Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Dienst "Sicherheitscenter" lässt sich nicht starten - Googleumleitungen - Trojaner on Board ?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 06.02.2011, 09:35   #1
rupa
 
Dienst "Sicherheitscenter" lässt sich nicht starten - Googleumleitungen - Trojaner on Board ? - Standard

Dienst "Sicherheitscenter" lässt sich nicht starten - Googleumleitungen - Trojaner on Board ?



Hallo Zusammen,

ich habe mir einen Trojaner (o.ä.) eingefangen.
(Virenprogramm ist Avast)
Aufgefallen ist mir das durch Umleitungen bei Google.

Daher habe ich mein System überprüfen lassen mit AdAware und Spybot. -
Die Programme haben auch einige gefunden was gelöscht werden konnte.
Die Googleumleitungen sind nun bis auf ganz seltene Ausnahmen weg!

Allerdings lässt sich das Sicherheitscenter nicht mehr Starten. d.H. der Dienst ist deaktiviert. ich kann ihn aktivieren und starten aber nach wenigen sekunden deaktiviert er sich wieder. Mitlterweile habe ich die "Anmeldung" verändert und weiß nicht mehr über welches Konto bzw. Kennwort der Dienst gestartet werden muss. Bzw. würde es ja eh nicht gehen...

Habe ich noch einen Trojaner on Board ???

Überprüft mit Malwarebytes habe ich bereits.

vielleicht kann mir ja jemand helfen! Vielen Dank im Voraus!!!!

Hier das Log von HiJackThis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:15:36, on 06.02.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\OEM\OSD_1.16\osd.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Appigo Sync\Appigo Sync.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Hardcopy\hardcopy.exe
C:\Program Files\Telekom\Mediencenter\MediencenterSoftware.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Users\Peter Klein\AppData\Local\Apps\2.0\7YTMLKWX.BA0\BLGRCKB8.CGO\woot..tion_5e08585fa4ad14cc_0001.0003_aac5573fca9fb601\Wootch.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe
C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\mmc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Peter Klein\Downloads\HiJackThis204.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchElf 1.2 Toolbar - {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - C:\Program Files\SearchElf_1.2\tbSear.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SearchElf 1.2 Toolbar - {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - C:\Program Files\SearchElf_1.2\tbSear.dll
O3 - Toolbar: SearchElf 1.2 Toolbar - {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - C:\Program Files\SearchElf_1.2\tbSear.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [OSD] C:\Program Files\OEM\OSD_1.16\osd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\RealMedia\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [gStart] C:\Program Files\Garmin\gStart.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Appigo Sync] C:\Program Files\Appigo Sync\Appigo Sync.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Hardcopy.LNK = C:\Program Files\Hardcopy\hardcopy.exe
O4 - Startup: Mediencenter Software.lnk = C:\Program Files\Telekom\Mediencenter\MediencenterSoftware.exe
O4 - Startup: Wootch.appref-ms
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\Peter Klein\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: Download by FlashGet3 - C:\Users\Peter Klein\AppData\Roaming\FlashGetBHO\GetUrl.htm
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O15 - Trusted Zone: hxxp://software.kuaiche.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{715D35D4-431A-4E55-BFE1-0016708772D9}: NameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{C6EF4E26-4E8C-4458-A58F-9D4550590474}: NameServer = 192.168.0.254
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll
O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Brother BRAdminPro Scheduler (BRA_Scheduler) - Unknown owner - C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1ca4bca8a47b180) (gupdate1ca4bca8a47b180) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Mediencenter Service (MCSWASVR) - Deutsche Telekom AG - C:\Program Files\Telekom\Mediencenter\WebDAV.AdminService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: OSD Service (OsdService) - TODO: <????> - C:\Program Files\OEM\OSD_1.16\OsdService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: VLC media player - Unknown owner - C:\Programme\VideoLAN\VLC_072\vlc.exe

--
End of file - 13050 bytes

Alt 06.02.2011, 21:37   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Dienst "Sicherheitscenter" lässt sich nicht starten - Googleumleitungen - Trojaner on Board ? - Standard

Dienst "Sicherheitscenter" lässt sich nicht starten - Googleumleitungen - Trojaner on Board ?



Zitat:
Die Programme haben auch einige gefunden was gelöscht werden konnte.
Alles Logs dazu posten!!
__________________

__________________

Alt 08.02.2011, 09:16   #3
rupa
 
Dienst "Sicherheitscenter" lässt sich nicht starten - Googleumleitungen - Trojaner on Board ? - Standard

Dienst "Sicherheitscenter" lässt sich nicht starten - Googleumleitungen - Trojaner on Board ?



Hallo,

davon habe ich nicht die Logs geschert.
soll ich Adaware und Spybot nochmals laufen lassen und die Logs sichern`?
__________________

Alt 08.02.2011, 09:24   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Dienst "Sicherheitscenter" lässt sich nicht starten - Googleumleitungen - Trojaner on Board ? - Standard

Dienst "Sicherheitscenter" lässt sich nicht starten - Googleumleitungen - Trojaner on Board ?



Öffne doch mal bitte die Programme und schau in den Menüs nach den Protokollen, die Programme bewahren die Logs auf!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.02.2011, 10:09   #5
rupa
 
Dienst "Sicherheitscenter" lässt sich nicht starten - Googleumleitungen - Trojaner on Board ? - Standard

Dienst "Sicherheitscenter" lässt sich nicht starten - Googleumleitungen - Trojaner on Board ?



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2011-02-01 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2010-10-05 Includes\Adware.sbi
2010-11-30 Includes\AdwareC.sbi
2010-08-13 Includes\Cookies.sbi
2010-12-14 Includes\Dialer.sbi
2010-12-14 Includes\DialerC.sbi
2010-01-25 Includes\HeavyDuty.sbi
2010-11-30 Includes\Hijackers.sbi
2011-01-25 Includes\HijackersC.sbi
2010-09-15 Includes\iPhone.sbi
2010-12-14 Includes\Keyloggers.sbi
2010-12-14 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2010-12-14 Includes\Malware.sbi
2011-01-25 Includes\MalwareC.sbi
2010-05-18 Includes\PUPS.sbi
2010-12-14 Includes\PUPSC.sbi
2010-01-25 Includes\Revision.sbi
2009-01-13 Includes\Security.sbi
2010-12-14 Includes\SecurityC.sbi
2008-06-03 Includes\Spybots.sbi
2008-06-03 Includes\SpybotsC.sbi
2011-01-18 Includes\Spyware.sbi
2011-01-18 Includes\SpywareC.sbi
2010-03-08 Includes\Tracks.uti
2010-12-28 Includes\Trojans.sbi
2011-01-25 Includes\TrojansC-02.sbi
2011-01-13 Includes\TrojansC-03.sbi
2011-01-25 Includes\TrojansC-04.sbi
2011-01-25 Includes\TrojansC-05.sbi
2010-12-28 Includes\TrojansC.sbi
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll


--- System information ---
Unknown Windows version 6.1 (Build: 7600) (6.1.7600)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB973688)


--- Startup entries list ---
Located: HK_LM:Run, Adobe ARM
command: "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
file: C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
size: 932288
MD5: BAD6BEA0DE1F69C82BDB74378CE0C20A

Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
size: 35760
MD5: 12673BCF7B32087DF63F0CFF550EA40B

Located: HK_LM:Run, AppleSyncNotifier
command: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
file: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
size: 47904
MD5: 310638EBDD87B49DF3D12EDB853D5166

Located: HK_LM:Run, avast!
command: "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
file: C:\Program Files\Alwil Software\Avast4\ashDisp.exe
size: 81000
MD5: 0A7E9FDF3BF1980CA09FEEAC7F52EFBC

Located: HK_LM:Run, DivX Download Manager
command: "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start
file: C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe
size: 63360
MD5: 57D8C4ED26DFD7EF0E2CB196FB8BFB54

Located: HK_LM:Run, DivXUpdate
command: "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
file: C:\Program Files\DivX\DivX Update\DivXUpdate.exe
size: 1226608
MD5: A58E05767687E1E636D160ECEA9BC8ED

Located: HK_LM:Run, GrooveMonitor
command: "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
file: C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
size: 31072
MD5: 644795F6985C740F5E36E9336B837D0B

Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\iTunesHelper.exe"
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 421160
MD5: F3DEAA1F2FCF70FAF6DE3757CA343FA5

Located: HK_LM:Run, Kernel and Hardware Abstraction Layer
command: KHALMNPR.EXE
file: C:\Windows\KHALMNPR.EXE
size: 55824
MD5: E42A642E162B0468B2C4E9D803079C7F

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
file: C:\Windows\system32\NvCpl.dll
size: 13797992
MD5: 363FDE1796237C3D96DF9F61ED748EF1

Located: HK_LM:Run, OSD
command: C:\Program Files\OEM\OSD_1.16\osd.exe
file: C:\Program Files\OEM\OSD_1.16\osd.exe
size: 376832
MD5: D22A7C0E5BE388E76C8B5DD5C392C18C

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 421888
MD5: 0AEE5668EB59912F32FF245BFA72465F

Located: HK_LM:Run, RtHDVCpl
command: C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
file: C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
size: 9742952
MD5: 9048E39550CD6599F98673B4437D0E4C

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
file: C:\Program Files\Common Files\Java\Java Update\jusched.exe
size: 248552
MD5: 93DB1FF92B03D24738A71E6E4992DFD3

Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\RealMedia\Update_OB\realsched.exe" -osboot
file: C:\Program Files\RealMedia\Update_OB\realsched.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, Windows Mobile Device Center
command: %windir%\WindowsMobile\wmdc.exe
file: C:\Windows\WindowsMobile\wmdc.exe
size: 648072
MD5: 96B3C4E20F02CA16AA1E3E425BFFCC8B

Located: HK_CU:Run, Sidebar
where: S-1-5-19...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
file: C:\Program Files\Windows Sidebar\Sidebar.exe
size: 1173504
MD5: EA6EADF6314E43783BA8EEE79F93F73C

Located: HK_CU:RunOnce, mctadmin
where: S-1-5-19...
command: C:\Windows\System32\mctadmin.exe
file: C:\Windows\System32\mctadmin.exe
size: 93696
MD5: BBA1A5B86134F496B926DDAF247DB871

Located: HK_CU:Run, Sidebar
where: S-1-5-20...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
file: C:\Program Files\Windows Sidebar\Sidebar.exe
size: 1173504
MD5: EA6EADF6314E43783BA8EEE79F93F73C

Located: HK_CU:RunOnce, mctadmin
where: S-1-5-20...
command: C:\Windows\System32\mctadmin.exe
file: C:\Windows\System32\mctadmin.exe
size: 93696
MD5: BBA1A5B86134F496B926DDAF247DB871

