| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Googlesuche leitet falsch weiterWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
13.06.2013, 09:48
| #1 |
| |  Googlesuche leitet falsch weiter Hallo, nun hat es auch mich erwischt. Bei der Googlesuche (egal wecher Begriff) werde ich oft auf Spamseiten weitergeleitet. Da hier schon vielen geholfen wurde, dachte ich, ich probier es auch mal hier. Meine Versuche scheiterten bisher alle. Ich habe wie schon bei anderen empfohlen als erste Schritte den AdwCleander und DDS+ angewendet mit folgendem Ergebnis: AdwCleaner Code:
ATTFilter # AdwCleaner v2.303 - Datei am 13/06/2013 um 10:34:18 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : liebig - CUL-PC07
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\raimund.liebig\Desktop\Sicherheit\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16464
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v21.0 (de)
Datei : C:\Users\harrer-liebig\AppData\Roaming\Mozilla\Firefox\Profiles\0kvu9v8i.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S2].txt - [752 octets] - [13/06/2013 10:34:18]
########## EOF - \AdwCleaner[S2].txt - [811 octets] ##########
[CODE]. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT .DDS Logfile: Code:
ATTFilter DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume2 Install Date: 08.10.2012 14:33:06 System Uptime: 13.06.2013 10:35:00 (0 hours ago) . Motherboard: Dell Inc. | | 0M9KCM Processor: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz | CPU 1 | 3201/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 153 GiB total, 31,063 GiB free. D: is FIXED (NTFS) - 68 GiB total, 27,913 GiB free. X: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . 7-Zip 9.20 Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.7) - Deutsch Akamai NetSession Interface Apple Application Support Apple Mobile Device Support Apple Software Update ATI Catalyst Install Manager BioAPI Framework Bonjour Citrix XenApp Plugin für gehostete Anwendungen Creo Elements/Direct Modeling Express 4.0 ( x64 ) Custom D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dell Backup and Recovery Manager Dell Data Protection | Access Dell Druckersoftware-Deinstallation Dell Edoc Viewer DellAccess Desktop Restore Dropbox DWG TrueView 2013 EMBASSY Client Core FreePDF (Remove only) Gemalto Google Drive Google Earth Google Update Helper GPL Ghostscript HitmanPro 3.7 Image Resizer for Windows Image Resizer for Windows (64 bit) Inkscape 0.46 Intel(R) Control Center Intel(R) Management Engine Components Intel(R) Network Connections 16.8.45.00 Intel(R) OpenCL CPU Runtime Intel(R) Processor Graphics Intel(R) Rapid Storage Technology Intel(R) USB 3.0 eXtensible Host Controller Driver Intel® Trusted Connect Service Client IP Office Admin Suite IsoBuster 3.1 iTunes Java 7 Update 21 Java Auto Updater Java(TM) 7 Update 5 (64-bit) Junk Mail filter update Malwarebytes Anti-Malware Version 1.75.0.1300 Mesh Runtime Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Excel MUI (German) 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (German) 2010 Microsoft Office Outlook MUI (German) 2010 Microsoft Office PowerPoint MUI (German) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (German) 2010 Microsoft Office Proof (Italian) 2010 Microsoft Office Proofing (German) 2010 Microsoft Office Publisher MUI (German) 2010 Microsoft Office Shared 64-bit MUI (German) 2010 Microsoft Office Shared MUI (German) 2010 Microsoft Office Standard 2010 Microsoft Office Word MUI (German) 2010 Microsoft Silverlight Microsoft SkyDrive Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU Mozilla Firefox 21.0 (x86 de) Mozilla Maintenance Service MP4 To MP3 Converter V3.0 MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NTRU TCG Software Stack OCS Inventory NG Agent 2.0.1.0 Office Timeline 2012 Open It! Paint.NET v3.5.10 PC-CCID Preboot Manager Private Information Manager QuickTime Realtek High Definition Audio Driver RedMon - Redirection Port Monitor RTC Client API v1.2 Security Task Manager 1.8g Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition SolidWorks eDrawings 2010 SPBA 5.9 SugarSync Symantec Endpoint Protection TAPI TAPICall 4.2.19 TightVNC toolkit32for64bit Trusted Drive Manager Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition Update for Zip Opener Upek Touchchip Fingerprint Reader VariCAD Viewer 2012-2.07 DE Wave Crypto Runtime 2.0.7.0 x86 Wave Infrastructure Installer Wave Support Software Installer Windows-Treiberpaket - Dell Inc. PBADRV System (09/11/2009 1.0.1.6) Windows Live Communications Platform Windows Live Essentials Windows Live Fotogalerie Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX control for remote connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Player Firefox Plugin WinRAR 4.20 (64-Bit) Zip Opener Packages . ==== End Of File =========================== Code:
