Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Google leitet auf Werbeseiten um

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 19.05.2012, 12:57   #1
TheDon
 
Google leitet auf Werbeseiten um - Standard

Google leitet auf Werbeseiten um



Hallo erstmal an alle, habe mich gerade hier angemeldet

Ich habe ein kleines Problem mit dem PC eines Bekannten. Er schilderte mir das sein Laptop seid kurzem so gut wie alle google Suchen auf Seiten wie "Rocketnews.com" usw. umleitet.

da ich selbst nicht unbedingt "Anfänger" auf diesem Gebiet bin habe ich erst einmal Kaspersky AntiVirus laufen lassen, nichts wurde gefunden.

Als nächstes kam HijackThis dran. Der fand etwas (R03 Problem) welches ich habe fixen lassen. Soweit so gut. Leider leitet Google immer noch auf andere Seiten um.

Habe mich hier im Forum etwas informiert und habe mal "ComboFix" laufen lassen und habe ein LogFile erhalten (ann ich posten sobald ich es auf meinem Rechner habe).

Nun bin ich leider ratlos und auf eure hilfe angewiesen.

System läuft mit Windows 7 Professional 64 Bit, Intel Core2Duo 2,10 Ghz, 4GB Ram

danke schonmal für eure Antworten

MfG

EDIT: Ich werde hier gleich noch die verschiedenen LogFiles posten.

hier sind die LogFiles:

Combofix Logfile:

[SPOILER]
Code:
ATTFilter
ComboFix 12-05-19.01 - Otte 19.05.2012  13:22:09.1.2 - x64
Microsoft Windows 7 Professional   6.1.7600.0.1252.49.1031.18.4061.2328 [GMT 2:00]
ausgef¸hrt von:: c:\users\Otte\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Lˆschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Otte\Desktop\frische Musik\Einzelne Lieder - Untitled 1\_desktop.ini
c:\users\Otte\Documents\~WRL0003.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-04-19 bis 2012-05-19  ))))))))))))))))))))))))))))))
.
.
2012-05-19 11:28 . 2012-05-19 11:28	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-05-19 10:54 . 2012-05-19 10:54	--------	d-----w-	c:\users\Otte\AppData\Roaming\Malwarebytes
2012-05-19 10:54 . 2012-05-19 10:54	--------	d-----w-	c:\programdata\Malwarebytes
2012-05-19 10:54 . 2012-04-04 13:56	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-05-19 10:54 . 2012-05-19 10:54	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-19 09:49 . 2012-05-19 11:33	--------	d-----w-	c:\programdata\Kaspersky Lab
2012-05-19 09:49 . 2012-05-19 09:49	--------	d-----w-	c:\program files (x86)\Kaspersky Lab
2012-05-19 09:44 . 2012-05-19 09:44	--------	d-----w-	c:\program files\CCleaner
2012-05-13 16:09 . 2012-03-03 06:29	1541120	----a-w-	c:\windows\system32\DWrite.dll
2012-05-13 16:09 . 2012-03-03 06:29	320512	----a-w-	c:\windows\system32\d3d10_1core.dll
2012-05-13 16:09 . 2012-03-03 06:29	1837568	----a-w-	c:\windows\system32\d3d10warp.dll
2012-05-13 16:09 . 2012-03-03 05:40	1074176	----a-w-	c:\windows\SysWow64\DWrite.dll
2012-05-13 16:09 . 2012-03-03 05:40	218624	----a-w-	c:\windows\SysWow64\d3d10_1core.dll
2012-05-13 16:09 . 2012-03-03 06:29	197120	----a-w-	c:\windows\system32\d3d10_1.dll
2012-05-13 16:09 . 2012-03-03 06:29	902656	----a-w-	c:\windows\system32\d2d1.dll
2012-05-13 16:09 . 2012-03-03 05:40	1170944	----a-w-	c:\windows\SysWow64\d3d10warp.dll
2012-05-13 16:09 . 2012-03-03 05:40	739840	----a-w-	c:\windows\SysWow64\d2d1.dll
2012-05-13 16:09 . 2012-03-03 05:40	161792	----a-w-	c:\windows\SysWow64\d3d10_1.dll
2012-05-13 16:06 . 2012-04-02 05:34	5504880	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-13 16:06 . 2012-04-02 04:46	3958128	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-05-13 16:06 . 2012-04-02 04:46	3902320	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-05-13 16:06 . 2012-04-02 03:01	3143680	----a-w-	c:\windows\system32\win32k.sys
2012-05-13 16:06 . 2012-03-17 07:55	75632	----a-w-	c:\windows\system32\drivers\partmgr.sys
2012-05-13 16:06 . 2012-03-30 11:09	1895280	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-05-13 16:06 . 2012-04-02 05:26	1732096	----a-w-	c:\program files\Windows Journal\NBDoc.DLL
2012-05-13 16:06 . 2012-04-02 05:24	1367552	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-13 16:06 . 2012-04-02 05:24	1402880	----a-w-	c:\program files\Windows Journal\JNWDRV.dll
2012-05-13 16:06 . 2012-04-02 05:24	1393664	----a-w-	c:\program files\Windows Journal\JNTFiltr.dll
2012-05-13 16:06 . 2012-04-02 04:40	936960	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-02 16:45 . 2012-05-02 16:45	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2012-05-02 16:45 . 2012-05-02 16:45	157352	----a-w-	c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-02 16:45 . 2012-05-02 16:45	129976	----a-w-	c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-25 19:36 . 2012-04-25 19:36	--------	d-----w-	c:\users\Otte\AppData\Local\Zattoo
2012-04-23 17:04 . 2012-04-23 17:04	139264	--sha-r-	c:\windows\SysWow64\msvcp604.dll
2012-04-22 20:01 . 2012-04-13 08:46	8917360	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{5E059494-3FB4-404F-AAA2-CBEC6A223CAF}\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-01 06:54 . 2012-04-11 19:28	22896	----a-w-	c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:45 . 2012-04-11 19:28	220672	----a-w-	c:\windows\system32\wintrust.dll
2012-03-01 06:40 . 2012-04-11 19:28	80896	----a-w-	c:\windows\system32\imagehlp.dll
2012-03-01 06:35 . 2012-04-11 19:28	5120	----a-w-	c:\windows\system32\wmi.dll
2012-03-01 05:49 . 2012-04-11 19:28	172544	----a-w-	c:\windows\SysWow64\wintrust.dll
2012-03-01 05:45 . 2012-04-11 19:28	158720	----a-w-	c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:40 . 2012-04-11 19:28	5120	----a-w-	c:\windows\SysWow64\wmi.dll
2012-02-28 06:56 . 2012-04-11 19:29	2311168	----a-w-	c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-11 19:29	1390080	----a-w-	c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-11 19:29	1493504	----a-w-	c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-11 19:29	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-11 19:29	1799168	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-11 19:29	1427456	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-11 19:29	1127424	----a-w-	c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-11 19:29	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-02-23 20:28 . 2012-02-23 20:28	86528	----a-w-	c:\windows\SysWow64\iesysprep.dll
2012-02-23 20:28 . 2012-02-23 20:28	76800	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2012-02-23 20:28 . 2012-02-23 20:28	74752	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-02-23 20:28 . 2012-02-23 20:28	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2012-02-23 20:28 . 2012-02-23 20:28	161792	----a-w-	c:\windows\SysWow64\msls31.dll
2012-02-23 20:28 . 2012-02-23 20:28	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2012-02-23 20:28 . 2012-02-23 20:28	91648	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2012-02-23 20:28 . 2012-02-23 20:28	89088	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2012-02-23 20:28 . 2012-02-23 20:28	85504	----a-w-	c:\windows\system32\iesetup.dll
2012-02-23 20:28 . 2012-02-23 20:28	76800	----a-w-	c:\windows\system32\tdc.ocx
2012-02-23 20:28 . 2012-02-23 20:28	74752	----a-w-	c:\windows\SysWow64\iesetup.dll
2012-02-23 20:28 . 2012-02-23 20:28	63488	----a-w-	c:\windows\SysWow64\tdc.ocx
2012-02-23 20:28 . 2012-02-23 20:28	603648	----a-w-	c:\windows\system32\vbscript.dll
2012-02-23 20:28 . 2012-02-23 20:28	49664	----a-w-	c:\windows\system32\imgutil.dll
2012-02-23 20:28 . 2012-02-23 20:28	48640	----a-w-	c:\windows\system32\mshtmler.dll
2012-02-23 20:28 . 2012-02-23 20:28	448512	----a-w-	c:\windows\system32\html.iec
2012-02-23 20:28 . 2012-02-23 20:28	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-02-23 20:28 . 2012-02-23 20:28	367104	----a-w-	c:\windows\SysWow64\html.iec
2012-02-23 20:28 . 2012-02-23 20:28	35840	----a-w-	c:\windows\SysWow64\imgutil.dll
2012-02-23 20:28 . 2012-02-23 20:28	30720	----a-w-	c:\windows\system32\licmgr10.dll
2012-02-23 20:28 . 2012-02-23 20:28	23552	----a-w-	c:\windows\SysWow64\licmgr10.dll
2012-02-23 20:28 . 2012-02-23 20:28	222208	----a-w-	c:\windows\system32\msls31.dll
2012-02-23 20:28 . 2012-02-23 20:28	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-02-23 20:28 . 2012-02-23 20:28	165888	----a-w-	c:\windows\system32\iexpress.exe
2012-02-23 20:28 . 2012-02-23 20:28	160256	----a-w-	c:\windows\system32\wextract.exe
2012-02-23 20:28 . 2012-02-23 20:28	152064	----a-w-	c:\windows\SysWow64\wextract.exe
2012-02-23 20:28 . 2012-02-23 20:28	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2012-02-23 20:28 . 2012-02-23 20:28	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-02-23 20:28 . 2012-02-23 20:28	135168	----a-w-	c:\windows\system32\IEAdvpack.dll
2012-02-23 20:28 . 2012-02-23 20:28	12288	----a-w-	c:\windows\system32\mshta.exe
2012-02-23 20:28 . 2012-02-23 20:28	11776	----a-w-	c:\windows\SysWow64\mshta.exe
2012-02-23 20:28 . 2012-02-23 20:28	114176	----a-w-	c:\windows\system32\admparse.dll
2012-02-23 20:28 . 2012-02-23 20:28	111616	----a-w-	c:\windows\system32\iesysprep.dll
2012-02-23 20:28 . 2012-02-23 20:28	101888	----a-w-	c:\windows\SysWow64\admparse.dll
2012-02-23 08:18 . 2011-11-10 17:38	279656	------w-	c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Eintr‰ge & legitime Standardeintr‰ge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EC136321-1AE5-4A7F-B01C-5380D666175B}]
2011-10-30 13:44	126880	----a-w-	c:\program files (x86)\icq\Internet Explorer\icq.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-01 98304]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" [2011-04-24 202296]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-02 129976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2011-08-17 247872]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 yukonw7;NDIS6.2-Miniporttreiber f¸r Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-19 c:\windows\Tasks\Nqix.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-29 8123936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zus‰tzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Otte\AppData\Roaming\Mozilla\Firefox\Profiles\scxvpm1g.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseintr‰ge - - - -
.
Wow6432Node-HKCU-Run-ICQ - c:\program files (x86)\ICQ7.7\ICQ.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Macromedia Shockwave Player - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-05-19  13:38:51 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-05-19 11:38
.
Vor Suchlauf: 7 Verzeichnis(se), 10.090.749.952 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 10.056.921.088 Bytes frei
.
- - End Of File - - 818C3AC203300B568A1533B1F3E04AB5
         
