|
Google-Anfragen werden umgeleitet Hallo, vorweg - bitte seid nachsichtig, ich bin neu hier im Forum, da ich dringends eure Hilfe benötige... Wie schon im Betreff angekündigt, werden jegliche Google-Suchanfragen zunächst aufgelistet und wenn man auf den jeweiligen Link klickt kommt man statt auf die gewünschte Seite (Bsp. w*w.microsoft.com) auf Werbeseiten oder eine weinrote Seite, die anzeigt: "Als attackierend gemeldete Webseite!"... im weiteren steht: "Die Webseite auf 64.155.212.118 wurde als attackierende Seite gemeldet und auf Grund Ihrer Sicherheitseinstellungen blockiert. Attackierende Webseiten versuchen, Programme zu installieren, die private Informationen stehlen, Ihren Computer verwenden, um andere zu attackieren oder Ihr System beschädigen. Manche Webseiten vertreiben bewusst Viren und ähnlich schädliche Software, aber viele Webseiten sind auch ohne das Wissen oder die Erlaubnis des Betreibers kompromittiert." Erste Einschätzung meinerseits ist, dass es ein Trojaner sein könnte, bin mir da jedoch nicht sicher. Bin kein Laie auf dem Gebiet, jedoch reicht es nicht aus, um mit dem Problem selbst fertig zu werden. Habe die Freeware von Antivir durchlaufen lassen - hat nichts gefunden. Wie kann ich weiter vorgehen. Ich hoffe auf eure Hilfe. Danke |
ootl: Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt beide posten |
Hier die OTL:OTL Logfile: Code: OTL logfile created on: 11.12.2010 13:04:03 - Run 1Hier die Extras:OTL Logfile: Code: OTL Extras logfile created on: 11.12.2010 13:04:03 - Run 1DANKE |
bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix |
Ich konnte leider kein Combofix log erstellen, obwohl ich den Anweisungen des Tutorials gefolgt bin... Der Computer stürzt bei Stufe 41 einfach ab und ich habe einen BlueScreen... Habe es drei mal probiert und immer wieder das gleiche, obwohl alle Prozesse geschlossen waren (inklusive Antivir) Nach dem Neustart habe ich schon geschaut, ob irgendwo ein logfile erstellt wurde oder irgendetwas, was weiterhelfen könnte.. Woran kann es liegen bzw. gibt´s ne Alternative zu Combofix? Besten Dank |
CD-Emulatoren mit DeFogger deaktivieren Du hast CD-Emulatoren wie Alcohol, DaemonTools oder ähnliche auf diesem Computer installiert. Da diese Emulatoren mit Rootkit-Technik arbeiten, können sie die Fahndung nach bösartigen Rootkits verfälschen und erschweren. Aus diesem Grund bitte entweder das folgende Tool zum Deaktivieren laufen lassen oder die Software über Systemsteuerung => Software/Programme deinstallieren. Berichte mir, für welche Variante Du Dich entschieden hast. Die Deaktivierung können wir nach der Bereinigung rückgängig machen. Lade http://filepony.de/download-defogger/ herunter und speichere es auf Deinem Desktop. Doppelklicke DeFogger, um das Tool zu starten. • Es öffnet sich das Programm-Fenster des Tools. • Klick auf den Button Disable, um die CD- Emulation-Treiber zu deaktivieren. • Klicke Ja, um fortzufahren. • Wenn die Nachricht 'Finished!' erscheint, • klicke OK. • DeFogger wird nun einen Reboot erfragen - klicke OK • Poste mir das defogger_disable.log hier in den Thread. Keinesfalls die Treiber reaktivieren, bevor es angewiesen wird. jetzt versuch combofix erneut, 1 versuch reicht. wenn er jetzt wieder abstürtzt, starte deinen pc neu in den abgesicherten modus ohne netzwerk. sollte bei pc start mit f8 zu erreichen sein, dort combofix erneut probieren. |
Hier der logfile vom defogger... Lasse jetzt Combofix noch mal durchlaufen bzw. falls es nicht funktioniert im abgesicherten Modus. defogger_disable by jpshortstuff (23.02.10.1) Log created at 15:24 on 11/12/2010 (*******) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... SPTD -> Already disabled -=E.O.F=- |
Im abgesicherten Modus hat Combofix es geschafft, ein Ergebnis zu liefern: Combofix logfile: ComboFix 10-12-10.01 - ******* 11.12.2010 15:37:20.5.2 - x86 MINIMAL Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.49.1031.18.3070.2518 [GMT 1:00] ausgeführt von:: C:\Users\********\Desktop\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} SP: AntiVir Desktop *disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} SP: Windows-Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\Internet Explorer\complete.dat C:\Program Files\Internet Explorer\dmlconf.dat C:\Users\********\AppData\Roaming\avdrn.dat C:\Users\********\AppData\Roaming\inst.exe C:\Windows\XSxS . ((((((((((((((((((((((( Dateien erstellt von 2010-11-11 bis 2010-12-11 )))))))))))))))))))))))))))))) . 2010-12-11 14:43:27 . 2010-12-11 14:43:31 -------- d-----w- C:\Users\********\AppData\Local\temp 2010-12-11 14:43:27 . 2010-12-11 14:43:27 -------- d-----w- C:\Users\Default\AppData\Local\temp 2010-12-10 23:50:07 . 2010-12-10 23:50:07 -------- d-----w- C:\_OTL 2010-12-10 18:26:25 . 2010-12-10 18:26:38 -------- d-----w- C:\Program Files\PDF24 2010-12-09 19:05:30 . 2010-12-09 19:05:44 -------- d-----w- C:\Program Files\windows 2010-11-21 11:46:33 . 2010-11-21 11:46:33 47360 ----a-w- C:\Users\********\AppData\Roaming\pcouffin.sys 2010-11-21 11:46:32 . 2010-11-21 11:46:33 -------- d-----w- C:\Users\********\AppData\Roaming\Vso 2010-11-20 11:47:27 . 2010-11-21 11:46:17 -------- d-----w- C:\Program Files\SlySoft . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-08 21:04:42 . 2010-04-01 09:56:11 135096 ----a-w- C:\Windows\system32\drivers\avipbb.sys 2010-11-22 17:03:57 . 2010-04-01 09:56:11 61960 ----a-w- C:\Windows\system32\drivers\avgntflt.sys 2010-10-21 20:32:53 . 2003-03-18 19:14:52 505128 ----a-w- C:\Windows\system32\msvcp71.dll 2010-10-21 20:32:53 . 2003-02-21 03:42:22 353576 ----a-w- C:\Windows\system32\msvcr71.dll 2010-10-01 13:20:50 . 2010-10-12 19:30:36 307200 ----a-w- C:\Windows\system32\TubeFinder.exe 2010-09-15 10:10:20 . 2010-10-12 18:54:35 1700352 ----a-w- C:\Windows\system32\GdiPlus.dll 2010-09-15 10:10:18 . 2010-10-12 18:54:35 24576 ----a-w- C:\Windows\system32\msxml3a.dll . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 12:36:04 201728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-10-30 00:33:32 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-10-30 00:32:04 8429568] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-10-30 00:32:04 81920] "ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2007-09-19 10:09:58 311296] "avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 21:48:01 281768] "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2007-06-10 00:12:18 118784] "Windows Mobile-based device management"="C:\Windows\WindowsMobile\wmdSync.exe" [2006-11-02 09:45:59 215552] "BDRegion"="C:\Program Files\Cyberlink\Shared files\brs.exe" [2010-08-26 10:18:34 75048] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "GrpConv"="grpconv -o" [X] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2007-08-14 19:05:20 98304 ----a-w- C:\Windows\System32\VESWinlogon.dll [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk backup=C:\Windows\pss\BTTray.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-09-21 18:37:40 932288 ----a-w- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-12-18 06:58:00 40368 ----a-w- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint] 2007-06-10 00:12:18 118784 ----a-w- C:\Program Files\Apoint\Apoint.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent] 2009-04-02 17:05:22 102400 ----a-w- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2007-06-27 17:03:40 152872 ----a-w- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2010-04-12 22:46:36 1135912 ----a-w- C:\Program Files\DivX\DivX Update\DivXUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MarketingTools] 2007-11-02 12:40:56 36864 ----a-w- C:\Program Files\Sony\Marketing Tools\MarketingTools.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 13:57:24 153136 ----a-w- C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] 2010-05-14 08:32:30 1479680 ----a-w- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint] 2010-11-18 08:06:44 215944 ----a-w- C:\Program Files\PDF24\pdf24.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] 2007-09-12 00:29:47 443968 ----a-w- C:\Program Files\Picasa2\PicasaMediaDetector.