Located: HK_CU:Run, Appigo Sync
where: S-1-5-21-1493101012-1834472469-1317637537-1000...
command: C:\Program Files\Appigo Sync\Appigo Sync.exe
file: C:\Program Files\Appigo Sync\Appigo Sync.exe
size: 229376
MD5: 86CD8780E31386CA1D46F48440D3A3BF

Located: HK_CU:Run, DAEMON Tools Lite
where: S-1-5-21-1493101012-1834472469-1317637537-1000...
command: "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
file: C:\Program Files\DAEMON Tools Lite\DTLite.exe
size: 357696
MD5: F34E7705751BB413283434697BF8E55D

Located: HK_CU:Run, gStart
where: S-1-5-21-1493101012-1834472469-1317637537-1000...
command: C:\Program Files\Garmin\gStart.exe
file: C:\Program Files\Garmin\gStart.exe
size: 1891416
MD5: 4B4F81C294B9A07479F4F4F8FF20E58C

Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-1493101012-1834472469-1317637537-1000...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887

Located: HK_CU:Run, SUPERAntiSpyware
where: S-1-5-21-1493101012-1834472469-1317637537-1000...
command: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
file: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
size: 2424560
MD5: 7B9E9A8C71C77DD03CF97FA7C996C3C9

Located: Startup (allgemein), Logitech SetPoint.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\Logitech\SetPoint\SetPoint.exe
file: C:\Program Files\Logitech\SetPoint\SetPoint.exe
size: 813584
MD5: B624202660474516E73AA95238FD9843

Located: Startup (Benutzer), Adobe Gamma.lnk
where: C:\Users\Peter Klein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
file: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
size: 113664
MD5: C2FF17734176CD15221C10044EF0BA1A

Located: Startup (Benutzer), Hardcopy.LNK
where: C:\Users\Peter Klein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\Hardcopy\hardcopy.exe
file: C:\Program Files\Hardcopy\hardcopy.exe
size: 1725440
MD5: 8E3217F553022AA10F77119A88A179AD

Located: Startup (Benutzer), Mediencenter Software.lnk
where: C:\Users\Peter Klein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\Telekom\Mediencenter\MediencenterSoftware.exe
file: C:\Program Files\Telekom\Mediencenter\MediencenterSoftware.exe
size: 1991824
MD5: 8A0A6722AC6C3FC594500C1B4B494980

Located: WinLogon, LBTWlgn
command: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
file: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
size: 72208
MD5: A589D4BD91C15A0112E2F5DEF235DD67



--- Browser helper object list ---
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelperShim.dll
Short name: ACROIE~2.DLL
Date (created): 22.09.2010 17:04:14
Date (last access): 10.10.2010 18:28:42
Date (last write): 22.09.2010 17:04:14
Filesize: 75200
Attributes: archive
MD5: 203A74767EB81F96A5166B1933DB46D0
CRC32: B0D671C9
Version: 9.4.0.195

{3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: RealPlayer Download and Record Plugin for Internet Explorer
Path: C:\Program Files\Real\RealPlayer\
Long name: rpbrowserrecordplugin.dll
Short name: RPBROW~1.DLL
Date (created): 13.10.2009 07:02:20
Date (last access): 13.10.2009 07:02:20
Date (last write): 13.10.2009 07:02:20
Filesize: 329312
Attributes: archive
MD5: 98EA10E878D73C261E0C6316A3A48658
CRC32: 6CE96CBB
Version: 1.0.1.514

{30F9B915-B755-4826-820B-08FBA6BD249D} (Conduit Engine)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Conduit Engine
Path: C:\Program Files\ConduitEngine\
Long name: ConduitEngine.dll
Short name: CONDUI~1.DLL
Date (created): 17.12.2010 15:35:46
Date (last access): 17.12.2010 15:35:46
Date (last write): 09.12.2010 12:51:30
Filesize: 3911776
Attributes: archive
MD5: D9A0CE26ADA5BD15B1B03A752DDF14A6
CRC32: 720A331A
Version: 6.2.7.3

{326E768D-4182-46FD-9C16-1449A49795F4} (Increase performance and video formats for your HTML5 <video>)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: Increase performance and video formats for your HTML5 <video>
CLSID name: DivX Plus Web Player HTML5 <video>
Path: C:\Program Files\DivX\DivX Plus Web Player\
Long name: npdivx32.dll
Short name:
Date (created): 08.12.2010 22:15:44
Date (last access): 14.01.2011 07:47:36
Date (last write): 08.12.2010 22:15:44
Filesize: 3123072
Attributes: archive
MD5: ABB7A668B5D11BFF77DD00CC2B6C8DB0
CRC32: E10E3B63
Version: 2.1.0.900

{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: hxxp://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 01.02.2011 12:06:00
Date (last access): 01.02.2011 12:06:00
Date (last write): 26.01.2009 15:31:02
Filesize: 1879896
Attributes: archive
MD5: 022C2F6DCCDFA0AD73024D254E62AFAC
CRC32: 5BA24007
Version: 1.6.2.14

{593DDEC6-7468-4cdd-90E1-42DADAA222E9} (Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites
CLSID name: DivX HiQ
Path: C:\Program Files\DivX\DivX Plus Web Player\
Long name: npdivx32.dll
Short name:
Date (created): 08.12.2010 22:15:44
Date (last access): 14.01.2011 07:47:36
Date (last write): 08.12.2010 22:15:44
Filesize: 3123072
Attributes: archive
MD5: ABB7A668B5D11BFF77DD00CC2B6C8DB0
CRC32: E10E3B63
Version: 2.1.0.900

{5FF49FE8-B332-4CB9-B102-FB6951629E55} (Virtual Storage Mount Notification)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: Virtual Storage Mount Notification
CLSID name: Virtual Storage Mount Notification
Path: C:\Windows\system32\
Long name: CbFsMntNtf3.dll
Short name: CBFSMN~1.DLL
Date (created): 16.12.2010 13:16:58
Date (last access): 16.12.2010 13:16:58
Date (last write): 15.05.2010 15:55:14
Filesize: 155416
Attributes: archive
MD5: D20AC5698D403DAF46DD88ED780E676D
CRC32: C672A0E6
Version: 3.0.77.30

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Groove GFS Browser Helper
Path: C:\Program Files\Microsoft Office\Office12\
Long name: GrooveShellExtensions.dll
Short name: GR469A~1.DLL
Date (created): 12.02.2009 14:19:32
Date (last access): 22.10.2009 06:54:20
Date (last write): 12.02.2009 14:19:32
Filesize: 2217848
Attributes: archive
MD5: A6B5A41C0ED007AB6C43CAD899E533D8
CRC32: BA078F79
Version: 12.0.6421.1000

{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 15.09.2010 06:20:48
Date (last access): 04.11.2010 08:55:14
Date (last write): 15.09.2010 06:20:48
Filesize: 41760
Attributes: archive
MD5: 3F59EDE1444C14CFBAA15C7EBBFE6196
CRC32: 847C94E6
Version: 6.0.220.4

{f4e6547e-325b-403c-a3bb-ad29ed37a92f} (SearchElf 1.2 Toolbar)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: SearchElf 1.2 Toolbar
Path: C:\Program Files\SearchElf_1.2\
Long name: tbSear.dll
Short name:
Date (created): 17.12.2010 15:35:42
Date (last access): 17.12.2010 15:35:42
Date (last write): 09.12.2010 12:51:30
Filesize: 3911776
Attributes: archive
MD5: D9A0CE26ADA5BD15B1B03A752DDF14A6
CRC32: 720A331A
Version: 6.2.7.3



--- ActiveX list ---
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_22
Installer:
Codebase: hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 09.11.2009 19:15:04
Date (last access): 15.09.2074 04:52:30
Date (last write): 15.09.2010 04:50:40
Filesize: 108320
Attributes: archive
MD5: 6A25F175BC9D7709ABEA66086489121D
CRC32: 3BFA8F9A
Version: 6.0.220.4

{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_22
Installer:
Codebase: hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 09.11.2009 19:15:04
Date (last access): 15.09.2074 04:52:30
Date (last write): 15.09.2010 04:50:40
Filesize: 108320
Attributes: archive
MD5: 6A25F175BC9D7709ABEA66086489121D
CRC32: 3BFA8F9A
Version: 6.0.220.4

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_22
Installer:
Codebase: hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_22.dll
Short name: NPJPI1~1.DLL
Date (created): 15.09.2010 02:29:52
Date (last access): 15.09.2074 04:52:42
Date (last write): 15.09.2010 04:50:46
Filesize: 141088
Attributes: archive
MD5: AFB7EFCDE5277F6514EF0E9FF8D8D862
CRC32: 2A43B8CC
Version: 6.0.220.4

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\Windows\Downloaded Program Files\CONFLICT.1\swflash.inf
Codebase: hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\Windows\system32\Macromed\Flash\
Long name: Flash10k.ocx
Short name:
Date (created): 26.10.2010 09:08:48
Date (last access): 26.10.2010 09:08:48
Date (last write): 26.10.2010 09:08:48
Filesize: 6069712
Attributes: readonly archive
MD5: C9848467EAEC8EB4A9FE224CBCAC26C0
CRC32: 4BC4A0C2
Version: 10.1.85.3



