Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Suchanfrgen werden zu Ad-seiten umgeleitet

Suchanfrgen werden zu Ad-seiten umgeleitet


Plagegeister aller Art und deren Bekämpfung: Suchanfrgen werden zu Ad-seiten umgeleitet

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 2 von 2 1 2
Alt 28.03.2010, 10:01   #16
boecki
 
Suchanfrgen werden zu Ad-seiten umgeleitet - Standard

Suchanfrgen werden zu Ad-seiten umgeleitet


Nach einem Neustart habe ich einen erneuten Scann gemacht:
wieder wurden ONENOTEM.exe und ONINTL.dll gefunden

Zusätzlich waren auf dem Desktop 2 versteckte Dateien:
beide heißen desktop.ini (geht das überhaupt oder sind da versteckte Zeichen?)
Inhalt:
Code:
ATTFilter
[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769
IconResource=%SystemRoot%\system32\imageres.dll,-183
[LocalizedFileNames]
Windows Media Player.lnk=@%SystemRoot%\system32\unregmp2.exe,-4
und
Code:
ATTFilter
[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21799
Wenn das jetzt bei jedem Neustart mit rein kommt, woran kann das wieder liegen?
Das hab ich schon gefunden:
hxxp://support.microsoft.com/default.aspx?scid=330132
hxxp://www.winhelponline.com/articles/130/1/Shell-folders-are-displayed-with-the-standard-folder-icon-in-Windows-Vista.html
Nur wieso kommt das plötzlich?

