Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Firefox leitet auf falsche google-Links weiter und öffnet sich selbst in Popups neu.

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Thema geschlossen
Alt 25.11.2010, 22:56   #1
neuanboard
 
Firefox leitet auf falsche google-Links weiter und öffnet sich selbst in Popups neu. - Frage

Firefox leitet auf falsche google-Links weiter und öffnet sich selbst in Popups neu.



Hallo Board-Spezialisten.

Seit ca. 10-14 Tagen habe ich folgendes Problem:

Wenn ich nach einer google-Suche auf die Links der Suchergebnisse klicke, werde ich auf vollkommen andere Seiten gelenkt.
Dies ist nicht in 100 % der Fälle der Fall aber so bei ca. 60-70 %. Manchmal komme ich sogar dahin, wo der Link hinführen sollte.

Tätige ich bei offenem Firefox längere Zeit keine Eingabe, öffnet sich Firefox in einem Popup erneut und versucht einen Link zu öffnen, in dem auf jeden Fall die von mir bei der vorigen Suche enthaltenen Begriffe enthalten sind.

Zudem: Wenn ich firefox starte, dann öffnet er sich oft erst nach dem 3., 4. oder 5. mal. Es sind dann zwar entsprechend viele Prozesse im Taskmanager, aber nur 1 Fenster geöffnet.

Das Problem wird hier oft geschildert, daher hoffte ich, durch Selbststudium in intensive Arbiet und durch geduldiges Surfen eine Lösung zu finden.

Dem ist jedoch nicht so.

Ich bin Fortgeschrittener Anwender, baue meine Rechner selbst und versuche stets, meine aufgeführten SW auf aktuellstem Stand zu halten und wenn ich sie nicht mehr benötige, zu löschen.
Ich verwende täglich mehrfach CCleaner und Registry-Mechanic, um Temporäre Dateien und Registrierungsleichen zu säubern.
Ich surfe bewusst auf sicheren Seiten und gehöre nicht zu denen, die leichtfertig bei Systemfragen oder dem Surfen im Netz auf "JA" klicken.

Ich habe schon intensiv mit folgenden Programmen an der Problemlösung gearbeitet (kleine Auswahl):

Code:
ATTFilter
AntiVir
OTL
HiJackThis
 Malwarebytes Anti-Malware 
Symantec DE-Cleaner (AntiBot)
Look2Me-Destroyer
F-Secure BlackLight
Gmer (xsmhtl5n.exe)
Bootkit Remover (eSage)
ESET onlineScanner
SecurityTaskManager
Navilog1
Panda Secure Online Scan
CCleaner
Registry Mechanic
         
Mein System:
Code:
ATTFilter
Betriebsystemname    Microsoft Windows 7 Professional
Version    6.1.7600 Build 7600
Weitere Betriebsystembeschreibung     Nicht verfügbar
Betriebsystemhersteller    Microsoft Corporation
Systemname    MEIN-PC
Systemhersteller    Gigabyte Technology Co., Ltd.
Systemmodell    EP45-UD3LR
Systemtyp    x64-basierter PC
Prozessor    Intel(R) Core(TM)2 Quad CPU    Q9400  @ 2.66GHz, 2667 MHz, 4 Kern(e), 4 logische(r) Prozessor(en)
BIOS-Version/-Datum    Award Software International, Inc. F11, 22.04.2010
SMBIOS-Version    2.4
Windows-Verzeichnis    C:\Windows
Systemverzeichnis    C:\Windows\system32
Startgerät    \Device\HarddiskVolume5
Gebietsschema    Deutschland
Hardwareabstraktionsebene    Version = "6.1.7600.16385"
Benutzername    Mein-PC\Mustermann
Zeitzone    Mitteleuropäische Zeit
Installierter physikalischer Speicher (RAM)    6,00 GB
Gesamter realer Speicher    6,00 GB
Verfügbarer realer Speicher    4,53 GB
Gesamter virtueller Speicher    6,39 GB
Verfügbarer virtueller Speicher    4,77 GB
Größe der Auslagerungsdatei    400 MB
Auslagerungsdatei    C:\pagefile.sys
         
OTL:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 25.11.2010 21:51:43 - Run 3
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\Mustermann\Desktop
64bit- An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 5,00 Gb Available Physical Memory | 76,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): c:\pagefile.sys 400 480 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 69,24 Gb Total Space | 19,72 Gb Free Space | 28,48% Space Free | Partition Type: NTFS
Drive D: | 698,64 Gb Total Space | 463,01 Gb Free Space | 66,27% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 247,54 Gb Free Space | 26,57% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 80,10 Gb Free Space | 8,60% Space Free | Partition Type: NTFS
Drive G: | 931,51 Gb Total Space | 77,84 Gb Free Space | 8,36% Space Free | Partition Type: NTFS
 
