Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Win32.GenericFF C:\Users\xyz~1\AppData\Local\Temp\5aiEDC7.exe

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 16.02.2012, 23:49   #1
peterw24
 
Win32.GenericFF C:\Users\xyz~1\AppData\Local\Temp\5aiEDC7.exe - Standard

Win32.GenericFF C:\Users\xyz~1\AppData\Local\Temp\5aiEDC7.exe



Hallo,

habe mir den oben genannten Plagegeist eingefangen und werde ihn nicht mehr los, schon alles moegliche ausprobiert.(Hijackthis,Spybot S&D,Kaspersky, Avast; natuerlich bei den Antivirusprog neuinstalliert, also nie 2 Antivirenprog auf einmal gehabt.

Leider hab ich kein Internet mehr, auch nicht im abgesichertem Modus. Komischerweise funktionieren aber noch die Minianwendungen von Windows 7. (Waehrungskurs, Wetter) Updates fuer Avast nicht moeglich.

Es gab ein User der dieses Problem schon einmal hatte, allerdings komme ich damit nicht weiter. http://www.trojaner-board.de/100089-...-gefunden.html

Ergebnis von Virustotal:

https://www.virustotal.com/file/98a24f0caf5b578e230e6f1103a5fba6aecb28a9128cad5520fcde546d643272/analysis/1329433407/

Ich hoffe, ihr koennt mir weiter helfen!!!