Hier noch die Extra vom vorherigen Scann mit OTL:
Extra:
Code:
ATTFilter
OTL Extras logfile created on: 28.03.2010 09:50:18 - Run 3
OTL by OldTimer - Version 3.1.37.3     Folder = D:\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free
5,00 Gb Paging File | 3,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): c:\pagefile.sys 3067 3067 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 33,66 Gb Total Space | 3,87 Gb Free Space | 11,51% Space Free | Partition Type: NTFS
Drive D: | 78,12 Gb Total Space | 11,46 Gb Free Space | 14,67% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***-NOTEBOOK
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Mozilla Firefox 3\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 3\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Mozilla Firefox 3\firefox.exe" (Mozilla Corporation)
htmlfile [opennew] -- "C:\Program Files\Mozilla Firefox 3\firefox.exe" (Mozilla Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox 3\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox 3\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{C6366704-8839-4F57-AE54-92546807C22E}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | 
"{F12BA1AD-D48B-4AEC-B6B9-E55A479CAD44}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{046D4E9D-E71A-431A-9CB8-56ADA5D997B3}" = protocol=17 | dir=in | app=d:\program files\fritz!dsl\webwaigd.exe | 
"{04FCDA6A-6920-4F4A-8A90-1B339372750C}" = protocol=17 | dir=in | app=d:\program files\sierra entertainment\world in conflict\wic_online.exe | 
"{094ED8BB-7709-40FE-AE03-00648C0503A0}" = protocol=6 | dir=in | app=d:\program files\tobit clipinc\player\clipinc-player.exe | 
"{096BB17D-5DBB-48AF-9858-3DD4AF04C6F0}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{0B527686-375F-4094-85C6-92EC371FA915}" = protocol=17 | dir=in | app=d:\program files\sierra entertainment\world in conflict\wic_ds.exe | 
"{0FFCA206-8878-440F-90DE-9AD26D9B0BA6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{116C0881-F9D6-4AAC-8023-19D410095FFD}" = protocol=17 | dir=in | app=d:\program files\tobit clipinc\server\clipinc-server.exe | 
"{1307B176-B415-4209-B765-197B795AEE83}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2D363B59-A6ED-4A2C-A238-5099208A5EEE}" = protocol=17 | dir=in | app=d:\program files\tobit clipinc\player\clipinc-player.exe | 
"{3876BC76-260B-4F75-ADA2-2F9B0BA8CBDC}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{3ACFBE09-99B4-49F8-B26D-E918C6A122CA}" = protocol=6 | dir=in | app=d:\program files\tobit clipinc\server\clipinc-server.exe | 
"{3BB299C6-1AFE-4138-96C2-984AB01BA050}" = protocol=6 | dir=in | app=d:\program files\common files\siemens\sqlany\dbsrv9.exe | 
"{3F0C64BB-EA8E-40FD-B3FC-EACB2207CB10}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{4AE83A2D-CEE7-405F-B9BC-5686D656C3C9}" = protocol=17 | dir=in | app=d:\program files\fritz!dsl\igdctrl.exe | 
"{4D6F8DE6-0324-4785-8EBA-5C2DC2426DED}" = protocol=6 | dir=in | app=d:\program files\sierra entertainment\world in conflict\wic_ds.exe | 
"{5759D9D9-E940-43F4-84B8-EA0A16429EDB}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{59C0E009-46BC-4247-AEBA-6F8EF06F810B}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{5B702407-5B82-4684-A8FD-9657E352E75F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{600AACE7-C4CB-41BF-A658-36BE8F502098}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{613EA574-AACA-4B6A-989B-08466527F0A5}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{62190B61-064B-4771-B90F-4400A75E84C6}" = protocol=6 | dir=in | app=d:\program files\siemens\step7\s7bin\s7tgtopx.exe | 
"{730F77C6-E3A0-4236-9B51-2F3868831831}" = protocol=6 | dir=in | app=d:\program files\siemens\step7\s7inf\s7usiapx.exe | 
"{76BCA1DE-3413-4BCB-8BA1-2D163D8F1DA6}" = protocol=17 | dir=in | app=d:\program files\siemens\step7\s7bin\s7tgtopx.exe | 
"{8092A208-7B6D-4F35-9439-8DA320F1D6D2}" = protocol=6 | dir=in | app=d:\program files\sierra entertainment\world in conflict\wic_online.exe | 
"{80C2F7D5-D2F6-4AB0-B81D-4E35604F48D9}" = protocol=17 | dir=in | app=d:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{8103C9F3-F620-44B5-93C7-3F47B62956AF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{871825A5-D391-49E0-9DD5-6B2854D005EA}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{92BB2EF4-188B-4207-9114-76A0CA0F8999}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{941DFA1F-5905-4503-9400-2790D817EB3B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{95A8A7A8-A9BE-4A1C-8842-C809A61D4D91}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{98B71910-0479-446A-89C6-680A0798FCB8}" = protocol=17 | dir=in | app=c:\windows\system32\s7otbxsx.exe | 