Computer Name: MEIN-PC | User Name: Mustermann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010.11.25 17:20:22 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Mustermann\Desktop\OTL.exe
PRC - [2010.10.27 07:13:18 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010.08.10 11:46:58 | 002,483,808 | ---- | M] (Lavalys, Inc.) -- C:\Programme Eigene\Everest 550 2224\EVEREST Ultimate Edition 5.50.2224 NL\everest.exe
PRC - [2010.08.02 16:09:38 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010.08.02 16:09:32 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.08.02 16:09:32 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.06.11 17:14:24 | 001,280,344 | ---- | M] (IObit) -- C:\Programme Eigene\Malwarescanner IObit\IObit Security 360\is360tray.exe
PRC - [2010.06.11 17:14:22 | 000,312,152 | ---- | M] (IObit) -- C:\Programme Eigene\Malwarescanner IObit\IObit Security 360\is360srv.exe
PRC - [2008.11.07 06:08:14 | 000,431,472 | ---- | M] (Juniper Networks) -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
PRC - [2007.03.18 23:05:02 | 000,630,784 | ---- | M] () -- C:\Programme Eigene\RocketDock\RocketDock.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.11.25 17:20:22 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Mustermann\Desktop\OTL.exe
MOD - [2010.10.12 22:58:08 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009.07.14 02:15:31 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imagehlp.dll
MOD - [2009.07.14 02:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.08.04 02:51:20 | 000,203,264 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010.10.17 23:43:02 | 000,099,048 | ---- | M] (SANDBOXIE L.T.D) [Disabled | Stopped] -- C:\Programme Eigene\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2010.08.02 16:09:38 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.08.02 16:09:32 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.06.11 17:14:22 | 000,312,152 | ---- | M] (IObit) [Auto | Running] -- C:\Programme Eigene\Malwarescanner IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009.06.18 15:19:30 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.11.07 06:08:14 | 000,431,472 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2008.10.25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme Eigene\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2007.05.31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\9389.tmp -- (MEMSWEEP2)
DRV:64bit: - [2010.11.22 13:25:04 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010.08.04 03:22:36 | 007,451,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010.08.04 03:22:36 | 007,451,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.08.04 02:15:44 | 000,268,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.08.02 16:09:46 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2010.07.21 15:58:50 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010.07.15 13:47:42 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010.07.07 17:18:58 | 000,051,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2009.10.27 11:10:18 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)
DRV:64bit: - [2009.10.26 01:43:18 | 000,038,944 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832UUSB.sys -- (RTL2832UUSB)
DRV:64bit: - [2009.10.26 01:43:16 | 000,117,152 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832UBDA.sys -- (RTL2832UBDA)
DRV:64bit: - [2009.10.05 20:22:20 | 000,044,320 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID)
DRV:64bit: - [2009.09.30 15:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.09.23 02:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009.09.23 02:46:17 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009.09.23 02:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009.09.23 02:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009.07.30 12:58:42 | 000,236,544 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.07.23 09:37:36 | 000,096,768 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PciPPorts.sys -- (PciPPorts)
DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.06.19 16:07:44 | 000,020,992 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
DRV:64bit: - [2009.06.10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.08 10:56:26 | 000,053,632 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motodrv.sys -- (MotDev)
DRV:64bit: - [2009.02.24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2009.01.29 16:18:12 | 000,009,216 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)
DRV:64bit: - [2008.12.19 04:55:34 | 000,122,880 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PciSPorts.sys -- (PciSPorts)
DRV:64bit: - [2008.11.07 05:51:14 | 000,029,184 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dsNcAdX64.sys -- (dsNcAdpt)
DRV:64bit: - [2008.03.13 08:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV:64bit: - [2007.08.31 15:05:30 | 012,528,768 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD)
DRV - [2010.11.01 18:33:55 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2010.10.17 23:42:58 | 000,145,512 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Stopped] -- C:\Programme Eigene\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2010.07.30 15:50:08 | 000,026,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Programme Eigene\Everest 550 2224\EVEREST Ultimate Edition 5.50.2224 NL\kerneld.amd64 -- (EverestDriver)
DRV - [2009.10.26 09:43:18 | 000,038,944 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RTL2832UUSB.sys -- (RTL2832UUSB)
DRV - [2009.10.26 09:43:16 | 000,117,152 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RTL2832UBDA.sys -- (RTL2832UBDA)
DRV - [2009.10.05 20:22:20 | 000,044,320 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID)
DRV - [2009.02.24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
DRV - [2007.09.05 12:48:24 | 012,212,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8A 7E 7A 3D A7 4E CB 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "about:mozilla"
FF - prefs.js..extensions.enabledItems: YoutubeDownloader@PeterOlayev.com:1.5
FF - prefs.js..extensions.enabledItems: web2pdfextension@web2pdf.adobedotcom:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.5.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
 
FF - HKLM\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Programme Eigene\Adobe XPro Installed\Acrobat\Browser\WCFirefoxExtn [2010.11.21 00:36:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.11.17 16:45:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.11.21 00:37:02 | 000,000,000 | ---D | M]
 