[/SPOILER]


HiJackthis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:07:25, on 19.05.2012
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Otte\Downloads\HiJackThis204.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
O2 - BHO: icqBHO - {EC136321-1AE5-4A7F-B01C-5380D666175B} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
O9 - Extra button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (file missing)
O9 - Extra button: Verkn�pfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verkn�pfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: ICQ Service - Unknown owner - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8841 bytes
         
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 19.05.2012 16:48:23 - Run 1
OTL by OldTimer - Version 3.2.43.0     Folder = C:\Users\***\Downloads
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 2,24 Gb Available Physical Memory | 56,47% Memory free
7,93 Gb Paging File | 6,25 Gb Available in Paging File | 78,81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 29,69 Gb Free Space | 30,43% Space Free | Partition Type: NTFS
Drive D: | 339,50 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 368,10 Gb Total Space | 324,75 Gb Free Space | 88,22% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (tifsfilter) -- C:\Windows\SysNative\drivers\tifsfilt.sys (Acronis)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (SABI) -- C:\Windows\SysNative\drivers\SABI.sys (SAMSUNG ELECTRONICS)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9F DE F7 85 CE 9F CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru [2012.05.19 13:01:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.05.19 13:01:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.02 18:45:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.12 18:19:59 | 000,000,000 | ---D | M]
 