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-11-10 21:08:18 417792 ----a-w- C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10] 2010-02-02 22:08:56 87336 ------w- C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2007-07-12 03:00:36 132496 ----a-w- C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive] 2009-06-17 11:44:11 85160 ----a-w- C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3632718627-2461714518-3291536374-1000] "EnableNotifications"=dword:00000001 "EnableNotificationsRef"=dword:00000001 R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/10/21 22:36:51];C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-08-26 10:18:24 87536] R2 AntiVirSchedulerService;Avira AntiVir Planer;C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-11-02 21:48:01 135336] R2 FsUsbExService;FsUsbExService;C:\Windows\system32\FsUsbExService.Exe [2009-03-31 08:39:36 233472] R2 regi;regi;C:\Windows\system32\drivers\regi.sys [2007-04-17 19:09:28 11032] R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-10-09 07:07:22 493248] R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys [2007-10-10 00:03:13 28464] R3 FsUsbExDisk;FsUsbExDisk;C:\Windows\system32\FsUsbExDisk.SYS [2009-03-31 08:39:36 36608] R3 MODRC;DiBcom Infrared Receiver;C:\Windows\system32\DRIVERS\modrc.sys [2007-02-06 09:10:58 13440] R3 R5U870FLx86;R5U870 UVC Lower Filter ;C:\Windows\system32\Drivers\R5U870FLx86.sys [2007-10-30 00:00:32 75008] R3 R5U870FUx86;R5U870 UVC Upper Filter ;C:\Windows\system32\Drivers\R5U870FUx86.sys [2007-10-30 00:00:32 43904] R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);C:\Windows\system32\DRIVERS\s0016bus.sys [2008-05-16 10:33:12 89256] R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 10:33:14 15016] R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 10:33:12 120744] R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 10:33:12 114216] R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);C:\Windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 10:33:14 25512] R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s0016obex.sys [2008-05-16 10:33:12 110632] R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);C:\Windows\system32\DRIVERS\s0016unic.sys [2008-05-16 10:33:14 115752] R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);C:\Windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 09:01:26 90112] R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);C:\Windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 09:01:26 14976] R3 ss_bmdm;SAMSUNG USB Mobile Modem;C:\Windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 09:01:26 121856] R3 ti21sony;ti21sony;C:\Windows\system32\drivers\ti21sony.sys [2007-06-06 00:00:39 812544] R3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 15:51:06 745472] R3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-06-20 14:34:50 397312] R3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 14:34:50 1089536] R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-09-28 20:11:44 292128] R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-09-20 17:52:32 79136] R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [2010-04-09 11:37:34 722288] R4 sptd;sptd;C:\Windows\System32\Drivers\sptd.sys [2010-06-10 14:29:49 691696] S3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys [2007-08-29 01:58:45 9344] --- Andere Dienste/Treiber im Speicher --- *NewlyCreated* - ECACHE [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.club-vaio.com IE: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Free YouTube to Mp3 Converter - C:\Users\********\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm IE: Nach Microsoft E&xel exportieren - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Trusted Zone: corel.com Trusted Zone: corel.com\www Trusted Zone: intervideo.com Trusted Zone: intervideo.com\www DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab FF - ProfilePath - C:\Users\********\AppData\Roaming\Mozilla\Firefox\Profiles\st9xz2n9.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405727&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://www.tagesschau.de/ FF - prefs.js: keyword.URL - hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q= FF - prefs.js: network.proxy.ftp - proxy.********.de FF - prefs.js: network.proxy.ftp_port - 8080 FF - prefs.js: network.proxy.gopher - proxy.********.de FF - prefs.js: network.proxy.gopher_port - 8080 FF - prefs.js: network.proxy.http - proxy.********.de FF - prefs.js: network.proxy.http_port - 8080 FF - prefs.js: network.proxy.socks - proxy.********.de FF - prefs.js: network.proxy.socks_port - 8080 FF - prefs.js: network.proxy.ssl - proxy.********.de FF - prefs.js: network.proxy.ssl_port - 8080 FF - prefs.js: network.proxy.type - 0 FF - component: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll FF - plugin: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Extension: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - C:\Users\********\AppData\Roaming\Mozilla\Firefox\Profiles\st9xz2n9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} FF - Extension: vShare Plugin: vshare@toolbar - C:\Users\********\AppData\Roaming\Mozilla\Firefox\Profiles\st9xz2n9.default\extensions\vshare@toolbar FF - Extension: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync . - - - - Entfernte verwaiste Registrierungseinträge - - - - HKLM-Run-NPSStartup - (no file) HKLM-RunOnce-<NO NAME> - (no file) MSConfigStartUp-PMCLoader - C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe MSConfigStartUp-Sony Ericsson PC Suite - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe |
start programme zubehör editor, kopiere rein Killall:: Folder:: C:\Program Files\windows datei speichern unter, typ alle dateien, speicherort, dort wo sich combofix befindet. mame: cfscript.txt starte im abgesicherten modus, ziehe cfscript auf combofix, programm startet, log posten- |
Log File: ComboFix 10-12-10.01 - ******* 11.12.2010 16:24:28.6.2 - x86 MINIMAL Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.49.1031.18.3070.2508 [GMT 1:00] ausgeführt von:: C:\Users\*******\Desktop\ComboFix.exe Benutzte Befehlsschalter :: C:\ComboFix\cfscript.txt AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} SP: AntiVir Desktop *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} SP: Windows-Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Vorheriger Suchlauf ------- . C:\Program Files\Internet Explorer\complete.dat C:\Program Files\Internet Explorer\dmlconf.dat C:\Users\*******\AppData\Roaming\avdrn.dat C:\Users\*******\AppData\Roaming\inst.exe C:\Windows\XSxS . ((((((((((((((((((((((( Dateien erstellt von 2010-11-11 bis 2010-12-11 )))))))))))))))))))))))))))))) . 2010-12-11 15:30:42 . 2010-12-11 15:30:45 -------- d-----w- C:\Users\*******\AppData\Local\temp 2010-12-11 15:30:42 . 2010-12-11 15:30:42 -------- d-----w- C:\Users\Default\AppData\Local\temp 2010-12-10 23:50:07 . 2010-12-10 23:50:07 -------- d-----w- C:\_OTL 2010-12-10 18:26:25 . 2010-12-10 18:26:38 -------- d-----w- C:\Program Files\PDF24 2010-12-09 19:05:30 . 2010-12-09 19:05:44 -------- d-----w- C:\Program Files\windows 2010-11-21 11:46:33 . 2010-11-21 11:46:33 47360 ----a-w- C:\Users\*******\AppData\Roaming\pcouffin.sys 2010-11-21 11:46:32 . 2010-11-21 11:46:33 -------- d-----w- C:\Users\*******\AppData\Roaming\Vso 2010-11-20 11:47:27 . 2010-11-21 11:46:17 -------- d-----w- C:\Program Files\SlySoft . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-08 21:04:42 . 2010-04-01 09:56:11 135096 ----a-w- C:\Windows\system32\drivers\avipbb.sys 2010-11-22 17:03:57 . 2010-04-01 09:56:11 61960 ----a-w- C:\Windows\system32\drivers\avgntflt.sys 2010-10-21 20:32:53 . 2003-03-18 19:14:52 505128 ----a-w- C:\Windows\system32\msvcp71.dll 2010-10-21 20:32:53 . 2003-02-21 03:42:22 353576 ----a-w- C:\Windows\system32\msvcr71.dll 2010-10-01 13:20:50 . 2010-10-12 19:30:36 307200 ----a-w- C:\Windows\system32\TubeFinder.exe 2010-09-15 10:10:20 . 2010-10-12 18:54:35 1700352 ----a-w- C:\Windows\system32\GdiPlus.dll 2010-09-15 10:10:18 . 2010-10-12 18:54:35 24576 ----a-w- C:\Windows\system32\msxml3a.dll . ((((((((((((((((((((((((((((( SnapShot@2010-12-11_14.43.33 ))))))))))))))))))))))))))))))))))))))))) . + 2010-12-11 14:51:49 . 2010-12-11 14:51:49 22016 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21175_none_5fe223d3ab852692\netiougc.exe + 2010-12-11 14:51:49 . 