Viele Gruesse, Peter

Zitat:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
Run by xyz at 2:36:34 on 2012-02-17
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.4094.2605 [GMT 4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Spybot - Search && Destroy *Disabled/Outdated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\StikyNot.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files (x86)\Common Files\ABBYY\Lingvo\14.0\Licensing\NetworkLicenseServer.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
C:\Users\xyz~1\AppData\Local\Temp\5aiEDC7.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
uURLSearchHooks: Winload Toolbar: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\tbWin0.dll
mURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
mURLSearchHooks: Winload Toolbar: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\tbWin0.dll
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Winload Toolbar: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\tbWin0.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB: Winload Toolbar: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\tbWin0.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: VShareToolBar: {7ac3e13b-3bca-4158-b330-f66dbb03c1b5} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll
EB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
uRun: [Adobe Acrobat Synchronizer] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [ManyCam] "C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe" /silent
uRun: [YI9B2F0F6EXHXF9HT] C:\systemhost\24FC2AE3130.exe
mRun: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [autodetect] C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
dRun: [Duden Korrektor SysTray] C:\Program Files (x86)\Duden\Duden-Rechtschreibprüfung\DKTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: An OneNote s&enden - C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xcel exportieren - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Übersetzen mit ABBYY Lingvo x&3 - C:\Program Files (x86)\ABBYY Lingvo x3\Lingvo.exe/3000
IE: {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files (x86)\PlotSoft\PDFill\DownloadPDF.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{14B49A7C-51EB-46CC-8459-A650F1070749} : NameServer = 132.195.113.109,132.195.20.3
TCP: Interfaces\{3033541A-FF72-4829-9FE0-A2ACA9CB5CEC} : DhcpNameServer = 10.142.1.222
TCP: Interfaces\{3033541A-FF72-4829-9FE0-A2ACA9CB5CEC}\75942554 : DhcpNameServer = 10.142.1.222
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
mASetup: 6de2ed6f-0b56-4d57-b0f0-551ec8cbb27f - C:\ProgramData\Duden\dkreg.exe /dktray=on /csapi=on /ALLUSERS
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{3049C3E9-B461-4BC5-8870-4C09146192CA}
{40c3cc16-7269-4b32-9531-17f2950fb06f}
{53707962-6F74-2D53-2644-206D7942484F}
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
{AE7CD045-E861-484f-8273-0445EE161910}
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{F4971EE7-DAA0-4053-9964-665D8EE6A077}
{855F3B16-6D32-4FE6-8A56-BBB695989046}
{32099AAC-C132-4136-9E9A-4E364A424E17}
{40c3cc16-7269-4b32-9531-17f2950fb06f}
{47833539-D0C5-4125-9FA8-0819E2EAAC93}
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
EB-X64: {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
mRun-x64: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [autodetect] C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun-x64: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
IE-X64: {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
IE-X64: {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files (x86)\PlotSoft\PDFill\DownloadPDF.exe
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\xyz\AppData\Roaming\Mozilla\Firefox\Profiles\sjs8wq95.default\
FF - prefs.js: browser.search.selectedEngine - Яндекс
FF - prefs.js: browser.startup.homepage - hxxp://start.funmoods.com/?f=1&a=ddrnw
FF - prefs.js: keyword.URL - hxxp://yandex.ru/yandsearch?clid=1769047&text=
FF - component: C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: C:\Users\xyz\AppData\Roaming\Mozilla\Firefox\Profiles\sjs8wq95.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - component: C:\Users\xyz\AppData\Roaming\Mozilla\Firefox\Profiles\sjs8wq95.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\xyz\AppData\Roaming\Mozilla\Firefox\Profiles\sjs8wq95.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: C:\Users\xyz\AppData\Roaming\Mozilla\Firefox\Profiles\sjs8wq95.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - component: C:\Users\xyz\AppData\Roaming\Mozilla\Firefox\Profiles\sjs8wq95.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: C:\Users\xyz\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\xyz\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
.
pref('extensions.shownSelectionUI',true); pref('extensions.autoDisableScopes',0);FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=ddrnw