[2010.11.17 16:46:08 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\mozilla\Extensions
[2010.11.25 17:22:48 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\mozilla\Firefox\Profiles\6csi3ie1.default\extensions
[2010.11.21 23:37:12 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Mustermann\AppData\Roaming\mozilla\Firefox\Profiles\6csi3ie1.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010.11.21 23:37:12 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Mustermann\AppData\Roaming\mozilla\Firefox\Profiles\6csi3ie1.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010.11.21 23:37:12 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Mustermann\AppData\Roaming\mozilla\Firefox\Profiles\6csi3ie1.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010.11.21 23:37:12 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Mustermann\AppData\Roaming\mozilla\Firefox\Profiles\6csi3ie1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.11.17 17:08:25 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\mozilla\Firefox\Profiles\6csi3ie1.default\extensions\YoutubeDownloader@PeterOlayev.com
[2010.11.17 16:45:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.10.27 06:44:13 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.10.27 06:44:13 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.10.27 06:44:13 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.10.27 06:44:13 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.10.27 06:44:13 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.11.21 22:14:47 | 000,002,336 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.com:443
O1 - Hosts: 127.0.0.1 3dns.adobe.com
O1 - Hosts: 127.0.0.1 3dns-1.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-4.adobe.com
O1 - Hosts: 127.0.0.1 192.150.18.108
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-1.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-5.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 26 more lines...
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme Eigene\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme Eigene\Java Runtime Engine\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [IObit Security 360] C:\Programme Eigene\Malwarescanner IObit\IObit Security 360\IS360tray.exe (IObit)
O4 - HKCU..\Run: [RocketDock] C:\Programme Eigene\RocketDock\RocketDock.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme Eigene\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme Eigene\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme Eigene\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme Eigene\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme Eigene\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x64/MuCatalogWebControl.cab?1259374367105 (MUCatalogWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\haufereader - No CLSID value found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme Eigene\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\haufereader - No CLSID value found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~3\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~3\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~3\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme Eigene\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{59d8886c-cbda-11df-a5c3-00241ddfc0af}\Shell - "" = AutoRun
O33 - MountPoints2\{59d8886c-cbda-11df-a5c3-00241ddfc0af}\Shell\AutoRun\command - "" = I:\iStudio.exe -- File not found
O33 - MountPoints2\{8192ae99-dba2-11de-aa5b-00241ddfc0af}\Shell - "" = AutoRun
O33 - MountPoints2\{8192ae99-dba2-11de-aa5b-00241ddfc0af}\Shell\AutoRun\command - "" = I:\SETUP.EXE -- File not found
O33 - MountPoints2\{899adbc7-e5b8-11de-8a08-00241ddfc0af}\Shell - "" = AutoRun
O33 - MountPoints2\{899adbc7-e5b8-11de-8a08-00241ddfc0af}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\autorun.exe [open][1] Call of Duty Black Ops.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.11.25 21:31:59 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.11.25 21:30:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010.11.25 21:24:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\MFtools
[2010.11.25 17:20:21 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Mustermann\Desktop\OTL.exe
[2010.11.24 22:52:52 | 000,000,000 | ---D | C] -- C:\Navilog1
[2010.11.24 22:52:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Navilog1
[2010.11.24 22:34:21 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2010.11.24 08:35:41 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Roaming\vlc
[2010.11.22 22:27:11 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\Desktop\backups
[2010.11.22 09:45:56 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.11.22 09:45:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.11.21 23:52:16 | 000,000,000 | R--D | C] -- C:\Sandbox
[2010.11.21 23:41:20 | 000,083,968 | ---- | C] (eSage Lab) -- C:\Users\Mustermann\Desktop\remover.exe
[2010.11.21 22:44:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010.11.21 20:22:51 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.11.21 19:33:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.11.21 19:33:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010.11.21 19:31:30 | 016,409,960 | ---- | C] (Safer Networking Limited                                    ) -- C:\Users\Mustermann\Desktop\spybotsd162.exe
[2010.11.21 19:08:49 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Roaming\Apple Computer
[2010.11.21 19:08:49 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Local\Apple Computer
[2010.11.21 19:08:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010.11.21 19:06:24 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Local\Apple
[2010.11.21 19:06:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010.11.21 18:56:38 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Roaming\Avira
[2010.11.21 18:18:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2010.11.21 18:11:00 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2010.11.21 18:11:00 | 000,083,120 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010.11.21 18:11:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.11.21 18:11:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2010.11.21 17:49:00 | 000,000,000 | ---D | C] -- C:\ProgramData\fssg
[2010.11.21 17:44:55 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2010.11.21 17:26:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Hagel Technologies
[2010.11.21 17:01:12 | 001,137,360 | ---- | C] (F-Secure Corporation) -- C:\Users\Mustermann\Desktop\fsbl.exe
[2010.11.21 16:12:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010.11.21 16:12:26 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Local\NPE
[2010.11.21 16:09:53 | 005,719,408 | ---- | C] (Symantec Corporation) -- C:\Users\Mustermann\Desktop\de_cleaner.exe
[2010.11.21 13:37:50 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Roaming\QuickScan
[2010.11.21 13:33:34 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Mustermann\Desktop\HiJackThis204.exe
[2010.11.21 13:17:55 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Roaming\Malwarebytes
[2010.11.21 13:13:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.11.21 13:13:58 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.11.21 13:13:04 | 006,153,352 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Mustermann\Desktop\mbam146-setup.exe
[2010.11.21 00:46:27 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010.11.21 00:37:38 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Local\Adobe
[2010.11.21 00:34:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010.11.21 00:34:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010.11.20 23:48:50 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Roaming\Adobe
[2010.11.17 16:45:59 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Roaming\Mozilla
[2010.11.17 16:45:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010.11.17 12:13:48 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Local\Activision
[2010.11.15 23:27:45 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\Documents\Mercedes CLC Dream Test Drive
[2010.11.15 23:27:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2010.11.15 15:48:31 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Local\CrashRpt
[2010.11.10 22:44:43 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Roaming\Download Manager
[2010.11.01 19:32:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2010.11.01 19:31:51 | 002,601,816 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2010.11.01 19:31:51 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2010.11.01 19:31:51 | 000,372,936 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2010.11.01 19:31:51 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2010.11.01 19:31:51 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2010.11.01 19:31:51 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2010.11.01 19:31:51 | 000,099,016 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2010.11.01 19:31:50 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2010.11.01 19:31:50 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2010.11.01 19:31:50 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2010.11.01 19:31:50 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2010.11.01 19:31:50 | 000,201,928 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2010.11.01 19:31:50 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2010.11.01 19:31:49 | 000,338,336 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2010.07.17 05:34:34 | 000,151,552 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2std.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.11.25 21:36:05 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.11.25 21:36:05 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.11.25 21:33:04 | 001,512,298 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.11.25 21:33:04 | 000,660,946 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.11.25 21:33:04 | 000,620,886 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.11.25 21:33:04 | 000,132,318 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.11.25 21:33:04 | 000,108,446 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.11.25 21:30:55 | 000,000,924 | ---- | M] () -- C:\Users\Mustermann\Desktop\NTREGOPT.lnk
[2010.11.25 21:30:55 | 000,000,905 | ---- | M] () -- C:\Users\Mustermann\Desktop\ERUNT.lnk
[2010.11.25 21:29:38 | 000,000,088 | ---- | M] () -- C:\Windows\SysWow64\everest_cpl.ini
[2010.11.25 21:28:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.11.25 21:24:33 | 000,471,560 | ---- | M] () -- C:\Users\Mustermann\Desktop\Load.exe
[2010.11.25 21:23:10 | 000,000,162 | -H-- | M] () -- C:\Users\Mustermann\Desktop\~$rwendete AntiProgramme-001.docx
[2010.11.25 17:20:22 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Mustermann\Desktop\OTL.exe
[2010.11.25 17:02:47 | 000,014,423 | ---- | M] () -- C:\Users\Mustermann\Desktop\verwendete AntiProgramme-001.docx
[2010.11.25 13:45:15 | 000,001,634 | ---- | M] () -- C:\Users\Mustermann\AppData\Roaming\SAS7_000.DAT
[2010.11.25 12:49:31 | 000,011,776 | ---- | M] () -- C:\Users\Mustermann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.24 22:49:26 | 000,231,564 | ---- | M] () -- C:\Users\Mustermann\Desktop\Navilog1.exe
[2010.11.24 22:32:36 | 002,053,472 | ---- | M] () -- C:\Users\Mustermann\Desktop\SecurityTaskManager_Setup.exe
[2010.11.24 08:35:07 | 000,000,721 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010.11.22 13:25:04 | 000,083,120 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010.11.22 09:45:58 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.21 23:57:52 | 000,001,654 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2010.11.21 20:14:03 | 002,672,312 | ---- | M] () -- C:\Users\Mustermann\Desktop\esetsmartinstaller_deu.exe
[2010.11.21 19:31:43 | 016,409,960 | ---- | M] (Safer Networking Limited                                    ) -- C:\Users\Mustermann\Desktop\spybotsd162.exe
[2010.11.21 18:23:01 | 000,296,448 | ---- | M] () -- C:\Users\Mustermann\Desktop\xsmhtl5n.exe
[2010.11.21 17:53:15 | 000,041,624 | ---- | M] () -- C:\Windows\SysWow64\drivers\fsbts.sys
[2010.11.21 17:50:29 | 001,551,964 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.11.21 17:32:07 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.11.21 17:32:07 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.11.21 17:32:07 | 000,000,524 | ---- | M] () -- C:\Windows\tasks\NatSpeak Periodic Language Model Optimization.job
[2010.11.21 17:32:07 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\NatSpeak Periodic Acoustic Optimization.job
[2010.11.21 17:13:28 | 001,137,360 | ---- | M] (F-Secure Corporation) -- C:\Users\Mustermann\Desktop\fsbl.exe
[2010.11.21 16:09:54 | 005,719,408 | ---- | M] (Symantec Corporation) -- C:\Users\Mustermann\Desktop\de_cleaner.exe
[2010.11.21 13:33:52 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Mustermann\Desktop\HiJackThis204.exe
[2010.11.21 13:25:31 | 000,450,216 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.11.21 13:13:10 | 006,153,352 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Mustermann\Desktop\mbam146-setup.exe
[2010.11.20 18:42:11 | 000,001,572 | ---- | M] () -- C:\Users\Mustermann\Desktop\CoD Black Ops Trainer 11.lnk
[2010.11.20 18:41:59 | 000,001,148 | ---- | M] () -- C:\Users\Mustermann\Desktop\CoD Black Ops.lnk
[2010.11.16 14:27:56 | 000,002,562 | ---- | M] () -- C:\Windows\diagwrn.xml
[2010.11.16 14:27:56 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2010.11.16 09:38:55 | 000,007,621 | ---- | M] () -- C:\Users\Mustermann\AppData\Local\Resmon.ResmonCfg
[2010.11.08 13:59:45 | 000,094,393 | ---- | M] () -- C:\Users\Mustermann\Documents\Bezahlung nach Branchen und Abschlüssen.pdf
 
