Firefox öffnet bei suche in Google mehrmals falsche links vor dem richtigen

cosinus · 20.05.2010, 15:12

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:

ATTFilter

KILLALL:

File::
c:\windows\system32\drivers\OV9655S.SET

Filelook::
c:\program files\Acronis\TrueImageHome\timountermonitor .exe
c:\program files\Acronis\TrueImageHome\TrueImageMonitor .exe
c:\program files\Adobe\Reader 9.0\Reader\reader_sl .exe
c:\program files\Common Files\Acronis\Schedule2\schedhlp .exe
c:\program files\Common Files\Adobe\ARM\1.0\adobearm .exe
c:\program files\Intel\AMT\atchk .exe
c:\program files\Lenovo Fingerprint Software\fpapp .exe
c:\program files\Microsoft Office\Office12\groovemonitor .exe
c:\program files\PGWARE\SuperRam\superramtray .exe
c:\program files\QSoft\Autorun Kicker\_autorunkicker .exe
c:\program files\Skype\Phone\skype .exe
c:\program files\Smart Battery\smbtray .exe
c:\program files\Trojan Remover\trjscan .exe
c:\program files\Unlocker\UnlockerAssistant  .exe
c:\program files\Windows Sidebar\sidebar .exe

Driver::
KeyAgent
ntiomin

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

roadrunner14 · 20.05.2010, 16:35

erledigt, hier das log:

Code:

ATTFilter

ComboFix 10-05-19.03 - roadrunner1405 20.05.2010  17:02:22.3.2 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.49.1031.18.2006.888 [GMT 2:00]
ausgeführt von:: c:\users\roadrunner1405\Desktop\cofi.exe
Benutzte Befehlsschalter :: c:\users\roadrunner1405\Desktop\CFScript.txt

FILE ::
"c:\windows\system32\drivers\OV9655S.SET"
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\OV9655S.SET

.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_KEYAGENT
-------\Legacy_NTIOMIN
-------\Service_KeyAgent
-------\Service_ntiomin


(((((((((((((((((((((((   Dateien erstellt von 2010-04-20 bis 2010-05-20  ))))))))))))))))))))))))))))))
.