"{A38CD01C-E7AF-4FD1-80A0-39574A584669}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A84D1D47-BD43-4BBB-9E82-7E5899D29D28}" = protocol=6 | dir=in | app=d:\program files\ultravnc\vncviewer.exe | 
"{AD0419DF-09C6-4809-AC08-CCF54FE25389}" = protocol=17 | dir=in | app=d:\program files\ultravnc\vncviewer.exe | 
"{B077F837-9C02-44DF-B7C4-9BA17BB55ABF}" = protocol=6 | dir=in | app=d:\program files\fritz!dsl\fboxupd.exe | 
"{B1D74072-0D85-4EA4-9053-53FB944B443D}" = protocol=17 | dir=in | app=d:\program files\sierra entertainment\world in conflict\wic.exe | 
"{BC73845E-ACE2-47D4-A858-FD80262C077E}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{C75BDD61-CC0A-4A1F-ACD6-6B12CD97E5BA}" = protocol=17 | dir=in | app=d:\program files\fritz!dsl\fboxupd.exe | 
"{CC54CE45-7D51-48D5-964C-8FD46F6498CA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E3B7DE90-DF10-457A-B339-8B5B3AECA0AD}" = protocol=6 | dir=in | app=d:\program files\sierra entertainment\world in conflict\wic.exe | 
"{E3D633CC-6B54-4B26-9074-0023B6516512}" = protocol=17 | dir=in | app=d:\program files\siemens\step7\s7inf\s7usiapx.exe | 
"{E445019D-14EC-4349-8CAA-283853AF4FA2}" = protocol=6 | dir=in | app=d:\program files\fritz!dsl\igdctrl.exe | 
"{E5EA6E74-9E28-4340-BA07-A6E7CC5C35AA}" = protocol=6 | dir=in | app=c:\windows\system32\s7otbxsx.exe | 
"{E6E93F5C-B4DF-4619-A24F-D2DA92073E14}" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EA5716C3-360E-471D-9384-23993492A8C3}" = protocol=6 | dir=in | app=d:\program files\fritz!dsl\webwaigd.exe | 
"{F6AC6D78-E203-4CC8-B016-DA7834CACEDD}" = protocol=17 | dir=in | app=d:\program files\common files\siemens\sqlany\dbsrv9.exe | 
"{FA66DAE9-C8F1-4022-A450-ED2606FEA059}" = protocol=6 | dir=in | app=d:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{FCF268E7-A31B-46CE-8B9A-F1563C613D5C}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"TCP Query User{0497A5D2-B143-466E-AA29-428FEC75254B}D:\program files\ultravnc\winvnc.exe" = protocol=6 | dir=in | app=d:\program files\ultravnc\winvnc.exe | 
"TCP Query User{0BA37633-9ABE-475A-BD61-428B8AAFAA78}D:\downloads\ipcurve100win32\ipcurve\ipcurve.exe" = protocol=6 | dir=in | app=d:\downloads\ipcurve100win32\ipcurve\ipcurve.exe | 
"TCP Query User{0C49B2C1-5AB9-4356-A222-8D14A58D3E2D}D:\xampp\apache\bin\apache.exe" = protocol=6 | dir=in | app=d:\xampp\apache\bin\apache.exe | 
"TCP Query User{11C6537F-3DFD-49F8-BEA1-4DC7615B6793}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"TCP Query User{18120317-63D8-456B-8A0C-487CB952B06B}C:\downloads\enemy.engaged.2.desert.operations.german.proper-fas\zips\f-ee2d01\fas-ee2d\cohokum\ee2deopt.exe" = protocol=6 | dir=in | app=c:\downloads\enemy.engaged.2.desert.operations.german.proper-fas\zips\f-ee2d01\fas-ee2d\cohokum\ee2deopt.exe | 
"TCP Query User{3442E195-CABE-43DF-98C3-93672C6DFC15}D:\program files\sixteen tons entertainment\emergency 4\em4.exe" = protocol=6 | dir=in | app=d:\program files\sixteen tons entertainment\emergency 4\em4.exe | 
"TCP Query User{509386DB-32B5-47BE-A7D8-3A75D885D847}D:\program files\mirandafusion\miranda32.exe" = protocol=6 | dir=in | app=d:\program files\mirandafusion\miranda32.exe | 
"TCP Query User{53512855-EEE2-4693-8C6A-C6C4FB9CA3D4}D:\xampp\htdocs\fos\dateien\eclipse\eclipse\eclipse.exe" = protocol=6 | dir=in | app=d:\xampp\htdocs\fos\dateien\eclipse\eclipse\eclipse.exe | 
"TCP Query User{7B5F2614-C853-409F-95DA-8DD58B1A89F7}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{A3C9332E-D029-43BD-91DA-912B745F316F}D:\program files\zend\zendstudio-5.5.0\jre\bin\javaw.exe" = protocol=6 | dir=in | app=d:\program files\zend\zendstudio-5.5.0\jre\bin\javaw.exe | 
"TCP Query User{A6348E5E-C653-4324-933E-EC02713DAB98}D:\downloads\miranda\miranda im\miranda32.exe" = protocol=6 | dir=in | app=d:\downloads\miranda\miranda im\miranda32.exe | 
"TCP Query User{B7BDF954-9D59-4642-B318-25F38EF7074A}D:\downloads\multimedia\cryptload_1.1.5\cryptload.exe" = protocol=6 | dir=in | app=d:\downloads\multimedia\cryptload_1.1.5\cryptload.exe | 
"TCP Query User{B82B69D1-5953-4259-9C75-891DF3B3B3D6}D:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=d:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"TCP Query User{C136951A-E876-412E-AE2B-DF493F75575E}D:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=d:\program files\azureus\azureus.exe | 
"TCP Query User{D806CFB0-1D10-4ACE-B67B-9D74AD998442}D:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=d:\program files\mirc\mirc.exe | 