ATTFilter DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.21.2
Run by liebig at 10:36:56 on 2013-06-13
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3979.2443 [GMT 2:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\SPBA\upeksvr.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TightVNC\tvnserver.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\OCS Inventory Agent\OcsService.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Users\raimund.liebig\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Program Files (x86)\SugarSync\SugarSync.exe
C:\Program Files (x86)\OCS Inventory Agent\OcsSystray.exe
C:\Program Files (x86)\TAPICall\TAPICall_Core.exe
C:\Users\raimund.liebig\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe
C:\Windows\system32\PrintIsolationHost.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\FreePDF_XP\fpassist.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyServer = 192.168.0.31:3128
mWinlogon: Userinit = userinit.exe
BHO: Symantec Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\IPS\IPSBHO.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID-Anmelde-Hilfsprogramm: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [SugarSync] "C:\Program Files (x86)\SugarSync\SugarSyncManager.exe" -startInTray -usedelay=true
uRun: [Akamai NetSession Interface] "C:\Users\harrer-liebig\AppData\Local\Akamai\netsession_win.exe"
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [SkyDrive] "C:\Users\harrer-liebig\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRunOnce: [Uninstall C:\Users\harrer-liebig\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\harrer-liebig\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64"
uRunOnce: [Uninstall C:\Users\harrer-liebig\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\harrer-liebig\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727"
uRunOnce: [Uninstall C:\Users\harrer-liebig\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\harrer-liebig\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
uRunOnce: [Uninstall C:\Users\harrer-liebig\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\harrer-liebig\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910"
uRunOnce: [Uninstall C:\Users\harrer-liebig\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910_1\amd64] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\harrer-liebig\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910_1\amd64"
uRunOnce: [Uninstall C:\Users\harrer-liebig\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910_1] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\harrer-liebig\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910_1"
uRunOnce: [Uninstall C:\Users\harrer-liebig\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\harrer-liebig\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64"
uRunOnce: [Uninstall C:\Users\harrer-liebig\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\harrer-liebig\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112"
uRunOnce: [Uninstall C:\Users\harrer-liebig\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\harrer-liebig\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64"
uRunOnce: [Uninstall C:\Users\harrer-liebig\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\harrer-liebig\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314"
uRunOnce: [Report] \AdwCleaner[S2].txt
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [FreePDF Assistant] "C:\Program Files (x86)\FreePDF_XP\fpassist.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: [ Malwarebytes Anti-Malware ] C:\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\HARRER~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\harrer-liebig\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\HARRER~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Windows\Installer\{90140000-0012-0000-0000-0000000FF1CE}\outicon.exe
StartupFolder: C:\Users\HARRER~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\OCSINV~1.LNK - C:\Program Files (x86)\OCS Inventory Agent\OcsSystray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TAPICA~1.LNK - C:\Windows\Installer\{BF3EC70E-3D52-4861-AA18-48938A4D3F12}\TAPICall.ico
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: DisableCAD = dword:1