--- Process list ---
PID: 4040 ( 492) C:\Windows\system32\taskhost.exe
size: 49152
MD5: 8F4F5A5C1BAE72CE6EAEEA1CA3F98CA2
PID: 2196 ( 952) C:\Windows\system32\Dwm.exe
size: 92672
MD5: 505BF4D1CADEB8D4F8BCD08D944DE25D
PID: 2220 (4084) C:\Windows\Explorer.EXE
size: 2614272
MD5: 2626FC9755BE22F805D3CFA0CE3EE727
PID: 1168 (2220) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
size: 31072
MD5: 644795F6985C740F5E36E9336B837D0B
PID: 624 (2220) C:\Program Files\OEM\OSD_1.16\osd.exe
size: 376832
MD5: D22A7C0E5BE388E76C8B5DD5C392C18C
PID: 1536 (2220) C:\Windows\WindowsMobile\wmdc.exe
size: 648072
MD5: 96B3C4E20F02CA16AA1E3E425BFFCC8B
PID: 1320 (2220) C:\Program Files\Alwil Software\Avast4\ashDisp.exe
size: 81000
MD5: 0A7E9FDF3BF1980CA09FEEAC7F52EFBC
PID: 1812 (2220) C:\Program Files\Common Files\Java\Java Update\jusched.exe
size: 248552
MD5: 93DB1FF92B03D24738A71E6E4992DFD3
PID: 2508 (2220) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
size: 9742952
MD5: 9048E39550CD6599F98673B4437D0E4C
PID: 1212 (2220) C:\Program Files\DivX\DivX Update\DivXUpdate.exe
size: 1226608
MD5: A58E05767687E1E636D160ECEA9BC8ED
PID: 1900 (2220) C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
size: 63360
MD5: 57D8C4ED26DFD7EF0E2CB196FB8BFB54
PID: 2896 (2220) C:\Program Files\iTunes\iTunesHelper.exe
size: 421160
MD5: F3DEAA1F2FCF70FAF6DE3757CA343FA5
PID: 2920 (2220) C:\Program Files\Garmin\gStart.exe
size: 1891416
MD5: 4B4F81C294B9A07479F4F4F8FF20E58C
PID: 2980 (2220) C:\Program Files\DAEMON Tools Lite\DTLite.exe
size: 357696
MD5: F34E7705751BB413283434697BF8E55D
PID: 1960 (2220) C:\Program Files\Appigo Sync\Appigo Sync.exe
size: 229376
MD5: 86CD8780E31386CA1D46F48440D3A3BF
PID: 2824 (2220) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887
PID: 3256 (2220) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
size: 2424560
MD5: 7B9E9A8C71C77DD03CF97FA7C996C3C9
PID: 3280 (2220) C:\Program Files\Logitech\SetPoint\SetPoint.exe
size: 813584
MD5: B624202660474516E73AA95238FD9843
PID: 1836 (2220) C:\Program Files\Hardcopy\hardcopy.exe
size: 1725440
MD5: 8E3217F553022AA10F77119A88A179AD
PID: 328 (2220) C:\Program Files\Telekom\Mediencenter\MediencenterSoftware.exe
size: 1991824
MD5: 8A0A6722AC6C3FC594500C1B4B494980
PID: 3300 (3280) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
size: 55824
MD5: 510581C7BB91650ECECDA3B38CF8E91E
PID: 1384 (3296) C:\Users\Peter Klein\AppData\Local\Apps\2.0\7YTMLKWX.BA0\BLGRCKB8.CGO\woot..tion_5e08585fa4ad14cc_0001.0003_aac5573fca9fb601\Wootch.exe
size: 1196544
MD5: 806FDA1CC2C609649C810D9DB036734E
PID: 4344 ( 680) C:\Windows\System32\mobsync.exe
size: 101376
MD5: B4CA51F87E301789E2C7F746EB396AA4
PID: 5416 (2220) C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
size: 12995952
MD5: 2A8AEFDE5BED57D232ECF9482336E139
PID: 3100 (2220) C:\Program Files\Mozilla Firefox\firefox.exe
size: 912344
MD5: 0E20A3213ED010FC4997D1EF48082ABC
PID: 5924 (2220) C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe
size: 7573547
MD5: 0BD3570F815AFD4513B1C1749BD72C5A
PID: 1232 (3100) C:\Program Files\Mozilla Firefox\plugin-container.exe
size: 16856
MD5: BA9A09CF1B9503C363617F3748F6D791
PID: 4324 (5924) C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe
size: 547096
MD5: B2F98F5E3916FFF661C552A9B141423D
PID: 6048 ( 452) C:\Windows\system32\conhost.exe
size: 271360
MD5: 29D9FCDF65B7C823688A035937BB6697
PID: 3616 (2220) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 0 ( 0) [System Process]
PID: 4 ( 0) System
PID: 244 ( 4) smss.exe
size: 69632
PID: 380 ( 372) csrss.exe
size: 6144
PID: 440 ( 372) wininit.exe
size: 96256
PID: 452 ( 432) csrss.exe
size: 6144
PID: 492 ( 440) services.exe
size: 259072
PID: 508 ( 440) lsass.exe
size: 22528
PID: 516 ( 440) lsm.exe
size: 261120
PID: 612 ( 432) winlogon.exe
size: 285696
PID: 680 ( 492) svchost.exe
size: 20992
PID: 760 ( 492) nvvsvc.exe
size: 211560
PID: 800 ( 492) svchost.exe
size: 20992
PID: 864 ( 492) svchost.exe
size: 20992
PID: 952 ( 492) svchost.exe
size: 20992
PID: 980 ( 492) svchost.exe
size: 20992
PID: 1132 ( 492) svchost.exe
size: 20992
PID: 1204 ( 760) nvvsvc.exe
size: 211560
PID: 1368 ( 492) svchost.exe
size: 20992
PID: 1440 ( 492) aswUpdSv.exe
PID: 1460 ( 492) ashServ.exe
PID: 1716 ( 492) spoolsv.exe
size: 316928
PID: 1732 ( 980) taskeng.exe
size: 192000
PID: 1764 ( 492) svchost.exe
size: 20992
PID: 1916 (1732) rundll32.exe
size: 44544
PID: 1924 ( 492) AppleMobileDeviceService.exe
PID: 1984 ( 492) mDNSResponder.exe
PID: 2016 ( 492) bratimer.exe
PID: 112 ( 492) cvpnd.exe
PID: 356 ( 492) WebDAV.AdminService.exe
PID: 696 ( 492) mdm.exe
PID: 1060 ( 492) NBService.exe
PID: 1356 ( 492) SupServ.exe
PID: 1332 ( 492) OsdService.exe
PID: 1888 ( 492) vlc.exe
PID: 2176 ( 492) ashWebSv.exe
PID: 2244 ( 492) ashMaiSv.exe
PID: 2528 ( 492) svchost.exe
size: 20992
PID: 3168 ( 492) svchost.exe
size: 20992
PID: 3352 ( 492) svchost.exe
size: 20992
PID: 3564 ( 492) SearchIndexer.exe
size: 428032
PID: 3104 ( 492) iPodService.exe
PID: 972 ( 492) wmpnetwk.exe
PID: 920 ( 492) FNPLicensingService.exe
PID: 1092 ( 864) audiodg.exe
size: 100864


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 08.02.2011 11:07:38

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
hxxp://www.google.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
hxxp://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
hxxp://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant
hxxp://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
hxxp://www.google.com/search?q=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\System32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
hxxp://go.microsoft.com/fwlink/?LinkId=54896


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD-Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 1: MSAFD-Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 2: MSAFD-Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 3: MSAFD-Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 4: MSAFD-Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 5: MSAFD-Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 6: RSVP-TCPv6-Dienstanbieter
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 7: RSVP-TCP-Dienstanbieter
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 8: RSVP-UDPv6-Dienstanbieter
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 9: RSVP-UDP-Dienstanbieter
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{52CD94DA-E776-4973-87D5-AA9C92405E25}] SEQPACKET 14
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{52CD94DA-E776-4973-87D5-AA9C92405E25}] DATAGRAM 14
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5EB4F2E8-A8FA-4F80-9E7A-8B0447E03D81}] SEQPACKET 12
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5EB4F2E8-A8FA-4F80-9E7A-8B0447E03D81}] DATAGRAM 12
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{748E9E2B-8E48-4446-A95A-857F7D7B1E95}] SEQPACKET 11
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{748E9E2B-8E48-4446-A95A-857F7D7B1E95}] DATAGRAM 11
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CB07EF28-CFBF-400C-930B-F083FF918B51}] SEQPACKET 8
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CB07EF28-CFBF-400C-930B-F083FF918B51}] DATAGRAM 8
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{68E248A7-3194-4CF3-AC55-28A002B8C082}] SEQPACKET 9
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{68E248A7-3194-4CF3-AC55-28A002B8C082}] DATAGRAM 9
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7B27C6A4-D4F3-4B1C-BC64-9C051A522385}] SEQPACKET 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7B27C6A4-D4F3-4B1C-BC64-9C051A522385}] DATAGRAM 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C6EF4E26-4E8C-4458-A58F-9D4550590474}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 23: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C6EF4E26-4E8C-4458-A58F-9D4550590474}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 24: MSAFD NetBIOS [\Device\NetBT_Tcpip_{715D35D4-431A-4E55-BFE1-0016708772D9}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 25: MSAFD NetBIOS [\Device\NetBT_Tcpip_{715D35D4-431A-4E55-BFE1-0016708772D9}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 26: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{5FF98B76-6426-4363-8BE8-3016C34EA86D}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 27: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{5FF98B76-6426-4363-8BE8-3016C34EA86D}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 28: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{CBFCD7B9-F21E-4383-8D61-E6CCF3186141}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 29: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{CBFCD7B9-F21E-4383-8D61-E6CCF3186141}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 30: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{AECA621E-E16A-4802-AC36-1DEAE57DAB6B}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 31: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{AECA621E-E16A-4802-AC36-1DEAE57DAB6B}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 32: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{52CD94DA-E776-4973-87D5-AA9C92405E25}] SEQPACKET 15
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 33: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{52CD94DA-E776-4973-87D5-AA9C92405E25}] DATAGRAM 15
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 34: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{5EB4F2E8-A8FA-4F80-9E7A-8B0447E03D81}] SEQPACKET 13
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 35: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{5EB4F2E8-A8FA-4F80-9E7A-8B0447E03D81}] DATAGRAM 13
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 36: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{68E248A7-3194-4CF3-AC55-28A002B8C082}] SEQPACKET 10
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 37: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{68E248A7-3194-4CF3-AC55-28A002B8C082}] DATAGRAM 10
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 38: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{C6EF4E26-4E8C-4458-A58F-9D4550590474}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 39: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{C6EF4E26-4E8C-4458-A58F-9D4550590474}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 40: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{715D35D4-431A-4E55-BFE1-0016708772D9}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 41: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{715D35D4-431A-4E55-BFE1-0016708772D9}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: NLA (Network Location Awareness, NLAv1)-Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename:
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

Namespace Provider 1: TCP/IP
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename:
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 2: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 3: E-Mail-Namenshimanbieter
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:

Namespace Provider 4: PNRP-Wolken-Namespaceanbieter
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

Namespace Provider 5: PNRP-Namen-Namespaceanbieter
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

Namespace Provider 6: mdnsNSP
GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
Filename: C:\Program Files\Bonjour\mdnsNSP.dll
Description: Apple Rendezvous protocol
DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
DB protocol: mdnsNSP


Alt 08.02.2011, 10:31   #6
rupa
 
Dienst "Sicherheitscenter" lässt sich nicht starten - Googleumleitungen - Trojaner on Board ? - Standard

Dienst "Sicherheitscenter" lässt sich nicht starten - Googleumleitungen - Trojaner on Board ?



Logs von AdAware finde ich keine! Vielleicht reicht ja schon das Log von Spybot.
Besten Dank im Voraus!