"TCP Query User{E85BD8FF-E207-4791-9113-149A951F911F}D:\downloads\editoren\ecipse\eclipse\eclipse.exe" = protocol=6 | dir=in | app=d:\downloads\editoren\ecipse\eclipse\eclipse.exe | 
"UDP Query User{0A8237EC-4142-4D3E-9A8B-542F411EA304}D:\xampp\htdocs\fos\dateien\eclipse\eclipse\eclipse.exe" = protocol=17 | dir=in | app=d:\xampp\htdocs\fos\dateien\eclipse\eclipse\eclipse.exe | 
"UDP Query User{2E2E7EBB-0C5E-4F1D-9463-1586819C274A}D:\xampp\apache\bin\apache.exe" = protocol=17 | dir=in | app=d:\xampp\apache\bin\apache.exe | 
"UDP Query User{30E44775-63FF-4015-AF12-12520F5F8422}D:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=d:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"UDP Query User{5D50CB67-B495-4D0A-B23B-0464EB49EB2B}D:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=d:\program files\azureus\azureus.exe | 
"UDP Query User{62F5FCE2-5ACD-435B-AAB1-1762EDD2F285}D:\downloads\ipcurve100win32\ipcurve\ipcurve.exe" = protocol=17 | dir=in | app=d:\downloads\ipcurve100win32\ipcurve\ipcurve.exe | 
"UDP Query User{70DCC22A-7076-4ED1-9F93-5373ABB73B2E}D:\program files\sixteen tons entertainment\emergency 4\em4.exe" = protocol=17 | dir=in | app=d:\program files\sixteen tons entertainment\emergency 4\em4.exe | 
"UDP Query User{9E11D23B-791D-4E74-BFE4-850E2B75C44C}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{B1F7D733-6C78-40C8-A518-AB625029C2BF}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"UDP Query User{B9EF8DDF-F28C-41B7-8208-356F2EEF1BD3}D:\downloads\editoren\ecipse\eclipse\eclipse.exe" = protocol=17 | dir=in | app=d:\downloads\editoren\ecipse\eclipse\eclipse.exe | 
"UDP Query User{C36FD354-85CF-416F-8062-17B22843B3C9}D:\program files\mirandafusion\miranda32.exe" = protocol=17 | dir=in | app=d:\program files\mirandafusion\miranda32.exe | 
"UDP Query User{C52CBF94-75E6-4BCD-BB59-927CDAEB4A77}D:\downloads\miranda\miranda im\miranda32.exe" = protocol=17 | dir=in | app=d:\downloads\miranda\miranda im\miranda32.exe | 
"UDP Query User{D87DAE0B-9B0E-4933-BF5A-E3D61153CBCB}D:\program files\ultravnc\winvnc.exe" = protocol=17 | dir=in | app=d:\program files\ultravnc\winvnc.exe | 
"UDP Query User{DFBD1E95-4937-462F-93D5-EC59F880553A}D:\program files\zend\zendstudio-5.5.0\jre\bin\javaw.exe" = protocol=17 | dir=in | app=d:\program files\zend\zendstudio-5.5.0\jre\bin\javaw.exe | 
"UDP Query User{E0D5C698-CEB9-457E-83F3-829662C51E50}D:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=d:\program files\mirc\mirc.exe |  
"UDP Query User{F51869D0-4C5B-4E63-B97C-FDEFCE4BFDA9}D:\downloads\multimedia\cryptload_1.1.5\cryptload.exe" = protocol=17 | dir=in | app=d:\downloads\multimedia\cryptload_1.1.5\cryptload.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
""Bilder-CD Fachkunde Elektrotechnik"_is1" = Bilder-CD für Fachkunde Elektrotechnik, 25. Auflage - Einzelliz
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0168B3E7-393C-4749-B429-FD5B6FD50567}" = NI Circuit Design Suite Support and Upgrade Utility
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{046ED2B7-14D5-4F2C-A275-09D54CEFE757}" = GTactix
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07E043CB-B1C1-48E3-B2AF-6BED957DF7CD}" = SIMATIC S7-SCL V5.3 + SP4 Professional 2006 SR4  
"{07E043CB-B1C1-48E3-B2AF-6BED957DF7CD}SCL" = SIMATIC S7-SCL V5.3 + SP4 Professional 2006 SR4  
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0BEA337D-71D0-44C7-A575-932612A00908}" = NI EULA Depot
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu
"{1296CAF3-F007-4813-A95F-AD153F978DF1}" = AVRStudio4
"{15BD8E56-D41F-4496-8EA6-13D97AF3F35F}" = MP3Find pro v4.49
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16551E12-7EBB-4F63-9B6D-4AED6C2A6FB0}" = Ovi Files
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{20140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010 (Beta)
"{20140062-0062-0407-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 (Beta) - Deutsch
"{2447500B-22D7-47BD-9B13-1A927F43A267}" = Empire Earth
"{2457326B-C110-40C3-89B0-889CC913871A}" = AVM FRITZ!DSL
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 17
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{33BBE45C-6296-488A-B7D5-37E692E71B3F}" = TortoiseSVN 1.6.5.16974 (32 bit)
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{35ED8B97-897C-4BD1-AEAE-6FD3404BA082}" = Ovi Desktop Sync Engine
"{3762698E-E9DF-4DD8-99F1-8192D0F8EE06}" = Nokia_Multimedia_Common_Components_2_5
"{39600969-41C3-4658-876E-16F108FC5C92}" = ISO Recorder
