Internet Explorer öffnet sich von selbst!

ediz85 · 26.04.2010, 21:21

Hi Leute.. hab genau das selbe problem mit dem internet explorer!!! habe vista kp in wie weit das wichtig ist.. könnt ihr mir weiter helfen?? das nervt übertrieben...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:09:39, on 26.04.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18444)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Users\Ediz\AppData\Local\Temp\Skx.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Users\Ediz\AppData\Local\Temp\Skw.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Syncrosoft\POS\H2O\cledx.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Interwise\Participant\pull.exe
C:\Windows\ehome\ehmsas.exe
C:\program files\avira\antivir desktop\avcenter.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\PokerStars\PokerStars.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ask.com?o=15015&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [YVIBBBHA8C] C:\Users\Ediz\AppData\Local\Temp\Skx.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: Push-Client.LNK = C:\Program Files\Interwise\Participant\pull.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

--
End of file - 7935 bytes

danke im voraus...

cosinus · 27.04.2010, 21:24

Hallo und

bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

ediz85 · 16.05.2010, 17:14

Hi, danke für die schnelle Antwort.

War leider lange nicht mehr online aufgrund meines Urlaubs usw.. Hab das jetzt gemacht, was du mir geschrieben hast und das kam bei raus.. sagt dir bestimmt mehr was als mir..

OTL logfile created on: 16.05.2010 18:09:56 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Ediz\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 65,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 27,97 Gb Free Space | 37,53% Space Free | Partition Type: NTFS
Drive D: | 67,69 Gb Total Space | 45,38 Gb Free Space | 67,04% Space Free | Partition Type: NTFS
Drive E: | 571,21 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: EDIZ-PC
Current User Name: Ediz
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Ediz\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Ediz\AppData\Local\Temp\Skx.exe ()
PRC - C:\Users\Ediz\AppData\Local\Temp\Skw.exe ()
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Winamp\winampa.exe ()
PRC - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\ASScrPro.exe ()
PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
PRC - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMON.EXE (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE (Intel Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()
PRC - C:\Program Files\ATK Hotkey\HControl.exe (ATK0100)
PRC - C:\Program Files\ATK Hotkey\KBFiltr.exe ()
PRC - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)
PRC - C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
PRC - C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
PRC - C:\Program Files\ASUS\Splendid\ACMON.exe (ATK)
PRC - C:\Program Files\ATKOSD2\ATKOSD2.exe ()
PRC - C:\Program Files\Wireless Console 2\wcourier.exe ()
PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe ()
PRC - C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUSTeK Computer INC.)
PRC - C:\Program Files\Syncrosoft\POS\H2O\cledx.exe (Team H2O)
PRC - C:\Windows\System32\ACEngSvr.exe (ASUSTeK)

========== Modules (SafeList) ==========

MOD - C:\Users\Ediz\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
SRV - (spmgr) -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMON.EXE (Intel Corporation)
SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (ADSMService) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()
SRV - (InCDsrv) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)
SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()

========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (USBMN2X2) -- C:\Windows\System32\drivers\usbmn2x2.sys (Doug Fetter Software Wizardry)
DRV - (USB22LDR) -- C:\Windows\System32\drivers\usb22ldr.sys (MIDIMAN)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (MODEMCSA) -- C:\Windows\System32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (BTHprint) -- C:\Windows\System32\drivers\BTHPRINT.SYS (Microsoft Corporation)
DRV - (BthAvrcp) -- C:\Windows\System32\drivers\BthAvrcp.sys (CSR, plc)
DRV - (AsDsm) -- C:\Windows\System32\drivers\AsDsm.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (ASMMAP) -- C:\Program Files\ATKGFNEX\ASMMAP.sys ()
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (iaNvStor) Intel(R) -- C:\Windows\system32\DRIVERS\iaNvStor.sys (Intel Corporation)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (JRAID) -- C:\Windows\system32\DRIVERS\jraid.sys (JMicron Technology Corp.)
DRV - (incdrm) -- C:\Windows\System32\drivers\InCDRm.sys (Nero AG)
DRV - (InCDPass) -- C:\Windows\System32\drivers\InCDPass.sys (Nero AG)
DRV - (InCDfs) -- C:\Windows\System32\drivers\InCDfs.sys (Nero AG)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (AtcL001) -- C:\Windows\System32\drivers\atl01v32.sys (Attansic Technology corporation.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (ghaio) -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys ()
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (JGOGO) -- C:\Windows\system32\DRIVERS\JGOGO.sys (JMicron )
DRV - (CLEDX) -- C:\Windows\System32\drivers\cledx.sys (Team H2O)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = ASUSTeK Computer
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Ask.com Search Engine - Better Web Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.7
FF - prefs.js..extensions.enabledItems: dvscontextmenuy@dvdvideosoft.com:1.0
FF - prefs.js..keyword.URL: ""

FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.09.20 01:30:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.07 14:37:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.07 14:37:12 | 000,000,000 | ---D | M]

[2009.08.25 21:44:49 | 000,000,000 | ---D | M] -- C:\Users\Ediz\AppData\Roaming\mozilla\Extensions
[2010.05.16 16:32:14 | 000,000,000 | ---D | M] -- C:\Users\Ediz\AppData\Roaming\mozilla\Firefox\Profiles\etjbbe2b.default\extensions
[2009.09.02 03:03:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ediz\AppData\Roaming\mozilla\Firefox\Profiles\etjbbe2b.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.11.02 00:49:17 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Ediz\AppData\Roaming\mozilla\Firefox\Profiles\etjbbe2b.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009.08.25 21:44:21 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.02.21 16:45:11 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.02.21 16:45:12 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.02.21 16:45:12 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.02.21 16:45:12 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.02.21 16:45:12 | 000,000,801 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe ()
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUSTeK Computer INC.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [H2O] C:\Program Files\Syncrosoft\POS\H2O\cledx.exe (Team H2O)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE (Intel Corporation)
O4 - HKLM..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe (Intel Corporation)
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [YVIBBBHA8C] C:\Users\Ediz\AppData\Local\Temp\Skx.exe ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Ediz\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ediz\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.05.16 18:08:08 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Users\Ediz\Desktop\OTL.exe
[2010.05.01 15:18:12 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010.04.26 22:08:06 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010.04.26 22:07:13 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\Ediz\Desktop\HJTInstall202.exe
[2010.04.26 20:58:51 | 000,000,000 | ---D | C] -- C:\Program Files\FullAutoHoldem
[2010.04.26 20:40:28 | 000,000,000 | ---D | C] -- C:\Users\Ediz\AppData\Roaming\Avira
[2010.04.26 20:34:47 | 000,000,000 | ---D | C] -- C:\Program Files\BestHandMonitor
[2007.01.24 12:08:39 | 000,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys

========== Files - Modified Within 30 Days ==========

[2010.05.16 18:12:10 | 002,621,440 | -HS- | M] () -- C:\Users\Ediz\NTUSER.DAT
[2010.05.16 18:10:06 | 000,000,282 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.05.16 18:09:35 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.05.16 18:09:35 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.05.16 18:08:10 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\Ediz\Desktop\OTL.exe
[2010.05.16 18:04:19 | 000,000,282 | -H-- | M] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010.05.16 18:02:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.05.16 17:19:54 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.05.16 16:15:14 | 002,422,020 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.05.16 16:15:14 | 001,134,310 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.05.16 16:15:14 | 000,712,866 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.05.16 16:15:14 | 000,626,110 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.05.16 16:15:13 | 000,004,926 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.05.16 16:10:34 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2010.05.16 16:10:25 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.05.16 16:10:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.05.16 16:09:59 | 2146,689,024 | -HS- | M] () -- C:\hiberfil.sys
[2010.05.01 15:31:34 | 000,001,660 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.05.01 15:31:27 | 000,524,288 | -HS- | M] () -- C:\Users\Ediz\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.05.01 15:31:27 | 000,065,536 | -HS- | M] () -- C:\Users\Ediz\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.05.01 15:31:25 | 002,204,141 | -H-- | M] () -- C:\Users\Ediz\AppData\Local\IconCache.db
[2010.04.26 22:08:06 | 000,001,841 | ---- | M] () -- C:\Users\Ediz\Desktop\HijackThis.lnk
[2010.04.26 22:07:36 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\Ediz\Desktop\HJTInstall202.exe
[2010.04.26 20:34:47 | 000,000,825 | ---- | M] () -- C:\Users\Ediz\Desktop\Best Hand Monitor.lnk
[2010.04.26 11:17:16 | 000,191,882 | ---- | M] () -- C:\Users\Ediz\Desktop\BD-Bericht 16.Woche.pdf
[2010.04.20 23:28:50 | 300,514,402 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.04.19 10:07:58 | 000,002,040 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk

========== Files Created - No Company Name ==========

[2010.04.26 22:08:06 | 000,001,841 | ---- | C] () -- C:\Users\Ediz\Desktop\HijackThis.lnk
[2010.04.26 20:36:36 | 000,000,282 | -H-- | C] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010.04.26 20:36:35 | 000,000,282 | -H-- | C] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.04.26 20:34:47 | 000,000,825 | ---- | C] () -- C:\Users\Ediz\Desktop\Best Hand Monitor.lnk
[2010.04.26 11:17:16 | 000,191,882 | ---- | C] () -- C:\Users\Ediz\Desktop\BD-Bericht 16.Woche.pdf
[2010.04.19 10:07:58 | 000,002,040 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010.02.10 02:55:54 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2009.08.30 21:26:48 | 000,614,400 | ---- | C] () -- C:\Windows\System32\webview.dll
[2007.10.19 21:15:35 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2007.07.09 07:34:05 | 000,167,936 | ---- | C] () -- C:\Windows\System32\nvccoin.dll
[2007.06.13 09:18:53 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007.06.01 19:58:40 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2007.05.25 04:15:15 | 001,743,232 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2007.05.09 09:16:39 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2007.04.18 11:06:01 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.03.09 04:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005.05.07 06:05:59 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
< End of report >

Danke dir schonmal..

ediz85 · 16.05.2010, 17:15

achja teil 2..