[2011.11.10 19:56:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.05.02 18:49:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\scxvpm1g.default\extensions
[2012.03.28 21:35:50 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\scxvpm1g.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.02.18 17:36:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.02.18 21:14:28 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SCXVPM1G.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.05.02 18:45:01 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.11.10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.18 17:36:45 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.18 17:36:45 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.18 17:36:45 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.18 17:36:45 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.18 17:36:45 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.18 17:36:45 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.05.19 13:32:54 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (ICQ Sparberater) - {EC136321-1AE5-4A7F-B01C-5380D666175B} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe File not found
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe File not found
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97575CDD-EC6F-422D-85B4-C4982E266890}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002.03.18 10:13:04 | 000,000,051 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.19 14:58:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.05.19 14:46:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VCDS MFT
[2012.05.19 14:45:57 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2012.05.19 14:44:59 | 000,000,000 | ---D | C] -- C:\Diagnosetool
[2012.05.19 14:18:22 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.05.19 13:38:54 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.05.19 13:20:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.05.19 13:20:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.05.19 13:20:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.05.19 13:20:34 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012.05.19 13:20:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.05.19 13:20:13 | 004,498,946 | R--- | C] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe
[2012.05.19 12:54:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.05.19 12:54:28 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.05.19 12:54:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.19 12:54:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.19 12:54:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.05.19 11:50:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2012
[2012.05.19 11:49:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012.05.19 11:49:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2012.05.19 11:49:28 | 000,615,728 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012.05.19 11:44:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.05.19 11:44:21 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.05.13 18:09:45 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2012.05.13 18:09:45 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.05.13 18:09:45 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2012.05.13 18:09:44 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012.05.13 18:09:44 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012.05.13 18:06:53 | 005,504,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.05.13 18:06:52 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.05.13 18:06:52 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.05.02 18:45:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.05.02 18:45:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.04.25 21:36:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Zattoo
[2012.04.25 21:36:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zattoo4
[2012.04.25 21:36:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zattoo4
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.19 15:13:45 | 000,000,000 | -H-- | M] () -- C:\Windows\msds.dat
[2012.05.19 14:40:25 | 000,015,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.19 14:40:25 | 000,015,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.19 13:37:12 | 001,507,342 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.05.19 13:37:12 | 000,657,910 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.05.19 13:37:12 | 000,619,146 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.05.19 13:37:12 | 000,131,250 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.05.19 13:37:12 | 000,107,466 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.05.19 13:32:54 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.05.19 13:29:50 | 000,000,312 | ---- | M] () -- C:\Windows\tasks\Nqix.job
[2012.05.19 13:29:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.19 13:29:31 | 3193,393,152 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.19 13:18:18 | 004,498,946 | R--- | M] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe
[2012.05.19 11:50:35 | 000,152,233 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2012.05.19 11:50:35 | 000,107,177 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2012.05.19 11:49:28 | 000,615,728 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012.05.14 16:32:45 | 000,417,840 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.04.25 21:40:31 | 000,017,408 | ---- | M] () -- C:\Users\***\AppData\Local\WebpageIcons.db
[2012.04.25 21:36:35 | 000,000,796 | ---- | M] () -- C:\Users\***\Desktop\Zattoo.lnk
[2012.04.23 19:04:40 | 000,139,264 | RHS- | M] () -- C:\Windows\SysWow64\msvcp604.dll
 
========== Files Created - No Company Name ==========
 
[2012.05.19 15:13:45 | 000,000,000 | -H-- | C] () -- C:\Windows\msds.dat
[2012.05.19 13:20:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.05.19 13:20:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.05.19 13:20:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.05.19 13:20:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.05.19 13:20:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.05.19 11:50:35 | 000,152,233 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2012.05.19 11:50:35 | 000,107,177 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2012.04.25 21:36:38 | 000,017,408 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db
[2012.04.25 21:36:35 | 000,000,796 | ---- | C] () -- C:\Users\***\Desktop\Zattoo.lnk
[2012.04.23 19:04:40 | 000,139,264 | RHS- | C] () -- C:\Windows\SysWow64\msvcp604.dll
[2012.04.23 19:04:40 | 000,000,312 | ---- | C] () -- C:\Windows\tasks\Nqix.job
[2012.01.09 20:19:02 | 000,000,241 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012.01.09 20:19:02 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012.01.09 20:18:34 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.01.09 20:18:34 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012.01.09 20:16:54 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011.12.08 00:38:17 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.11.10 21:11:36 | 000,007,598 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2011.11.10 18:55:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

< End of report >
         
--- --- ---

[/CODE]

und hier die Extra Datei:

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 19.05.2012 16:48:23 - Run 1
OTL by OldTimer - Version 3.2.43.0     Folder = C:\Users\***\Downloads
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 2,24 Gb Available Physical Memory | 56,47% Memory free
7,93 Gb Paging File | 6,25 Gb Available in Paging File | 78,81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 29,69 Gb Free Space | 30,43% Space Free | Partition Type: NTFS
Drive D: | 339,50 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 368,10 Gb Total Space | 324,75 Gb Free Space | 88,22% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02AF374D-8700-4912-967C-7E6B63DEB67A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{088216D3-BD42-42C0-933B-9F48FD3DBEF6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{11C5B074-E4EA-4078-8F5C-9D928ADE5D04}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{198C8B75-C0B4-4EEF-8CBE-D069CC74A6B5}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{1B91A99E-9F50-4437-9833-1A1D406107C4}" = rport=445 | protocol=6 | dir=out | app=system | 
"{2DF3BD12-7F55-4AD8-AA6F-D90B4611135D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{35D9D9BF-CCE9-4C72-BF9D-3CD0EC280603}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{37C02B42-E2E5-4EFE-ABDC-27127AF9D4D2}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 | 
"{38C7F8A1-0A29-4AA3-A9F5-8CCEFFB3E162}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3BF7449D-C26B-466D-8C1E-71C04B3A01E6}" = rport=137 | protocol=17 | dir=out | app=system | 
"{41D64BDA-C36F-4961-9E6F-072E9030F6F8}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 | 
"{57AC4264-1A69-4B25-AFA9-54D4C4761172}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{74ECE899-E45D-40EC-8CDE-99D23F16C690}" = lport=445 | protocol=6 | dir=in | app=system | 
"{75868D0F-11EE-4EF8-90AE-4046092BA28C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{811A5DB9-7C57-4F32-9D2F-8EC58CD81DA6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9975587E-2CC5-44CD-AC4E-8FCC9D69BC25}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9E0AFA99-DC83-487C-AB5C-B8F4DC8B85D5}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{9ECD642A-40E3-4A92-9AED-F64580584109}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{9FDF087A-1A8E-4769-8FE9-6F578C6C2FDE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A735EB7B-06D7-4094-B10C-7BDDF6D6E1E5}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{A7A15D12-A4B8-4D96-9BA7-DA0CF0AD47FF}" = lport=139 | protocol=6 | dir=in | app=system | 
"{AD84E35C-6E4C-4D57-B143-037C17CB6534}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{B7844658-972B-4D40-9A67-64E5AD5DEC0E}" = lport=138 | protocol=17 | dir=in | app=system | 
"{BA5AF85E-39DE-4451-B24E-8750ABA1A3A8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C2864F46-64D4-40A4-AA49-91E4E142D4B2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CB6CF7D5-9A66-42A0-9FE4-CC2CA522ED54}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{D118A1CE-F7C7-498D-B584-0F7802396443}" = lport=137 | protocol=17 | dir=in | app=system | 
"{D2008A7A-A694-4882-BB02-88434D22AA82}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D3104FC5-7D84-4114-B0CE-3A32921F2EE9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D832F938-3405-41DA-85A7-186B45E0B38E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{DDCC8655-BA63-4EE3-B71F-21359A46699D}" = rport=139 | protocol=6 | dir=out | app=system | 
"{EED27AE5-BA8E-4D2A-A561-ECBB8D6675FF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FA656463-D85A-47BE-8E88-5F815D5707F8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FBC399D2-9DB6-4EDF-BC5E-1CAECD394C2F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05F978C7-A1C9-4BB0-9DF2-31766C5F0FD1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{0B073F2B-55AB-48B6-A93D-ABFFEF8A7732}" = protocol=6 | dir=out | app=system | 
"{1261F85F-F151-4D40-B95D-46AB20967147}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{174D6326-3F2F-4E7B-9A8B-7357CD475E77}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{1FDF12B8-F62F-41A3-80F0-8D114FCBCA07}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2318CD7B-1F1B-4037-8402-159D2EC778C1}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"{27F0DF93-E0F2-44C3-956E-B52C46108028}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{324C9DE0-08BE-4694-8C08-A12DDAD4AF95}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{358D3006-47F3-415C-924D-31C93A69105E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4512C2A6-9DE7-4B0E-A7AD-438D52FF88C9}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{49FA2C3B-9D5C-4FB1-AEBB-D82A6C42F05D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{51EC6EBF-58D7-4CD6-9736-8052442D0789}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{57DADB09-3911-4E2A-AAD5-078B6024411F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{623AD53C-35BF-4E83-8FEC-E716C3A39964}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{72BED88E-F6AE-4E29-B07D-58EF7FD245C0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{91AA0258-058F-4C70-9D13-01AA0E85CCC2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{980A8729-2652-473C-8E3D-D9A5308D55FD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9DD2A7F3-64B4-41B6-AB51