2010-05-20 15:11 . 2010-05-20 15:15	--------	d-----w-	c:\users\roadrunner1405\AppData\Local\temp
2010-05-20 15:11 . 2010-05-20 15:11	--------	d-----w-	c:\users\Public\AppData\Local\temp
2010-05-20 15:11 . 2010-05-20 15:11	--------	d-----w-	c:\users\Gast\AppData\Local\temp
2010-05-20 15:11 . 2010-05-20 15:11	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-05-20 15:11 . 2010-05-20 15:11	--------	d-----w-	c:\users\Classic .NET AppPool\AppData\Local\temp
2010-05-20 08:20 . 2010-05-20 08:20	--------	d-----w-	C:\_OTL
2010-05-19 17:38 . 2010-05-19 17:38	--------	d-----w-	c:\users\roadrunner1405\AppData\Roaming\Malwarebytes
2010-05-19 17:38 . 2010-04-29 10:19	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-19 17:38 . 2010-05-19 17:38	--------	d-----w-	c:\programdata\Malwarebytes
2010-05-19 17:38 . 2010-04-29 10:19	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-05-19 17:37 . 2010-05-19 17:38	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-05-19 14:17 . 2010-03-04 07:33	740864	----a-w-	c:\windows\system32\inetcomm.dll
2010-05-19 13:22 . 2010-05-19 13:22	--------	d-----w-	c:\program files\CCleaner
2010-05-19 12:24 . 2010-05-19 12:24	--------	d-----w-	c:\programdata\F-Secure
2010-05-17 12:28 . 2010-05-17 12:28	--------	d-----w-	c:\program files\SweetIM
2010-05-17 12:28 . 2010-05-17 12:28	--------	d-----w-	c:\programdata\SweetIM
2010-05-15 15:03 . 2010-05-15 15:33	--------	d-----w-	c:\program files\ICQ7.1
2010-05-10 19:17 . 2009-10-10 02:57	12800	----a-w-	c:\windows\system32\drivers\sffp_sd.sys
2010-05-10 19:17 . 2009-10-10 02:31	84992	----a-w-	c:\windows\system32\drivers\sdbus.sys
2010-05-10 18:42 . 2009-12-11 07:44	133720	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2010-05-10 18:42 . 2009-12-11 07:38	1037312	----a-w-	c:\windows\system32\lsasrv.dll
2010-05-10 18:42 . 2009-09-26 05:58	194488	----a-w-	c:\windows\system32\drivers\fvevol.sys
2010-05-07 19:15 . 2010-05-07 19:15	--------	d-----w-	c:\program files\The KMPlayer
2010-05-07 19:02 . 2010-05-07 19:02	--------	d-----w-	c:\users\roadrunner1405\AppData\Local\ratDVD
2010-05-07 19:02 . 2010-05-07 19:02	--------	d-----w-	c:\program files\ratDVD
2010-05-07 13:32 . 2010-05-07 13:32	--------	d-----w-	c:\users\roadrunner1405\AppData\Local\Diagnostics
2010-05-05 10:56 . 2010-05-05 10:56	--------	d-----w-	c:\programdata\eBay
2010-05-05 10:56 . 2010-05-05 10:56	--------	d-----w-	c:\program files\eBay
2010-05-04 10:12 . 2010-05-04 10:12	--------	d-----w-	c:\users\roadrunner1405\AppData\Local\FixItCenter
2010-05-04 09:58 . 2010-05-04 09:58	--------	d-----w-	c:\windows\CheckSur
2010-05-04 09:50 . 2010-05-04 09:50	--------	d-----w-	c:\windows\MATS
2010-05-04 09:50 . 2010-05-04 09:50	--------	d-----w-	c:\program files\Microsoft Fix it Center
2010-05-03 22:44 . 2010-05-04 10:06	--------	d-----w-	c:\program files\Registry Easy
2010-05-03 17:18 . 2010-05-03 17:18	--------	d-----w-	c:\program files\Trend Micro
2010-04-28 06:28 . 2010-04-28 08:34	--------	d-----w-	c:\program files\a-squared Free
2010-04-27 13:59 . 2010-04-27 13:59	--------	d-----w-	c:\programdata\Cloanto
2010-04-27 13:59 . 2010-04-27 13:59	--------	d-----w-	c:\program files\Common Files\Cloanto
2010-04-27 13:59 . 2010-04-27 13:59	--------	d-----w-	c:\program files\Cloanto
2010-04-27 10:25 . 2010-04-01 13:11	30024	----a-w-	c:\windows\system32\uxtuneup.dll
2010-04-27 10:10 . 2010-04-01 13:17	30536	----a-w-	c:\windows\system32\TURegOpt.exe
2010-04-27 10:09 . 2010-04-27 10:25	--------	d-----w-	c:\program files\TuneUp Utilities 2010
2010-04-27 10:07 . 2010-04-27 10:07	--------	d-sh--w-	c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-04-27 09:45 . 2010-05-10 16:00	--------	d-----w-	c:\program files\Unlocker
2010-04-26 20:35 . 2010-04-30 08:19	--------	d-----w-	c:\program files\GridinSoft Trojan Killer
2010-04-26 20:13 . 2010-04-26 20:13	--------	d-----w-	c:\program files\QSoft
2010-04-26 20:12 . 2010-04-26 20:12	--------	d-----w-	c:\program files\NoVirusThanks
2010-04-26 20:06 . 2006-06-19 10:01	69632	----a-w-	c:\windows\system32\ztvcabinet.dll
2010-04-26 20:06 . 2006-05-25 12:52	162304	----a-w-	c:\windows\system32\ztvunrar36.dll
2010-04-26 20:06 . 2005-08-25 22:50	77312	----a-w-	c:\windows\system32\ztvunace26.dll
2010-04-26 20:06 . 2003-02-02 17:06	153088	----a-w-	c:\windows\system32\UNRAR3.dll
2010-04-26 20:06 . 2002-03-05 22:00	75264	----a-w-	c:\windows\system32\unacev2.dll
2010-04-26 20:06 . 2010-04-26 21:12	--------	d-----w-	c:\program files\Trojan Remover
2010-04-26 20:06 . 2010-04-26 20:06	--------	d-----w-	c:\users\roadrunner1405\AppData\Roaming\Simply Super Software
2010-04-26 20:06 . 2010-04-26 20:06	--------	d-----w-	c:\programdata\Simply Super Software
2010-04-26 09:00 . 2010-04-26 09:01	--------	d-----w-	C:\ZL_DB_CCcam_SoftCam_Control
2010-04-25 21:15 . 2010-04-25 21:15	--------	d-----w-	c:\users\roadrunner1405\AppData\Local\Mozilla
2010-04-25 10:22 . 2010-04-25 12:30	--------	d-----w-	c:\program files\WindowsServices
2010-04-25 10:22 . 2010-04-25 10:22	--------	d-----w-	c:\program files\TimHillOne
2010-04-24 11:05 . 2010-04-24 11:05	--------	d-----w-	c:\program files\PGWARE
2010-04-23 14:59 . 2010-04-23 14:59	49152	----a-r-	c:\windows\system32\inetwh32.dll
2010-04-23 14:59 . 2010-04-23 14:59	1044480	----a-r-	c:\windows\system32\roboex32.dll