2010-12-11 14:51:49 49152 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21175_none_5fe223d3ab852692\netiomig.dll + 2010-12-11 14:51:49 . 2010-12-11 14:51:49 22016 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16973_none_5f56ae52926920d8\netiougc.exe + 2010-12-11 14:51:49 . 2010-12-11 14:51:49 49152 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16973_none_5f56ae52926920d8\netiomig.dll + 2010-12-11 14:52:30 . 2010-12-11 14:52:30 11776 C:\Windows\winsxs\x86_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6000.20740_none_cd54ca3242bf9973\sbunattend.exe + 2010-12-11 14:52:30 . 2010-12-11 14:52:30 66048 C:\Windows\winsxs\x86_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6000.20740_none_cd54ca3242bf9973\sbdrop.dll + 2010-12-11 14:52:30 . 2010-12-11 14:52:30 11776 C:\Windows\winsxs\x86_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6000.16615_none_ccf09e9d29852489\sbunattend.exe + 2010-12-11 14:52:31 . 2010-12-11 14:52:31 66048 C:\Windows\winsxs\x86_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6000.16615_none_ccf09e9d29852489\sbdrop.dll + 2010-12-11 14:53:38 . 2010-12-11 14:53:38 14848 C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6001.22176_none_54c1bb44a13bfadb\wshrm.dll + 2010-12-11 14:53:38 . 2010-12-11 14:53:38 14848 C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6001.18069_none_5445ef4388138b25\wshrm.dll + 2010-12-11 14:53:38 . 2010-12-11 14:53:38 14848 C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6000.20832_none_5302bd0ca3f891f1\wshrm.dll + 2010-12-11 14:53:38 . 2010-12-11 14:53:38 14848 C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6000.16687_none_524810318afeff68\wshrm.dll + 2010-12-11 14:51:43 . 2010-12-11 14:51:43 98392 C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22577_none_cd6966de43dae167\FWPKCLNT.SYS + 2010-12-11 14:51:48 . 2010-12-11 14:51:48 85504 C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21175_none_cb80fde046b653e3\FWPKCLNT.SYS + 2010-12-11 14:51:46 . 2010-12-11 14:51:46 31232 C:\Windows\winsxs\x86_microsoft-windows-l..istry-support-tcpip_31bf3856ad364e35_6.0.6002.22283_none_8839cdd01bef0fa3\tcpipreg.sys + 2010-12-11 14:51:47 . 2010-12-11 14:51:47 30720 C:\Windows\winsxs\x86_microsoft-windows-l..istry-support-tcpip_31bf3856ad364e35_6.0.6002.18160_none_87c2cfff02c3ebf2\tcpipreg.sys + 2010-12-11 14:52:13 . 2010-12-11 14:52:13 84480 C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.20740_none_e05a9b529e70e208\dnsrslvr.dll + 2010-12-11 14:52:13 . 2010-12-11 14:52:13 24576 C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.20740_none_e05a9b529e70e208\dnscacheugc.exe + 2010-12-11 14:52:14 . 2010-12-11 14:52:14 83968 C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.16615_none_dff66fbd85366d1e\dnsrslvr.dll + 2010-12-11 14:52:14 . 2010-12-11 14:52:14 24576 C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.16615_none_dff66fbd85366d1e\dnscacheugc.exe + 2007-11-02 09:04:26 . 2010-12-11 14:48:37 39158 C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin - 2007-11-02 09:04:26 . 2010-12-11 14:23:09 39158 C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2006-11-02 13:05:11 . 2010-12-11 14:48:39 72912 C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2010-04-01 10:21:43 . 2010-12-11 15:20:14 16384 C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-04-01 10:21:43 . 2010-12-11 14:21:15 16384 C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-04-01 10:21:43 . 2010-12-11 15:20:14 49152 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-04-01 10:21:43 . 2010-12-11 14:21:15 49152 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-04-01 10:21:44 . 2010-12-11 14:21:15 16384 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-04-01 10:21:44 . 2010-12-11 15:20:14 16384 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-04-09 10:34:41 . 2010-12-11 14:21:07 16384 C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-04-09 10:34:41 . 2010-12-11 14:46:48 16384 C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-04-09 10:34:41 . 2010-12-11 14:21:07 16384 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-04-09 10:34:41 . 2010-12-11 14:46:48 16384 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-12-11 14:53:08 . 2010-12-11 14:53:08 7680 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\spwmp.dll + 2010-12-11 14:53:07 . 2010-12-11 14:53:07 4096 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\dxmasf.dll + 2010-12-11 14:53:14 . 2010-12-11 14:53:14 7680 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\spwmp.dll + 2010-12-11 14:53:13 . 2010-12-11 14:53:13 4096 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\dxmasf.dll + 2010-12-11 14:52:55 . 2010-12-11 14:52:55 7680 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\spwmp.dll + 2010-12-11 14:52:55 . 2010-12-11 14:52:55 4096 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\dxmasf.dll + 2010-12-11 14:53:01 . 2010-12-11 14:53:01 7680 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\spwmp.dll + 2010-12-11 14:53:01 . 2010-12-11 14:53:01 4096 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\dxmasf.dll + 2010-12-11 14:53:26 . 2010-12-11 14:53:26 7680 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\spwmp.dll + 2010-12-11 14:53:25 . 2010-12-11 14:53:25 4096 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\dxmasf.dll + 2010-12-11 14:53:30 . 2010-12-11 14:53:30 7680 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\spwmp.dll + 2010-12-11 14:53:29 . 2010-12-11 14:53:29 4096 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\dxmasf.dll + 2010-04-01 10:26:38 . 2010-12-11 14:48:39 6158 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3632718627-2461714518-3291536374-1000_UserData.bin - 2010-04-01 10:26:38 . 2010-12-11 14:23:11 6158 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3632718627-2461714518-3291536374-1000_UserData.bin + 2010-12-11 14:52:08 . 2010-12-11 15:15:07 3388 C:\Windows\SoftwareDistribution\PostRebootEventCache\{33F1F29E-2055-4A0F-AAE3-E2BE882174E0}.bin - 2010-12-11 14:21:00 . 2010-12-11 14:35:03 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2010-12-11 15:19:32 . 2010-12-11 15:19:32 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2010-12-11 14:21:00 . 2010-12-11 14:35:03 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2010-12-11 15:19:32 . 2010-12-11 15:19:32 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2007-11-02 09:52:18 . 2010-12-11 14:20:04 3308 C:\Windows\bthservsdp.dat + 2007-11-02 09:52:18 . 2010-12-11 15:15:11 3308 C:\Windows\bthservsdp.dat + 2010-12-11 14:51:49 . 2010-12-11 14:51:49 167424 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21175_none_5fe223d3ab852692\tcpipcfg.dll + 2010-12-11 14:51:48 . 2010-12-11 14:51:49 816640 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21175_none_5fe223d3ab852692\tcpip.sys + 2010-12-11 14:51:49 . 2010-12-11 14:51:49 167424 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16973_none_5f56ae52926920d8\tcpipcfg.dll + 2010-12-11 14:51:49 . 2010-12-11 14:51:49 813568 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16973_none_5f56ae52926920d8\tcpip.sys + 2010-12-11 14:51:47 . 2010-12-11 14:51:47 907832 C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22283_none_b53aaa1b7ce8560d\tcpip.sys + 2010-12-11 14:51:47 . 2010-12-11 14:51:47 904776 C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18160_none_b4c3ac4a63bd325c\tcpip.sys + 2010-12-11 14:51:44 . 2010-12-11 14:51:44 900696 C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys + 2010-12-11 14:51:46 . 2010-12-11 14:51:46 897624 C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18377_none_b2d96a966698ad63\tcpip.sys + 2010-12-11 14:53:38 . 2010-12-11 14:53:38 113664 C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6001.22176_none_54c1bb44a13bfadb\rmcast.sys + 2010-12-11 14:53:38 . 2010-12-11 14:53:38 113664 C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6001.18069_none_5445ef4388138b25\rmcast.sys + 2010-12-11 14:53:38 . 2010-12-11 14:53:38 113664 C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6000.20832_none_5302bd0ca3f891f1\rmcast.sys + 2010-12-11 14:53:38 . 2010-12-11 14:53:38 113664 C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6000.16687_none_524810318afeff68\rmcast.sys + 2010-12-11 14:51:41 . 