-A3F31C978C99}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"{9E89F79F-54AD-4AD4-8092-987878EB730C}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"{9EBA99A2-B9E8-47CB-A9EC-102A79D3B259}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{A3241E86-5AB5-4286-8B4D-C60AEBEA9269}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A9A9CBC2-C664-4DD2-9980-BAEE187B9222}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{ADC992FA-9529-4764-AA68-357FDAB3300D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{AEF939F8-BB81-4645-997D-78F537D51CAF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B3223A30-AD9D-47B5-9665-ADC3C2B046E2}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"{B5B947B2-5843-4FE8-9ADB-000F6288EF02}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C3BA623F-8BF4-4F4F-A5FF-7F48FEDA2ACD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C3D4C089-AE5A-4D15-A2DC-9FE2234256FF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E40919DD-976F-4D13-9154-626FF1231F1E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{ECFB5883-3FEC-42A4-AF3E-452E5D974141}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{ED416BA1-852E-48B3-9C88-D935602C2C52}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EE60B338-4EFC-4A5E-9575-3A0454362E42}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{FA692E57-A123-4B12-B3A8-30D9D2E27C34}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FE03D05B-2EBC-4BB3-ADBF-720B56B59713}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{2C7079FF-145F-55D4-1798-8F142C8CE52D}" = ccc-utility64
"{3A44C087-94C4-CEA2-70EF-CFF112F451EA}" = ATI Catalyst Install Manager
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support
"{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"F2D626F9A8E5C6126BED6EBD3E3504D0B2AB8443" = Windows-Treiberpaket - Ross-Tech USB Driver Package (06/16/2010 2.06.02)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0613F79E-C012-BC98-6E9C-5A47AEE6D37A}" = CCC Help Korean
"{0A8CE3AA-99F2-5632-A8D2-636BE6CFE856}" = Catalyst Control Center Core Implementation
"{1664EB8B-057B-0E23-7245-ECE92849FF4C}" = ccc-core-static
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1DBD8607-39EE-B7F3-CDE6-A2095B0EE0C9}" = CCC Help Chinese Traditional
"{20167022-64F2-4836-B9C9-1DBAA6721FD4}" = CCC Help Hungarian
"{204DD5C2-441A-DADC-E765-595B5C1EDE88}" = CCC Help Norwegian
"{218E2C0C-4740-DBCB-C8E8-D67201A6500A}" = CCC Help English
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 30
"{3501AF2D-A97E-F6DB-521A-4E64EAEF5BDC}" = CCC Help Thai
"{3A7C46AC-060B-6CBF-1862-969F79A5B758}" = CCC Help French
"{3EB37B26-432C-467C-9FBC-9BDA0E6FBDD7}" = Catalyst Control Center InstallProxy
"{411429D5-83D1-2F9B-9F53-4524DCE99E6D}" = CCC Help Portuguese
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012
"{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}" = Brother MFL-Pro Suite MFC-250C
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54FBC914-82D7-E646-2916-B3C6D320E0B4}" = Catalyst Control Center Graphics Previews Vista
"{5D221DF2-F206-681F-75FE-1C7620BE69A7}" = CCC Help Greek
"{6B9EFC04-713D-F238-E388-F3CDA52E7880}" = Catalyst Control Center Graphics Light
"{6CB778E6-693F-7A2A-C5AD-C7743500D249}" = CCC Help Turkish
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7C2A05B5-A80C-4F33-A388-51D46790AC9F}" = VAG-COM 311 Deutsch
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{8666658B-62C2-11D8-A993-0050DA519711}" = VAG-COM 402 Deutsch
"{8D88074D-4378-C049-4264-EB3EE8AC155C}" = CCC Help Japanese
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{93E42FF5-065E-0D52-2777-8A1849CB8574}" = CCC Help Swedish
"{94D5097B-46D0-A1D9-8983-284E3C675CA9}" = Catalyst Control Center Localization All
"{961B4059-D1C0-43C8-095B-75A18BD0F8C8}" = CCC Help Polish
"{9B84A151-81CC-6133-D844-A189FDA1C34F}" = CCC Help Chinese Standard
"{9EC14056-1A97-11D8-A8F3-0050DA519711}" = VAG-COM 303 Deutsch
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AE86495C-42F9-F5BE-E878-7798456A509A}" = CCC Help Spanish
"{B6D8DC8C-F077-4631-A221-4D5E1D8E87E7}" = Catalyst Control Center - Branding
"{B7493783-F638-BEAE-C8C7-665C5A03E652}" = CCC Help Dutch
"{B82ABF2C-CBD3-5528-26DF-F1161A2B34BF}" = Catalyst Control Center Graphics Full New
"{B9B1B5D9-F96D-0257-A23C-8EA9ACCCF8CB}" = CCC Help Czech
"{C3181764-B8F3-A705-5362-86E37C476710}" = Catalyst Control Center Graphics Full Existing
"{DA146D61-5542-2F55-C5E4-49D26EBAAA5B}" = CCC Help Russian
"{DB0EF3C1-8AF4-1E28-267E-024999C11828}" = CCC Help Finnish
"{DBB62E6B-66F5-09D2-D2CC-C1877CDD9A8B}" = CCC Help Italian
"{E5141E62-8A90-D9A1-EB2D-C4D0D9940D90}" = CCC Help German
"{EC136321-1AE5-4A7F-B01C-5380D666175B}" = ICQ Sparberater
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F293A67D-04BB-6960-5D13-13F158796960}" = CCC Help Danish
"ESET Online Scanner" = ESET Online Scanner v3
"ICQToolbar" = ICQ Toolbar
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"VCDS MFT" = VCDS MFT 10
"VLC media player" = VLC media player 1.1.11
"Zattoo4" = Zattoo4 4.0.5
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 19.05.2012 08:58:37 | Computer Name = ***-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\***\Downloads\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
 