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=ddrnw
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=ddrnw&q=
FF - user.js: extensions.funmoods_i.id - e89cdbbc000000000000001fe1c1f5f2
FF - user.js: extensions.funmoods_i.instlDay - 15374
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.162:21:35
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - ddrnw
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
.
============= SERVICES / DRIVERS ===============
.
R?2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-2-11 1185704]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 ABBYY.Licensing.Lingvo.Desktop.14.0;ABBYY Lingvo x3 Lizenz-Service;C:\Program Files (x86)\Common Files\ABBYY\Lingvo\14.0\Licensing\NetworkLicenseServer.exe [2010-12-5 808224]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-2-10 44768]
R2 ICQ Service;ICQ Service;C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-6-12 246520]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-1-26 573224]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-2-11 166528]
R2 SSPORT;SSPORT;\??\C:\Windows\system32\Drivers\SSPORT.sys --> C:\Windows\system32\Drivers\SSPORT.sys [?]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-5-4 2280312]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-7-15 2027840]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\system32\DRIVERS\ManyCam_x64.sys --> C:\Windows\system32\DRIVERS\ManyCam_x64.sys [?]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2011-3-24 148072]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-10-7 11856]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-28 136176]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-2-11 1181104]
S2 srsfah;srsfah;"C:\Program Files (x86)\simlock remote client\fah\fah.exe" -svcstart -d "C:\Program Files (x86)\simlock remote client\fah" --> C:\Program Files (x86)\simlock remote client\fah\fah.exe [?]
S3 gupdatem;Google Update-Dienst (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-28 136176]
S3 k57nd60a;Broadcom NetLink (TM)-Gigabit-Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
S3 massfilter;ZTE Mass Storage Filter Driver;C:\Windows\system32\drivers\massfilter.sys --> C:\Windows\system32\drivers\massfilter.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 StorSvc;Speicherdienst;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2011-12-14 748440]
.
=============== Created Last 30 ================
.
2012-02-15 23:02:02 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-02-15 07:38:42 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-02-15 07:38:29 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-02-15 07:38:07 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-02-15 07:38:07 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2012-02-14 07:39:48 -------- d-----w- C:\Users\xyz\AppData\Local\Apps
2012-02-14 07:32:51 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2D91E4C6-BBAB-449B-B8E2-7580F613FDC2}\mpengine.dll
2012-02-12 13:00:11 -------- d-----w- C:\Windows\rescache
2012-02-11 21:40:34 -------- d-----w- C:\antivirprog
2012-02-11 15:12:08 -------- d-----w- C:\Windows\System32\SPReview
2012-02-11 06:16:16 -------- d-----w- C:\Windows\System32\EventProviders
2012-02-10 21:05:20 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2012-02-10 08:20:54 601944 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-02-10 08:20:41 65368 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-02-10 08:19:43 41184 ----a-w- C:\Windows\avastSS.scr
2012-02-10 08:19:35 -------- d-----w- C:\ProgramData\AVAST Software
2012-02-10 08:19:35 -------- d-----w- C:\Program Files\AVAST Software
2012-02-09 23:44:13 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-02-09 23:41:45 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2012-02-09 10:05:20 -------- d-----w- C:\Users\xyz\AppData\Roaming\kFv3DjpT2zpne1z
2012-02-09 10:05:20 -------- d-----w- C:\kFv3DjpT2zpne1z
2012-02-08 14:39:45 -------- d-----w- C:\Users\xyz\.phase-6
2012-02-08 14:29:09 -------- d-----w- C:\ProgramData\Phase6
2012-02-08 14:29:02 -------- d-----w- C:\Program Files (x86)\phase-6
2012-02-07 23:02:08 -------- d-----w- C:\Program Files (x86)\GNU
2012-02-07 23:02:02 -------- d-----w- C:\Program Files (x86)\CoreAAC
2012-02-07 23:01:46 -------- d-----w- C:\ProgramData\GRETECH
2012-02-04 22:34:57 -------- d-----w- C:\jdl2
2012-02-04 22:21:35 -------- d-----w- C:\Program Files (x86)\Funmoods
2012-02-04 22:19:45 -------- d-----w- C:\Program Files (x86)\JDownloader2
2012-02-02 18:21:12 -------- d-----w- C:\ProgramData\Grammatica
2012-02-02 18:20:26 -------- d-----w- C:\Program Files (x86)\Grammatica
2012-01-24 07:57:25 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-24 07:57:25 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-24 07:57:25 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-24 07:57:25 45016 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
2012-01-19 20:29:13 -------- d-----w- C:\Program Files (x86)\Defcon