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-20 15:16 . 2009-08-23 17:48	--------	d-----w-	c:\users\roadrunner1405\AppData\Roaming\Skype
2010-05-20 15:15 . 2009-08-23 17:50	--------	d-----w-	c:\users\roadrunner1405\AppData\Roaming\skypePM
2010-05-20 15:13 . 2010-03-23 19:33	4194304	----a-w-	c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2010-05-20 09:46 . 2009-10-07 08:26	--------	d-----w-	c:\users\roadrunner1405\AppData\Roaming\ICQ
2010-05-20 08:20 . 2009-10-07 08:26	--------	d-----w-	c:\program files\ICQ6Toolbar
2010-05-19 14:21 . 2009-08-27 09:04	--------	d-----w-	c:\programdata\Microsoft Help
2010-05-19 14:20 . 2009-07-14 02:37	--------	d-----w-	c:\program files\Windows Mail
2010-05-19 09:00 . 2010-01-07 12:02	2300696	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2010-05-19 09:00 . 2010-05-19 09:00	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2010-05-18 20:08 . 2010-03-15 12:49	--------	d-----w-	c:\users\roadrunner1405\AppData\Roaming\UseNeXT
2010-05-16 18:02 . 2009-10-08 20:42	--------	d-----w-	c:\program files\Mozilla Thunderbird 3.0 Beta 3
2010-05-15 21:44 . 2010-03-10 10:02	--------	d-----w-	c:\program files\JDownloader
2010-05-15 16:24 . 2009-07-14 04:52	--------	d-----w-	c:\program files\Windows Sidebar
2010-05-15 15:23 . 2009-10-07 08:26	--------	d-----w-	c:\programdata\ICQ
2010-05-10 18:09 . 2009-08-23 17:45	--------	d-----r-	c:\program files\Skype
2010-05-10 16:00 . 2009-08-22 15:25	--------	d-----w-	c:\program files\Smart Battery
2010-05-10 16:00 . 2009-08-22 15:41	--------	d-----w-	c:\program files\Lenovo Fingerprint Software
2010-05-10 12:56 . 2009-10-19 15:04	72784	----a-w-	c:\windows\system32\drivers\BdfNdisf6.sys
2010-05-07 19:13 . 2009-09-11 19:05	--------	d-----w-	c:\users\roadrunner1405\AppData\Roaming\vlc
2010-04-28 06:45 . 2009-10-18 08:40	--------	d-----w-	c:\program files\FileZilla FTP Client
2010-04-27 17:59 . 2010-03-15 12:43	--------	d-----w-	c:\program files\UseNeXT
2010-04-27 10:14 . 2009-08-22 21:46	--------	d-----w-	c:\program files\TuneUp Utilities 2009
2010-04-27 10:08 . 2009-08-22 21:46	--------	d-----w-	c:\programdata\TuneUp Software
2010-04-02 08:46 . 2009-08-22 15:12	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-04-02 08:45 . 2009-10-24 14:45	--------	d-----w-	c:\program files\DAEMON Tools Toolbar
2010-04-02 08:42 . 2010-04-02 08:42	--------	d-----w-	c:\program files\Xirrus
2010-04-01 14:13 . 2010-04-01 14:13	--------	d-----w-	c:\program files\Common Files\Skype
2010-04-01 13:43 . 2009-07-24 10:26	291352	----a-w-	c:\windows\system32\drivers\bdfsfltr.sys
2010-04-01 13:11 . 2009-08-22 21:48	21320	----a-w-	c:\windows\system32\authuitu.dll
2010-03-29 21:06 . 2010-03-29 21:06	--------	d-----w-	c:\program files\EPROM50
2010-03-29 20:58 . 2010-03-29 20:58	5152	----a-w-	c:\windows\system32\drivers\io.sys
2010-03-25 18:39 . 2010-03-25 18:38	--------	d-----w-	c:\program files\ICQ-Banner-Remover
2010-03-25 09:27 . 2010-04-25 21:32	1107264	----a-w-	c:\users\roadrunner1405\AppData\Roaming\Mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
2010-03-24 18:17 . 2010-03-24 08:04	952768	----a-w-	c:\programdata\Adobe\Reader\9.3\ARM\30963\AdobeARM.exe