Error - 19.05.2012 08:59:10 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 19.05.2012 09:11:15 | Computer Name = ***-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\***\Downloads\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
 
Error - 19.05.2012 09:11:17 | Computer Name = ***-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\***\Downloads\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
 
Error - 19.05.2012 09:12:01 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 19.05.2012 09:15:51 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: VagCom-PCI-3113-S.exe, Version: 311.1.0.0,
 Zeitstempel: 0x3fbbbde7  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915,
 Zeitstempel: 0x4ec49d10  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002df85  ID des fehlerhaften
 Prozesses: 0xa54  Startzeit der fehlerhaften Anwendung: 0x01cd35c17e1666e3  Pfad der
 fehlerhaften Anwendung: C:\Users\***\Downloads\tada\VAG COM 311.3\VAG-COM 311.3
 Deutsch\VagCom-PCI-3113-S.exe  Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll
Berichtskennung:
 c0fe3188-a1b4-11e1-9582-002454169398
 
Error - 19.05.2012 09:16:03 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: VagCom-PCI-3113-S.exe, Version: 311.1.0.0,
 Zeitstempel: 0x3fbbbde7  Name des fehlerhaften Moduls: kernel32.dll, Version: 6.1.7600.16850,
 Zeitstempel: 0x4e211484  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00039a27  ID des fehlerhaften
 Prozesses: 0x13d4  Startzeit der fehlerhaften Anwendung: 0x01cd35c189b4346f  Pfad der
 fehlerhaften Anwendung: C:\Users\***\Downloads\tada\VAG COM 311.3\VAG-COM 311.3
 Deutsch\VagCom-PCI-3113-S.exe  Pfad des fehlerhaften Moduls: C:\Windows\syswow64\kernel32.dll
Berichtskennung:
 c890c7eb-a1b4-11e1-9582-002454169398
 
Error - 19.05.2012 09:16:37 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: VagCom-PCI-3113-S.exe, Version: 311.1.0.0,
 Zeitstempel: 0x3fbbbde7  Name des fehlerhaften Moduls: kernel32.dll, Version: 6.1.7600.16850,
 Zeitstempel: 0x4e211484  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00039a27  ID des fehlerhaften
 Prozesses: 0x111c  Startzeit der fehlerhaften Anwendung: 0x01cd35c19e8f686c  Pfad der
 fehlerhaften Anwendung: C:\Users\***\Downloads\tada\VAG COM 311.3\VAG-COM 311.3
 Deutsch\VagCom-PCI-3113-S.exe  Pfad des fehlerhaften Moduls: C:\Windows\syswow64\kernel32.dll
Berichtskennung:
 dc731954-a1b4-11e1-9582-002454169398
 
Error - 19.05.2012 09:17:05 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: VagCom-PCI-3113-S.exe, Version: 311.1.0.0,
 Zeitstempel: 0x3fbbbde7  Name des fehlerhaften Moduls: kernel32.dll, Version: 6.1.7600.16850,
 Zeitstempel: 0x4e211484  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00039a27  ID des fehlerhaften
 Prozesses: 0x1288  Startzeit der fehlerhaften Anwendung: 0x01cd35c1af201164  Pfad der
 fehlerhaften Anwendung: C:\Users\***\Downloads\tada\VAG COM 311.3\VAG-COM 311.3
 Deutsch\VagCom-PCI-3113-S.exe  Pfad des fehlerhaften Moduls: C:\Windows\syswow64\kernel32.dll
Berichtskennung:
 ed015143-a1b4-11e1-9582-002454169398
 
Error - 19.05.2012 10:00:42 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
[ System Events ]
Error - 18.02.2012 15:29:05 | Computer Name = ***-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 18.02.2012 15:29:06 | Computer Name = ***-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 20.02.2012 13:34:07 | Computer Name = ***-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 21.03.2012 19:37:39 | Computer Name = ***-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 19.05.2012 07:24:40 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 19.05.2012 07:27:56 | Computer Name = ***-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 19.05.2012 07:28:42 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 19.05.2012 07:29:52 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet: 
  %%126
 
Error - 19.05.2012 07:30:18 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-1073473535.
 