2010-12-11 14:51:41 438272 C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22577_none_cd6966de43dae167\IKEEXT.DLL + 2010-12-11 14:51:43 . 2010-12-11 14:51:43 595456 C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22577_none_cd6966de43dae167\FWPUCLNT.DLL + 2010-12-11 14:51:40 . 2010-12-11 14:51:40 328704 C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22577_none_cd6966de43dae167\BFE.DLL + 2010-12-11 14:51:47 . 2010-12-11 14:51:47 416768 C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21175_none_cb80fde046b653e3\IKEEXT.DLL + 2010-12-11 14:51:48 . 2010-12-11 14:51:48 543232 C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21175_none_cb80fde046b653e3\FWPUCLNT.DLL + 2010-12-11 14:51:47 . 2010-12-11 14:51:47 317440 C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21175_none_cb80fde046b653e3\BFE.DLL + 2010-12-11 14:51:43 . 2010-12-11 14:51:43 220248 C:\Windows\winsxs\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6001.22577_none_56e063cace9d90bd\netio.sys + 2010-12-11 14:51:49 . 2010-12-11 14:51:49 214104 C:\Windows\winsxs\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.21175_none_54f7faccd1790339\netio.sys + 2010-12-11 14:53:20 . 2010-12-11 14:53:20 313344 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6002.22172_none_a65e88df3e466bbf\wmpdxm.dll + 2010-12-11 14:53:20 . 2010-12-11 14:53:20 313344 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6002.18065_none_a5e2bcde251dfc09\wmpdxm.dll + 2010-12-11 14:52:54 . 2010-12-11 14:52:54 313344 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6001.22470_none_a47616634121e3ed\wmpdxm.dll + 2010-12-11 14:52:54 . 2010-12-11 14:52:54 313344 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6001.18289_none_a3eaaa60280446fc\wmpdxm.dll + 2010-12-11 14:53:21 . 2010-12-11 14:53:21 313344 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6000.21083_none_a287deeb4400f10d\wmpdxm.dll + 2010-12-11 14:53:21 . 2010-12-11 14:53:21 313344 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6000.16885_none_a2006a922ae150af\wmpdxm.dll + 2010-12-11 14:53:07 . 2010-12-11 14:53:07 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\wmpshare.exe + 2010-12-11 14:53:07 . 2010-12-11 14:53:07 168960 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\wmplayer.exe + 2010-12-11 14:53:07 . 2010-12-11 14:53:07 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\wmpconfig.exe + 2010-12-11 14:53:13 . 2010-12-11 14:53:13 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\wmpshare.exe + 2010-12-11 14:53:14 . 2010-12-11 14:53:14 168960 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\wmplayer.exe + 2010-12-11 14:53:13 . 2010-12-11 14:53:13 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\wmpconfig.exe + 2010-12-11 14:52:55 . 2010-12-11 14:52:55 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\wmpshare.exe + 2010-12-11 14:52:55 . 2010-12-11 14:52:55 168960 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\wmplayer.exe + 2010-12-11 14:52:54 . 2010-12-11 14:52:54 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\wmpconfig.exe + 2010-12-11 14:53:01 . 2010-12-11 14:53:01 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\wmpshare.exe + 2010-12-11 14:53:01 . 2010-12-11 14:53:01 168960 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\wmplayer.exe + 2010-12-11 14:53:00 . 2010-12-11 14:53:00 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\wmpconfig.exe + 2010-12-11 14:53:25 . 2010-12-11 14:53:25 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\wmpshare.exe + 2010-12-11 14:53:25 . 2010-12-11 14:53:25 168960 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\wmplayer.exe + 2010-12-11 14:53:21 . 2010-12-11 14:53:21 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\wmpconfig.exe + 2010-12-11 14:53:29 . 2010-12-11 14:53:29 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmpshare.exe + 2010-12-11 14:53:30 . 2010-12-11 14:53:30 168960 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmplayer.exe + 2010-12-11 14:53:29 . 2010-12-11 14:53:29 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmpconfig.exe + 2010-12-11 14:52:13 . 2010-12-11 14:52:13 162816 C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.20740_none_e05a9b529e70e208\dnsapi.dll + 2010-12-11 14:52:14 . 2010-12-11 14:52:14 162816 C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.16615_none_dff66fbd85366d1e\dnsapi.dll - 2006-11-02 10:33:01 . 2010-12-11 14:41:30 669060 C:\Windows\System32\perfh009.dat + 2006-11-02 10:33:01 . 2010-12-11 15:24:04 669060 C:\Windows\System32\perfh009.dat - 2006-11-02 15:33:31 . 2010-12-11 14:41:30 712646 C:\Windows\System32\perfh007.dat + 2006-11-02 15:33:31 . 2010-12-11 15:24:03 712646 C:\Windows\System32\perfh007.dat - 2006-11-02 10:33:01 . 2010-12-11 14:41:30 122840 C:\Windows\System32\perfc009.dat + 2006-11-02 10:33:01 . 2010-12-11 15:24:03 122840 C:\Windows\System32\perfc009.dat - 2006-11-02 15:33:31 . 2010-12-11 14:41:30 140490 C:\Windows\System32\perfc007.dat + 2006-11-02 15:33:31 . 2010-12-11 15:24:03 140490 C:\Windows\System32\perfc007.dat + 2010-12-11 14:52:30 . 2010-12-11 14:52:30 1232384 C:\Windows\winsxs\x86_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6000.20740_none_cd54ca3242bf9973\sidebar.exe + 2010-12-11 14:52:31 . 2010-12-11 14:52:31 1232896 C:\Windows\winsxs\x86_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6000.16615_none_ccf09e9d29852489\sidebar.exe + 2010-12-11 14:53:10 . 2010-12-11 14:53:12 8147456 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\wmploc.DLL + 2010-12-11 14:53:17 . 2010-12-11 14:53:19 8147456 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\wmploc.DLL + 2010-12-11 14:52:59 . 2010-12-11 14:53:00 8147456 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\wmploc.DLL + 2010-12-11 14:53:05 . 2010-12-11 14:53:06 8147456 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\wmploc.DLL + 2010-12-11 14:53:28 . 2010-12-11 14:53:29 8147968 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\wmploc.DLL + 2010-12-11 14:53:31 . 2010-12-11 14:53:31 8147968 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmploc.DLL + 2006-11-02 10:22:39 . 2010-12-11 15:20:20 6291456 C:\Windows\System32\SMI\Store\Machine\schema.dat - 2006-11-02 10:22:39 . 2010-10-08 21:54:22 6291456 C:\Windows\System32\SMI\Store\Machine\schema.dat + 2010-12-11 15:24:02 . 2010-12-11 15:24:02 6156288 C:\Windows\ERDNT\Hiv-backup\schema.dat + 2010-12-11 14:53:08 . 2010-12-11 14:53:08 10628096 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\wmp.dll + 2010-12-11 14:53:15 . 2010-12-11 14:53:17 10628096 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\wmp.dll + 2010-12-11 14:52:56 . 2010-12-11 14:52:58 10627584 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\wmp.dll + 2010-12-11 14:53:02 . 2010-12-11 14:53:05 10626048 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\wmp.dll + 2010-12-11 14:53:26 . 2010-12-11 14:53:28 10622464 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\wmp.dll + 2010-12-11 14:53:30 . 2010-12-11 14:53:31 10621952 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmp.dll . -- Snapshot auf jetziges Datum zurückgesetzt -- . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 12:36:04 201728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-10-30 00:33:32 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-10-30 00:32:04 8429568] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-10-30 00:32:04 81920] "ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2007-09-19 10:09:58 311296] "avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 21:48:01 281768] "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2007-06-10 00:12:18 118784] "Windows Mobile-based device management"="C:\Windows\WindowsMobile\wmdSync.exe" [2006-11-02 09:45:59 215552] "BDRegion"="C:\Program Files\Cyberlink\Shared files\brs.exe" [2010-08-26 10:18:34 75048] "NPSStartup"="" [BU] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "GrpConv"="grpconv -o" [X] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2007-08-14 19:05:20 98304 ----a-w- C:\Windows\System32\VESWinlogon.dll [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk backup=C:\Windows\pss\BTTray.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-09-21 18:37:40 932288 ----a-w- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-12-18 06:58:00 40368 ----a-w- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint] 2007-06-10 00:12:18 118784 ----a-w- C:\Program Files\Apoint\Apoint.