2012-01-19 20:24:01 134887200 ----a-w- C:\gns-defc.bin
.
==================== Find3M ====================
.
2012-02-11 20:27:05 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-02-11 20:27:05 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-01-26 20:52:58 279656 ------w- C:\Windows\System32\MpSigStub.exe
2011-12-16 08:47:38 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-12-16 07:54:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-12-16 06:44:38 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-12-16 06:09:17 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-11-19 14:58:00 77312 ----a-w- C:\Windows\System32\packager.dll
2011-11-19 14:01:00 67072 ----a-w- C:\Windows\SysWow64\packager.dll
.
============= FINISH: 2:39:04,89 ===============
Zitat:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume3
Install Date: 12.06.2010 00:20:13
System Uptime: 17.02.2012 02:30:27 (0 hours ago)
.
Motherboard: Dell Inc. | |
Processor: Intel(R) Core(TM)2 Duo CPU T8100 @ 2.10GHz | Microprocessor | 2101/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 223 GiB total, 1,407 GiB free.
D: is FIXED (NTFS) - 233 GiB total, 1,341 GiB free.
E: is FIXED (NTFS) - 10 GiB total, 0,747 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Basissystemgerät
Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_02561028&REV_12\4&2CB1F2EC&0&0AF0
Manufacturer:
Name: Basissystemgerät
PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_02561028&REV_12\4&2CB1F2EC&0&0AF0
Service:
.
Class GUID:
Description: Basissystemgerät
Device ID: PCI\VEN_1180&DEV_0852&SUBSYS_02561028&REV_12\4&2CB1F2EC&0&0CF0
Manufacturer:
Name: Basissystemgerät
PNP Device ID: PCI\VEN_1180&DEV_0852&SUBSYS_02561028&REV_12\4&2CB1F2EC&0&0CF0
Service:
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Broadcom NetLink (TM)-Gigabit-Ethernet
Device ID: PCI\VEN_14E4&DEV_1698&SUBSYS_02561028&REV_10\4&28B95307&0&00E5
Manufacturer: Broadcom
Name: Broadcom NetLink (TM)-Gigabit-Ethernet
PNP Device ID: PCI\VEN_14E4&DEV_1698&SUBSYS_02561028&REV_10\4&28B95307&0&00E5
Service: k57nd60a
.
Class GUID:
Description:
Device ID: ACPI\ITE8708\4&1E0559A0&0
Manufacturer:
Name:
PNP Device ID: ACPI\ITE8708\4&1E0559A0&0
Service:
.
Class GUID:
Description: Basissystemgerät
Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_02561028&REV_12\4&2CB1F2EC&0&0BF0
Manufacturer:
Name: Basissystemgerät
PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_02561028&REV_12\4&2CB1F2EC&0&0BF0
Service:
.
Class GUID:
Description: Fingerprint Sensor
Device ID: USB\VID_08FF&PID_2810\5&26DAF38B&0&2
Manufacturer:
Name: Fingerprint Sensor
PNP Device ID: USB\VID_08FF&PID_2810\5&26DAF38B&0&2
Service:
.
==== System Restore Points ===================
.
RP360: 16.02.2012 03:00:11 - Windows Update
.
==== Installed Programs ======================
.
ABBYY Lingvo x3
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.3 - Deutsch
Apple Application Support
Apple Software Update
Ask Toolbar Updater
avast! Free Antivirus
Back4WinXP
Balabolka
BitTorrent
Business English Wortschatztrainer 5.0
calibre
CamStudio
Combined Community Codec Pack 2009-09-09
CoreAAC
DAEMON Tools Toolbar
DeepBurner Pro v1.9.0.228
Defcon v1.5 de rtl
DivX-Setup
Duden-Rechtschreibprüfung PLUS
EasyBits GO
eMule
Facebook Video Calling 1.1.1.1
FoxyTunes for Firefox
Funmoods on IE and Chrome
Goldman Sachs Rohstoff Radar Screen Saver
GOM PICKER
GOM Player
GOM Video Converter
Google Chrome
Google Earth Plug-in
Google Update Helper
Grammatica
IBM SPSS Statistics 19
ICQ Toolbar
ICQ7.2
in mind pro
Java Auto Updater
Java(TM) 6 Update 26
JDownloader 0.9
KaloMa 4.92
Langenscheidt Vokabeltrainer 6.0 Englisch
LECTURNITY Player
ManyCam 2.6.65 (remove only)
Mein Gutscheincode Finder 1.0.0.0
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Miranda IM 0.8.25
MobiOne 1.3.2
Mobipocket Reader 6.2
Mozilla Firefox 10.0 (x86 de)
Mozilla Thunderbird 10.0 (x86 de)
MPEG2 Codec(libmpeg2/mad)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero BurnLite 10
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Update
OpenAL
Opera 11.50
PDFCreator
pdfforge Toolbar v4.9
phase-6 2.1.1.1a
PowerArchiver 2010
PunkBuster Services
Quake Live Mozilla Plugin
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Rosetta Stone Version 3
Ruslanka
Samsung ML-2010 Series
Samsung ML-2010 Series SmartPanel
Scrabble Deluxe
Security Task Manager 1.8d
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Skat-Online V8
Skype Click to Call
Skype™ 5.5
SpeedFan (remove only)
Spybot - Search & Destroy 2
Steamless Left4Dead2 Pack
TeamViewer 6
Trillian
TrueCrypt
TuneUp Companion 2.2.7
TuneUp Utilities 2011
TuneUp Utilities Language Pack (de-DE)
Ubisoft Game Launcher
Ultralingua 7.1
USB-ìîäåì «Áèëàéí»
VC80CRTRedist - 8.0.50727.4053
Veetle TV 0.9.18
VLC media player 1.0.5
Vokabeltrainer-Update 6.0.11
vShare.tv plugin 1.3
Winload Toolbar
XBMC
ZehnFinger5 5.21
.
==== End Of File ===========================