OTL Extras logfile created on: 16.05.2010 18:09:56 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Ediz\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 65,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 27,97 Gb Free Space | 37,53% Space Free | Partition Type: NTFS
Drive D: | 67,69 Gb Total Space | 45,38 Gb Free Space | 67,04% Space Free | Partition Type: NTFS
Drive E: | 571,21 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: EDIZ-PC
Current User Name: Ediz
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3E7AFB5C-FBE0-476D-8DC9-53813B762DCA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{8A24B9FB-1676-4ABC-AFA9-AA91D7CFD4FC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{AB271F32-5ACE-4959-93CC-495890BED14A}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6954A663-5E03-4CD0-90AD-4A1E7AF6E065}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"TCP Query User{3B7AC6AD-9949-4865-9BDD-8A3965702F83}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{571C0809-51C5-4A2C-B9B5-915BF9E1A998}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{71496F36-9FCE-4028-953B-30D65B48E2C8}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{EEFD2D59-1CD5-40D2-8F4C-CEDDB9779922}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{0A51C063-EC56-905C-5D2C-CD24D7F03CB9}" = CCC Help Swedish
"{0BC4864E-72C5-472D-8692-0E5971E0BD36}" = BPDSoftware_Ini
"{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution
"{0DCEB626-7C56-A4A1-C487-1A0F88180749}" = ccc-core-static
"{0E2FC3AF-8196-2096-F05D-6B4DB53A6EA6}" = CCC Help German
"{10829556-7C82-4a83-8C81-F2D98472C76B}" = H470
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1C832499-036F-BC55-D835-F7BCF5825910}" = Catalyst Control Center Graphics Previews Vista
"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = LifeFrame2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F698102-5739-441E-96F0-74F4EA540F06}" = Attansic Ethernet Utility
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24BE5213-C812-1146-41A5-9D0A0A930BD0}" = CCC Help Korean
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2F3C104B-F36F-828B-434D-7EB61F79501F}" = Catalyst Control Center Localization French
"{35D23E8E-AD54-0DB7-BAB0-891CA08B299F}" = Catalyst Control Center Localization Italian
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D39E775-DDDA-4327-B747-0BDC5F191331}" = Nokia PC Suite
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{414A6BD4-A1A5-2D7C-AD92-1182B6A0F992}" = CCC Help Portuguese
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{51DED387-6C51-AB10-FF2E-C2D5B7447331}" = Catalyst Control Center Graphics Full Existing
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver
"{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun
"{5A15F754-086E-4185-96F4-0BC31F1A2382}" = HP Officejet H470 Series
"{5A43624A-6121-4591-A76D-68AFB244991C}" = FullAutoHoldem
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{62278809-AA62-F170-34F2-D264452EAF27}" = CCC Help English
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6673E0F4-D376-431b-A6F4-18D1B86B4A89}" = BPDSoftware
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B349DE1-590D-4506-B272-9115EC31F7D2}" = 470_Help
"{6BA4BACA-305D-4477-07A6-646670BA951E}" = Catalyst Control Center Localization Korean
"{6D1A6737-6C21-CDCE-907B-02E30350920D}" = CCC Help Dutch
"{6E32B134-CA8D-49DD-B94C-0DB155CE70B5}" = ccc-Branding
"{6E6C4252-B0DE-6BEE-2FFB-A607021A63FF}" = CCC Help French
"{7311054C-56F2-88E0-E821-3257078AD5EF}" = Catalyst Control Center Localization German
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7885A817-3DA7-D48B-47F3-BBABAA43AFB5}" = CCC Help Chinese Standard
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{84D04D4F-2201-4AED-BE9A-FFA62069CA1A}_is1" = reFX RTASVST 1.0.0
"{8A1A3A13-4274-1513-E6A4-6629096281D9}" = CCC Help Chinese Traditional
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0015-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007
"{90120000-0015-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0016-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-0019-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
"{90120000-0019-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
"{90120000-001A-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROHYBRIDR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROHYBRIDR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROHYBRIDR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_PROHYBRIDR_{0A75DA12-55CB-4DE5-8B6A-74D97847204E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}_PROHYBRIDR_{89C8E56A-90D8-4598-B0E6-EB28F6270E07}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Turbo Memory and Intel® Matrix Storage Manager
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96043E8E-C85D-7CE2-9C39-11E5109F2615}" = Catalyst Control Center Localization Chinese Standard
"{97F32DF8-D66E-446A-A425-C1D7B45C1033}" = Nero 7 Essentials
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9FE60317-8F29-4F70-8CFA-B08C8D2F16F0}" = ccc-utility
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF43AFD2-2ADC-EF4A-A586-9BAB624C2F17}" = Catalyst Control Center Core Implementation
"{AF88E784-90BC-9585-76A2-C5C0539A93A1}" = Catalyst Control Center Localization Spanish
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4DE61D6-B842-497A-6CA9-9A65631215EA}" = Catalyst Control Center Graphics Previews Common
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B8275929-90F9-B73F-794F-99A65E05798F}" = Catalyst Control Center Graphics Light
"{BA72A4E3-D2D0-4203-A17E-E53012B8807C}" = BPD_HPSU
"{BB429412-43CB-90FB-1317-1AA1C3CD2A95}" = Catalyst Control Center Localization Dutch
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{C5776CC3-5A25-47DD-D405-2302B9D6AF00}" = Catalyst Control Center Localization Japanese
"{C6F4E97C-4D8B-F83B-28E0-9D2DAF0965A2}" = CCC Help Japanese
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C8C4C746-6ECD-E40B-B84A-7079D9A0C96E}" = Catalyst Control Center Graphics Full New
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D068C78A-D757-FFE0-A7BD-EDB064D9581F}" = Skins
"{D3A266AF-58FF-D8F7-C926-9D5579DF4B9D}" = CCC Help Spanish
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D7E04009-B191-4E9D-9D2D-1BBE57BD8A42}" = VistaFeaturePack
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E022C318-BAC9-468D-8731-3C5EE63C7743}" = 470_Readme
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{ED9496E5-0A39-F4AA-7687-17FDEEA6BD11}" = Catalyst Control Center Localization Portuguese
"{EE5F0136-2C7C-42a7-B1B0-5F12D107A0EE}" = ProductContext
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FBBE8151-F6AC-8043-9561-FDD62F3BD978}" = Catalyst Control Center Localization Chinese Traditional
"{FD87EC0B-2E41-C963-3DA1-2EC7BE45AD51}" = Catalyst Control Center Localization Swedish
"{FF8CA574-1580-2F7E-4824-133A2AF91B47}" = CCC Help Italian
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ASIO4ALL" = ASIO4ALL
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"AudioRealism Drum Machine_is1" = ADM 1.0.1
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Best Hand Monitor" = Best Hand Monitor 1.1
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"E8A6D621B6D3FC5D43C68C549D959DE76EEF5D84" = Windows-Treiberpaket - Nokia Modem (06/01/2009 4.1)
"F779F5541ABD99C95C03B0FD5E3C058B22DA0FF7" = Windows-Treiberpaket - Nokia Modem (06/01/2009 7.01.0.3)
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.2
"HD Tune_is1" = HD Tune 2.55
"HijackThis" = HijackThis 2.0.2
"InstallShield_{D7E04009-B191-4E9D-9D2D-1BBE57BD8A42}" = VistaFeaturePack
"Interwise-Teilnehmer" = Interwise-Teilnehmer
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MIDIsport2x2" = Midisport 2x2 1.0.1.0
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"Native Instruments Xpress Keyboards v1.0.1.4" = Native Instruments Xpress Keyboards v1.0.1.4
"Nokia PC Suite" = Nokia PC Suite
"PokerStars" = PokerStars
"PokerStars.net" = PokerStars.net
"PROHYBRIDR" = 2007 Microsoft Office system
"ProInst" = Intel(R) PROSet/Wireless Software
"reFX Vanguard_is1" = reFX Vanguard VSTi
"SopCast" = SopCast 3.2.4
"Steinberg Cubase SX v3.1.1.944" = Steinberg Cubase SX v3.1.1.944
"SyncroSoft Emu" = SyncroSoft Emu (Remove only)
"Syncrosoft's License Control" = Syncrosofts Lizenz Kontrolle
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TruePianos 40-day Test Version_is1" = TruePianos 1.0 40-day Test Version
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
"VLC media player" = VLC media player 1.0.1
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12.04.2010 09:31:56 | Computer Name = Ediz-PC | Source = LoadPerf | ID = 3012
Description =