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent] 2009-04-02 17:05:22 102400 ----a-w- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2007-06-27 17:03:40 152872 ----a-w- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2010-04-12 22:46:36 1135912 ----a-w- C:\Program Files\DivX\DivX Update\DivXUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MarketingTools] 2007-11-02 12:40:56 36864 ----a-w- C:\Program Files\Sony\Marketing Tools\MarketingTools.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 13:57:24 153136 ----a-w- C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] 2010-05-14 08:32:30 1479680 ----a-w- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint] 2010-11-18 08:06:44 215944 ----a-w- C:\Program Files\PDF24\pdf24.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] 2007-09-12 00:29:47 443968 ----a-w- C:\Program Files\Picasa2\PicasaMediaDetector.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCLoader] C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe [BU] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-11-10 21:08:18 417792 ----a-w- C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10] 2010-02-02 22:08:56 87336 ------w- C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [BU] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2007-07-12 03:00:36 132496 ----a-w- C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive] 2009-06-17 11:44:11 85160 ----a-w- C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3632718627-2461714518-3291536374-1000] "EnableNotifications"=dword:00000001 "EnableNotificationsRef"=dword:00000001 R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/10/21 22:36:51];C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-08-26 10:18:24 87536] R2 AntiVirSchedulerService;Avira AntiVir Planer;C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-11-02 21:48:01 135336] R2 FsUsbExService;FsUsbExService;C:\Windows\system32\FsUsbExService.Exe [2009-03-31 08:39:36 233472] R2 regi;regi;C:\Windows\system32\drivers\regi.sys [2007-04-17 19:09:28 11032] R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-10-09 07:07:22 493248] R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys [2007-10-10 00:03:13 28464] R3 FsUsbExDisk;FsUsbExDisk;C:\Windows\system32\FsUsbExDisk.SYS [2009-03-31 08:39:36 36608] R3 MODRC;DiBcom Infrared Receiver;C:\Windows\system32\DRIVERS\modrc.sys [2007-02-06 09:10:58 13440] R3 R5U870FLx86;R5U870 UVC Lower Filter ;C:\Windows\system32\Drivers\R5U870FLx86.sys [2007-10-30 00:00:32 75008] R3 R5U870FUx86;R5U870 UVC Upper Filter ;C:\Windows\system32\Drivers\R5U870FUx86.sys [2007-10-30 00:00:32 43904] R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);C:\Windows\system32\DRIVERS\s0016bus.sys [2008-05-16 10:33:12 89256] R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 10:33:14 15016] R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 10:33:12 120744] R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 10:33:12 114216] R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);C:\Windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 10:33:14 25512] R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s0016obex.sys [2008-05-16 10:33:12 110632] R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);C:\Windows\system32\DRIVERS\s0016unic.sys [2008-05-16 10:33:14 115752] R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);C:\Windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 09:01:26 90112] R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);C:\Windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 09:01:26 14976] R3 ss_bmdm;SAMSUNG USB Mobile Modem;C:\Windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 09:01:26 121856] R3 ti21sony;ti21sony;C:\Windows\system32\drivers\ti21sony.sys [2007-06-06 00:00:39 812544] R3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 15:51:06 745472] R3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-06-20 14:34:50 397312] R3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 14:34:50 1089536] R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-09-28 20:11:44 292128] R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-09-20 17:52:32 79136] R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [2010-04-09 11:37:34 722288] R4 sptd;sptd;C:\Windows\System32\Drivers\sptd.sys [2010-06-10 14:29:49 691696] S3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys [2007-08-29 01:58:45 9344] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.club-vaio.com IE: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Free YouTube to Mp3 Converter - C:\Users\*******\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm IE: Nach Microsoft E&xel exportieren - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Trusted Zone: corel.com Trusted Zone: corel.com\www Trusted Zone: intervideo.com Trusted Zone: intervideo.com\www DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab FF - ProfilePath - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\st9xz2n9.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405727&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://www.tagesschau.de/ FF - prefs.js: keyword.URL - hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q= FF - prefs.js: network.proxy.ftp - proxy.*******.de FF - prefs.js: network.proxy.ftp_port - 8080 FF - prefs.js: network.proxy.gopher - proxy.*******.de FF - prefs.js: network.proxy.gopher_port - 8080 FF - prefs.js: network.proxy.http - proxy.*******.de FF - prefs.js: network.proxy.http_port - 8080 FF - prefs.js: network.proxy.socks - proxy.*******.de FF - prefs.js: network.proxy.socks_port - 8080 FF - prefs.js: network.proxy.ssl - proxy.*******.de FF - prefs.js: network.proxy.ssl_port - 8080 FF - prefs.js: network.proxy.type - 0 FF - component: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll FF - plugin: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Extension: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\st9xz2n9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} FF - Extension: vShare Plugin: vshare@toolbar - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\st9xz2n9.default\extensions\vshare@toolbar FF - Extension: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync . - - - - Entfernte verwaiste Registrierungseinträge - - - - HKLM-RunOnce-<NO NAME> - (no file) |
ich brauch das ganze log der untere teil fehlt |
und dann gehts weiter. Start progrmame zubehör editor, erstelle wieder ein neues combofix script. *** durch nutzername ersetzen killall:: Rootkit:: C:\Users\*******\AppData\Roaming\inst.exe Folder:: C:\Users\*******\AppData\Roaming\Yctiop C:\Users\*******\AppData\Roaming\Yctiop wieder abspeichern wie das erste script, im abgesicherten modus starten und cfscript auf combofix ziehen, log posten. |
OK.... das war die vollständige logfile... oder welcher untere teil fehlt??? hier noch mal die log file - mehr hat er nicht ausgespuckt... ComboFix 10-12-10.01 - ********* 11.12.2010 16:24:28.6.2 - x86 MINIMAL Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.49.1031.18.3070.2508 [GMT 1:00] ausgeführt von:: C:\Users\******\Desktop\ComboFix.exe Benutzte Befehlsschalter :: C:\ComboFix\cfscript.txt AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} SP: AntiVir Desktop *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} SP: Windows-Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Vorheriger Suchlauf ------- . C:\Program Files\Internet Explorer\complete.dat C:\Program Files\Internet Explorer\dmlconf.dat C:\Users\*******\AppData\Roaming\avdrn.dat C:\Users\*******\AppData\Roaming\inst.exe C:\Windows\XSxS . ((((((((((((((((((((((( Dateien erstellt von 2010-11-11 bis 2010-12-11 )))))))))))))))))))))))))))))) . 2010-12-11 15:30:42 . 2010-12-11 15:30:45 -------- d-----w- C:\Users\*******\AppData\Local\temp 2010-12-11 15:30:42 . 2010-12-11 15:30:42 -------- d-----w- C:\Users\Default\AppData\Local\temp 2010-12-10 23:50:07 . 2010-12-10 23:50:07 -------- d-----w- C:\_OTL 2010-12-10 18:26:25 . 2010-12-10 18:26:38 -------- d-----w- C:\Program Files\PDF24 2010-12-09 19:05:30 . 2010-12-09 19:05:44 -------- d-----w- C:\Program Files\windows 2010-11-21 11:46:33 . 