Alt 19.02.2012, 10:31   #2
peterw24
 
Win32.GenericFF C:\Users\xyz~1\AppData\Local\Temp\5aiEDC7.exe - Standard

Win32.GenericFF C:\Users\xyz~1\AppData\Local\Temp\5aiEDC7.exe



Hi liebes Team,

ein kurzes update, ich hoffe es hilft weiter:
Ich habe ein versteckten Ordner mit dem Namen Systemhost gefunden in dem dateien mit komischen Namen drinn waren. Habe diesen geloescht(vorher gesichert) und seit dem habe ich die Datei "5aiEDC7.exe" oder ihre generierte Form nicht mehr im Windows temp Ordner.

Allerdings scheint etwas immer noch nicht zu funktionieren und es waren auch nicht der beschriebene Ordner zu finden, wie bei Nutzer "kaisa".

Mein Internet funktioniert nach wie vor nicht, nur die Minianwendungen fuer das Wetter und Waehrungskurs, ich verstehe nicht warum? Soll ich das vielleicht in ein anderes Unterforum posten?

Ich hoffe wirklich ihr koennt mir weiter helfen!!!

Anbei habe ich die neuen log gepostet, ich hoffe es hift!

Vielen Dank!!!

Viele Gruesse, Pete

Zitat:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume3
Install Date: 12.06.2010 00:20:13
System Uptime: 19.02.2012 12:33:34 (0 hours ago)
.
Motherboard: Dell Inc. | |
Processor: Intel(R) Core(TM)2 Duo CPU T8100 @ 2.10GHz | Microprocessor | 2101/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 223 GiB total, 16,35 GiB free.
D: is FIXED (NTFS) - 233 GiB total, 1,341 GiB free.
E: is FIXED (NTFS) - 10 GiB total, 0,747 GiB free.
F: is CDROM ()
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Basissystemgerät
Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_02561028&REV_12\4&2CB1F2EC&0&0AF0
Manufacturer:
Name: Basissystemgerät
PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_02561028&REV_12\4&2CB1F2EC&0&0AF0
Service:
.
Class GUID:
Description: Basissystemgerät
Device ID: PCI\VEN_1180&DEV_0852&SUBSYS_02561028&REV_12\4&2CB1F2EC&0&0CF0
Manufacturer:
Name: Basissystemgerät
PNP Device ID: PCI\VEN_1180&DEV_0852&SUBSYS_02561028&REV_12\4&2CB1F2EC&0&0CF0
Service:
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Broadcom NetLink (TM)-Gigabit-Ethernet
Device ID: PCI\VEN_14E4&DEV_1698&SUBSYS_02561028&REV_10\4&28B95307&0&00E5
Manufacturer: Broadcom
Name: Broadcom NetLink (TM)-Gigabit-Ethernet
PNP Device ID: PCI\VEN_14E4&DEV_1698&SUBSYS_02561028&REV_10\4&28B95307&0&00E5
Service: k57nd60a
.
Class GUID:
Description:
Device ID: ACPI\ITE8708\4&1E0559A0&0
Manufacturer:
Name:
PNP Device ID: ACPI\ITE8708\4&1E0559A0&0
Service:
.
Class GUID:
Description: Basissystemgerät
Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_02561028&REV_12\4&2CB1F2EC&0&0BF0
Manufacturer:
Name: Basissystemgerät
PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_02561028&REV_12\4&2CB1F2EC&0&0BF0
Service:
.
Class GUID:
Description: Fingerprint Sensor
Device ID: USB\VID_08FF&PID_2810\5&26DAF38B&0&2
Manufacturer:
Name: Fingerprint Sensor
PNP Device ID: USB\VID_08FF&PID_2810\5&26DAF38B&0&2
Service:
.
==== System Restore Points ===================
.
RP361: 17.02.2012 14:42:41 - ARO 2012 - Before Installation
RP362: 17.02.2012 14:43:28 - ARO 2012 - FIRST RUN
RP363: 17.02.2012 14:57:25 - ARO 2012 Fri, Feb 17, 12 14:57
RP364: 17.02.2012 15:01:16 - ARO 2012- Before One Click
RP365: 17.02.2012 15:22:35 - Removed Grammatica
RP366: 17.02.2012 15:40:29 - ARO 2012 Fri, Feb 17, 12 15:40
.
==== Installed Programs ======================
.
ABBYY Lingvo x3
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.3 - Deutsch
Apple Application Support
Apple Software Update
Ask Toolbar Updater
avast! Free Antivirus
Back4WinXP
Balabolka
BitTorrent
Business English Wortschatztrainer 5.0
calibre
CamStudio
Combined Community Codec Pack 2009-09-09
CoreAAC
DAEMON Tools Toolbar
DeepBurner Pro v1.9.0.228
Defcon v1.5 de rtl
DivX-Setup
Duden-Rechtschreibprüfung PLUS
EasyBits GO
eMule
Facebook Video Calling 1.1.1.1
FoxyTunes for Firefox
Funmoods on IE and Chrome
Goldman Sachs Rohstoff Radar Screen Saver
GOM PICKER
GOM Player
GOM Video Converter
Google Chrome
Google Earth Plug-in
Google Update Helper
IBM SPSS Statistics 19
ICQ Toolbar
ICQ7.2
in mind pro
Java Auto Updater
Java(TM) 6 Update 26
JDownloader 0.9
KaloMa 4.92
Langenscheidt Vokabeltrainer 6.0 Englisch
LECTURNITY Player
ManyCam 2.6.65 (remove only)
Mein Gutscheincode Finder 1.0.0.0
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Miranda IM 0.8.25
MobiOne 1.3.2
Mobipocket Reader 6.2
Mozilla Firefox 10.0 (x86 de)
Mozilla Thunderbird 10.0 (x86 de)
MPEG2 Codec(libmpeg2/mad)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero BurnLite 10
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Update
OpenAL
Opera 11.50
PDFCreator
pdfforge Toolbar v4.9
phase-6 2.1.1.1a
PowerArchiver 2010
PunkBuster Services
Quake Live Mozilla Plugin
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Rosetta Stone Version 3
Ruslanka
Samsung ML-2010 Series
Samsung ML-2010 Series SmartPanel
Scrabble Deluxe
Security Task Manager 1.8d
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Skat-Online V8
Skype Click to Call
Skype™ 5.5
SpeedFan (remove only)
Spybot - Search & Destroy 2
Steamless Left4Dead2 Pack
TeamViewer 6
Trillian
TrueCrypt
TuneUp Companion 2.2.7
TuneUp Utilities 2011