2010-03-24 18:17 . 2010-03-24 08:04	70584	----a-w-	c:\programdata\Adobe\Reader\9.3\ARM\30963\AdobeExtractFiles.dll
2010-03-24 18:17 . 2010-03-24 08:04	326056	----a-w-	c:\programdata\Adobe\Reader\9.3\ARM\30963\ReaderUpdater.exe
2010-03-24 18:17 . 2010-03-24 08:04	326056	----a-w-	c:\programdata\Adobe\Reader\9.3\ARM\30963\AcrobatUpdater.exe
2010-03-23 19:33 . 2009-10-22 16:20	739082	----a-w-	c:\windows\system32\perfh007.dat
2010-03-23 19:33 . 2009-10-22 16:20	153070	----a-w-	c:\windows\system32\perfc007.dat
2010-03-23 19:32 . 2010-03-23 19:32	--------	d-----w-	c:\program files\CMAK
2010-03-23 09:54 . 2010-03-23 09:54	--------	d-----w-	c:\program files\RMClock
2010-03-22 18:04 . 2010-03-22 18:04	--------	d-----w-	c:\program files\CPUCooL
2010-03-18 15:58 . 2010-03-18 15:58	101248	----a-w-	c:\windows\system32\drivers\avmaura.sys
2010-03-18 12:22 . 2010-03-18 11:08	28672	----a-w-	c:\windows\system32\AF15BDAEX.dll
2010-03-18 12:22 . 2010-03-18 11:08	126	----a-w-	c:\windows\system32\AF15IRTBL.bin
2010-03-18 12:22 . 2010-03-18 11:08	483200	----a-w-	c:\windows\system32\drivers\AF15BDA.sys
2010-03-17 09:35 . 2010-04-25 21:32	309248	----a-w-	c:\users\roadrunner1405\AppData\Roaming\Mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll
2010-03-15 13:04 . 2009-08-25 12:02	34	----a-w-	c:\programdata\StarMoney 7.0\profil\sfmsm.dll
2010-03-10 10:01 . 2010-03-10 10:01	411368	----a-w-	c:\windows\system32\deploytk.dll
2010-03-08 21:33 . 2010-04-14 07:57	427520	----a-w-	c:\windows\system32\vbscript.dll
2010-02-28 19:23 . 2009-09-05 13:06	281760	----a-w-	c:\windows\system32\drivers\atksgt.sys
2010-02-28 19:23 . 2009-09-05 13:06	25888	----a-w-	c:\windows\system32\drivers\lirsgt.sys
2010-02-28 18:30 . 2010-02-28 18:30	48648	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2010-02-28 18:30 . 2010-02-06 17:47	1170240	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-02-27 12:07 . 2010-04-14 07:57	3899280	----a-w-	c:\windows\system32\ntoskrnl.exe
2010-02-27 12:07 . 2010-04-14 07:57	3954568	----a-w-	c:\windows\system32\ntkrnlpa.exe
2010-02-27 07:32 . 2010-04-14 07:57	221696	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2010-02-27 07:32 . 2010-04-14 07:57	95744	----a-w-	c:\windows\system32\drivers\mrxsmb20.sys
2010-02-27 07:32 . 2010-04-14 07:57	123392	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2010-02-23 07:56 . 2010-03-30 17:57	977920	----a-w-	c:\windows\system32\wininet.dll
2010-02-22 16:58 . 2010-03-11 14:09	1733152	----a-w-	c:\windows\system32\RtkPgExt.dll
2010-02-22 16:58 . 2010-03-11 14:09	57888	----a-w-	c:\windows\system32\RtkCoInst.dll
2010-02-22 16:58 . 2010-03-11 14:09	371232	----a-w-	c:\windows\system32\RtkApoApi.dll
2010-02-22 16:58 . 2010-03-11 14:09	2649120	----a-w-	c:\windows\system32\RtkAPO.dll
2010-02-22 16:23 . 2010-03-11 14:09	3022944	----a-w-	c:\windows\system32\drivers\RTKVHDA.sys
2010-02-20 16:47 . 2010-01-07 12:02	1170240	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-06-10 21:26 . 2009-07-14 02:04	9633792	--sha-r-	c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42	396800	--sha-w-	c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