Alt 08.02.2011, 10:44   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Dienst "Sicherheitscenter" lässt sich nicht starten - Googleumleitungen - Trojaner on Board ? - Standard

Dienst "Sicherheitscenter" lässt sich nicht starten - Googleumleitungen - Trojaner on Board ?



Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.02.2011, 17:41   #8
rupa
 
Dienst "Sicherheitscenter" lässt sich nicht starten - Googleumleitungen - Trojaner on Board ? - Standard

Dienst "Sicherheitscenter" lässt sich nicht starten - Googleumleitungen - Trojaner on Board ?



OK,

hier ein MalwareBytes-Log von heute:



Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5709

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

08.02.2011 16:32:30
mbam-log-2011-02-08 (16-32-30).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|T:\|)
Durchsuchte Objekte: 343994
Laufzeit: 2 Stunde(n), 5 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)







hier das Log vom ersten Malwarebytes den ich gemacht habe am 28.01.11


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5629

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

28.01.2011 13:29:20
mbam-log-2011-01-28 (13-29-20).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|T:\|)
Durchsuchte Objekte: 372726
Laufzeit: 2 Stunde(n), 53 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 5
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\CL2GFOKBC9 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\JP595IR86O (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\JP595IR86O (Trojan.FakeAlert) -> Value: JP595IR86O -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Windows\System32\secushr.dat (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Alt 08.02.2011, 18:13   #9
rupa
 
Dienst "Sicherheitscenter" lässt sich nicht starten - Googleumleitungen - Trojaner on Board ? - Standard

Dienst "Sicherheitscenter" lässt sich nicht starten - Googleumleitungen - Trojaner on Board ?



und nun die Logs von OTL:

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 08.02.2011 18:42:48 - Run 2
OTL by OldTimer - Version 3.2.20.6     Folder = C:\Users\Peter Klein\Downloads
 An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 94,16 Gb Total Space | 29,72 Gb Free Space | 31,56% Space Free | Partition Type: NTFS
Drive D: | 195,14 Gb Total Space | 135,87 Gb Free Space | 69,63% Space Free | Partition Type: NTFS
Drive T: | 35,00 Gb Total Space | 35,00 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
 
Computer Name: ACSB2-NB-007-PR | User Name: Peter Klein | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.ini [@ = UltraEdit.ini] -- C:\Program Files\UltraEdit\uedit32.exe (IDM Computer Solutions, Inc.)
.txt [@ = UltraEdit.txt] -- C:\Program Files\UltraEdit\uedit32.exe (IDM Computer Solutions, Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"$INSTDIR\FlvDetector.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlvDetector.exe:*:Enabled:FGFlvDetector
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0236FF14-34AF-4D37-BA6C-17567B7A8685}_is1" = MapTk (MapToolKit)
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{08D5F667-E1D7-4792-9FFD-5888C8D4A0DF}" = Garmin Training Center
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{15F4085A-BC98-4590-AFFD-03BBBE49524E}" = Garmin Communicator Plugin
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{236BB7C4-4419-42FD-0407-2E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 22
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{43B6667D-7520-4186-B05B-F5C0494C495D}" = UltraEdit-32
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ACBBFC6-3F39-48DE-8D85-182736B2749B}" = Garmin MapSource
"{4C271126-C295-4828-A901-5910AE0C258B}" = Cisco Systems VPN Client 5.0.03.0530
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{73289228-1853-4623-982A-EB17FF0270CA}" = OSD_1.16
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{75C885D4-C758-4896-A3B4-90DA34B44C31}" = BRAdmin Professional 3
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1" = iPhone Explorer 2.100
"{8941FD14-1E06-4AAB-8DDC-E3177D79DF23}" = KhalInstallWrapper
"{89A060BA-6CF3-4BDB-A94C-91C9BEF21C6A}" = Appigo Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{9E73617F-2F38-4864-BD61-BB2DDFE43323}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2007
"{90120000-0054-0407-0000-0000000FF1CE}_VISPRO_{60CC0F2D-BFA0-4851-903D-809D876DD87B}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2007
"{90120000-00B4-0407-0000-0000000FF1CE}_PRJPRO_{16809599-3C53-4A9A-A7E2-74A6D0D2C007}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch
"{af1725ce-b9c6-469b-a770-73be1108bb27}" = Nero 9
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B2C85224-88C1-4ED2-8ECC-EF7362D9F63B}" = Movie Templates - Pack 1
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{BAEBE7F0-BB3E-4228-BFE0-8FF70BB9B837}" = Menu Templates - Pack 1
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC98E8B3-FAAA-4D09-A813-A44C9FA1A3EE}" = Enterprise Architect 8
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{CDD0BC3E-4992-4962-8372-2D700425F42D}" = Menu Templates - Pack 2
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF94566F-BDEC-4529-9532-7FBBEDA38045}" = Menu Templates - Pack 3
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E6FA148F-1E7D-4A42-A9A2-7DFABC2C6A2B}" = SportTracks 2.1
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile-Gerätecenter: Treiberupdate
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
"4Videosoft DVD to iPhone 4 Converter_is1" = 4Videosoft DVD to iPhone 4 Converter
"AC3Filter_is1" = AC3Filter 1.63b
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-2E257A25E34D}" = Adobe Photoshop CS2
"avast!" = avast! Antivirus
"conduitEngine" = Conduit Engine
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Fotobuchexpress24 - Fotobuch" = Fotobuchexpress24 - Fotobuch
"Glary Registry Repair_is1" = Glary Registry Repair 3.3.0.852
"Google Chrome" = Google Chrome
"HandBrake" = HandBrake 0.9.5
"Hardcopy(C__Program Files_Hardcopy)" = Hardcopy (C:\Program Files\Hardcopy)
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mediencenter Software" = Mediencenter Software
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MozBackup" = MozBackup 1.4.9
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"PRJPRO" = Microsoft Office Project Professional 2007
"RealMedia" = RealMedia (remove only)
"RealPlayer 12.0" = RealPlayer
"SearchElf_1.2 Toolbar" = SearchElf 1.2 Toolbar
"SPB Diary" = SPB Diary
"SPB Keyboard" = SPB Keyboard
"Spb Mobile Shell" = Spb Mobile Shell
"Spb Pocket Plus" = Spb Pocket Plus
"SPB Radio" = SPB Radio
"Totalcmd" = Total Commander (Remove or Repair)
"VISPRO" = Microsoft Office Visio Professional 2007
"WBFS Manager 3.0" = WBFS Manager 3.0
"WinRAR archiver" = WinRAR
"ZoomPlayer" = Zoom Player (remove only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"049b85cf8fd6e95b" = Wootch
"Dropbox" = Dropbox
"IN Customer Control" = IN Customer Control
 
========== Last 10 Event Log Errors ==========
 
[ Antivirus Events ]
Error - 09.10.2010 10:25:51 | Computer Name = ACSB2-NB-007-PR | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 G:\100SSCAM\SDC12002.JPG failed, 00000570.  
 
Error - 09.10.2010 10:25:51 | Computer Name = ACSB2-NB-007-PR | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 G:\100SSCAM\SDC12002.JPG failed, 00000570.  
 
Error - 09.10.2010 10:25:51 | Computer Name = ACSB2-NB-007-PR | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 G:\100SSCAM\SDC12003.JPG failed, 00000570.  
 
Error - 09.10.2010 10:25:51 | Computer Name = ACSB2-NB-007-PR | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 G:\100SSCAM\SDC12003.JPG failed, 00000570.  
 
Error - 09.10.2010 10:25:51 | Computer Name = ACSB2-NB-007-PR | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 G:\100SSCAM\SDC12006.JPG failed, 00000570.  
 
Error - 09.10.2010 10:25:51 | Computer Name = ACSB2-NB-007-PR | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 G:\100SSCAM\SDC12006.JPG failed, 00000570.  
 
Error - 09.10.2010 10:25:51 | Computer Name = ACSB2-NB-007-PR | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 G:\100SSCAM\SDC12010.JPG failed, 00000570.  
 
Error - 09.10.2010 10:25:51 | Computer Name = ACSB2-NB-007-PR | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 G:\100SSCAM\SDC12010.JPG failed, 00000570.  
 
Error - 09.10.2010 10:25:53 | Computer Name = ACSB2-NB-007-PR | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 G:\100SSCAM\SDC11968.JPG failed, 00000570.  
 
Error - 19.11.2010 06:35:55 | Computer Name = ACSB2-NB-007-PR | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 hxxp://download.microsoft.com/download/3/a/9/3a9f1de2-f706-4952-a622-26f46788fdb5/America.themepack
 failed, 00000026.  
 
[ Application Events ]
Error - 07.02.2011 11:03:28 | Computer Name = ACSB2-NB-007-PR | Source = Outlook | ID = 35
Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet
 (Fehler=0x80070002).
 
Error - 07.02.2011 11:03:31 | Computer Name = ACSB2-NB-007-PR | Source = Outlook | ID = 34
Description = Fehler beim Abrufen des Crawlbereichs-Managers. Fehler=0x80070002.
 
Error - 07.02.2011 11:03:31 | Computer Name = ACSB2-NB-007-PR | Source = Outlook | ID = 35
Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet
 (Fehler=0x80070002).
 
Error - 08.02.2011 05:02:12 | Computer Name = ACSB2-NB-007-PR | Source = Outlook | ID = 34
Description = Fehler beim Abrufen des Crawlbereichs-Managers. Fehler=0x80070002.
 
Error - 08.02.2011 05:02:12 | Computer Name = ACSB2-NB-007-PR | Source = Outlook | ID = 35
Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet
 (Fehler=0x80070002).
 
Error - 08.02.2011 05:02:17 | Computer Name = ACSB2-NB-007-PR | Source = Outlook | ID = 34
Description = Fehler beim Abrufen des Crawlbereichs-Managers. Fehler=0x80070002.
 
Error - 08.02.2011 05:02:17 | Computer Name = ACSB2-NB-007-PR | Source = Outlook | ID = 35
Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet
 (Fehler=0x80070002).
 
Error - 08.02.2011 09:09:03 | Computer Name = ACSB2-NB-007-PR | Source = Application Hang | ID = 1002
Description = Programm mbam.exe, Version 1.50.1.3 kann nicht mehr unter Windows 
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1748    Startzeit:
 01cbc783214966bc    Endzeit: 266    Anwendungspfad: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

Berichts-ID:
 8a70a9ae-3384-11e0-b297-00215d31c09a  
 
Error - 08.02.2011 09:16:37 | Computer Name = ACSB2-NB-007-PR | Source = Outlook | ID = 34
Description = Fehler beim Abrufen des Crawlbereichs-Managers. Fehler=0x80070002.
 
Error - 08.02.2011 09:16:37 | Computer Name = ACSB2-NB-007-PR | Source = Outlook | ID = 35
Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet
 (Fehler=0x80070002).
 