mPolicies-System: SoftwareSASGeneration = dword:1
IE: An OneNote s&enden - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Markierte Rufnummer/URI wählen - C:\Program Files (x86)\SwyxIt!\IEDial.htm
IE: Nach Microsoft E&xcel exportieren - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} - hxxp://navigram.com/engine/v1026/Navigram.cab
TCP: Interfaces\{8FE7B531-8131-4FE0-93EB-9DCE4FED7597} : NameServer = 192.168.0.35,192.168.110.11
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\SysWOW64\SSCbFsMntNtf3.dll
STS: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\SysWOW64\DreamScene.dll
STS: Virtual Storage Mount Notification - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\SysWOW64\SSCbFsMntNtf3.dll
LSA: Authentication Packages = msv1_0 wvauth
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [TdmNotify] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
x64-SSODL: WebCheck - <orphaned>
x64-SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\System32\SSCbFsMntNtf3.dll
x64-STS: Virtual Storage Mount Notification - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\System32\SSCbFsMntNtf3.dll
Hosts: 192.168.110.126 SWYX
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\harrer-liebig\AppData\Roaming\Mozilla\Firefox\Profiles\0kvu9v8i.default\
FF - prefs.js: browser.startup.homepage - google.de
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;C:\Windows\System32\drivers\iusb3hcs.sys [2012-8-22 16152]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\SEP\0C0107DF\07DF.105\x64\SymDS64.sys [2013-3-6 493216]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\SEP\0C0107DF\07DF.105\x64\SymEFA64.sys [2013-3-6 1133216]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\BASHDefs\20130531.011\BHDrvx64.sys [2013-5-31 1393240]
R1 ccSettings_{42E92450-57D3-441E-85C7-4B1B1ED0B0D9};Symantec Endpoint Protection 12.1.2015.2015.105 Settings Manager;C:\Windows\System32\drivers\SEP\0C0107DF\07DF.105\x64\ccSetx64.sys [2013-3-6 168096]
R1 IDSVia64;IDSVia64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\IPSDefs\20130612.011\IDSviA64.sys [2013-6-13 513184]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\SEP\0C0107DF\07DF.105\x64\Ironx64.sys [2013-3-6 224416]
R1 SYMNETS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\SEP\0C0107DF\07DF.105\x64\symnets.sys [2013-3-6 432800]
R2 EmbassyService;EmbassyService;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [2012-1-17 218504]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-8-22 189608]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-8-22 161560]
R2 OCS Inventory Service;OCS Inventory Service;C:\Program Files (x86)\OCS Inventory Agent\OcsService.exe [2011-9-8 35840]
R2 SepMasterService;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe [2013-3-6 143928]
R2 tvnserver;TightVNC Server;C:\Program Files\TightVNC\tvnserver.exe [2012-6-26 1652280]
R2 Wave Authentication Manager Service;Wave Authentication Manager Service;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2012-1-5 1679872]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-3-8 138912]
R3 IntcDAud;Intel(R) Display-Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-8-23 331264]
R3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;C:\Windows\System32\drivers\iusb3hub.sys [2012-8-22 356120]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;C:\Windows\System32\drivers\iusb3xhc.sys [2012-8-22 788760]
R3 SSCBFS3;SugarSync CallBack File System driver v3;C:\Windows\System32\drivers\sscbfs3.sys [2013-6-6 347904]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-8-22 13592]
S2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-8-22 363800]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 netvsc;netvsc;C:\Windows\System32\drivers\netvsc60.sys [2010-11-21 168448]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-7 19456]
S3 StorSvc;Speicherdienst;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 SyDvCtrl;SyDvCtrl;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\SyDvCtrl64.sys [2013-3-6 34352]
S3 SynthVid;SynthVid;C:\Windows\System32\drivers\VMBusVideoM.sys [2010-11-21 22528]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-7 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-12-7 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WvPCR;WvPCR;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [2012-1-16 198144]
S4 dkab_device;dkab_device;C:\Windows\System32\DKabcoms.exe -service --> C:\Windows\System32\DKabcoms.exe -service [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .scr: DWGTrueViewScriptFile=C:\Windows\System32\notepad.exe "%1"
.