	Code: 

 ATTFilter

  
	<pre>
c:\program files\Acronis\TrueImageHome\timountermonitor .exe
c:\program files\Acronis\TrueImageHome\TrueImageMonitor .exe
c:\program files\Adobe\Reader 9.0\Reader\reader_sl .exe
c:\program files\Common Files\Acronis\Schedule2\schedhlp .exe
c:\program files\Common Files\Adobe\ARM\1.0\adobearm .exe
c:\program files\Intel\AMT\atchk .exe
c:\program files\Lenovo Fingerprint Software\fpapp .exe
c:\program files\Microsoft Office\Office12\groovemonitor .exe
c:\program files\PGWARE\SuperRam\superramtray .exe
c:\program files\QSoft\Autorun Kicker\_autorunkicker .exe
c:\program files\Skype\Phone\skype .exe
c:\program files\Smart Battery\smbtray .exe
c:\program files\Trojan Remover\trjscan .exe
c:\program files\Unlocker\UnlockerAssistant  .exe
c:\program files\Windows Sidebar\sidebar .exe
</pre>
         
 ((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\program files\Acronis\TrueImageHome\timountermonitor .exe ---
Company: Acronis
File Description: Monitor for Acronis True Image Backup Archive Explorer
File Version: 4,0,0,453
Product Name: Acronis True Image
Copyright: Copyright (c) Acronis 2000-2007
Original Filename: TimounterMonitor.exe
File size: 962456
Created time: 2008-09-15 16:32
Modified time: 2008-09-15 16:32
MD5: C880EF37016EE8AF0FB22B066EF4C1B7
SHA1: 85C0B0C81FCBEAD6BFFB4D9EC09A485F73A783E6


--- c:\program files\Acronis\TrueImageHome\TrueImageMonitor .exe ---
Company: Acronis
File Description: Acronis True Image Monitor
File Version: 12,0,0,9551
Product Name: Acronis True Image
Copyright: Copyright (C) Acronis, 2000-2008.
Original Filename: TrueImageMonitor.exe
File size: 4353088
Created time: 2008-09-15 16:21
Modified time: 2008-09-15 16:21
MD5: ECAA272D17CE77DB46E5B98A60869984
SHA1: 18E8311DB6FC092E53E68A8C921F8266026CA0CB


--- c:\program files\Adobe\Reader 9.0\Reader\reader_sl .exe ---
Company: Adobe Systems Incorporated
File Description: Adobe Acrobat SpeedLauncher
File Version: 9.3.2.163
Product Name: Adobe Acrobat
Copyright: Copyright 1984-2010 Adobe Systems Incorporated and its licensors. All rights reserved.
Original Filename: AcroSpeedLaunch.exe
File size: 36272
Created time: 2010-04-04 05:42
Modified time: 2010-04-04 05:42
MD5: F91F52F4EA5D88DAB6245682A16F3A72
SHA1: CD8F3D00EAE82C6205A24359A92F4C1C44930D45


--- c:\program files\Common Files\Acronis\Schedule2\schedhlp .exe ---
Company: Acronis
File Description: Acronis Scheduler Helper
File Version: 1,0,0,271
Product Name: Acronis Scheduler Helper
Copyright: Copyright (C) 2000-2004 Acronis
Original Filename: schedhlp.exe
File size: 165144
Created time: 2008-09-15 16:27
Modified time: 2008-09-15 16:27
MD5: 6DAB589180D9C831A14B8FC4ED50659F
SHA1: 31CEF20A1554D72FC2C4561753032F0B28BDFDD2


--- c:\program files\Common Files\Adobe\ARM\1.0\adobearm .exe ---
Company: Adobe Systems Incorporated
File Description: Adobe Reader and Acrobat Manager
File Version: 1.1.7.0
Product Name: Adobe Reader and Acrobat Manager
Copyright: Copyright © 2010 Adobe Systems Incorporated.  All rights reserved.
Original Filename: AdobeARM.exe
File size: 952768
Created time: 2009-12-11 14:57
Modified time: 2010-03-24 18:17
MD5: DB1DB28467111A24664933AB8908CBCE
SHA1: 158A5420F5ED20F1B2AFD210564A4A712C6C3C22


--- c:\program files\Intel\AMT\atchk .exe ---
Company: Intel Corporation
File Description: Displays state of Intel® Active Management Technology.
File Version: 2.0.0.5
Product Name: atchk
Copyright: Copyright(C) 2006 Intel Corporation.
Original Filename: atchk.exe
File size: 404248
Created time: 2009-08-22 16:36
Modified time: 2007-07-27 06:07
MD5: 398AC7A90320B60BEBA0E6619BD6A614
SHA1: 69A33AD11FACFF3FDDF8AC28BD103277688A6228