========== Files Created - No Company Name ==========
 
[2010.11.25 21:30:55 | 000,000,924 | ---- | C] () -- C:\Users\Mustermann\Desktop\NTREGOPT.lnk
[2010.11.25 21:30:55 | 000,000,905 | ---- | C] () -- C:\Users\Mustermann\Desktop\ERUNT.lnk
[2010.11.25 21:24:33 | 000,471,560 | ---- | C] () -- C:\Users\Mustermann\Desktop\Load.exe
[2010.11.25 21:23:10 | 000,000,162 | -H-- | C] () -- C:\Users\Mustermann\Desktop\~$rwendete AntiProgramme-001.docx
[2010.11.25 16:42:39 | 000,014,423 | ---- | C] () -- C:\Users\Mustermann\Desktop\verwendete AntiProgramme-001.docx
[2010.11.24 22:49:25 | 000,231,564 | ---- | C] () -- C:\Users\Mustermann\Desktop\Navilog1.exe
[2010.11.24 22:32:33 | 002,053,472 | ---- | C] () -- C:\Users\Mustermann\Desktop\SecurityTaskManager_Setup.exe
[2010.11.24 08:35:07 | 000,000,721 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010.11.22 09:45:58 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.21 23:51:25 | 000,001,654 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2010.11.21 20:13:13 | 002,672,312 | ---- | C] () -- C:\Users\Mustermann\Desktop\esetsmartinstaller_deu.exe
[2010.11.21 18:23:00 | 000,296,448 | ---- | C] () -- C:\Users\Mustermann\Desktop\xsmhtl5n.exe
[2010.11.21 17:50:50 | 000,041,624 | ---- | C] () -- C:\Windows\SysWow64\drivers\fsbts.sys
[2010.11.20 18:42:13 | 000,001,572 | ---- | C] () -- C:\Users\Mustermann\Desktop\CoD Black Ops Trainer 11.lnk
[2010.11.20 18:42:04 | 000,001,148 | ---- | C] () -- C:\Users\Mustermann\Desktop\CoD Black Ops.lnk
[2010.11.17 18:27:51 | 000,000,000 | -HS- | C] () -- C:\Users\Mustermann\S-1-5-21-1743698390-660516810-1164774953-1000.rrr.LOG2
[2010.11.17 18:27:51 | 000,000,000 | -HS- | C] () -- C:\Users\Mustermann\S-1-5-21-1743698390-660516810-1164774953-1000.rrr.LOG1
[2010.11.16 14:25:42 | 000,002,562 | ---- | C] () -- C:\Windows\diagwrn.xml
[2010.11.16 14:25:42 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2010.11.08 13:57:23 | 000,094,393 | ---- | C] () -- C:\Users\Mustermann\Documents\Bezahlung nach Branchen und Abschlüssen.pdf
[2010.09.18 21:59:57 | 000,000,036 | ---- | C] () -- C:\Users\Mustermann\AppData\Local\housecall.guid.cache
[2010.09.11 22:14:55 | 000,036,054 | ---- | C] () -- C:\ProgramData\NAB_Install.log
[2010.08.15 10:57:26 | 000,000,088 | ---- | C] () -- C:\Windows\SysWow64\everest_cpl.ini
[2010.08.06 21:10:53 | 000,004,096 | -H-- | C] () -- C:\Users\Mustermann\AppData\Local\keyfile3.drm
[2010.07.17 05:34:35 | 012,212,864 | ---- | C] () -- C:\Windows\SysWow64\drivers\snp2sxp.sys
[2010.07.17 05:34:35 | 000,025,472 | ---- | C] () -- C:\Windows\SysWow64\drivers\sncamd.sys
[2010.07.17 05:34:35 | 000,015,497 | ---- | C] () -- C:\Windows\snp2std.ini
[2010.06.26 22:09:49 | 000,004,913 | ---- | C] () -- C:\ProgramData\mxnhytee.feu
[2010.06.25 19:04:52 | 000,073,832 | ---- | C] () -- C:\Windows\SysWow64\SuperFrameSplitter.dll
[2010.06.25 19:04:52 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\RTKDABMWare.dll
[2010.06.21 21:12:04 | 000,000,045 | ---- | C] () -- C:\Windows\Twacker.ini
[2010.06.21 20:56:56 | 000,000,041 | ---- | C] () -- C:\Windows\DevCap.ini
[2010.04.19 23:42:08 | 000,007,621 | ---- | C] () -- C:\Users\Mustermann\AppData\Local\Resmon.ResmonCfg
[2010.03.03 21:28:40 | 000,000,042 | ---- | C] () -- C:\Windows\AlchemyMindworksUpdateList.INI
[2010.02.13 04:08:54 | 001,551,964 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.01.31 20:04:03 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010.01.31 11:07:23 | 000,290,816 | ---- | C] () -- C:\Windows\SysWow64\decdll.dll
[2010.01.12 21:18:20 | 001,409,890 | ---- | C] () -- C:\Windows\SysWow64\ffmpegmt.dll
[2010.01.12 21:18:18 | 000,882,688 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010.01.12 21:18:18 | 000,556,491 | ---- | C] () -- C:\Windows\SysWow64\libmplayer.dll
[2010.01.12 21:18:16 | 004,507,983 | ---- | C] () -- C:\Windows\SysWow64\libavcodec.dll
[2010.01.12 21:18:10 | 000,877,385 | ---- | C] () -- C:\Windows\SysWow64\ff_x264.dll
[2010.01.12 21:18:10 | 000,336,384 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
[2010.01.12 21:18:10 | 000,216,576 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2010.01.12 21:18:10 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2010.01.12 21:18:10 | 000,145,408 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2010.01.12 21:18:10 | 000,121,856 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2010.01.12 21:18:08 | 000,169,984 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2010.01.12 21:18:08 | 000,116,736 | ---- | C] () -- C:\Windows\SysWow64\ff_tremor.dll
[2010.01.12 21:18:08 | 000,100,864 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2010.01.12 21:18:08 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2010.01.12 21:12:36 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.01.03 09:10:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.01.01 01:00:00 | 000,324,096 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2010.01.01 01:00:00 | 000,248,320 | ---- | C] () -- C:\Windows\SysWow64\ff_kernelDeint.dll
[2009.12.27 21:35:44 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2009.12.27 21:35:44 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2009.12.22 22:46:49 | 000,001,634 | ---- | C] () -- C:\Users\Mustermann\AppData\Roaming\SAS7_000.DAT
[2009.12.22 15:53:52 | 000,011,776 | ---- | C] () -- C:\Users\Mustermann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.11.29 01:24:11 | 000,000,170 | ---- | C] () -- C:\Users\Mustermann\AppData\Roaming\default.rss
[2009.11.28 23:46:49 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.11.28 00:23:55 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll
[2009.11.27 23:04:27 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.11.27 22:05:21 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009.11.14 19:37:08 | 000,154,112 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
[2009.11.14 19:33:38 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
[2009.11.14 19:11:50 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\avss.dll
[2009.11.14 19:11:42 | 000,150,016 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
[2009.11.14 19:11:42 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
[2009.11.14 19:11:40 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
[2009.11.14 19:11:40 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\avi.dll
[2009.11.14 19:11:38 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\avs.dll
[2009.11.14 19:11:32 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
[2009.11.14 19:11:32 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.19 20:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009.04.08 15:25:44 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\BH_DATA120VC8.dll
[2009.04.08 07:17:48 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\FKStampPainter20.dll
[2009.02.02 20:11:40 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\LXPrnUtil10.dll
[2009.02.02 20:10:14 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\dnt27VC8.dll
[2009.02.02 20:08:36 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\dntvmc27VC8.dll
[2009.02.02 20:08:22 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dntvm27VC8.dll
[2009.01.10 23:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\mmfinfo.dll
[2008.12.03 23:11:50 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2008.11.06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2007.10.13 10:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini
[2006.12.18 19:16:51 | 000,000,000 | -H-- | C] () -- C:\ProgramData\sdpsenv.dat
[2006.04.21 10:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\HtmlHelp.dll
[2005.04.08 03:16:43 | 000,053,689 | -H-- | C] () -- C:\Users\Mustermann\AppData\Roaming\Mustermannlog.dat
 