[ OSession Events ]
Error - 01.06.2010 21:07:48 | Computer Name = ACSB2-NB-007-PR | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 51809
 seconds with 180 seconds of active time.  This session ended with a crash.
 
Error - 06.06.2010 10:52:46 | Computer Name = ACSB2-NB-007-PR | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1304
 seconds with 300 seconds of active time.  This session ended with a crash.
 
Error - 07.06.2010 01:41:27 | Computer Name = ACSB2-NB-007-PR | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 53310
 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error - 07.06.2010 05:06:55 | Computer Name = ACSB2-NB-007-PR | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 04.11.2010 15:10:23 | Computer Name = ACSB2-NB-007-PR | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 878
 seconds with 840 seconds of active time.  This session ended with a crash.
 
Error - 01.02.2011 03:05:49 | Computer Name = ACSB2-NB-007-PR | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1338
 seconds with 60 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 29.05.2010 02:11:46 | Computer Name = ACSB2-NB-007-PR | Source = DCOM | ID = 10016
Description = 
 
Error - 30.05.2010 04:44:13 | Computer Name = ACSB2-NB-007-PR | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.
 
Error - 30.05.2010 07:32:58 | Computer Name = ACSB2-NB-007-PR | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR4 gefunden.
 
Error - 31.05.2010 06:00:58 | Computer Name = ACSB2-NB-007-PR | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 31.05.2010 06:01:00 | Computer Name = ACSB2-NB-007-PR | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 31.05.2010 06:01:00 | Computer Name = ACSB2-NB-007-PR | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 01.06.2010 03:38:39 | Computer Name = ACSB2-NB-007-PR | Source = Service Control Manager | ID = 7030
Description = Der Dienst "Lavasoft Ad-Aware Service" ist als interaktiver Dienst
 gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste
 nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 01.06.2010 03:43:00 | Computer Name = ACSB2-NB-007-PR | Source = Service Control Manager | ID = 7038
Description = Der Dienst "WinHttpAutoProxySvc" konnte sich nicht als "NT AUTHORITY\LocalService"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1352    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 01.06.2010 03:43:00 | Computer Name = ACSB2-NB-007-PR | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" wurde aufgrund
 folgenden Fehlers nicht gestartet:   %%1069
 
Error - 06.06.2010 10:38:29 | Computer Name = ACSB2-NB-007-PR | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Definition Update for Windows Defender - KB915597
 (Definition 1.83.1076.0)
 
 
< End of report >
         
--- --- ---

Alt 08.02.2011, 18:13   #10
rupa
 
Dienst "Sicherheitscenter" lässt sich nicht starten - Googleumleitungen - Trojaner on Board ? - Standard

Dienst "Sicherheitscenter" lässt sich nicht starten - Googleumleitungen - Trojaner on Board ?



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 08.02.2011 18:42:47 - Run 2
OTL by OldTimer - Version 3.2.20.6     Folder = C:\Users\Peter Klein\Downloads
 An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 94,16 Gb Total Space | 29,72 Gb Free Space | 31,56% Space Free | Partition Type: NTFS
Drive D: | 195,14 Gb Total Space | 135,87 Gb Free Space | 69,63% Space Free | Partition Type: NTFS
Drive T: | 35,00 Gb Total Space | 35,00 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
 
Computer Name: ACSB2-NB-007-PR | User Name: Peter Klein | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Peter Klein\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe (DivX, LLC)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Telekom\Mediencenter\MediencenterSoftware.exe (Deutsche Telekom AG)
PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Appigo Sync\Appigo Sync.exe (Appigo, Inc.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe ()
PRC - C:\Program Files\Telekom\Mediencenter\WebDAV.AdminService.exe (Deutsche Telekom AG)
PRC - C:\Program Files\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
PRC - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Users\Peter Klein\AppData\Local\Apps\2.0\7YTMLKWX.BA0\BLGRCKB8.CGO\woot..tion_5e08585fa4ad14cc_0001.0003_aac5573fca9fb601\Wootch.exe (Wootch)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe ()
PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files\Garmin\gStart.exe (GARMIN Corp.)
PRC - C:\Program Files\OEM\OSD_1.16\osd.exe (ODM)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\OEM\OSD_1.16\OsdService.exe (TODO: <公司名稱>)
PRC - C:\Programme\VideoLAN\VLC_072\vlc.exe ()
PRC - C:\Program Files\UltraEdit\uedit32.exe (IDM Computer Solutions, Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Peter Klein\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Hardcopy\HcDLL2_30_Win32.dll ()
MOD - C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (MCSWASVR) -- C:\Program Files\Telekom\Mediencenter\WebDAV.AdminService.exe (Deutsche Telekom AG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (OMSI download service) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (BRA_Scheduler) -- C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe ()
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (OsdService) -- C:\Program Files\OEM\OSD_1.16\OsdService.exe (TODO: <公司名稱>)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (VLC media player) -- C:\Programme\VideoLAN\VLC_072\vlc.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek                                            )
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (cbfs3) -- C:\Windows\System32\drivers\cbfs3.sys (EldoS Corporation)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\System32\drivers\umpass.sys (Microsoft Corporation)
DRV - (WINUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (NETw5x32) Intel(R) -- C:\Windows\System32\drivers\NETw5x32.sys (Intel Corporation)
DRV - (GpdDevDPort) -- C:\Windows\System32\directport.sys ()
DRV - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\Windows\System32\drivers\s0016unic.sys (MCCI Corporation)
DRV - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\Windows\System32\drivers\s0016nd5.sys (MCCI Corporation)
DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation)
DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation)
DRV - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation)
DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation)
DRV - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (GpdKbFilter) -- C:\Windows\System32\kbfiltr.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - C:\Program Files\SearchElf_1.2\tbSear.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 31 87 DD 33 F5 C5 CB 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - C:\Program Files\SearchElf_1.2\tbSear.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaulturl: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "t-online.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.0.36949
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: {62760FD6-B943-48C9-AB09-F99C6FE96088}:2.1.6
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.1.8
FF - prefs.js..extensions.enabledItems: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}:1.0
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.1
FF - prefs.js..extensions.enabledItems: {cdd09450-7280-11de-8a39-0800200c9a66}:0.82
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1
FF - prefs.js..extensions.enabledItems: {aff87fa2-a58e-4edd-b852-0a20203c1e17}:0.8
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: toggleprivatebrowsing@supernova00.biz:1.8
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: hidemenubar@moztw.org:4.0.20110204
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.1
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.01.14 07:47:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.01.14 07:47:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.01.09 18:12:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.01.27 12:50:20 | 000,000,000 | ---D | M]
 