--- c:\program files\Lenovo Fingerprint Software\fpapp .exe ---
Company: Authentec,Inc
File Description: 
File Version: 1, 1, 6, 55
Product Name: fpapp.exe
Copyright: Authentec .  All rights reserved.
Original Filename: fpapp.exe
File size: 950272
Created time: 2008-07-15 05:13
Modified time: 2008-07-15 05:13
MD5: 5C2520F481973E26B58DF115E93C2154
SHA1: 969563F570B1098DE57E52D6D7785FDE132296E1


--- c:\program files\Microsoft Office\Office12\groovemonitor .exe ---
Company: Microsoft Corporation
File Description: GrooveMonitor Utility
File Version: 12.0.6413.1000
Product Name: GrooveMonitor Utility
Copyright: © 2006 Microsoft Corporation.  All rights reserved.
Original Filename: GrooveMonitor.exe
File size: 31072
Created time: 2008-10-25 10:44
Modified time: 2008-10-25 10:44
MD5: 644795F6985C740F5E36E9336B837D0B
SHA1: D2F5F78D437D81BA678F61AE2EEB966AC0715091


--- c:\program files\PGWARE\SuperRam\superramtray .exe ---
Company: PGWARE LLC
File Description: SuperRam Tray Applet
File Version: 6.0.0.0
Product Name: SuperRam
Copyright: Copyright © 2001-2010 PGWARE LLC
Original Filename: SUPERRAMTRAY.EXE
File size: 1703624
Created time: 2010-04-24 11:06
Modified time: 2010-04-18 21:09
MD5: 9955A8998FF5D41A414AC53979202A2A
SHA1: 1C0A419B48C992ECE80E15FF493C08CB83AF771E


--- c:\program files\QSoft\Autorun Kicker\_autorunkicker .exe ---
Company: UNDP
File Description: Autorun_Kicker
File Version: 1.0.0.0
Product Name: Autorun_Kicker
Copyright: Copyright © UNDP 2008
Original Filename: Autorun_Kicker.exe
File size: 528384
Created time: 2010-04-26 20:13
Modified time: 2009-01-03 09:23
MD5: EFE7D4DE8D219FF73CF2E99E2C86012C
SHA1: 81E4AB541CFA8E4D4A0C47C06840814AD716371E


--- c:\program files\Skype\Phone\skype .exe ---
Company: Skype Technologies S.A.
File Description: Skype
File Version: 4.2.0.155
Product Name: Skype
Copyright: (c) Skype Technologies S.A.
Original Filename: Skype.exe
File size: 26100520
Created time: 2010-03-09 08:02
Modified time: 2010-03-09 08:02
MD5: 46C92F0351DF5A4F74C9D37CD43F741D
SHA1: 9EEF9CE68CA87BD69B9B338D8C4CCC591B81A295


--- c:\program files\Smart Battery\smbtray .exe ---
Company: Compal Electronics, Inc.
File Description: TODO: <File description>
File Version: 1.0.0.6
Product Name: TODO: <Product name>
Copyright: TODO: (c) <Company name>.  All rights reserved.
Original Filename: SMBTrayVC2005.exe
File size: 521776
Created time: 2009-08-22 15:25
Modified time: 2007-06-04 15:22
MD5: 32C973E68E3DF5831638337503738E62
SHA1: E51F7C5A2E675BC84866AADD928C8D644B2FC5CB


--- c:\program files\Trojan Remover\trjscan .exe ---
Company: Simply Super Software
File Description: Trojan Scanner
File Version: 6.8.2.1307
Product Name: Trojan Scanner
Copyright: © 1999-2010 Simply Super Software
Original Filename: TRJSCAN.EXE
File size: 1165192
Created time: 2010-04-26 20:06
Modified time: 2010-02-27 18:17
MD5: 87CE21846BCFA0F0A14F60807DD0A56D
SHA1: 7012AE4BFCE6A62E806A4FBC2AD65232282BFD5F


--- c:\program files\Unlocker\UnlockerAssistant  .exe ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 15872
Created time: 2010-03-09 02:52
Modified time: 2010-03-09 02:52
MD5: C33EE8245897AEF45B7F0C70FDE0F78F
SHA1: 0AF3A3B9895113589E56A043E16D21ECA0038057