2010-11-21 11:46:33 47360 ----a-w- C:\Users\*******\AppData\Roaming\pcouffin.sys 2010-11-21 11:46:32 . 2010-11-21 11:46:33 -------- d-----w- C:\Users\*******\AppData\Roaming\Vso 2010-11-20 11:47:27 . 2010-11-21 11:46:17 -------- d-----w- C:\Program Files\SlySoft . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-08 21:04:42 . 2010-04-01 09:56:11 135096 ----a-w- C:\Windows\system32\drivers\avipbb.sys 2010-11-22 17:03:57 . 2010-04-01 09:56:11 61960 ----a-w- C:\Windows\system32\drivers\avgntflt.sys 2010-10-21 20:32:53 . 2003-03-18 19:14:52 505128 ----a-w- C:\Windows\system32\msvcp71.dll 2010-10-21 20:32:53 . 2003-02-21 03:42:22 353576 ----a-w- C:\Windows\system32\msvcr71.dll 2010-10-01 13:20:50 . 2010-10-12 19:30:36 307200 ----a-w- C:\Windows\system32\TubeFinder.exe 2010-09-15 10:10:20 . 2010-10-12 18:54:35 1700352 ----a-w- C:\Windows\system32\GdiPlus.dll 2010-09-15 10:10:18 . 2010-10-12 18:54:35 24576 ----a-w- C:\Windows\system32\msxml3a.dll . ((((((((((((((((((((((((((((( SnapShot@2010-12-11_14.43.33 ))))))))))))))))))))))))))))))))))))))))) . + 2010-12-11 14:51:49 . 2010-12-11 14:51:49 22016 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21175_none_5fe223d3ab852692\netiougc.exe + 2010-12-11 14:51:49 . 2010-12-11 14:51:49 49152 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21175_none_5fe223d3ab852692\netiomig.dll + 2010-12-11 14:51:49 . 2010-12-11 14:51:49 22016 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16973_none_5f56ae52926920d8\netiougc.exe + 2010-12-11 14:51:49 . 2010-12-11 14:51:49 49152 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16973_none_5f56ae52926920d8\netiomig.dll + 2010-12-11 14:52:30 . 2010-12-11 14:52:30 11776 C:\Windows\winsxs\x86_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6000.20740_none_cd54ca3242bf9973\sbunattend.exe + 2010-12-11 14:52:30 . 2010-12-11 14:52:30 66048 C:\Windows\winsxs\x86_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6000.20740_none_cd54ca3242bf9973\sbdrop.dll + 2010-12-11 14:52:30 . 2010-12-11 14:52:30 11776 C:\Windows\winsxs\x86_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6000.16615_none_ccf09e9d29852489\sbunattend.exe + 2010-12-11 14:52:31 . 2010-12-11 14:52:31 66048 C:\Windows\winsxs\x86_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6000.16615_none_ccf09e9d29852489\sbdrop.dll + 2010-12-11 14:53:38 . 2010-12-11 14:53:38 14848 C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6001.22176_none_54c1bb44a13bfadb\wshrm.dll + 2010-12-11 14:53:38 . 2010-12-11 14:53:38 14848 C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6001.18069_none_5445ef4388138b25\wshrm.dll + 2010-12-11 14:53:38 . 2010-12-11 14:53:38 14848 C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6000.20832_none_5302bd0ca3f891f1\wshrm.dll + 2010-12-11 14:53:38 . 2010-12-11 14:53:38 14848 C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6000.16687_none_524810318afeff68\wshrm.dll + 2010-12-11 14:51:43 . 2010-12-11 14:51:43 98392 C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22577_none_cd6966de43dae167\FWPKCLNT.SYS + 2010-12-11 14:51:48 . 2010-12-11 14:51:48 85504 C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21175_none_cb80fde046b653e3\FWPKCLNT.SYS + 2010-12-11 14:51:46 . 2010-12-11 14:51:46 31232 C:\Windows\winsxs\x86_microsoft-windows-l..istry-support-tcpip_31bf3856ad364e35_6.0.6002.22283_none_8839cdd01bef0fa3\tcpipreg.sys + 2010-12-11 14:51:47 . 2010-12-11 14:51:47 30720 C:\Windows\winsxs\x86_microsoft-windows-l..istry-support-tcpip_31bf3856ad364e35_6.0.6002.18160_none_87c2cfff02c3ebf2\tcpipreg.sys + 2010-12-11 14:52:13 . 2010-12-11 14:52:13 84480 C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.20740_none_e05a9b529e70e208\dnsrslvr.dll + 2010-12-11 14:52:13 . 2010-12-11 14:52:13 24576 C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.20740_none_e05a9b529e70e208\dnscacheugc.exe + 2010-12-11 14:52:14 . 2010-12-11 14:52:14 83968 C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.16615_none_dff66fbd85366d1e\dnsrslvr.dll + 2010-12-11 14:52:14 . 2010-12-11 14:52:14 24576 C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.16615_none_dff66fbd85366d1e\dnscacheugc.exe + 2007-11-02 09:04:26 . 2010-12-11 14:48:37 39158 C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin - 2007-11-02 09:04:26 . 2010-12-11 14:23:09 39158 C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2006-11-02 13:05:11 . 2010-12-11 14:48:39 72912 C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2010-04-01 10:21:43 . 2010-12-11 15:20:14 16384 C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-04-01 10:21:43 . 2010-12-11 14:21:15 16384 C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-04-01 10:21:43 . 2010-12-11 15:20:14 49152 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-04-01 10:21:43 . 2010-12-11 14:21:15 49152 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-04-01 10:21:44 . 2010-12-11 14:21:15 16384 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-04-01 10:21:44 . 2010-12-11 15:20:14 16384 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-04-09 10:34:41 . 2010-12-11 14:21:07 16384 C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-04-09 10:34:41 . 2010-12-11 14:46:48 16384 C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-04-09 10:34:41 . 2010-12-11 14:21:07 16384 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-04-09 10:34:41 . 2010-12-11 14:46:48 16384 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-12-11 14:53:08 . 2010-12-11 14:53:08 7680 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\spwmp.dll + 2010-12-11 14:53:07 . 2010-12-11 14:53:07 4096 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\dxmasf.dll + 2010-12-11 14:53:14 . 2010-12-11 14:53:14 7680 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\spwmp.dll + 2010-12-11 14:53:13 . 2010-12-11 14:53:13 4096 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\dxmasf.dll + 2010-12-11 14:52:55 . 2010-12-11 14:52:55 7680 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\spwmp.dll + 2010-12-11 14:52:55 . 2010-12-11 14:52:55 4096 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\dxmasf.dll + 2010-12-11 14:53:01 . 2010-12-11 14:53:01 7680 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\spwmp.dll + 2010-12-11 14:53:01 . 2010-12-11 14:53:01 4096 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\dxmasf.dll + 2010-12-11 14:53:26 . 2010-12-11 14:53:26 7680 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\spwmp.dll + 2010-12-11 14:53:25 . 2010-12-11 14:53:25 4096 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\dxmasf.dll + 2010-12-11 14:53:30 . 2010-12-11 14:53:30 7680 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\spwmp.dll + 2010-12-11 14:53:29 . 2010-12-11 14:53:29 4096 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\dxmasf.dll + 2010-04-01 10:26:38 . 2010-12-11 14:48:39 6158 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3632718627-2461714518-3291536374-1000_UserData.bin - 2010-04-01 10:26:38 . 2010-12-11 14:23:11 6158 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3632718627-2461714518-3291536374-1000_UserData.bin + 2010-12-11 14:52:08 . 2010-12-11 15:15:07 3388 C:\Windows\SoftwareDistribution\PostRebootEventCache\{33F1F29E-2055-4A0F-AAE3-E2BE882174E0}.bin - 2010-12-11 14:21:00 . 2010-12-11 14:35:03 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2010-12-11 15:19:32 . 2010-12-11 15:19:32 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2010-12-11 14:21:00 . 2010-12-11 14:35:03 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2010-12-11 15:19:32 . 2010-12-11 15:19:32 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2007-11-02 09:52:18 . 2010-12-11 14:20:04 3308 C:\Windows\bthservsdp.dat + 2007-11-02 09:52:18 . 2010-12-11 15:15:11 3308 C:\Windows\bthservsdp.dat + 2010-12-11 14:51:49 . 2010-12-11 14:51:49 167424 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21175_none_5fe223d3ab852692\tcpipcfg.dll + 2010-12-11 14:51:48 . 2010-12-11 14:51:49 816640 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21175_none_5fe223d3ab852692\tcpip.sys + 2010-12-11 14:51:49 . 2010-12-11 14:51:49 167424 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16973_none_5f56ae52926920d8\tcpipcfg.dll + 2010-12-11 14:51:49 . 