[2009.10.12 15:21:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter Klein\AppData\Roaming\mozilla\Extensions
[2011.02.08 13:22:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter Klein\AppData\Roaming\mozilla\Firefox\Profiles\guigx1og.default\extensions
[2011.02.06 10:00:28 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Peter Klein\AppData\Roaming\mozilla\Firefox\Profiles\guigx1og.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010.03.31 21:14:48 | 000,000,000 | ---D | M] ("Garmin Communicator") -- C:\Users\Peter Klein\AppData\Roaming\mozilla\Firefox\Profiles\guigx1og.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010.05.01 08:37:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Peter Klein\AppData\Roaming\mozilla\Firefox\Profiles\guigx1og.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.12.02 10:52:22 | 000,000,000 | ---D | M] (eBay Sidebar for Firefox) -- C:\Users\Peter Klein\AppData\Roaming\mozilla\Firefox\Profiles\guigx1og.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}
[2011.01.31 15:35:10 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Peter Klein\AppData\Roaming\mozilla\Firefox\Profiles\guigx1og.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010.10.25 19:16:40 | 000,000,000 | ---D | M] (Firefox Showcase) -- C:\Users\Peter Klein\AppData\Roaming\mozilla\Firefox\Profiles\guigx1og.default\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda}
[2010.08.31 09:15:36 | 000,000,000 | ---D | M] (gTranslate) -- C:\Users\Peter Klein\AppData\Roaming\mozilla\Firefox\Profiles\guigx1og.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}
[2011.01.11 07:43:21 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Peter Klein\AppData\Roaming\mozilla\Firefox\Profiles\guigx1og.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.03.11 13:52:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter Klein\AppData\Roaming\mozilla\Firefox\Profiles\guigx1og.default\extensions\{ba2430e0-5b72-4cac-bc9e-7d1aaca75d3d}
[2010.07.01 06:41:26 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Users\Peter Klein\AppData\Roaming\mozilla\Firefox\Profiles\guigx1og.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2010.03.08 18:13:30 | 000,000,000 | ---D | M] (FlipClock) -- C:\Users\Peter Klein\AppData\Roaming\mozilla\Firefox\Profiles\guigx1og.default\extensions\{cdd09450-7280-11de-8a39-0800200c9a66}
[2010.12.26 10:42:49 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Peter Klein\AppData\Roaming\mozilla\Firefox\Profiles\guigx1og.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009.11.23 20:59:20 | 000,000,000 | ---D | M] (flashget3 Extension) -- C:\Users\Peter Klein\AppData\Roaming\mozilla\Firefox\Profiles\guigx1og.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
[2010.11.22 07:45:55 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\Peter Klein\AppData\Roaming\mozilla\Firefox\Profiles\guigx1og.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010.11.22 07:45:55 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Users\Peter Klein\AppData\Roaming\mozilla\Firefox\Profiles\guigx1og.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2010.11.22 07:45:52 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Peter Klein\AppData\Roaming\mozilla\Firefox\Profiles\guigx1og.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2010.08.24 06:40:48 | 000,000,000 | ---D | M] (FlashCatch) -- C:\Users\Peter Klein\AppData\Roaming\mozilla\Firefox\Profiles\guigx1og.default\extensions\flashcatch-amo@flashcatch.com
[2011.02.06 10:00:26 | 000,000,000 | ---D | M] (Hide Menubar) -- C:\Users\Peter Klein\AppData\Roaming\mozilla\Firefox\Profiles\guigx1og.default\extensions\hidemenubar@moztw.org
[2009.10.12 15:26:44 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Peter Klein\AppData\Roaming\mozilla\Firefox\Profiles\guigx1og.default\extensions\moveplayer@movenetworks.com
[2010.09.14 06:43:16 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Peter Klein\AppData\Roaming\mozilla\Firefox\Profiles\guigx1og.default\extensions\personas@christopher.beard
[2010.06.25 07:15:32 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\Peter Klein\AppData\Roaming\mozilla\Firefox\Profiles\guigx1og.default\extensions\piclens@cooliris.com
[2010.11.10 21:00:38 | 000,000,000 | ---D | M] (FastestFox) -- C:\Users\Peter Klein\AppData\Roaming\mozilla\Firefox\Profiles\guigx1og.default\extensions\smarterwiki@wikiatic.com
[2009.11.24 08:39:13 | 000,000,000 | ---D | M] (Toggle Private Browsing) -- C:\Users\Peter Klein\AppData\Roaming\mozilla\Firefox\Profiles\guigx1og.default\extensions\toggleprivatebrowsing@supernova00.biz
[2010.05.01 08:37:19 | 000,000,000 | ---D | M] (YouTube to MP3) -- C:\Users\Peter Klein\AppData\Roaming\mozilla\Firefox\Profiles\guigx1og.default\extensions\youtube2mp3@mondayx.de
[2010.02.12 13:09:54 | 000,001,720 | ---- | M] () -- C:\Users\Peter Klein\AppData\Roaming\Mozilla\Firefox\Profiles\guigx1og.default\searchplugins\youtube-videosuche.xml
[2011.02.08 13:22:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.04.25 18:48:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.11.04 08:56:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.14 07:47:33 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011.01.14 07:47:34 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2009.10.13 07:02:18 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD\FIREFOX\EXT
[2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.12.03 19:14:08 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.12.03 19:14:08 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.12.03 19:14:08 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.12.03 19:14:08 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.12.03 19:14:08 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.02.01 13:28:17 | 000,429,287 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	123fporn.info
O1 - Hosts: 14777 more lines...
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Virtual Storage Mount Notification) - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O2 - BHO: (SearchElf 1.2 Toolbar) - {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - C:\Program Files\SearchElf_1.2\tbSear.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SearchElf 1.2 Toolbar) - {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - C:\Program Files\SearchElf_1.2\tbSear.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (SearchElf 1.2 Toolbar) - {F4E6547E-325B-403C-A3BB-AD29ED37A92F} - C:\Program Files\SearchElf_1.2\tbSear.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OSD] C:\Program Files\OEM\OSD_1.16\osd.exe (ODM)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe]  File not found
O4 - HKCU..\Run: [Appigo Sync] C:\Program Files\Appigo Sync\Appigo Sync.exe (Appigo, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [gStart] C:\Program Files\Garmin\gStart.exe (GARMIN Corp.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Peter Klein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Peter Klein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK = C:\Program Files\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
O4 - Startup: C:\Users\Peter Klein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediencenter Software.lnk = C:\Program Files\Telekom\Mediencenter\MediencenterSoftware.exe (Deutsche Telekom AG)
O4 - Startup: C:\Users\Peter Klein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wootch.appref-ms ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\Peter Klein\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Download by FlashGet3 - C:\Users\Peter Klein\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: ebay.de ([signin] https in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: kuaiche.com ([software] http in Vertrauenswürdige Sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3e0f55d1-de86-11df-ab84-00215d31c09a}\Shell - "" = AutoRun
O33 - MountPoints2\{3e0f55d1-de86-11df-ab84-00215d31c09a}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\DT5000_Launcher.exe
O33 - MountPoints2\{fb60568c-c079-11de-983b-00215d31c09a}\Shell - "" = AutoRun
O33 - MountPoints2\{fb60568c-c079-11de-983b-00215d31c09a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{fb60568f-c079-11de-983b-00030dbe21bb}\Shell - "" = AutoRun
O33 - MountPoints2\{fb60568f-c079-11de-983b-00030dbe21bb}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.02.05 11:07:32 | 000,000,000 | ---D | C] -- C:\Users\Peter Klein\AppData\Roaming\SUPERAntiSpyware.com
[2011.02.05 11:07:32 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011.02.05 11:07:26 | 000,000,000 | ---D | C] -- C:\Users\Peter Klein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011.02.05 11:07:23 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011.02.01 12:06:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011.02.01 12:05:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.02.01 12:05:57 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011.02.01 08:08:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.02.01 08:07:52 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.02.01 08:04:49 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.01.28 09:47:41 | 000,000,000 | ---D | C] -- C:\Users\Peter Klein\AppData\Roaming\Malwarebytes
[2011.01.28 09:47:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.01.28 09:47:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.01.28 09:47:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.01.28 09:47:24 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.01.28 09:47:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.01.27 12:55:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Poster-Drucker 5.0
[2011.01.27 12:55:54 | 000,000,000 | ---D | C] -- C:\Program Files\Poster-Drucker 5
[2011.01.27 12:44:00 | 000,000,000 | ---D | C] -- C:\Windows\System32\1551694079
[2011.01.21 08:10:08 | 000,000,000 | ---D | C] -- C:\Users\Peter Klein\AppData\Roaming\HandBrake
[2011.01.21 08:10:08 | 000,000,000 | ---D | C] -- C:\Users\Peter Klein\AppData\Local\HandBrake
[2011.01.21 08:09:49 | 000,000,000 | ---D | C] -- C:\Users\Peter Klein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
[2011.01.21 08:09:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake
[2011.01.21 08:09:49 | 000,000,000 | ---D | C] -- C:\Program Files\Handbrake
[2011.01.21 07:55:35 | 000,000,000 | ---D | C] -- C:\Users\Peter Klein\Documents\4Videosoft Studio
[2011.01.21 07:55:35 | 000,000,000 | ---D | C] -- C:\ProgramData\4Videosoft Studio
[2011.01.21 07:55:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4Videosoft
[2011.01.21 07:55:26 | 000,000,000 | ---D | C] -- C:\Program Files\4Videosoft DVD to iPhone 4 Converter
[2011.01.14 07:47:36 | 000,000,000 | ---D | C] -- C:\Users\Peter Klein\AppData\Roaming\Local
[2011.01.12 07:50:50 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011.01.12 07:50:46 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011.01.12 07:50:46 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011.01.12 07:50:46 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.01.12 07:50:46 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011.01.12 07:50:45 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2011.01.12 07:50:45 | 000,801,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2011.01.12 07:50:45 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011.01.12 07:50:45 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011.01.12 07:50:44 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2011.01.12 07:50:44 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011.01.12 07:50:44 | 000,211,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011.01.12 07:50:44 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011.01.12 07:50:44 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011.01.12 07:50:44 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011.01.12 07:50:44 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2010.05.19 13:19:53 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeD80F.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.02.08 18:23:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.02.08 16:32:34 | 000,008,421 | ---- | M] () -- C:\Windows\uedit32.INI
[2011.02.08 14:17:36 | 000,014,960 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.02.08 14:17:36 | 000,014,960 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.02.08 14:15:59 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.02.08 14:11:26 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011.02.08 14:10:26 | 000,000,324 | -HS- | M] () -- C:\Windows\tasks\DGIBWI.job
[2011.02.08 14:10:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.02.08 14:10:14 | 2388,312,064 | -HS- | M] () -- C:\hiberfil.sys
[2011.02.07 08:24:33 | 000,002,296 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011.02.05 12:03:52 | 000,000,162 | -H-- | M] () -- C:\Users\Peter Klein\Documents\~$tschrift_Original_ränder.doc
[2011.02.05 11:07:26 | 000,001,931 | ---- | M] () -- C:\Users\Peter Klein\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.02.05 11:06:27 | 000,174,080 | ---- | M] () -- C:\Users\Peter Klein\Documents\Mitschrift_Original_ränder.doc
[2011.02.03 12:20:22 | 000,212,408 | ---- | M] () -- C:\Users\Peter Klein\DiscoPlus Preise.pdf
[2011.02.01 13:28:17 | 000,429,287 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.02.01 12:06:06 | 000,001,186 | ---- | M] () -- C:\Users\Peter Klein\Desktop\Spybot - Search & Destroy.lnk
[2011.02.01 08:08:32 | 000,001,719 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.01.29 20:15:20 | 000,668,144 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.01.29 20:15:20 | 000,627,680 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.01.29 20:15:20 | 000,135,780 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.01.29 20:15:20 | 000,111,258 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.01.28 10:52:16 | 000,027,136 | ---- | M] () -- C:\Users\Peter Klein\Desktop\infos_UWE.doc
[2011.01.28 10:34:25 | 000,076,516 | ---- | M] () -- C:\Users\Peter Klein\Desktop\anschaltskizze_doorline_ab.jpg
[2011.01.28 09:47:30 | 000,001,037 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.27 16:44:15 | 007,843,899 | ---- | M] () -- C:\Users\Peter Klein\Documents\Poster_1.xlsx
[2011.01.27 12:55:54 | 000,080,896 | ---- | M] () -- C:\Windows\cadkasdeinst01.exe
[2011.01.27 12:41:22 | 000,110,592 | RHS- | M] () -- C:\Windows\System32\sdiagengt.dll
[2011.01.21 08:41:53 | 000,946,556 | ---- | M] () -- C:\Users\Peter Klein\kontakte_2011-01-21.rar
[2011.01.21 08:39:02 | 000,000,920 | ---- | M] () -- C:\Users\Peter Klein\Desktop\Windows Mobile-Gerätecenter.lnk
[2011.01.21 08:09:49 | 000,000,947 | ---- | M] () -- C:\Users\Peter Klein\Desktop\Handbrake.lnk
[2011.01.21 07:55:30 | 000,001,271 | ---- | M] () -- C:\Users\Peter Klein\Desktop\4Videosoft DVD to iPhone 4 Converter.lnk
[2011.01.17 14:08:17 | 000,138,280 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2011.01.09 19:46:53 | 000,405,736 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2011.02.08 14:11:26 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011.02.05 12:03:52 | 000,000,162 | -H-- | C] () -- C:\Users\Peter Klein\Documents\~$tschrift_Original_ränder.doc
[2011.02.05 11:07:26 | 000,001,931 | ---- | C] () -- C:\Users\Peter Klein\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.02.05 11:06:25 | 000,174,080 | ---- | C] () -- C:\Users\Peter Klein\Documents\Mitschrift_Original_ränder.doc
[2011.02.03 12:20:22 | 000,212,408 | ---- | C] () -- C:\Users\Peter Klein\DiscoPlus Preise.pdf
[2011.02.01 12:06:06 | 000,001,186 | ---- | C] () -- C:\Users\Peter Klein\Desktop\Spybot - Search & Destroy.lnk
[2011.02.01 08:08:32 | 000,001,719 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.01.28 10:35:38 | 000,076,516 | ---- | C] () -- C:\Users\Peter Klein\Desktop\anschaltskizze_doorline_ab.jpg
[2011.01.28 10:29:49 | 000,027,136 | ---- | C] () -- C:\Users\Peter Klein\Desktop\infos_UWE.doc
[2011.01.28 09:47:30 | 000,001,037 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.27 16:43:36 | 007,843,899 | ---- | C] () -- C:\Users\Peter Klein\Documents\Poster_1.xlsx
[2011.01.27 12:55:54 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2011.01.27 12:41:22 | 000,110,592 | RHS- | C] () -- C:\Windows\System32\sdiagengt.dll
[2011.01.27 12:41:22 | 000,000,324 | -HS- | C] () -- C:\Windows\tasks\DGIBWI.job
[2011.01.21 08:41:52 | 000,946,556 | ---- | C] () -- C:\Users\Peter Klein\kontakte_2011-01-21.rar
[2011.01.21 08:39:02 | 000,000,920 | ---- | C] () -- C:\Users\Peter Klein\Desktop\Windows Mobile-Gerätecenter.lnk
[2011.01.21 08:09:49 | 000,000,947 | ---- | C] () -- C:\Users\Peter Klein\Desktop\Handbrake.lnk
[2011.01.21 07:55:30 | 000,001,271 | ---- | C] () -- C:\Users\Peter Klein\Desktop\4Videosoft DVD to iPhone 4 Converter.lnk
[2010.11.01 11:36:01 | 000,004,096 | -H-- | C] () -- C:\Users\Peter Klein\AppData\Local\keyfile3.drm
[2010.06.11 15:18:40 | 000,017,408 | ---- | C] () -- C:\Users\Peter Klein\AppData\Local\WebpageIcons.db
[2009.12.15 10:55:12 | 000,000,100 | ---- | C] () -- C:\Users\Peter Klein\AppData\Local\fusioncache.dat
[2009.12.03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.11.23 16:55:04 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2009.10.30 14:48:43 | 000,008,421 | ---- | C] () -- C:\Windows\uedit32.INI
[2009.10.30 08:34:01 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2009.10.23 07:41:17 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.10.14 14:17:40 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.10.12 14:45:14 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2008.06.17 20:27:28 | 000,007,168 | ---- | C] () -- C:\Windows\System32\directport.sys
[2008.04.17 08:08:56 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll

< End of report >
         
--- --- ---

Alt 08.02.2011, 19:06   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Dienst "Sicherheitscenter" lässt sich nicht starten - Googleumleitungen - Trojaner on Board ? - Standard

Dienst "Sicherheitscenter" lässt sich nicht starten - Googleumleitungen - Trojaner on Board ?



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3e0f55d1-de86-11df-ab84-00215d31c09a}\Shell - "" = AutoRun
O33 - MountPoints2\{3e0f55d1-de86-11df-ab84-00215d31c09a}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\DT5000_Launcher.exe
O33 - MountPoints2\{fb60568c-c079-11de-983b-00215d31c09a}\Shell - "" = AutoRun
O33 - MountPoints2\{fb60568c-c079-11de-983b-00215d31c09a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{fb60568f-c079-11de-983b-00030dbe21bb}\Shell - "" = AutoRun
O33 - MountPoints2\{fb60568f-c079-11de-983b-00030dbe21bb}\Shell\AutoRun\command - "" = G:\AutoRun.exe
[2011.01.27 12:44:00 | 000,000,000 | ---D | C] -- C:\Windows\System32\1551694079
[2011.01.27 12:55:54 | 000,080,896 | ---- | M] () -- C:\Windows\cadkasdeinst01.exe
[2011.01.27 12:41:22 | 000,110,592 | RHS- | M] () -- C:\Windows\System32\sdiagengt.dll
[2011.01.27 12:41:22 | 000,000,324 | -HS- | C] () -- C:\Windows\tasks\DGIBWI.job
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.02.2011, 19:35   #12
rupa
 
Dienst "Sicherheitscenter" lässt sich nicht starten - Googleumleitungen - Trojaner on Board ? - Standard

Dienst "Sicherheitscenter" lässt sich nicht starten - Googleumleitungen - Trojaner on Board ?



Besten Dank - habs gemacht!

Rechner wurde neugestartet:


hier das Log:

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e0f55d1-de86-11df-ab84-00215d31c09a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3e0f55d1-de86-11df-ab84-00215d31c09a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e0f55d1-de86-11df-ab84-00215d31c09a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3e0f55d1-de86-11df-ab84-00215d31c09a}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\DT5000_Launcher.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb60568c-c079-11de-983b-00215d31c09a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb60568c-c079-11de-983b-00215d31c09a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb60568c-c079-11de-983b-00215d31c09a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb60568c-c079-11de-983b-00215d31c09a}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb60568f-c079-11de-983b-00030dbe21bb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb60568f-c079-11de-983b-00030dbe21bb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb60568f-c079-11de-983b-00030dbe21bb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb60568f-c079-11de-983b-00030dbe21bb}\ not found.
File G:\AutoRun.exe not found.
C:\Windows\System32\1551694079 folder moved successfully.
C:\Windows\cadkasdeinst01.exe moved successfully.
C:\Windows\System32\sdiagengt.dll moved successfully.
C:\Windows\Tasks\DGIBWI.job moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Peter Klein
->Temp folder emptied: 12134697 bytes
->Temporary Internet Files folder emptied: 10458801852 bytes
->Java cache emptied: 51295250 bytes
->FireFox cache emptied: 115319417 bytes
->Google Chrome cache emptied: 8062940 bytes
->Flash cache emptied: 56032 bytes

User: Public

User: sync
->Temp folder emptied: 6516921 bytes
->Temporary Internet Files folder emptied: 3692978 bytes
->Java cache emptied: 2327324 bytes
->Flash cache emptied: 456 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 534582 bytes
RecycleBin emptied: 330976 bytes

Total Files Cleaned = 10.165,00 mb


OTL by OldTimer - Version 3.2.20.6 log created on 02082011_202823

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Alt 08.02.2011, 19:38   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Dienst "Sicherheitscenter" lässt sich nicht starten - Googleumleitungen - Trojaner on Board ? - Standard

Dienst "Sicherheitscenter" lässt sich nicht starten - Googleumleitungen - Trojaner on Board ?



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.02.2011, 20:17   #14
rupa
 
Dienst "Sicherheitscenter" lässt sich nicht starten - Googleumleitungen - Trojaner on Board ? - Standard

Dienst "Sicherheitscenter" lässt sich nicht starten - Googleumleitungen - Trojaner on Board ?



Hab Combofix laufen lassen:
Combofix Logfile:
Code:
ATTFilter
ComboFix 11-02-08.02 - Peter Klein 08.02.2011  20:57:38.1.2 - x86
Microsoft Windows 7 Professional   6.1.7600.0.1252.49.1031.18.3037.1597 [GMT 1:00]
ausgeführt von:: c:\users\Peter Klein\Desktop\Cofi.exe
AV: avast! antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: Lavasoft Ad-Watch Live! Virenschutz *Enabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
SP: avast! antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\hpeD80F.dll
c:\users\Peter Klein\AppData\Roaming\Local
c:\users\Peter Klein\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\Peter Klein\AppData\Roaming\Local\Temp\DDM\Settings\Inception_Trailer_592.divx(2).ddr
c:\users\Peter Klein\AppData\Roaming\Local\Temp\DDM\Settings\Inception_Trailer_592.divx.ddr
c:\users\Peter Klein\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Peter Klein\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592.divx

.
(((((((((((((((((((((((   Dateien erstellt von 2011-01-08 bis 2011-02-08  ))))))))))))))))))))))))))))))
.

2011-02-08 20:05 . 2011-02-08 20:08	--------	d-----w-	c:\users\Peter Klein\AppData\Local\temp
2011-02-08 19:28 . 2011-02-08 19:28	--------	d-----w-	C:\_OTL
2011-02-05 10:07 . 2011-02-05 10:07	--------	d-----w-	c:\users\Peter Klein\AppData\Roaming\SUPERAntiSpyware.com
2011-02-05 10:07 . 2011-02-05 10:07	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2011-02-05 10:07 . 2011-02-05 10:07	--------	d-----w-	c:\program files\SUPERAntiSpyware
2011-02-04 08:20 . 2009-10-10 02:57	12800	----a-w-	c:\windows\system32\drivers\sffp_sd.sys
2011-02-01 11:05 . 2011-02-01 12:23	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2011-02-01 11:05 . 2011-02-01 11:07	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2011-02-01 07:07 . 2011-02-01 07:07	--------	d-----w-	c:\program files\iPod
2011-01-28 08:47 . 2011-01-28 08:47	--------	d-----w-	c:\users\Peter Klein\AppData\Roaming\Malwarebytes
2011-01-28 08:47 . 2010-12-20 17:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-28 08:47 . 2011-01-28 08:47	--------	d-----w-	c:\programdata\Malwarebytes
2011-01-28 08:47 . 2011-01-28 08:47	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-01-28 08:47 . 2010-12-20 17:08	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-01-27 11:55 . 2011-01-27 12:06	--------	d-----w-	c:\program files\Poster-Drucker 5
2011-01-25 08:18 . 2011-01-13 09:41	5890896	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{39BE2DC0-26E3-449D-98DD-697E66A997BA}\mpengine.dll
2011-01-21 07:10 . 2011-01-21 07:10	--------	d-----w-	c:\users\Peter Klein\AppData\Roaming\HandBrake
2011-01-21 07:10 . 2011-01-21 07:10	--------	d-----w-	c:\users\Peter Klein\AppData\Local\HandBrake
2011-01-21 07:09 . 2011-01-21 07:09	--------	d-----w-	c:\program files\Handbrake
2011-01-21 06:55 . 2011-01-21 06:55	--------	d-----w-	c:\programdata\4Videosoft Studio
2011-01-21 06:55 . 2011-01-21 06:55	--------	d-----w-	c:\program files\4Videosoft DVD to iPhone 4 Converter

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-06 14:07 . 2010-06-01 08:33	15880	----a-w-	c:\windows\system32\lsdelete.exe
2010-12-02 03:35 . 2010-12-02 03:35	4280320	----a-w-	c:\windows\system32\GPhotos.scr
2010-11-29 16:38 . 2010-11-29 16:38	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38	69632	----a-w-	c:\windows\system32\QuickTime.qts
2010-11-12 00:44 . 2010-11-12 00:44	94208	----a-w-	c:\windows\system32\dpl100.dll
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{f4e6547e-325b-403c-a3bb-ad29ed37a92f}"= "c:\program files\SearchElf_1.2\tbSear.dll" [2010-12-09 3911776]

[HKEY_CLASSES_ROOT\clsid\{f4e6547e-325b-403c-a3bb-ad29ed37a92f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 11:51	3911776	----a-w-	c:\program files\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f4e6547e-325b-403c-a3bb-ad29ed37a92f}]
2010-12-09 11:51	3911776	----a-w-	c:\program files\SearchElf_1.2\tbSear.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{f4e6547e-325b-403c-a3bb-ad29ed37a92f}"= "c:\program files\SearchElf_1.2\tbSear.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]