TuneUp Utilities Language Pack (de-DE)
Ubisoft Game Launcher
USB-ìîäåì «Áèëàéí»
VC80CRTRedist - 8.0.50727.4053
Veetle TV 0.9.18
VLC media player 1.0.5
Vokabeltrainer-Update 6.0.11
vShare.tv plugin 1.3
Winload Toolbar
XBMC
ZehnFinger5 5.21
.
==== End Of File ===========================
Zitat:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
Run by xyz at 12:44:44 on 2012-02-19
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.4094.2725 [GMT 4:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Spybot - Search && Destroy *Disabled/Outdated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\ABBYY\Lingvo\14.0\Licensing\NetworkLicenseServer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
uURLSearchHooks: Winload Toolbar: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\tbWin0.dll
mURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
mURLSearchHooks: Winload Toolbar: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\tbWin0.dll
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Winload Toolbar: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\tbWin0.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB: Winload Toolbar: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\tbWin0.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: VShareToolBar: {7ac3e13b-3bca-4158-b330-f66dbb03c1b5} -
EB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
uRun: [Adobe Acrobat Synchronizer] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [ManyCam] "C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe" /silent
uRun: [AROReminder] C:\Program Files (x86)\ARO 2012\ARO.exe -rem
mRun: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [autodetect] C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
dRun: [Duden Korrektor SysTray] C:\Program Files (x86)\Duden\Duden-Rechtschreibprüfung\DKTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: An OneNote s&enden - C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xcel exportieren - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Übersetzen mit ABBYY Lingvo x&3 - C:\Program Files (x86)\ABBYY Lingvo x3\Lingvo.exe/3000
IE: {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files (x86)\PlotSoft\PDFill\DownloadPDF.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{14B49A7C-51EB-46CC-8459-A650F1070749} : NameServer = 132.195.113.109,132.195.20.3
TCP: Interfaces\{3033541A-FF72-4829-9FE0-A2ACA9CB5CEC} : DhcpNameServer = 10.142.1.222
TCP: Interfaces\{3033541A-FF72-4829-9FE0-A2ACA9CB5CEC}\75942554 : DhcpNameServer = 10.142.1.222
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
mASetup: 6de2ed6f-0b56-4d57-b0f0-551ec8cbb27f - C:\ProgramData\Duden\dkreg.exe /dktray=on /csapi=on /ALLUSERS
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{3049C3E9-B461-4BC5-8870-4C09146192CA}
{40c3cc16-7269-4b32-9531-17f2950fb06f}
{53707962-6F74-2D53-2644-206D7942484F}
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
{AE7CD045-E861-484f-8273-0445EE161910}
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{F4971EE7-DAA0-4053-9964-665D8EE6A077}
{855F3B16-6D32-4FE6-8A56-BBB695989046}
{32099AAC-C132-4136-9E9A-4E364A424E17}
{40c3cc16-7269-4b32-9531-17f2950fb06f}
{47833539-D0C5-4125-9FA8-0819E2EAAC93}
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
EB-X64: {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
mRun-x64: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [autodetect] C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun-x64: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
IE-X64: {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
IE-X64: {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files (x86)\PlotSoft\PDFill\DownloadPDF.exe
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\xyz\AppData\Roaming\Mozilla\Firefox\Profiles\sjs8wq95.default\
FF - prefs.js: browser.search.selectedEngine - Яндекс
FF - prefs.js: browser.startup.homepage - hxxp://start.funmoods.com/?f=1&a=ddrnw
FF - prefs.js: keyword.URL - hxxp://yandex.ru/yandsearch?clid=1769047&text=
FF - component: C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: C:\Users\xyz\AppData\Roaming\Mozilla\Firefox\Profiles\sjs8wq95.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - component: C:\Users\xyz\AppData\Roaming\Mozilla\Firefox\Profiles\sjs8wq95.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\xyz\AppData\Roaming\Mozilla\Firefox\Profiles\sjs8wq95.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: C:\Users\xyz\AppData\Roaming\Mozilla\Firefox\Profiles\sjs8wq95.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - component: C:\Users\xyz\AppData\Roaming\Mozilla\Firefox\Profiles\sjs8wq95.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: C:\Users\xyz\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\xyz\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
.
pref('extensions.shownSelectionUI',true); pref('extensions.autoDisableScopes',0);FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=ddrnw
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=ddrnw
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=ddrnw&q=