Error - 12.04.2010 09:31:56 | Computer Name = Ediz-PC | Source = LoadPerf | ID = 3012
Description =

Error - 12.04.2010 09:31:56 | Computer Name = Ediz-PC | Source = LoadPerf | ID = 3011
Description =

Error - 12.04.2010 16:41:10 | Computer Name = Ediz-PC | Source = LoadPerf | ID = 3012
Description =

Error - 12.04.2010 16:41:10 | Computer Name = Ediz-PC | Source = LoadPerf | ID = 3012
Description =

Error - 12.04.2010 16:41:10 | Computer Name = Ediz-PC | Source = LoadPerf | ID = 3011
Description =

Error - 13.04.2010 11:04:11 | Computer Name = Ediz-PC | Source = LoadPerf | ID = 3012
Description =

Error - 13.04.2010 11:04:11 | Computer Name = Ediz-PC | Source = LoadPerf | ID = 3012
Description =

Error - 13.04.2010 11:04:11 | Computer Name = Ediz-PC | Source = LoadPerf | ID = 3011
Description =

Error - 13.04.2010 16:52:59 | Computer Name = Ediz-PC | Source = EventSystem | ID = 4621
Description =

[ System Events ]
Error - 26.04.2010 05:12:05 | Computer Name = Ediz-PC | Source = HTTP | ID = 15016
Description =

Error - 26.04.2010 06:07:15 | Computer Name = Ediz-PC | Source = DCOM | ID = 10010
Description =

Error - 26.04.2010 12:06:46 | Computer Name = Ediz-PC | Source = HTTP | ID = 15016
Description =