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = USB Video Device
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F64982B-469A-4218-97D0-57B8B69CD1C6}" = Langenscheidt Vokabeltrainer 4.0 Englisch
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{449A16C4-83B3-426C-AA4A-00A34E80C093}" = Smart Battery
"{47C6F987-685A-41AE-B092-E75B277AEE39}" = Adobe Flash CS4 Extension - Flash Lite STI others
"{47F94730-ABD2-47F6-920E-EA8CDB6DD0C6}_is1" = BASCOM-AVR
"{481C9A00-91AC-4065-870C-BD4E28186E5A}" = PC Connectivity Solution
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}" = Nokia Software Updater
"{4CDE9452-7BA2-46BC-9551-6A041F4A3B66}" = NI LabVIEW Run-Time Engine 8.2
"{4E1CD3D5-D4EE-4246-AE24-F0FD5A60390D}" = OviMPlatform
"{4E4E15DD-6CE6-4AAD-81EC-F8A9C0D83449}" = Vokabeltrainer-Update 4.0.19
"{53FE1175-1B37-4677-924C-62AFFCC83800}" = NI MDF Support
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6B249FAC-DD1A-405F-A8A2-AA6A2252ED32}" = Eisenbahn.exe Professional 6.0
"{6CAB860B-CB68-462B-AF66-83AEF9BD6ED2}" = NI Circuit Design Suite 10 Pro
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6FADAF5C-C9AC-49E5-8B14-7021F91EF0B5}" = NI LabVIEW Run-Time Engine 8.0.1
"{729518C0-BF90-4653-B1A2-CD0193D14CE6}}_is1" = Helium Music Manager 7 (build 7847)
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{738B0934-6676-44F6-AB52-32F4E60DCA7F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools (Deutsch)
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78F08FD6-0606-4F8B-B16D-57758AEF7E9C}" = Automation License Manager V3.0 + SP1 Professional  
"{78F08FD6-0606-4F8B-B16D-57758AEF7E9C}LicenseManager" = Automation License Manager V3.0 + SP1 
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{80AE0E0A-5579-4015-9C1A-35F2F2CE5673}" = Emergency 4
"{80F0B640-3A5E-45B6-ACA0-445AFF78CE85}" = Graphviz
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84ED5482-CFB0-4DD9-BF18-489FFDACD18A}" = Microsoft Antimalware Service DE-DE Language Pack
"{85B9124A-7EE0-4A60-B141-B233124E7DBD}" = Smart Meeting
"{889BF4A8-E783-46C4-8FB8-97A0B977C32A}" = NI LabWindows/CVI 8.0.1 Run-Time Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8D6F5556-EB3C-420D-9B75-020DEF9AD0AC}" = NI Uninstaller
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{927AA2A2-7631-4EA2-A1F9-252D27B9D0A2}" = Nokia Ovi Suite
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.8
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9BFCF52F-9ACE-4BFF-9265-4A83B48D5EED}" = PKZIP Server for Windows 8.60.0007
"{A0A623D9-C673-47B1-8FB1-9FF4A6C88D9C}" = NavyFIELD Europe (DE)
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A1F7BDF1-6D46-46FC-92D1-BC91202251DD}" = NI Service Locator
"{A2DC3907-B0A3-484F-9677-A16F1D58BF60}" = NI TDMS
"{A528306A-C5EC-481C-A619-6106334E6800}" = Nokia Ovi Player
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.1 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B440401C-4804-4F2D-998C-ACF5FC83DA5F}" = SIMATIC S7-PLCSIM V5.4 + SP1 Professional 2006 SR4  
"{B440401C-4804-4F2D-998C-ACF5FC83DA5F}PLCSim" = SIMATIC S7-PLCSIM V5.4 + SP1 Professional 2006 SR4  
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7666229-351B-47D9-AA6F-DF777CF04BBF}" = Caesar IV
"{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver
"{BA63348B-143D-4CAC-A355-3879402ED781}" = Nokia Ovi Suite Software Updater
"{BAADD05A-8BDD-4C1B-BE38-94627C552A86}" = NI Logos 4.7
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD3374D3-C2E6-42B7-A80B-E850B6886246}" = Adobe Flash CS4 STI-other
"{BDE84BB7-8261-4787-8219-A5D60E70146C}" = TRILUX Daten-PlugIn für DIALux 06/2009
"{BE6A4401-F766-4706-97F0-A0332C51A3EE}" = SIMATIC S7-GRAPH V5.3 + SP5 Professional 2006 SR4  
"{BE6A4401-F766-4706-97F0-A0332C51A3EE}S7GRAPH" = SIMATIC S7-GRAPH V5.3 + SP5 Professional 2006 SR4  
"{BE802A6E-7F0D-4333-B45E-80F06C4DC59C}}_is1" = MP3Test
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD094AFB-E5B0-4687-A3D2-358E04BCA172}" = NI Circuit Design Suite 10 Core
"{CD49361E-3FE6-457E-90A1-9C59E29B5D02}" = Java DB 10.3.1.4
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{D5D88F8F-FDA4-4CF4-9F3E-3F40118C2120}" = AVRStudio4
"{D8B7A9C5-7ACE-4F9C-9788-77D08850AB4F}" = NI USI 1.3.0
"{D9DA2DF6-8CB6-4E3C-A29E-FAECFBA3E9A7}" = Garmin POI Loader
"{DB2C5648-700D-4AEF-83E1-70C72F0C34FA}" = NI Math Kernel Libraries
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DF316006-FA84-40B0-B9B0-880B6487D5D7}" = SIMATIC  STEP 7 V5.4 + SP3 + HF1 Professional 2006 SR4  
"{DF316006-FA84-40B0-B9B0-880B6487D5D7}STEP7" = SIMATIC  STEP 7 V5.4 + SP3 + HF1 Professional 2006 SR4  