========== LOP Check ==========
 
[2010.11.21 17:32:07 | 000,000,510 | ---- | M] () -- C:\Windows\Tasks\NatSpeak Periodic Acoustic Optimization.job
[2010.11.21 17:32:07 | 000,000,524 | ---- | M] () -- C:\Windows\Tasks\NatSpeak Periodic Language Model Optimization.job
[2010.11.01 19:33:19 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 160 bytes -> C:\ProgramData\sdpsenv.dat:naughtypirates
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:F35A93AD
 
< End of report >
         
--- --- ---


OTL-Extras:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 25.11.2010 17:23:16 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\xxx\Desktop
64bit- An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 5,00 Gb Available Physical Memory | 76,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): c:\pagefile.sys 400 480 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 69,24 Gb Total Space | 19,76 Gb Free Space | 28,54% Space Free | Partition Type: NTFS
Drive D: | 698,64 Gb Total Space | 463,01 Gb Free Space | 66,27% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 247,54 Gb Free Space | 26,57% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 80,10 Gb Free Space | 8,60% Space Free | Partition Type: NTFS
Drive G: | 931,51 Gb Total Space | 77,84 Gb Free Space | 8,36% Space Free | Partition Type: NTFS
 
Computer Name: MEIN-PC | User Name: Mustermann| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Programme Eigene\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme Eigene\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PR9EA2~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Programme Eigene\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme Eigene\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PR9EA2~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{08347912-0AA5-C85E-BC02-416568E741B4}" = AMD Drag and Drop Transcoding
"{0A54DE51-CD51-BF86-81EB-ED2D663FFBD1}" = ATI AVIVO64 Codecs
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{109BF2A4-013B-7B67-C7EA-F387EF1BD302}" = ATI Catalyst Install Manager
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{1DD64A9C-846F-4180-B34C-3090459E32E1}" = 7-Clean
"{4A5A427F-BA39-4BF0-9A47-7777FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking 64bit (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{563F041C-DFDB-437B-A1E8-E141E0906076}" = Microsoft IntelliPoint 8.0
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{914C25C6-603C-16C9-BE33-8A09E5632350}" = ccc-utility64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98C8DF59-BE5F-4EC2-9B12-FD2A54928EDB}" = Microsoft IntelliType Pro 8.0
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID-Anmelde-Assistent
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"EPSON Stylus SX200 Series" = EPSON Stylus SX200 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Sandboxie" = Sandboxie 3.50 (64-bit)
"Unlocker" = Unlocker 1.9.0-x64
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02627EE5-EACA-4742-A9CC-E687631773E4}" = Nero ShowTime
"{086A7D8C-0A38-4C7F-819A-620275550D5C}" = Nero Burning ROM Help
"{086c3940-5775-4daa-8072-dda88eeb1980}" = Nero 9
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0C7B9FAF-9C93-4E3A-9EC5-DE553B5771F0}" = Linguatec Voice Reader Studio
"{0E58BC91-B789-0D1B-9A75-017D04741F97}" = HydraVision
"{10CCF16B-F1C9-4B24-9570-B4CCEE42392D}" = LightScribe System Software
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{12444FB2-997D-7BB2-0CEB-453E31307929}" = ccc-core-static
"{19B822A6-372A-43E2-9230-0AFA4EC84F8C}" = Lexware buchhalter 2009
"{1C00C7C5-E615-4139-B817-7F4003DE68C0}" = Nero PhotoSnap Help
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{225C12AE-BB37-4EE3-8935-583E2F0E6644}" = Lexware reisekosten 2009
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 19
"{2F3ABBBF-D85B-41C2-8E44-0DDB66E0FE0A}" = QuickSteuer DELUXE Wissens-Center 2010
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{3E981E45-833E-44C4-AB75-3668AA77F8EC}" = Adobe Flash Media Live Encoder 3
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{44046312-696F-4E29-82C8-3F29F81DD11F}" = Lexware Elster
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D12D805-50B2-4287-B3B9-AD4D74F85693}" = BOINC
"{4F2F5589-0217-43A6-91E9-B0F172D32CC9}_is1" = MF Shutdown Manager Full Edition 0.9.6 Beta
"{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{56FDB311-6511-11DE-832F-0050560400B1}" = Haufe iDesk-Browser
"{57456DD2-4CDD-4245-A5E6-D865CD8E0238}" = Lexware reisekosten 2009
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{59624372-3B85-47f4-9B04-4911E551DF1E}" = Lexware Info Service
"{5D9BE3C1-8BA4-4E7E-82FD-9F74FA6815D1}" = Nero Vision Help
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{5E08ECD1-C98E-4711-BF65-8FD736B3F969}" = Nero RescueAgent Help
"{60C731FB-C951-41CE-AD41-8E54C8594609}" = Nero Disc Copy Gadget Help
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{62B7C52C-CAB6-48B1-8245-52356C141C92}" = RENESIS® Player Browser Plugins
"{65C043EC-BEB5-4791-8EB3-EF9EDBEDA7DB}" = QuickSteuer Wissens-Center 2009
"{69BA7792-853B-45A3-A29F-539C0D7A2A62}" = Myst Uru - Complete Chronicles
"{707790EF-9E51-1548-F90C-57B38065F38C}" = Catalyst Control Center Graphics Previews Vista
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72CCBEA1-8D57-4981-A337-81019F28C5BA}" = Microsoft .NET Compact Framework 3.5
"{73182AC3-5CC3-4161-AE97-F23E09B13147}" = Vallen JPegger
"{74292F90-895A-4FC6-A692-9641532B1B63}" = ArcSoft TotalMedia 3.5
"{75438C0E-9925-412E-AD85-D0E71C6CE2ED}" = USB2.0 PC Camera
"{76F79738-4234-45E8-80AA-F56F8FCD4FBE}" = QuickSteuer 2009
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{77E33D87-255E-413E-9C8D-EED2A7F9BEBF}" = Nero Live Help
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{7B5999EE-F2DD-4677-675D-51F11C6F6181}" = Catalyst Control Center Graphics Previews Common
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{85243696-5E58-4357-9CF8-3498C609941D}" = NeroLiveGadget Help
