl.exe"= TCP:c:\program files\valve\steam\steamapps\solced\day of defeat\hl.exe:Half-Life Launcher

R0 CplIR;Embedded IR Driver;c:\windows\System32\drivers\CplIR.sys [06.03.2007 15:01 14848]
R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [04.08.2009 19:38 28544]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [05.07.2006 14:46 63352]
R2 SecureDZoneService;SecureDZone Helper Service;c:\program files\ArchiCrypt\Shredder 4\SecureDZoneService.exe [29.08.2007 19:58 531968]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe --> c:\program files\MAGIX\Common\Database\bin\fbserver.exe [?]
S3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;c:\windows\System32\drivers\tascusb2.sys [22.02.2009 22:44 360448]
S3 TASCAM_US144_MIDI;TASCAM US-144 WDM MIDI Device;c:\windows\System32\drivers\tscusb2m.sys [22.02.2009 22:44 18944]
S3 TASCAM_US144_WDM;TASCAM US-144 WDM;c:\windows\System32\drivers\tscusb2a.sys [22.02.2009 22:44 33792]
S4 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [13.03.2008 20:08 24576]

--- Andere Dienste/Treiber im Speicher ---

*NewlyCreated* - PAVBOOT

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
rsmsvcs REG_MULTI_SZ ntmssvc
bthsvcs REG_MULTI_SZ BthServ
.
.
------- Zusätzlicher Suchlauf -------
.
FF - ProfilePath - c:\users\Solced\AppData\Roaming\Mozilla\Firefox\Profiles\s4l8g8q6.default\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-04 21:26
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'lsass.exe'(680)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infra.dll

- - - - - - - > 'Explorer.exe'(3592)
c:\program files\Protector Suite QL\farchns.dll
c:\program files\Protector Suite QL\infra.dll
.
Zeit der Fertigstellung: 2009-08-04 21:29
ComboFix-quarantined-files.txt 2009-08-04 19:28
ComboFix2.txt 2009-07-23 19:07
ComboFix3.txt 2009-07-23 17:31

Vor Suchlauf: 13 Verzeichnis(se), 26.992.799.744 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 27.055.685.632 Bytes frei

433 --- E O F --- 2009-08-04 09:29

Falls du es nicht gelesen haben solltest => http://www.trojaner-board.de/453765-post40.html

Ich danke dir für die Hilfe und den Zeitraum den du mir wirklich sehr geholfen hast @john.doe
Ein wirkliches Dankeschön!

Leider war ich nicht alleiniger Nutzer dieses Rechners gewesen und greife auch allg. nicht wirklich auf die D: Platte zu. Schade das keine Daten wie Datum dabei stehen um zu wissen, wann diese etwaigen Programme herunter geladen wurden. definitiv auch nicht über meinen Router.
Das bestmögliche sollte wirklich sein, das System neu aufzusetzen um mich auch wirklich von allem und dem Rest des Vorgängers zu befreien, ggf. auch vlt. von unrat den ich mir durch unwissen draufgehauen habe.

thx für alles

Pierre