Error - 19.05.2012 07:30:18 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
 
< End of report >
         
--- --- ---

[/CODE]

Geändert von TheDon (19.05.2012 um 13:22 Uhr)

Alt 21.05.2012, 12:19   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Google leitet auf Werbeseiten um - Standard

Google leitet auf Werbeseiten um



Zitat:
Habe mich hier im Forum etwas informiert und habe mal "ComboFix" laufen lassen
Betonung liegt auf "etwas"
Einen ganz klaren Hinweis gibt es auch zu http://www.trojaner-board.de/95175-combofix.html
Zitat:

Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________

__________________

Alt 21.05.2012, 12:32   #3
TheDon
 
Google leitet auf Werbeseiten um - Standard

Google leitet auf Werbeseiten um



hat sich sowieso erledigt. Habe alle seine wichtigen Dateien gesichert, Windows neu aufgespielt und ihm ne Antiviren-Software verpasst. Sollte sich damit erledigt haben! Trotdem Danke.
__________________

Alt 21.05.2012, 12:33   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Google leitet auf Werbeseiten um - Standard

Google leitet auf Werbeseiten um



Ok, danke für die Info, aber in Zukunft bitte vorsichtiger bzgl. Combofix sein

Alt 21.05.2012, 12:36   #5
TheDon
 
Google leitet auf Werbeseiten um - Standard

Google leitet auf Werbeseiten um



auf jedenfall

wären auf diesem Gerät wichtige Daten und viel Zusatz-Software installiert gewesen hätte ich weiterhin auf eine Antwort hier gehofft. Habe mich dann aber wie schon erwähnt dazu entschieden den Laptop Neu aufzusetzen. In den meisten Fällen (wenn der Rechner erstmal "infiziert" ist) macht das ja sowieso am meisten Sinn


Antwort

Themen zu Google leitet auf Werbeseiten um
acrobat update, anfänger, angemeldet, antivirus, antworten, avp.exe, combofix, erhalte, forum, google, hijack, hijackthis, kaspersky, kleines, langs, laptop, leitet, logfile, microsoft office word, nichts, nodrives, ntdll.dll, plug-in, problem, problem mit dem pc, ratlos, rechner, richtlinie, searchscopes, seite, seiten, suche, unbedingt, version=1.0, werbeseite



Ähnliche Themen: Google leitet auf Werbeseiten um


  1. Google Chrome leitet mich ständig auf Werbeseiten bzw "Windows-Repair-Seiten" weiter, Musik ploppt auf
    Log-Analyse und Auswertung - 15.10.2015 (11)
  2. Win 8 - Firefox - Malware leitet auf Werbeseiten um - doppelt unterstrichene Begriffe
    Plagegeister aller Art und deren Bekämpfung - 11.08.2014 (25)
  3. Google leitet mich auf Werbeseiten um
    Log-Analyse und Auswertung - 19.10.2012 (20)
  4. google leitet mich auf falsche Seiten um (google redirect?)
    Log-Analyse und Auswertung - 14.08.2012 (20)
  5. Google leitet mich auf werbeseiten um
    Plagegeister aller Art und deren Bekämpfung - 20.06.2012 (13)
  6. Google leitet auf Werbeseiten (Rocketnews etc.) weiter
    Plagegeister aller Art und deren Bekämpfung - 30.05.2012 (1)
  7. Google leitet mich immer auf andere Websites( manchmal sogar auf google selbst)
    Plagegeister aller Art und deren Bekämpfung - 29.03.2012 (21)
  8. Google Chrome leitet Trojaner-Board Treffer bei Google auf dollarade.com um!
    Diskussionsforum - 07.02.2012 (18)
  9. 100ksearches leitet Google auf Werbeseiten um
    Log-Analyse und Auswertung - 20.07.2011 (1)
  10. Spybot lässt sich nicht öffnen und Google leitet auf Werbeseiten weiter
    Plagegeister aller Art und deren Bekämpfung - 27.08.2009 (3)
  11. SpyBot öffnet nicht, Google leitet auf Werbeseiten
    Log-Analyse und Auswertung - 18.03.2009 (8)
  12. Google leitet seiten weiter an werbeseiten
    Plagegeister aller Art und deren Bekämpfung - 26.01.2009 (9)
  13. Google leitet auf Werbeseiten um, keine Updates von Windows+AntivirenSoftware möglich
    Log-Analyse und Auswertung - 03.01.2009 (10)
  14. Google leitet mich auf Werbeseiten um.
    Plagegeister aller Art und deren Bekämpfung - 27.11.2008 (4)
  15. Firefox lahmt rum und leitet beim Anklicken von links auf irgendwelche Werbeseiten um
    Log-Analyse und Auswertung - 12.11.2008 (1)
  16. Google leitet auf Werbeseiten weiter. Bitte Log-File auswerten!
    Log-Analyse und Auswertung - 18.01.2008 (12)
  17. Google sucht korrekt, leitet aber auf unterschiedliche Werbeseiten
    Log-Analyse und Auswertung - 17.08.2007 (11)

Zum Thema Google leitet auf Werbeseiten um - Hallo erstmal an alle, habe mich gerade hier angemeldet Ich habe ein kleines Problem mit dem PC eines Bekannten. Er schilderte mir das sein Laptop seid kurzem so gut wie - Google leitet auf Werbeseiten um...
Archiv
Du betrachtest: Google leitet auf Werbeseiten um auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.