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller  Driver
"{889E44CE-435C-4D37-B302-A7E43339E5FA}_is1" = Mouse Recorder Pro 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial 
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ULTIMATER_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ULTIMATER_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PRJPRO_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PRJPRO_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ULTIMATER_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ULTIMATER_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PRJPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{9E73617F-2F38-4864-BD61-BB2DDFE43323}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ULTIMATER_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PRJPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2007
"{90120000-00B4-0407-0000-0000000FF1CE}_PMUI.de-de_{16809599-3C53-4A9A-A7E2-74A6D0D2C007}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}_PRJPRO_{27A9D316-D332-433B-8EB1-1D93EE49F26D}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-00B5-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2007
"{90120000-00B5-0407-0000-0000000FF1CE}_PMUI.de-de_{16809599-3C53-4A9A-A7E2-74A6D0D2C007}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_PMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PRJPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PRJPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-0052-0407-0000-0000000FF1CE}" = Microsoft Office Visio Viewer 2007
"{96F702F3-7CA4-41B5-A70A-4F348DF99A9A}" = Myst IV - Revelation
"{98A67610-A3B5-4098-A423-3708040026D3}" = "Nero SoundTrax Help
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{9E9FDDE6-2C26-492A-85A0-05646B3F2795}" = NeroLiveGadget
"{9F05B89E-2873-11D5-9E9D-0050DA1EA555}" = Myst III: Exile
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A589DA26-51BD-475D-8C32-E19E34145842}" = Camtasia Studio 6
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AD6BC5CC-2EF0-49C4-B33D-CDC8B2C4DC80}" = Nero Recode Help
"{AE096DBF-8878-6943-3858-7EE9D54D70B7}" = CCC Help English
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS Ver.2.06
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CC23FF9A-989C-4DEB-8970-50E6E4862315}" = EOSInfo
"{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D961CF08-AB06-4AC5-BCBA-76D12C4DB5EC}" = Linguatec Voice Reader Studio
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding
"{DDBB7C89-1A09-441E-AA0F-6AA465755C17}" = REALTEK DTV USB DEVICE
"{DEE03A90-C723-4E3D-A661-86651D6F0668}" = QuickSteuer Deluxe 2010
"{DF6A95F5-ADC1-406A-BDC6-2AA7CC0182AA}" = Nero Live
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E7712E53-7A7F-46EB-AA13-70D5987D30F2}" = Dragon NaturallySpeaking 10
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EB5AE940-8E5D-11DE-992A-005056B12123}" = Haufe iDesk-Service
"{EC25B803-4BDB-47F7-B877-FCE7D7966C0F}" = Visual C++ CRT 9.0 SP1
"{EE5BCA77-F9B8-4896-BB04-6CBE587BC8CE}" = QuickSteuer 2009
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3D Poker Bandit" = 3D Poker Bandit 2.1.2 
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Biet-O-Matic v2.12.5" = Biet-O-Matic v2.12.5
"BitTorrent" = BitTorrent
"Call of Duty: Black Ops_is1" = Call of Duty: Black Ops
"CCleaner" = CCleaner
"Citavi" = Citavi 2.5
"ContextEdit_is1" = ContextEdit (PC Magazine)
"DVB Dream_is1" = DVB Dream version 1.4i
"DVD Shrink" = DVD Shrink
"EPSON Scanner" = EPSON Scan
"Free Video Converter_is1" = Free Video Converter V 2.5
"FreeCommander_is1" = FreeCommander 2009.02a
"GIF Construction Set Professional 3" = GIF Construction Set Professional 3
"GrabIt_is1" = GrabIt 1.7.2 Beta 4 (build 997)
"IObit Security 360_is1" = IObit Security 360
"Juniper Network Connect 6.2.0" = Juniper Networks Network Connect 6.2.0
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ManyCam" = ManyCam 2.4 (remove only)
"Media Player - Codec Pack" = Media Player Codec Pack 3.9.2
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"PCViewer BX1000 TAXI_is1" = PCViewer BX1000 TAXI 2.0.1.0
"PhotoScape" = PhotoScape
"PMUI.de-de" = Microsoft Office Project Language Pack 2007 - German/Deutsch
"PRJPRO" = Microsoft Office Project Professional 2007
"QuickTime" = QuickTime
"ratDVD" = ratDVD 0.78.1444
"Registry Mechanic_is1" = Registry Mechanic 9.0.0.114
"Security Task Manager" = Security Task Manager 1.8c
"Star Defender 2" = Star Defender 2
"Star Defender 2_is1" = Star Defender 2
"Star Defender 3_is1" = Star Defender 3
"Star Defender 4_is1" = Star Defender 4
"SUPER ©" = SUPER © Version 2010.bld.37 (Jan 2, 2010)
"Timers" = Timers
"Totalcmd" = Total Commander (Remove or Repair)
"TreeSize Free_is1" = TreeSize Free V2.3.3
"ULTIMATER" = Microsoft Office Ultimate 2007
"VLC media player" = VLC media player 1.1.5
"Weather Pulse 2.2.4.1" = Weather Pulse 2.2.4.1
"Winamp" = Winamp
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Groschengrab Deluxe" = Groschengrab Deluxe
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Winamp Detect" = Winamp Anwendungserkennung
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
--- --- ---


Malwarebytes-LOG:
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
 
Datenbank Version: 5190
 
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
 
25.11.2010 21:37:06
mbam-log-2010-11-25 (21-37-06).txt
 
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 163397
Laufzeit: 4 Minute(n), 30 Sekunde(n)
 
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
 
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
 
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
 
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
 
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
 
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
Nachdem ich viel über das Problem in anderen Threads und Boards gelesen habe, vermute ich, das ein Neuaufsetzen nicht vermeidbar ist. OK.