"{DFD456BA-8C23-4AAD-AF46-E41CE89D022C}" = ThinkVantage Fingerprint Software
"{E040012F-A895-482E-87EF-D747ABB0F1D6}" = CADdy++ - SEE Electrical
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware
"{EB026BC8-E00C-499D-BD87-89A0566BEB0E}" = AVRStudio4
"{EED50C97-C79E-4149-BD82-7C5A22437708}" = Adobe Setup
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F11ADC64-C89E-47F4-A0B3-3665FF859397}" = WORLD IN CONFLICT
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F8D315CF-615E-3AAC-ABF6-C0FA91EDDDBA}" = Microsoft Visual C# 2008 Express Edition with SP1 - DEU
"{FA440BE8-EC2F-4478-A01A-077DA0606501}" = Microsoft SQL Server Compact 3.5 SP1 (Deutsch)
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FDB8EF7A-4118-4B27-8892-4FBE82729340}" = NI License Manager
"{FE2A7490-32EA-47D1-BCB4-0705F73F4C24}" = WinFACT 7
"{FEF06E73-A519-4510-8CF3-B66041B91D8A}" = EMSC
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (03/08/2007 2.2.1.0)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AFPL Ghostscript 8.14" = AFPL Ghostscript 8.14
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Audacity_is1" = Audacity 1.2.6
"AuthorsW" = SIMATIC AuthorsW V2.5 + ServicePack 1
"Calc 3D Pro_is1" = Calc 3D Pro Deutsch 2.1.7
"CCleaner" = CCleaner
"Cinderella 2.0" = Cinderella 2.0
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"COMODO Firewall Pro" = COMODO Firewall Pro
"Defraggler" = Defraggler
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EAGLE 5.2.0" = EAGLE 5.2.0
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FileZilla Client" = FileZilla Client 3.0.11
"FluidSIM 4.2h Pneumatik Demoversion" = FluidSIM 4.2h Pneumatik Demoversion
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free Sound Recorder" = Free Sound Recorder
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"FreePDF_XP" = FreePDF XP (Remove only)
"FWOCX" = SIMATIC ProTool/Pro V6.0 Gemeinsame Dateien
"Geo" = Geo
"HC51 9.60PL0" = HI-TECH C51-lite V9.60PL0
"HeidiSQL_is1" = HeidiSQL 3.2
"HijackThis" = HijackThis 2.0.2
"InstallShield_{449A16C4-83B3-426C-AA4A-00A34E80C093}" = Smart Battery
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"JabRef 2.5" = JabRef 2.5
"LHTTSGED" = L&H TTS3000 Deutsch
"LochMaster_30_Demo_is1" = LochMaster 3.0 (Demo)
"LyX" = LyX 1.6.4-1
"MAGIX Ringtone Maker 2 silver US" = MAGIX Ringtone Maker 2 silver (US)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ManyCam" = ManyCam 2.4 (remove only)
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Microsoft Visual C# 2008 Express Edition with SP1 - DEU" = Microsoft Visual C# 2008 Express Edition mit SP1 - DEU
"MiKTeX 2.8" = MiKTeX 2.8
"Mirage Driver_is1" = Mirage Driver 1.1
"Miranda IM" = Miranda IM 0.8.9
"Mozilla Firefox (3.6.2pre)" = Mozilla Firefox (3.6.2pre)
"MusicBrainz Picard" = MusicBrainz Picard
"NI Uninstaller" = National Instruments-Software
"Nokia Ovi Suite" = Nokia Ovi Suite
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010 (Beta)
"PDF Passwort Knacker 1" = PDF Passwort Knacker 1
"PICC 9.60PL0" = HI-TECH PICC lite V9.60PL0
"ProInst" = Intel(R) PROSet/Wireless Software
"PSpice Student" = PSpice Student 9.1
"Python2.2" = Python
"RealPlayer 12.0" = RealPlayer
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SIMATIC ProTool/Pro CS Demo V6.0" = SIMATIC ProTool/Pro CS Demo V6.0 + ServicePack 2
"SIMATIC ProTool/Pro RT V6.0" = SIMATIC ProTool/Pro RT V6.0 + ServicePack 2
"SMSERIAL" = Motorola SM56 Data Fax Modem
"sPlan_60_Demo_is1" = sPlan 6.0 (Demo)
"SystemRequirementsLab" = System Requirements Lab
"Target 3001! V14 discover" = Target 3001! V14 discover
"Target 3001! V14 pcb-pool" = Target 3001! V14 pcb-pool
"TightVNC_is1" = TightVNC 1.3.10
"TUGZip_is1" = TUGZip 3.4
"Ultravnc2_is1" = UltraVNC 1.0.5
"Uninstall_is1" = Uninstall 1.0.0.1
"uniquemagicmp3taggerappid_is1" = Magic MP3 Tagger 2.2.6
"VBSdoc" = VBScript-Dokumentation
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VLC media player" = VideoLAN VLC media player 0.8.6f
"WibTeX_is1" = WibTeX 7.1a
"Winamp" = Winamp
"WinAVR-20090313" = WinAVR 20090313 (remove only)
"WinMerge_is1" = WinMerge 2.12.4
"WinPcapInst" = WinPcap 4.1 beta5
"Zend Studio - 7.0.0" = Zend Studio - 7.0.0
"ZendStudio-5.5.0" = ZendStudio-5.5.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"bdb6cf26dd054a4b" = Youtube-Entferner
"GraphCalc" = GraphCalc
"IntelliAdmin_NetworkAdministrator" = IntelliAdmin Network Administrator - Remove
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
Geändert von boecki (28.03.2010 um 10:58 Uhr)