2010-12-11 14:51:49 813568 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16973_none_5f56ae52926920d8\tcpip.sys + 2010-12-11 14:51:47 . 2010-12-11 14:51:47 907832 C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22283_none_b53aaa1b7ce8560d\tcpip.sys + 2010-12-11 14:51:47 . 2010-12-11 14:51:47 904776 C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18160_none_b4c3ac4a63bd325c\tcpip.sys + 2010-12-11 14:51:44 . 2010-12-11 14:51:44 900696 C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys + 2010-12-11 14:51:46 . 2010-12-11 14:51:46 897624 C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18377_none_b2d96a966698ad63\tcpip.sys + 2010-12-11 14:53:38 . 2010-12-11 14:53:38 113664 C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6001.22176_none_54c1bb44a13bfadb\rmcast.sys + 2010-12-11 14:53:38 . 2010-12-11 14:53:38 113664 C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6001.18069_none_5445ef4388138b25\rmcast.sys + 2010-12-11 14:53:38 . 2010-12-11 14:53:38 113664 C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6000.20832_none_5302bd0ca3f891f1\rmcast.sys + 2010-12-11 14:53:38 . 2010-12-11 14:53:38 113664 C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6000.16687_none_524810318afeff68\rmcast.sys + 2010-12-11 14:51:41 . 2010-12-11 14:51:41 438272 C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22577_none_cd6966de43dae167\IKEEXT.DLL + 2010-12-11 14:51:43 . 2010-12-11 14:51:43 595456 C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22577_none_cd6966de43dae167\FWPUCLNT.DLL + 2010-12-11 14:51:40 . 2010-12-11 14:51:40 328704 C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22577_none_cd6966de43dae167\BFE.DLL + 2010-12-11 14:51:47 . 2010-12-11 14:51:47 416768 C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21175_none_cb80fde046b653e3\IKEEXT.DLL + 2010-12-11 14:51:48 . 2010-12-11 14:51:48 543232 C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21175_none_cb80fde046b653e3\FWPUCLNT.DLL + 2010-12-11 14:51:47 . 2010-12-11 14:51:47 317440 C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21175_none_cb80fde046b653e3\BFE.DLL + 2010-12-11 14:51:43 . 2010-12-11 14:51:43 220248 C:\Windows\winsxs\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6001.22577_none_56e063cace9d90bd\netio.sys + 2010-12-11 14:51:49 . 2010-12-11 14:51:49 214104 C:\Windows\winsxs\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.21175_none_54f7faccd1790339\netio.sys + 2010-12-11 14:53:20 . 2010-12-11 14:53:20 313344 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6002.22172_none_a65e88df3e466bbf\wmpdxm.dll + 2010-12-11 14:53:20 . 2010-12-11 14:53:20 313344 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6002.18065_none_a5e2bcde251dfc09\wmpdxm.dll + 2010-12-11 14:52:54 . 2010-12-11 14:52:54 313344 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6001.22470_none_a47616634121e3ed\wmpdxm.dll + 2010-12-11 14:52:54 . 2010-12-11 14:52:54 313344 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6001.18289_none_a3eaaa60280446fc\wmpdxm.dll + 2010-12-11 14:53:21 . 2010-12-11 14:53:21 313344 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6000.21083_none_a287deeb4400f10d\wmpdxm.dll + 2010-12-11 14:53:21 . 2010-12-11 14:53:21 313344 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6000.16885_none_a2006a922ae150af\wmpdxm.dll + 2010-12-11 14:53:07 . 2010-12-11 14:53:07 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\wmpshare.exe + 2010-12-11 14:53:07 . 2010-12-11 14:53:07 168960 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\wmplayer.exe + 2010-12-11 14:53:07 . 2010-12-11 14:53:07 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\wmpconfig.exe + 2010-12-11 14:53:13 . 2010-12-11 14:53:13 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\wmpshare.exe + 2010-12-11 14:53:14 . 2010-12-11 14:53:14 168960 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\wmplayer.exe + 2010-12-11 14:53:13 . 2010-12-11 14:53:13 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\wmpconfig.exe + 2010-12-11 14:52:55 . 2010-12-11 14:52:55 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\wmpshare.exe + 2010-12-11 14:52:55 . 2010-12-11 14:52:55 168960 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\wmplayer.exe + 2010-12-11 14:52:54 . 2010-12-11 14:52:54 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\wmpconfig.exe + 2010-12-11 14:53:01 . 2010-12-11 14:53:01 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\wmpshare.exe + 2010-12-11 14:53:01 . 2010-12-11 14:53:01 168960 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\wmplayer.exe + 2010-12-11 14:53:00 . 2010-12-11 14:53:00 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\wmpconfig.exe + 2010-12-11 14:53:25 . 2010-12-11 14:53:25 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\wmpshare.exe + 2010-12-11 14:53:25 . 2010-12-11 14:53:25 168960 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\wmplayer.exe + 2010-12-11 14:53:21 . 2010-12-11 14:53:21 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\wmpconfig.exe + 2010-12-11 14:53:29 . 2010-12-11 14:53:29 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmpshare.exe + 2010-12-11 14:53:30 . 2010-12-11 14:53:30 168960 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmplayer.exe + 2010-12-11 14:53:29 . 2010-12-11 14:53:29 107520 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmpconfig.exe + 2010-12-11 14:52:13 . 2010-12-11 14:52:13 162816 C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.20740_none_e05a9b529e70e208\dnsapi.dll + 2010-12-11 14:52:14 . 2010-12-11 14:52:14 162816 C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.16615_none_dff66fbd85366d1e\dnsapi.dll - 2006-11-02 10:33:01 . 2010-12-11 14:41:30 669060 C:\Windows\System32\perfh009.dat + 2006-11-02 10:33:01 . 2010-12-11 15:24:04 669060 C:\Windows\System32\perfh009.dat - 2006-11-02 15:33:31 . 2010-12-11 14:41:30 712646 C:\Windows\System32\perfh007.dat + 2006-11-02 15:33:31 . 2010-12-11 15:24:03 712646 C:\Windows\System32\perfh007.dat - 2006-11-02 10:33:01 . 2010-12-11 14:41:30 122840 C:\Windows\System32\perfc009.dat + 2006-11-02 10:33:01 . 2010-12-11 15:24:03 122840 C:\Windows\System32\perfc009.dat - 2006-11-02 15:33:31 . 2010-12-11 14:41:30 140490 C:\Windows\System32\perfc007.dat + 2006-11-02 15:33:31 . 2010-12-11 15:24:03 140490 C:\Windows\System32\perfc007.dat + 2010-12-11 14:52:30 . 2010-12-11 14:52:30 1232384 C:\Windows\winsxs\x86_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6000.20740_none_cd54ca3242bf9973\sidebar.exe + 2010-12-11 14:52:31 . 2010-12-11 14:52:31 1232896 C:\Windows\winsxs\x86_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6000.16615_none_ccf09e9d29852489\sidebar.exe + 2010-12-11 14:53:10 . 2010-12-11 14:53:12 8147456 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\wmploc.DLL + 2010-12-11 14:53:17 . 2010-12-11 14:53:19 8147456 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\wmploc.DLL + 2010-12-11 14:52:59 . 2010-12-11 14:53:00 8147456 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\wmploc.DLL + 2010-12-11 14:53:05 . 2010-12-11 14:53:06 8147456 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\wmploc.DLL + 2010-12-11 14:53:28 . 2010-12-11 14:53:29 8147968 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\wmploc.DLL + 2010-12-11 14:53:31 . 2010-12-11 14:53:31 8147968 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmploc.DLL + 2006-11-02 10:22:39 . 2010-12-11 15:20:20 6291456 C:\Windows\System32\SMI\Store\Machine\schema.dat - 2006-11-02 10:22:39 . 2010-10-08 21:54:22 6291456 C:\Windows\System32\SMI\Store\Machine\schema.dat + 2010-12-11 15:24:02 . 2010-12-11 15:24:02 6156288 C:\Windows\ERDNT\Hiv-backup\schema.dat + 2010-12-11 14:53:08 . 2010-12-11 14:53:08 10628096 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\wmp.dll + 2010-12-11 14:53:15 . 2010-12-11 14:53:17 10628096 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\wmp.dll + 2010-12-11 14:52:56 . 2010-12-11 14:52:58 10627584 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\wmp.dll + 2010-12-11 14:53:02 . 2010-12-11 14:53:05 10626048 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\wmp.dll + 2010-12-11 14:53:26 . 2010-12-11 14:53:28 10622464 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\wmp.dll + 2010-12-11 14:53:30 . 