Aber ich würde gerne wissen, was das Problem ist, wie es möglicherweise auf den Rechner kam und wie es ggf. behebbar wäre.
Ich habe schon sehr intensiv mit dem SecurityTask Manger aber auch dem Windows Taskmanager die laufenden Prozesse und Dienste beobachtet (auch beim Starten von Firefox und dessen Verwendung etc.). Es sind einfach keine Dienste/Prozesse erkennbar, die dieses manipulierte Verhalten von Firefox auslösen können.

Selbstverständlich habe ich Firefox bereits mehrfach neu aufgesetzt (auch in unterschiedlichen Versionen).

Dann würde ich gerne mit Eurer Hilfe versuchen, das Problem zu beheben, um daraus zu Lernen, damit ich u. a. mein zukünftiges Verhalten auf diese Sicherheitslücke anpassen kann und die jetzige (dann reparierte) Systemfestplatte als "Notfallsystem" behalten kann, auch wenn ich auf einer SSD mein System neu aufsetze.

Viele Grüße
neuanboard

Hier noch der Gmer-Log:

GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2010-11-26 00:03:13
Windows 6.1.7600  
Running: xsmhtl5n.exe
 
 
---- Registry - GMER 1.0.15 ----
 
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                    
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                 0
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                              0x48 0xE0 0x5F 0x15 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Programme Eigene\Daemon Lite 43560091\DAEMON Tools Lite\
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 1
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x63 0x05 0xBD 0xD9 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0xD7 0x3B 0x37 0x51 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x37 0x6D 0x49 0x37 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                     0
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                  0x48 0xE0 0x5F 0x15 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Programme Eigene\Daemon Lite 43560091\DAEMON Tools Lite\
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     1
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x63 0x05 0xBD 0xD9 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0xD7 0x3B 0x37 0x51 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x37 0x6D 0x49 0x37 ...
 
---- EOF - GMER 1.0.15 ----
         
--- --- ---

--- --- ---

Ich nehme an, der fehlt noch, für eine Bearbeitung?!

Also hier der HiJackThis-Log:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:35:15, on 25.11.2010
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal
 
Running processes:
C:\Programme Eigene\RocketDock\RocketDock.exe
C:\Programme Eigene\Malwarescanner IObit\IObit Security 360\is360tray.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Programme Eigene\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files (x86)\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Users\Mustermann\Desktop\HiJackThis204.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme Eigene\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme Eigene\Java Runtime Engine\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IObit Security 360] "C:\Programme Eigene\Malwarescanner IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [RocketDock] "C:\Programme Eigene\RocketDock\RocketDock.exe"
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PR9EA2~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PR9EA2~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PR9EA2~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PR9EA2~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PR9EA2~1\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme Eigene\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: haufereader - (no CLSID) - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~3\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Boonty Games - Unknown owner - C:\Program Files (x86)\Common Files\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: IS360service - IObit - C:\Programme Eigene\Malwarescanner IObit\IObit Security 360\IS360srv.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 8219 bytes
         
--- --- ---

Vielleicht könnte Ihr nun etwas Erstes herausfinden?

vg
neuanboard

Alt 04.12.2010, 15:27   #2
neuanboard
 
Firefox leitet auf falsche google-Links weiter und öffnet sich selbst in Popups neu. - Daumen runter

Thread und Mitgliedschaft bitte so bald wie möglich löschen.



AN DIE ADMINS / MODERATOREN.

DIESEN THREAD BITTE LÖSCHEN, damit es nicht zu einem Cross-Board-Post kommt

Da von Eurer Seite aus keine Kommunikation erfolgt, werde ich auf einem anderen Board um Hilfe bitten.

P.S.: Kleines Feedback: Die Posts von Ratsuchenden Mitgliedern ungefragt, unkommentiert und ohne ersichtlichen Grund zu kürzen oder Teile zu löschen, macht wenig Sinn.
__________________


Alt 04.12.2010, 16:13   #3
nochdigger
 
Firefox leitet auf falsche google-Links weiter und öffnet sich selbst in Popups neu. - Standard

Firefox leitet auf falsche google-Links weiter und öffnet sich selbst in Popups neu.



Moin

Zitat:
Die Posts von Ratsuchenden Mitgliedern ungefragt, unkommentiert und ohne ersichtlichen Grund zu kürzen oder Teile zu löschen, macht wenig Sinn.
Sich das System mit geklauter Software und und wenig vertrauenwürdigen Trainern zu versauen, macht genauso wenig Sinn

MFG
__________________
__________________

Alt 04.12.2010, 16:54   #4
neuanboard
 
Firefox leitet auf falsche google-Links weiter und öffnet sich selbst in Popups neu. - Standard

Firefox leitet auf falsche google-Links weiter und öffnet sich selbst in Popups neu.



Dann sagt das einfach direkt und löscht die Beiträge vollständig, anstatt die Leute in der Luft hängen zu lassen.

Man kann sich dann direkt an Boards wenden, die sich nicht als "Lizenzgewissen" des WWW verstehen.

Zudem: Wenn das der Grund für die Ignoranz, die Ihr meinem Thread gegenüber gezeigt habt, war, dann müsstet Ihr (wenigstens) 90 % aller Anfragen hier ignorieren...
Das erkenne sogar ich, wenn ich mir die Logs der Poster ansehe...

Ich habe entsprechende Einträge in den Logs nicht manipuliert, weil es hier üblich zu sein schien, diese auch mit zu posten.

Wie dem auch sei... Ciao an das "Kompetenzteam"

Alt 04.12.2010, 18:30   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Firefox leitet auf falsche google-Links weiter und öffnet sich selbst in Popups neu. - Standard

Firefox leitet auf falsche google-Links weiter und öffnet sich selbst in Popups neu.



Zitat:
die sich nicht als "Lizenzgewissen" des WWW verstehen.
Wer illegale Software einsetzt bekommt keine Hilfe. Dasist auch in vielen anderen Boards so. Und Boards, die keygens/cracks oder andere illegalte Software dulden, können früher oder später ein Problem bekommen.