FF - user.js: extensions.funmoods_i.id - e89cdbbc000000000000001fe1c1f5f2
FF - user.js: extensions.funmoods_i.instlDay - 15374
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.162:21:35
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - ddrnw
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 ABBYY.Licensing.Lingvo.Desktop.14.0;ABBYY Lingvo x3 Lizenz-Service;C:\Program Files (x86)\Common Files\ABBYY\Lingvo\14.0\Licensing\NetworkLicenseServer.exe [2010-12-5 808224]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-2-10 44768]
R2 ICQ Service;ICQ Service;C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-6-12 246520]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-1-26 573224]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-2-11 1185704]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-2-11 166528]
R2 SSPORT;SSPORT;\??\C:\Windows\system32\Drivers\SSPORT.sys --> C:\Windows\system32\Drivers\SSPORT.sys [?]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-5-4 2280312]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-7-15 2027840]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\system32\DRIVERS\ManyCam_x64.sys --> C:\Windows\system32\DRIVERS\ManyCam_x64.sys [?]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2011-3-24 148072]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-10-7 11856]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-28 136176]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-2-11 1181104]
S3 gupdatem;Google Update-Dienst (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-28 136176]
S3 k57nd60a;Broadcom NetLink (TM)-Gigabit-Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
S3 massfilter;ZTE Mass Storage Filter Driver;C:\Windows\system32\drivers\massfilter.sys --> C:\Windows\system32\drivers\massfilter.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 StorSvc;Speicherdienst;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2011-12-14 748440]
.
=============== Created Last 30 ================
.
2012-02-17 20:53:15 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E746E488-1251-4FAA-8D9C-2E907BFDE55F}\mpengine.dll
2012-02-17 10:43:23 -------- d-----w- C:\Users\xyz\AppData\Roaming\Sammsoft
2012-02-17 10:43:01 -------- d-----w- C:\Program Files (x86)\ARO 2012
2012-02-15 23:02:02 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-02-15 07:38:42 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-02-15 07:38:29 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-02-15 07:38:07 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-02-15 07:38:07 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2012-02-14 07:39:48 -------- d-----w- C:\Users\xyz\AppData\Local\Apps
2012-02-12 13:00:11 -------- d-----w- C:\Windows\rescache
2012-02-11 21:40:34 -------- d-----w- C:\antivirprog
2012-02-11 15:12:08 -------- d-----w- C:\Windows\System32\SPReview
2012-02-11 06:16:16 -------- d-----w- C:\Windows\System32\EventProviders
2012-02-10 21:05:20 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2012-02-10 08:20:54 601944 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-02-10 08:20:41 65368 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-02-10 08:19:43 41184 ----a-w- C:\Windows\avastSS.scr
2012-02-10 08:19:35 -------- d-----w- C:\ProgramData\AVAST Software
2012-02-10 08:19:35 -------- d-----w- C:\Program Files\AVAST Software
2012-02-09 23:44:13 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-02-09 23:41:45 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2012-02-09 10:05:20 -------- d-----w- C:\Users\xyz\AppData\Roaming\kFv3DjpT2zpne1z
2012-02-09 10:05:20 -------- d-----w- C:\kFv3DjpT2zpne1z
2012-02-08 14:39:45 -------- d-----w- C:\Users\xyz\.phase-6
2012-02-08 14:29:09 -------- d-----w- C:\ProgramData\Phase6
2012-02-08 14:29:02 -------- d-----w- C:\Program Files (x86)\phase-6
2012-02-07 23:02:08 -------- d-----w- C:\Program Files (x86)\GNU
2012-02-07 23:02:02 -------- d-----w- C:\Program Files (x86)\CoreAAC
2012-02-07 23:01:46 -------- d-----w- C:\ProgramData\GRETECH
2012-02-04 22:34:57 -------- d-----w- C:\jdl2
2012-02-04 22:21:35 -------- d-----w- C:\Program Files (x86)\Funmoods
2012-02-04 22:19:45 -------- d-----w- C:\Program Files (x86)\JDownloader2
2012-02-02 18:20:26 -------- d-----w- C:\Program Files (x86)\Grammatica
2012-01-24 07:57:25 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-24 07:57:25 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-24 07:57:25 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-24 07:57:25 45016 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
.
==================== Find3M ====================
.
2012-02-11 20:27:05 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-02-11 20:27:05 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-01-26 20:52:58 279656 ------w- C:\Windows\System32\MpSigStub.exe
2011-12-16 08:47:38 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-12-16 07:54:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-12-16 06:44:38 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-12-16 06:09:17 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 12:45:45,48 ===============
__________________