Alt 28.03.2010, 17:36   #17
boecki
 
Suchanfrgen werden zu Ad-seiten umgeleitet - Standard

Suchanfrgen werden zu Ad-seiten umgeleitet


Die Rootkits kommen bei jedem Start wieder, wie werde ich die los?
__________________
Alt 29.03.2010, 13:14   #18
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Suchanfrgen werden zu Ad-seiten umgeleitet - Standard

Suchanfrgen werden zu Ad-seiten umgeleitet


Zitat:
Q ist das Laufwerk welches von Office 2010 Beta angelegt wird wenn man die Click to Run Variante gewählt hat.
Deswegen glaub ich weniger, dass da Rootkits sind. Brauchst Du die Betaversion von Office 2010 überhaupt? Produktiv arbeiten sollte man mit Betaversionen garnicht!!
__________________
__________________
Alt 29.03.2010, 15:53   #19
boecki
 
Suchanfrgen werden zu Ad-seiten umgeleitet - Standard

Suchanfrgen werden zu Ad-seiten umgeleitet


Ich werde sie mal runterschmeißen, das mit dem Click 2 Run ist eh Müll gewesen, nur ist es dann sicher das das Rootkit weg ist?

Versuchen kann man es ja.

Alt 29.03.2010, 15:54   #20
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Suchanfrgen werden zu Ad-seiten umgeleitet - Standard

Suchanfrgen werden zu Ad-seiten umgeleitet


Zitat:
nur ist es dann sicher das das Rootkit weg ist?
Wer sagt denn überhaupt, dass es ein Rootkit ist? Das Teil ist doch von der Office-Beta
Ein Fehlalarm dürfte da wahrscheinlicher sein.