2010-12-11 14:53:31 10621952 C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmp.dll . -- Snapshot auf jetziges Datum zurückgesetzt -- . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 12:36:04 201728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-10-30 00:33:32 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-10-30 00:32:04 8429568] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-10-30 00:32:04 81920] "ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2007-09-19 10:09:58 311296] "avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 21:48:01 281768] "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2007-06-10 00:12:18 118784] "Windows Mobile-based device management"="C:\Windows\WindowsMobile\wmdSync.exe" [2006-11-02 09:45:59 215552] "BDRegion"="C:\Program Files\Cyberlink\Shared files\brs.exe" [2010-08-26 10:18:34 75048] "NPSStartup"="" [BU] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "GrpConv"="grpconv -o" [X] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2007-08-14 19:05:20 98304 ----a-w- C:\Windows\System32\VESWinlogon.dll [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk backup=C:\Windows\pss\BTTray.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-09-21 18:37:40 932288 ----a-w- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-12-18 06:58:00 40368 ----a-w- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint] 2007-06-10 00:12:18 118784 ----a-w- C:\Program Files\Apoint\Apoint.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent] 2009-04-02 17:05:22 102400 ----a-w- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2007-06-27 17:03:40 152872 ----a-w- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2010-04-12 22:46:36 1135912 ----a-w- C:\Program Files\DivX\DivX Update\DivXUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MarketingTools] 2007-11-02 12:40:56 36864 ----a-w- C:\Program Files\Sony\Marketing Tools\MarketingTools.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 13:57:24 153136 ----a-w- C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] 2010-05-14 08:32:30 1479680 ----a-w- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint] 2010-11-18 08:06:44 215944 ----a-w- C:\Program Files\PDF24\pdf24.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] 2007-09-12 00:29:47 443968 ----a-w- C:\Program Files\Picasa2\PicasaMediaDetector.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCLoader] C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe [BU] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-11-10 21:08:18 417792 ----a-w- C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10] 2010-02-02 22:08:56 87336 ------w- C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [BU] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2007-07-12 03:00:36 132496 ----a-w- C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive] 2009-06-17 11:44:11 85160 ----a-w- C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3632718627-2461714518-3291536374-1000] "EnableNotifications"=dword:00000001 "EnableNotificationsRef"=dword:00000001 R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/10/21 22:36:51];C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-08-26 10:18:24 87536] R2 AntiVirSchedulerService;Avira AntiVir Planer;C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-11-02 21:48:01 135336] R2 FsUsbExService;FsUsbExService;C:\Windows\system32\FsUsbExService.Exe [2009-03-31 08:39:36 233472] R2 regi;regi;C:\Windows\system32\drivers\regi.sys [2007-04-17 19:09:28 11032] R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-10-09 07:07:22 493248] R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys [2007-10-10 00:03:13 28464] R3 FsUsbExDisk;FsUsbExDisk;C:\Windows\system32\FsUsbExDisk.SYS [2009-03-31 08:39:36 36608] R3 MODRC;DiBcom Infrared Receiver;C:\Windows\system32\DRIVERS\modrc.sys [2007-02-06 09:10:58 13440] R3 R5U870FLx86;R5U870 UVC Lower Filter ;C:\Windows\system32\Drivers\R5U870FLx86.sys [2007-10-30 00:00:32 75008] R3 R5U870FUx86;R5U870 UVC Upper Filter ;C:\Windows\system32\Drivers\R5U870FUx86.sys [2007-10-30 00:00:32 43904] R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);C:\Windows\system32\DRIVERS\s0016bus.sys [2008-05-16 10:33:12 89256] R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 10:33:14 15016] R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 10:33:12 120744] R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 10:33:12 114216] R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);C:\Windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 10:33:14 25512] R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s0016obex.sys [2008-05-16 10:33:12 110632] R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);C:\Windows\system32\DRIVERS\s0016unic.sys [2008-05-16 10:33:14 115752] R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);C:\Windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 09:01:26 90112] R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);C:\Windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 09:01:26 14976] R3 ss_bmdm;SAMSUNG USB Mobile Modem;C:\Windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 09:01:26 121856] R3 ti21sony;ti21sony;C:\Windows\system32\drivers\ti21sony.sys [2007-06-06 00:00:39 812544] R3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 15:51:06 745472] R3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-06-20 14:34:50 397312] R3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 14:34:50 1089536] R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-09-28 20:11:44 292128] R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-09-20 17:52:32 79136] R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [2010-04-09 11:37:34 722288] R4 sptd;sptd;C:\Windows\System32\Drivers\sptd.sys [2010-06-10 14:29:49 691696] S3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys [2007-08-29 01:58:45 9344] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.club-vaio.com IE: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Free YouTube to Mp3 Converter - C:\Users\*******\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm IE: Nach Microsoft E&xel exportieren - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Trusted Zone: corel.com Trusted Zone: corel.com\www Trusted Zone: intervideo.com Trusted Zone: intervideo.com\www DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab FF - ProfilePath - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\st9xz2n9.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405727&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://www.tagesschau.de/ FF - prefs.js: keyword.URL - hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q= FF - prefs.js: network.proxy.ftp - proxy.*******.de FF - prefs.js: network.proxy.ftp_port - 8080 FF - prefs.js: network.proxy.gopher - proxy.*******.de FF - prefs.js: network.proxy.gopher_port - 8080 FF - prefs.js: network.proxy.http - proxy.*******.de FF - prefs.js: network.proxy.http_port - 8080 FF - prefs.js: network.proxy.socks - proxy.*******.de FF - prefs.js: network.proxy.socks_port - 8080 FF - prefs.js: network.proxy.ssl - proxy.*******.de FF - prefs.js: network.proxy.ssl_port - 8080 FF - prefs.js: network.proxy.type - 0 FF - component: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll FF - plugin: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Extension: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\st9xz2n9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} FF - Extension: vShare Plugin: vshare@toolbar - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\st9xz2n9.default\extensions\vshare@toolbar FF - Extension: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync . - - - - Entfernte verwaiste Registrierungseinträge - - - - HKLM-RunOnce-<NO NAME> - (no file) |
Habe noch eine Frage... unter c:\ habe ich diverse neue verlinkungen durch die programme bekommen und viele dateien - unter anderem *.sys dateien, die mehr als 3 gb groß sind...? www.image-upload.de/file/7Gcw54/bdc17d02f1.jpg Führe jetzt den schritt durch, den du mir zuletzt genannt hast. gruß und danke soweit |
hmm merkwürdig das mit der log, erst mal säubern wir den pc dann kommt alles andere :-) |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 21:58 Uhr. |
Copyright ©2000-2025, Trojaner-Board