=============== Created Last 30 ================
.
2013-06-13 07:24:16 -------- d-----w- C:\ProgramData\SecTaskMan
2013-06-13 07:24:02 -------- d-----w- C:\Security Task Manager
2013-06-13 07:06:14 -------- d-----w- C:\Program Files\HitmanPro
2013-06-13 07:05:41 -------- d-----w- C:\ProgramData\HitmanPro
2013-06-13 05:53:27 -------- d-----w- C:\Users\harrer-liebig\AppData\Roaming\Malwarebytes
2013-06-13 05:53:14 -------- d-----w- C:\ProgramData\Malwarebytes
2013-06-13 05:53:13 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-06-13 05:53:13 -------- d-----w- C:\Malwarebytes' Anti-Malware
2013-06-10 06:14:00 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-10 06:14:00 -------- d-----w- C:\Program Files\iTunes
2013-06-10 06:14:00 -------- d-----w- C:\Program Files\iPod
2013-06-10 06:14:00 -------- d-----w- C:\Program Files (x86)\iTunes
2013-06-06 14:17:33 225024 ----a-w- C:\Windows\SysWow64\SSCbFsNetRdr3.dll
2013-06-06 14:17:33 192256 ----a-w- C:\Windows\System32\SSCbFsMntNtf3.dll
2013-06-06 14:17:33 159488 ----a-w- C:\Windows\SysWow64\SSCbFsMntNtf3.dll
2013-06-06 14:17:33 143104 ----a-w- C:\Windows\System32\SSCbFsNetRdr3.dll
2013-06-06 14:17:24 347904 ----a-w- C:\Windows\System32\drivers\sscbfs3.sys
2013-06-06 13:39:55 -------- d--h--w- C:\SkyDriveTemp
2013-06-06 12:35:48 -------- d-----w- C:\ProgramData\GroupPolicy
2013-06-06 07:05:35 -------- d-----w- C:\Smart Projects
2013-06-06 07:05:10 -------- d-----w- C:\Users\harrer-liebig\AppData\Local\Programs
2013-06-05 08:23:27 102400 --sha-r- C:\Windows\SysWow64\IEAdvpack5.dll
2013-05-28 13:18:46 -------- d-----w- C:\Users\harrer-liebig\AppData\Local\Swyx
2013-05-28 13:17:28 -------- d-----w- C:\Program Files (x86)\SwyxIt!
2013-05-23 08:02:20 -------- d-----w- C:\Users\harrer-liebig\AppData\Roaming\Zip Opener Packages
2013-05-23 08:02:08 -------- d-----w- C:\Program Files (x86)\OpenIt
.
==================== Find3M ====================
.
2013-06-12 08:56:02 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 08:56:02 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-04-04 03:35:05 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2007-03-12 17:59:00 299008 ----a-w- C:\Program Files (x86)\navigram_register.exe
.
============= FINISH: 10:37:42,73 ===============
Natürlich habe ich die aufgeführten Programme vorher entfernt. Vielen Dank im Voraus. Nur als Randinformation, es handelt sich um einen Firmencomptuert. Die EDV Abteilung hat das Handtuch geworfen und möchte den PC neu aufsetzen, haben aber gemeint, ich könne es gerne selber noch einmal probieren. Da ich selber nun gescheitert bin, wollte ich jetzt euch fragen. Geändert von X-RayX (13.06.2013 um 09:51 Uhr) Grund: Ergänzung |
| Themen zu Googlesuche leitet falsch weiter |
| browser, converter, cpu, defender, desktop, dll, error, excel, explorer, firefox, flash player, generic, internet, internet browser, internet explorer, leitet, löschen, mozilla, mp3, plug-in, registrierungsdatenbank, rundll, server, sicherheit, software, svchost.exe, usb, visual studio, windows |
Baum-Darstellung