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 29.03.2010, 17:17   #21
boecki
 
Suchanfrgen werden zu Ad-seiten umgeleitet - Standard

Suchanfrgen werden zu Ad-seiten umgeleitet


Aber ein wiederkehren bei Neustart? ohne Internetverbindung?
Merkwürdig.

Alt 02.04.2010, 11:47   #22
boecki
 
Suchanfrgen werden zu Ad-seiten umgeleitet - Standard

Suchanfrgen werden zu Ad-seiten umgeleitet


Nach fast einer Woche täglicher Scanns keine Infektionen mehr, denke alles ist weg.

Danke an cosinus und das Gesamte Team, solch ein Wissen aufzubauen dauert sicherlich Monate.

Alt 02.04.2010, 16:47   #23
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Suchanfrgen werden zu Ad-seiten umgeleitet - Standard

Suchanfrgen werden zu Ad-seiten umgeleitet


Da nun wieder alles ok ist, wäre es mal jetzt an der zeit die (wichtigsten) Updates zu prüfen:

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort
Seite 2 von 2 1 2

Themen zu Suchanfrgen werden zu Ad-seiten umgeleitet
adware, adware.adrotator, allpurposeresults, antivirus, appdatalow, bot, browser, content.ie5, dateien, dns, explorer, fehlermeldung, flv direct player, frage, geld, google, helper, hijack.system.hidden, install.exe, installation, loudmo, malwarebytes, malwarebytes' anti-malware, microsoft, ordner, problem, seite, setup, software, suche, system32, virus, weitere vorgehensweise, werbung, wireshark


« tr/ dropper.gen | Prozess Canaveral? »


Ähnliche Themen: Suchanfrgen werden zu Ad-seiten umgeleitet


  1. Windows 7: Webseiten werden auf andere Seiten umgeleitet.
    Plagegeister aller Art und deren Bekämpfung - 05.10.2013 (23)
  2. firefox lesezeichen werden sporadisch auf andere Seiten umgeleitet.
    Plagegeister aller Art und deren Bekämpfung - 07.04.2013 (17)
  3. Im Firefox werden einige Seiten umgeleitet auf adf.ly
    Log-Analyse und Auswertung - 30.03.2013 (14)
  4. Google Redirect ? Suchergebnisse werden auf andere Seiten umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 23.03.2013 (7)
  5. Google Ergebnisse werden umgeleitet zu anderen Seiten
    Plagegeister aller Art und deren Bekämpfung - 13.02.2013 (27)
  6. Seiten werden umgeleitet..google
    Plagegeister aller Art und deren Bekämpfung - 19.12.2012 (9)
  7. Anti-Viren Seiten (avira.com, kaspersky.com) werden auf google.de umgeleitet
    Log-Analyse und Auswertung - 12.09.2012 (1)
  8. Google Links werden auf seiten wie 95p.com umgeleitet. (malware?)
    Log-Analyse und Auswertung - 29.12.2011 (2)
  9. Firefox und Internetexplorer werden auf fremde Seiten umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 07.12.2011 (8)
  10. Anfänger: Google ergebnisse werden auf andere seiten umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 08.01.2011 (17)
  11. Google - Suchresultate werden auf Malware verseuchte Seiten umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 11.12.2010 (17)
  12. Google Suche - Seiten werden umgeleitet Security Tool
    Log-Analyse und Auswertung - 29.11.2010 (17)
  13. Google und Boardlinks werden auf schädliche Seiten umgeleitet
    Log-Analyse und Auswertung - 10.10.2010 (15)
  14. Google seiten werden auf verschiedene seiten umgeleitet oder nicht geladen
    Log-Analyse und Auswertung - 05.10.2010 (28)
  15. Google Suchergebnisse werden umgeleitet auf falsche Seiten
    Log-Analyse und Auswertung - 22.02.2010 (3)
  16. Links von Google und weiteren Seiten werden umgeleitet
    Log-Analyse und Auswertung - 05.01.2010 (3)
  17. Google: Links führen zu falschen Seiten oder werden umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 10.02.2009 (42)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Suchanfrgen werden zu Ad-seiten umgeleitet - Nach einem Neustart habe ich einen erneuten Scann gemacht: wieder wurden ONENOTEM.exe und ONINTL.dll gefunden Zusätzlich waren auf dem Desktop 2 versteckte Dateien: beide heißen desktop.ini (geht das überhaupt oder - Suchanfrgen werden zu Ad-seiten umgeleitet...
Archiv
Du betrachtest: Suchanfrgen werden zu Ad-seiten umgeleitet auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54