--- c:\program files\Windows Sidebar\sidebar .exe ---
Company: Microsoft Corporation
File Description: Windows Sidebar
File Version: 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: sidebar.EXE
File size: 1233920
Created time: 2009-07-13 23:41
Modified time: 2009-04-11 06:28
MD5: 9E35FF7F943AE0FB89192BFE058B7FD4
SHA1: 445D62FEAC7E3F9762B78B3E901A9DCA1B08BCFF


((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2010-03-18 14:06	1361208	----a-r-	c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-03-18 1361208]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-03-18 1361208]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-06 26102056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2010-04-01 1123360]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-10-19 71152]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-02-22 8522272]
"MsmqIntCert"="mqrt.dll" [2009-07-14 152064]
"igfxTray Module"="c:\windows\System32\igfxtray.exe" [2009-09-23 141848]
"hkcmd Module"="c:\windows\System32\hkcmd.exe" [2009-09-23 173592]
"persistence Module"="c:\windows\System32\igfxpers.exe" [2009-09-23 150552]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2010-04-14 111928]
" Malwarebytes Anti-Malware  (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\users\roadrunner1405\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Mozilla Firefox.lnk - c:\program files\Mozilla Firefox\firefox.exe [2010-4-25 910296]
Mozilla Thunderbird 3.0 Beta 3.lnk - c:\program files\Mozilla Thunderbird 3.0 Beta 3\thunderbird.exe [2009-10-8 11959472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages	REG_MULTI_SZ   	msv1_0 wvauth
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TMMonitor.lnk]
backup=c:\windows\pss\TMMonitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^roadrunner1405^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^klickTel OEM Frühjahr 2009 - Schnellstarter.lnk]
backup=c:\windows\pss\klickTel OEM Frühjahr 2009 - Schnellstarter.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2009-10-10 12:32	203264	----a-w-	c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EmbassySecurityCheck]
2007-04-16 08:13	71232	----a-w-	c:\program files\Wave Systems Corp\Embassy Security Setup\EmbassySecurityCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-09-23 17:30	173592	----a-w-	c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2009-06-04 17:03	186904	----a-w-	c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-09-23 17:30	141848	----a-w-	c:\windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-09-23 17:30	150552	----a-w-	c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\phonostarTimer]
2009-09-28 09:01	36864	----a-w-	c:\program files\phonostar-Player\phonostarTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2009-11-11 14:11	287800	----a-r-	c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2009-09-24 13:41	434176	----a-w-	c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-03-10 10:01	149280	----a-w-	c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TODO_ _File description_]
c:\program files\Smart Battery\smbtray.exe [N/A]

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-10-24 721904]
R2 StarMoney 7.0 OnlineUpdate;StarMoney 7.0 OnlineUpdate;c:\program files\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe [2009-09-11 528904]
R3 AF9035BDA;AF9035 BDA Devices;c:\windows\system32\Drivers\AF9035BDA.sys [2009-07-13 199168]
R3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2009-10-19 183880]
R3 MatSvc;Microsoft Fix it Supportcenter;c:\program files\Microsoft Fix it Center\Matsvc.exe [2010-04-10 266544]
R3 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R3 WMSVC;Webverwaltungsdienst;c:\windows\system32\inetsrv\wmsvc.exe [2009-07-14 9728]
R4 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S0 snapman378;Acronis Snapshots Manager (Build 378);c:\windows\system32\DRIVERS\snman378.sys [2009-08-22 134272]
S0 stmtpm;STM TPM Service;c:\windows\system32\DRIVERS\stm_tpm.sys [2007-07-05 21504]
S0 tdrpman124;Acronis Try&Decide and Restore Points filter (build 124);c:\windows\system32\DRIVERS\tdrpm124.sys [2009-08-22 950848]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\windows\system32\DRIVERS\BdfNdisf6.sys [2010-05-10 72784]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2010-05-10 79952]
S2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [2010-04-28 1872320]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2009-11-20 29416]
S2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2010\bdvedisk.sys [2010-05-10 85128]
S2 ftpsvc;Microsoft-FTP-Dienst;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-03-28 246520]
S2 io.sys;IO.DLL Driver;c:\windows\system32\drivers\io.sys [2010-03-29 5152]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-02-11 172328]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-04-01 1050440]
S2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [2007-07-27 1489688]
S3 avmaura;AVM USB-Fernanschluss;c:\windows\system32\DRIVERS\avmaura.sys [2010-03-18 101248]
S3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [2010-02-17 153448]
S3 DCamUSBGene;GenesysLogic USB2.0 PC Camera;c:\windows\system32\DRIVERS\usbgene.sys [2007-06-26 131584]
S3 netw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2010-01-13 6628352]
S3 PsxDrv;PsxDrv;c:\windows\system32\drivers\psxdrv.sys [2009-07-13 9216]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2009-11-09 25088]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
S3 wbms_vista_x86;Winbond Memory Stick Controller;c:\windows\system32\Drivers\wbms_vista_x86.SYS [2007-06-26 52224]
S3 wbsdmmc;Winbond SD/MMC Controller;c:\windows\system32\DRIVERS\wbsdmmc_vista_x86.sys [2007-04-20 44544]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService	REG_MULTI_SZ   	HsfXAudioService
bdx	REG_MULTI_SZ   	scan
ftpsvc	REG_MULTI_SZ   	ftpsvc
iissvcs	REG_MULTI_SZ   	w3svc was
apphost	REG_MULTI_SZ   	apphostsvc
ipripsvc	REG_MULTI_SZ   	iprip
LPDService	REG_MULTI_SZ   	LPDSVC