Zitat:
Wenn das der Grund für die Ignoranz,
Wenn du selbst fahrlässig und naiv mit deinem Rechner umgehst, solltest du mal dein Verhalten am PC überlegen, das Helferteam als ignorant zu beschimpfen zeigt, wie uneinsichtig du doch bist.

Zitat:
dann müsstet Ihr (wenigstens) 90 % aller Anfragen hier ignorieren...
Wo kommen die 90% her? Aus dem Hut gezaubert?
Im Übrigen ist es hier so, dass jeder, der mit illegaler Software erwischt wird und Hilfe haben will, diese nur noch in Form von format c: bekommt.

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 04.12.2010, 18:53   #6
neuanboard
 
Firefox leitet auf falsche google-Links weiter und öffnet sich selbst in Popups neu. - Standard

Firefox leitet auf falsche google-Links weiter und öffnet sich selbst in Popups neu.



Und was war jetzt so schwer, entweder direkt zu posten: "Hau ab... hier gibts für so Leute wie Dich nix..."

oder aber in den Nutzungsbedingungen, die man bei der Anmeldung zu lesen hat, diesen Vermerk direkt gut sichtbar einzupflegen?

Ihr könnt die Regel Eures Boards gerne so machen, wie Ihr möchtet - damit habe ich nicht das geringste Problem - aber lasst es einen doch wissen... und vielleicht wäre eine konsequente und einheitliche Vorgehensweise der "Helfer" angebracht, denn es wird hier mit Anfragenden gearbeitet, bei denen die Software-/Lizenzkonstellation erheblich "kritischer" ist, als bei mir.

Nichts für ungut. Löscht bitte meine Threads und den Account, damit ich nicht als "Cross-Board-Poster" auf dem nächsten Board verschrien bin.

Alt 04.12.2010, 18:58   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Firefox leitet auf falsche google-Links weiter und öffnet sich selbst in Popups neu. - Standard

Firefox leitet auf falsche google-Links weiter und öffnet sich selbst in Popups neu.



Zitat:
oder aber in den Nutzungsbedingungen, die man bei der Anmeldung zu lesen hat, diesen Vermerk direkt gut sichtbar einzupflegen?
Müsste man diskutieren...

Zitat:
Nichts für ungut. Löscht bitte meine Threads und den Account, damit ich nicht als "Cross-Board-Poster" auf dem nächsten Board verschrien bin.
Schreib den Admins eine PN oder melde einfach deinen Beitrag mit entsprechendem Text.
Dazu gibt es das -Symbol.
__________________
Logfiles bitte immer in CODE-Tags posten

Thema geschlossen

Themen zu Firefox leitet auf falsche google-Links weiter und öffnet sich selbst in Popups neu.
0x00000001, 64-bit, adblock, alternate, autorun, avgntflt.sys, avira, bearbeitung, bho, c:\windows\system32\rundll32.exe, call of duty, converter, de-cleaner, error, excel.exe, firefox, flash player, helper, hängen, ieframe.dll, install.exe, iobit, langs, lexware, location, locker, logfile, microsoft office word, mozilla, neu aufgesetzt, office 2007, oldtimer, physikalischer speicher, plug-in, popup, problem, programdata, prozesse, realtek, rootkit maleware firefox google weiterleitung, rundll, safer networking, saver, searchplugins, security update, senden, server, shell32.dll, shortcut, software, sptd.sys, system neu, system restore, syswow64, taskmanager, temporäre dateien, total commander, usb, video converter, viele prozesse, webcheck, windows, windows xp



Ähnliche Themen: Firefox leitet auf falsche google-Links weiter und öffnet sich selbst in Popups neu.


  1. Google leitet auf falsche Internetseiten weiter
    Log-Analyse und Auswertung - 14.08.2013 (9)
  2. google leitet auf falsche Seiten weiter
    Plagegeister aller Art und deren Bekämpfung - 04.04.2013 (9)
  3. Google leitet auf falsche Seite weiter
    Log-Analyse und Auswertung - 25.02.2013 (13)
  4. Firefox leitet (unregelmäßig) bei Links auf falsche/Werbe/Spam-Seiten weiter...
    Log-Analyse und Auswertung - 09.02.2012 (1)
  5. google leitet auf falsche Seiten weiter
    Log-Analyse und Auswertung - 02.01.2012 (1)
  6. Google leitet auf falsche Seiten weiter
    Plagegeister aller Art und deren Bekämpfung - 15.12.2011 (19)
  7. Google leitet auf falsche Seiten weiter
    Plagegeister aller Art und deren Bekämpfung - 16.11.2011 (28)
  8. firefox öffnet sich selbst und irgendwelche seiten, links in google werden fehlerhaft geöffnet
    Plagegeister aller Art und deren Bekämpfung - 10.11.2011 (6)
  9. Google öffnet falsche Links und Yahoo mail geht bei Firefox nicht
    Log-Analyse und Auswertung - 30.09.2011 (1)
  10. google leitet an falsche seiten weiter
    Log-Analyse und Auswertung - 08.04.2011 (21)
  11. Firefox Öffnet in Google falsche Links und öffnet spontan Websites in neuem Tab
    Plagegeister aller Art und deren Bekämpfung - 28.11.2010 (5)
  12. Firefox langsam, öffnet automatisch links, falsche Weiterleitung bei google suche
    Log-Analyse und Auswertung - 24.11.2010 (17)
  13. Firefox öffnet selbständig Tabs mit Werbung, leitet Links auf andere Seiten weiter
    Plagegeister aller Art und deren Bekämpfung - 21.06.2010 (18)
  14. Firefox öffnet bei suche in Google mehrmals falsche links vor dem richtigen
    Plagegeister aller Art und deren Bekämpfung - 21.05.2010 (27)
  15. Firefox Öffnet in Google falsche Links + Spotan Werbeseiten
    Plagegeister aller Art und deren Bekämpfung - 18.05.2010 (28)
  16. Google leitet auf falsche Seiten weiter
    Log-Analyse und Auswertung - 28.07.2009 (10)
  17. firefox / google öffnet falsche links
    Log-Analyse und Auswertung - 04.05.2009 (3)

Zum Thema Firefox leitet auf falsche google-Links weiter und öffnet sich selbst in Popups neu. - Hallo Board-Spezialisten. Seit ca. 10-14 Tagen habe ich folgendes Problem: Wenn ich nach einer google-Suche auf die Links der Suchergebnisse klicke, werde ich auf vollkommen andere Seiten gelenkt. Dies ist - Firefox leitet auf falsche google-Links weiter und öffnet sich selbst in Popups neu....
Archiv
Du betrachtest: Firefox leitet auf falsche google-Links weiter und öffnet sich selbst in Popups neu. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.