[HKEY_CLASSES_ROOT\clsid\{f4e6547e-325b-403c-a3bb-ad29ed37a92f}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{F4E6547E-325B-403C-A3BB-AD29ED37A92F}"= "c:\program files\SearchElf_1.2\tbSear.dll" [2010-12-09 3911776]

[HKEY_CLASSES_ROOT\clsid\{f4e6547e-325b-403c-a3bb-ad29ed37a92f}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	94208	----a-w-	c:\users\Peter Klein\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	94208	----a-w-	c:\users\Peter Klein\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	94208	----a-w-	c:\users\Peter Klein\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2010-05-15 14:55	155416	----a-w-	c:\windows\System32\CbFsMntNtf3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\WebDavOverlayUpload]
@="{0774B5A9-ADB5-4D3A-915F-72C7EF9CD262}"
[HKEY_CLASSES_ROOT\CLSID\{0774B5A9-ADB5-4D3A-915F-72C7EF9CD262}]
2010-10-27 11:13	284304	----a-w-	c:\windows\System32\WebDAV.ShellExtension.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"gStart"="c:\program files\Garmin\gStart.exe" [2008-08-13 1891416]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Appigo Sync"="c:\program files\Appigo Sync\Appigo Sync.exe" [2010-09-14 229376]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"OSD"="c:\program files\OEM\OSD_1.16\osd.exe" [2008-06-18 376832]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-11-24 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-01 13797992]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-10-05 9742952]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]

c:\users\sync\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\users\Peter Klein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Hardcopy.LNK - c:\program files\Hardcopy\hardcopy.exe [2010-7-22 1725440]
Mediencenter Software.lnk - c:\program files\Telekom\Mediencenter\MediencenterSoftware.exe [2010-12-16 1991824]
Wootch.appref-ms [2010-1-20 292]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-12-25 813584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 11:28	72208	----a-w-	c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca4bca8a47b180;Google Update Service (gupdate1ca4bca8a47b180);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-13 133104]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-11-05 15264]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-06-08 64288]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-01 691696]
S1 aswSP;avast! Self Protection; [x]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [2010-05-15 265800]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-09-15 53328]
S2 BRA_Scheduler;Brother BRAdminPro Scheduler;c:\program files\Brother\BRAdmin Professional 3\bratimer.exe [2009-01-21 65536]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-12-22 1402272]
S2 MCSWASVR;Mediencenter Service;c:\program files\Telekom\Mediencenter\WebDAV.AdminService.exe [2010-07-09 16016]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
S2 OsdService;OSD Service;c:\program files\OEM\OSD_1.16\OsdService.exe [2008-02-22 94208]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 VLC media player;VLC media player;c:\programme\VideoLAN\VLC_072\vlc.exe [2004-05-21 6303744]
S3 GpdDevDPort;GpdDevDPort;c:\windows\system32\directport.sys [2008-06-17 7168]
S3 GpdKbFilter;GpdKbFilter;c:\windows\system32\kbfiltr.sys [2008-03-31 8192]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
.
Inhalt des "geplante Tasks" Ordners

2011-02-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 09:04]

2011-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-13 06:00]

2011-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-13 06:00]
.
.
------- Zusätzlicher Suchlauf -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Download all by FlashGet3 - c:\users\Peter Klein\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - c:\users\Peter Klein\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: ebay.de\signin
Trusted Zone: kuaiche.com\software
TCP: {715D35D4-431A-4E55-BFE1-0016708772D9} = 192.168.0.254
TCP: {C6EF4E26-4E8C-4458-A58F-9D4550590474} = 192.168.0.254
FF - ProfilePath - c:\users\Peter Klein\AppData\Roaming\Mozilla\Firefox\Profiles\guigx1og.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.startup.homepage - t-online.de
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: German Dictionary: de-DE@dictionaries.addons.mozilla.org - %profile%\extensions\de-DE@dictionaries.addons.mozilla.org
FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: FoxTab: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} - %profile%\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
FF - Ext: FastestFox: smarterwiki@wikiatic.com - %profile%\extensions\smarterwiki@wikiatic.com
FF - Ext: Cooliris: piclens@cooliris.com - %profile%\extensions\piclens@cooliris.com
FF - Ext: eBay Sidebar for Firefox: {62760FD6-B943-48C9-AB09-F99C6FE96088} - %profile%\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: flashget3 Extension: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} - %profile%\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
FF - Ext: Toggle Private Browsing: toggleprivatebrowsing@supernova00.biz - %profile%\extensions\toggleprivatebrowsing@supernova00.biz
FF - Ext: FlipClock: {cdd09450-7280-11de-8a39-0800200c9a66} - %profile%\extensions\{cdd09450-7280-11de-8a39-0800200c9a66}
FF - Ext: gTranslate: {aff87fa2-a58e-4edd-b852-0a20203c1e17} - %profile%\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}
FF - Ext: YouTube to MP3: youtube2mp3@mondayx.de - %profile%\extensions\youtube2mp3@mondayx.de
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - Ext: Hide Menubar: hidemenubar@moztw.org - %profile%\extensions\hidemenubar@moztw.org
FF - Ext: ReloadEvery: {888d99e7-e8b5-46a3-851e-1ec45da1e644} - %profile%\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\Real\RealPlayer\browserrecord\firefox\ext
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
.
.
------- Dateityp-Verknüpfung -------
.
.txt=UltraEdit.txt
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-Run-TkBellExe - c:\program files\RealMedia\Update_OB\realsched.exe


.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(584)
c:\program files\Hardcopy\HcDLL2_30_Win32.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\users\Peter Klein\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
c:\windows\system32\CbFsMntNtf3.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-02-08  21:13:21 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-02-08 20:13

Vor Suchlauf: 9 Verzeichnis(se), 42.358.992.896 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 43.704.348.672 Bytes frei

- - End Of File - - 09D5748FD183149D123C14D616C5FEB3
         
--- --- ---

Alt 08.02.2011, 20:37   #15
rupa
 
Dienst "Sicherheitscenter" lässt sich nicht starten - Googleumleitungen - Trojaner on Board ? - Standard

Dienst "Sicherheitscenter" lässt sich nicht starten - Googleumleitungen - Trojaner on Board ?



Sicherheitscenter läuft wieder !!!
Bleibt mir also eine Neuinstallation erspart! - Oder???

Besten Dank!!!
wie kann man sich bedanken - Paypalspende?


habe noch gemerkt, dass ich eben übersehen habe den Schritt "CCleaner Systembereinigung" übersprungen habe!
soll ich das noch nachholen?
Anschließend wieder Combofix ausführen?

Geändert von rupa (08.02.2011 um 20:47 Uhr)

Antwort

Themen zu Dienst "Sicherheitscenter" lässt sich nicht starten - Googleumleitungen - Trojaner on Board ?
192.168.0.2, ad-aware, antivirus, avast!, bho, bonjour, conduit, firefox, hijack, hijackthis, hängen, internet, internet explorer, mozilla, nicht starten, notification, object, performance, programm, realtek, rundll, safer networking, security, sekunden, senden, software, starten, starten., system, trojaner, vlc media player, windows



Ähnliche Themen: Dienst "Sicherheitscenter" lässt sich nicht starten - Googleumleitungen - Trojaner on Board ?


  1. Sicherheitscenter ist deaktiviert und lässt sich auch nicht starten win7 ultimate 64bit
    Plagegeister aller Art und deren Bekämpfung - 27.12.2014 (10)
  2. GVU Trojaner - abgesicherter Modus lässt sich starten, Screen aber "gesperrt"
    Plagegeister aller Art und deren Bekämpfung - 05.04.2014 (7)
  3. DHCP Dienst lässt sich nicht starten
    Plagegeister aller Art und deren Bekämpfung - 24.02.2014 (23)
  4. Windows7: Datei "dwm.exe" im Ordner "iswizard05" lässt sich nicht löschen
    Log-Analyse und Auswertung - 20.02.2014 (19)
  5. Win XP SP3: der Dienst "Automatische Updates" lässt sich nicht aktivieren
    Log-Analyse und Auswertung - 09.01.2014 (5)
  6. [Meldung im Wartecenter] 'Dienst "Windows-Sicherheitscenter" aktivieren (Wichtig)'
    Plagegeister aller Art und deren Bekämpfung - 10.11.2013 (1)
  7. Firewall lässt sich nicht starten - "Empfohlene Einstellungen"
    Antiviren-, Firewall- und andere Schutzprogramme - 27.09.2013 (28)
  8. Windows Sicherheitscenter lässt sich nicht starten / GVU-Trojaner (unter anderem (?) )
    Plagegeister aller Art und deren Bekämpfung - 02.04.2013 (23)
  9. "Windows Sicherheitscenter" lässt sich nicht aktivieren
    Plagegeister aller Art und deren Bekämpfung - 05.03.2013 (2)
  10. Sicherheitscenter bei Windows Vista lässt sich nicht starten
    Plagegeister aller Art und deren Bekämpfung - 16.02.2013 (25)
  11. Redirect Virus > Rocketnews, Sicherheitscenter lässt sich nicht starten
    Log-Analyse und Auswertung - 18.07.2012 (27)
  12. PC lässt sich durch "bka trojaner" nicht merh herunter fahren
    Plagegeister aller Art und deren Bekämpfung - 09.08.2011 (1)
  13. Dienst "Windows-Sicherheitscenter" lässt sich nicht aktivieren
    Log-Analyse und Auswertung - 21.06.2011 (21)
  14. Trojaner in "PentlCPL.dll" lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 07.08.2010 (23)
  15. Trojaner "TR/PSW.Papras.AB" gefunden, lässt sich jedoch nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 03.08.2010 (13)
  16. Antivir Dienst gestoppt lässt sich auch nicht mehr starten
    Log-Analyse und Auswertung - 12.12.2009 (1)
  17. WinXP-SP3: Bitdefender 10: Vsserv-Dienst lässt sich bei Installation nicht starten
    Alles rund um Windows - 16.01.2009 (3)

Zum Thema Dienst "Sicherheitscenter" lässt sich nicht starten - Googleumleitungen - Trojaner on Board ? - Hallo Zusammen, ich habe mir einen Trojaner (o.ä.) eingefangen. (Virenprogramm ist Avast) Aufgefallen ist mir das durch Umleitungen bei Google. Daher habe ich mein System überprüfen lassen mit AdAware und - Dienst "Sicherheitscenter" lässt sich nicht starten - Googleumleitungen - Trojaner on Board ?...
Archiv
Du betrachtest: Dienst "Sicherheitscenter" lässt sich nicht starten - Googleumleitungen - Trojaner on Board ? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.