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
LSP: c:\windows\system32\biolsp.dll
FF - ProfilePath - c:\users\roadrunner1405\AppData\Roaming\Mozilla\Firefox\Profiles\jx3wb3ha.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - 
FF - component: c:\program files\BitDefender\BitDefender 2010\bdaphffext\components\bdaphff2.dll
FF - component: c:\program files\BitDefender\BitDefender 2010\bdaphffext\components\bdaphff3.6.dll
FF - component: c:\program files\BitDefender\BitDefender 2010\bdaphffext\components\bdaphff3.dll
FF - component: c:\users\roadrunner1405\AppData\Roaming\Mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}\components\NativeComponent.dll
FF - component: c:\users\roadrunner1405\AppData\Roaming\Mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\fb_add_on@avm.de\components\FB_AddOn.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Sony\Media Go\npmediago.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Win7codecs\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\Win7codecs\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\users\roadrunner1405\AppData\Roaming\Mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
 
 
 
 
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-persistent-connections-per-server - 4
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, hxxp://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: >>UNKNOWN [0x8304B000]<< >>UNKNOWN [0x89BA1000]<< >>UNKNOWN [0x89B90000]<< >>UNKNOWN [0x8467D000]<< >>UNKNOWN [0x83014000]<< 
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
 SecurityProcedure -> 0x8587b848
 QueryNameProcedure -> 0x8587b9d8
user & kernel MBR OK 

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\.Default\Software\SetID\Internal]
@Denied: (A 2) (LocalSystem)
"DATA"="<settings expireTime=\"0\" productStatus=\"1\" obSize=\"0\" InstallIS=\"2145870353\" isSubsc=\"0\" version=\"12.0.1\" timeDiff=\"1\" oldDevice=\"\" authStatus_is=\"0\" />"
"Device"="xrnJucq8yLy6z8fMzszNusjHvM8="

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'lsass.exe'(692)
c:\windows\system32\wvauth.DLL
c:\windows\system32\biolsp.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\psxss.exe
c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
c:\program files\BitDefender\BitDefender 2010\vsserv.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Intel\AMT\atchksrv.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Intel\AMT\LMS.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\mqsvc.exe
c:\xampp\mysql\bin\mysqld.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\System32\tcpsvcs.exe
c:\windows\System32\snmp.exe
c:\windows\system32\taskhost.exe
c:\program files\BitDefender\BitDefender 2010\seccenter.exe
c:\program files\TeamViewer\Version5\TeamViewer.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\system32\mqtgsvc.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\UI0Detect.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\BitDefender\BitDefender Update Service\upgrepl.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-05-20  17:21:27 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-05-20 15:21
ComboFix2.txt  2010-05-20 11:23
ComboFix3.txt  2010-05-19 14:06

Vor Suchlauf: 14 Verzeichnis(se), 12.555.452.416 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 12.390.027.264 Bytes frei

- - End Of File - - 6F979153E0841DF326F9E7898F317CAD

[/QUOTE]

Firefox öffnet bei suche in Google mehrmals falsche links vor dem richtigen

Plagegeister aller Art und deren Bekämpfung: Firefox öffnet bei suche in Google mehrmals falsche links vor dem richtigen

Firefox öffnet bei suche in Google mehrmals falsche links vor dem richtigen

Firefox öffnet bei suche in Google mehrmals falsche links vor dem richtigen

Ähnliche Themen: Firefox öffnet bei suche in Google mehrmals falsche links vor dem richtigen