Antwort

Themen zu Win32.GenericFF C:\Users\xyz~1\AppData\Local\Temp\5aiEDC7.exe
4d36e972-e325-11ce-bfc1-08002be10318, adobe, avast, cpu, defender, document, explorer, firefox, flash player, google, google earth, helper, hijack, hijackthis, hängen, internet, jdownloader, kaspersky, kein internet, mozilla, pdf, problem, security, software, svchost.exe, system, temp, tracker, updates, windows, winload toolbar



Ähnliche Themen: Win32.GenericFF C:\Users\xyz~1\AppData\Local\Temp\5aiEDC7.exe


  1. TR/Agent.7375 in C:\Users\HerrTest\AppData\Local\Temp\nscA085.tmp\temp\5FT.zip
    Log-Analyse und Auswertung - 18.10.2015 (13)
  2. C:\Users\****\AppData\Local\Temp\jrscpls.exe
    Plagegeister aller Art und deren Bekämpfung - 30.09.2013 (39)
  3. C:\Users\*****\AppData\Local\Temp\jrscpls.exe
    Plagegeister aller Art und deren Bekämpfung - 23.02.2013 (3)
  4. C:\Users\AS8\AppData\Local\Temp\wgsdgsdgdsgsd.exe - Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 07.11.2012 (12)
  5. C:/Users/User/AppData/Local/Temp/er_00_0_l.exe
    Log-Analyse und Auswertung - 17.10.2012 (4)
  6. C:/Users/User/AppData/Local/Temp/i4jdel0.exe
    Plagegeister aller Art und deren Bekämpfung - 20.09.2012 (5)
  7. C:\Users\Name\AppData\Local\Temp\g7i0ol_kaz.exe, was ist das??
    Plagegeister aller Art und deren Bekämpfung - 10.08.2012 (15)
  8. BKA Trojaner | C:\Users\~Name\AppData\Local\Temp\g7i0ol_kaz.exe
    Plagegeister aller Art und deren Bekämpfung - 30.07.2012 (5)
  9. TR/Sirefef.P.308 in C:\Users\*\AppData\Local\Temp\msimg32.dll
    Log-Analyse und Auswertung - 15.06.2012 (12)
  10. c:\users\***\appdata\local\temp\vcplt.dll
    Plagegeister aller Art und deren Bekämpfung - 05.06.2012 (21)
  11. C:\Users\***\AppData\Local\Temp!
    Plagegeister aller Art und deren Bekämpfung - 26.03.2012 (1)
  12. C:\Users\Melissa\AppData\Local\Temp\hdwwdial.dll
    Log-Analyse und Auswertung - 06.05.2011 (23)
  13. C:/Users/Appdata/Local/Temp/WAB.log
    Log-Analyse und Auswertung - 21.04.2011 (3)
  14. TR/FraudPack.kvb.76 in C:\Users\***\AppData\Local\Temp\Fj0.exe
    Plagegeister aller Art und deren Bekämpfung - 31.12.2010 (4)
  15. Virus unter C:\Users\***\AppData\Local\Temp
    Plagegeister aller Art und deren Bekämpfung - 06.07.2010 (2)
  16. XxX.xXx Malware in C:\Users\***\AppData\Local\Temp\XxX.xXx
    Plagegeister aller Art und deren Bekämpfung - 11.05.2010 (10)
  17. BDS/Bredavi.azd in C:\Users\****\AppData\Local\Temp\****.exe
    Plagegeister aller Art und deren Bekämpfung - 29.11.2009 (8)

Zum Thema Win32.GenericFF C:\Users\xyz~1\AppData\Local\Temp\5aiEDC7.exe - Hallo, habe mir den oben genannten Plagegeist eingefangen und werde ihn nicht mehr los, schon alles moegliche ausprobiert.(Hijackthis,Spybot S&D,Kaspersky, Avast; natuerlich bei den Antivirusprog neuinstalliert, also nie 2 Antivirenprog auf - Win32.GenericFF C:\Users\xyz~1\AppData\Local\Temp\5aiEDC7.exe...
Archiv
Du betrachtest: Win32.GenericFF C:\Users\xyz~1\AppData\Local\Temp\5aiEDC7.exe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.