Error - 26.04.2010 15:51:26 | Computer Name = Ediz-PC | Source = DCOM | ID = 10010
Description =

Error - 26.04.2010 15:52:59 | Computer Name = Ediz-PC | Source = HTTP | ID = 15016
Description =

Error - 26.04.2010 15:59:07 | Computer Name = Ediz-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 26.04.2010 19:07:11 | Computer Name = Ediz-PC | Source = DCOM | ID = 10010
Description =

Error - 01.05.2010 09:12:43 | Computer Name = Ediz-PC | Source = HTTP | ID = 15016
Description =

Error - 01.05.2010 09:31:25 | Computer Name = Ediz-PC | Source = DCOM | ID = 10010
Description =

Error - 16.05.2010 10:10:25 | Computer Name = Ediz-PC | Source = HTTP | ID = 15016
Description =

< End of report >

cosinus · 16.05.2010, 19:13

Was ist mit Malwarebytes?

ediz85 · 17.05.2010, 00:52

oops übersehen sorry..

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4107

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

17.05.2010 01:50:50
mbam-log-2010-05-17 (01-50-50).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 248625
Laufzeit: 56 Minute(n), 20 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 8

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> No action taken.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yvibbbha8c (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qzaib7kitk (Trojan.FakeAlert) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Ediz\AppData\Local\Temp\Skv.exe (Trojan.Fraudpack) -> No action taken.
C:\Users\Ediz\AppData\Local\Temp\Sky.exe (Trojan.Fraudpack) -> No action taken.
D:\Cubase SX 3\UNWISE.EXE (Malware.Packer.Morphine) -> No action taken.
D:\Cubase SX 3\Native Instruments\Xpress Keyboards\UNWISE.EXE (Malware.Packer.Morphine) -> No action taken.
C:\Users\Ediz\AppData\Local\Temp\Skx.exe (Trojan.FakeAlert) -> No action taken.
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> No action taken.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken.
C:\Users\Ediz\AppData\Local\Temp\Skw.exe (Trojan.FakeAlert) -> No action taken.

die infizierten dateien entferne ich oder..??

ediz85 · 17.05.2010, 01:19

als ich mich entschieden habe, diese dateien entfernen zu lassen, kam die info, dass ich nicht alle dateien antfernen kann und eine neue log datei wurde angefertigt...

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4107

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

17.05.2010 02:17:12
mbam-log-2010-05-17 (02-17-12).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 248625
Laufzeit: 56 Minute(n), 20 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 8

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yvibbbha8c (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qzaib7kitk (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Ediz\AppData\Local\Temp\Skv.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
C:\Users\Ediz\AppData\Local\Temp\Sky.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
D:\Cubase SX 3\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
D:\Cubase SX 3\Native Instruments\Xpress Keyboards\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\Users\Ediz\AppData\Local\Temp\Skx.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Ediz\AppData\Local\Temp\Skw.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

cosinus · 17.05.2010, 11:29

Ok, bitte nun mit CF weitermachen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

ediz85 · 26.05.2010, 20:51

Combofix Logfile:

Code:

ATTFilter

ComboFix 10-05-26.01 - Ediz 26.05.2010  20:45:31.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.2046.994 [GMT 2:00]
ausgeführt von:: c:\users\Ediz\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: AntiVir Desktop *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((   Dateien erstellt von 2010-04-26 bis 2010-05-26  ))))))))))))))))))))))))))))))
.

2010-05-26 19:13 . 2010-05-26 19:13	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-05-20 19:42 . 2010-05-20 19:42	--------	d-----w-	c:\programdata\Vodafone
2010-05-18 17:37 . 2009-04-09 11:38	105344	----a-w-	c:\windows\system32\drivers\zteusbvoice.sys
2010-05-18 17:37 . 2009-04-09 11:38	105344	----a-w-	c:\windows\system32\drivers\ZTEusbnmea.sys
2010-05-18 17:37 . 2009-04-09 11:38	110592	----a-w-	c:\windows\system32\drivers\ZTEusbnet.sys
2010-05-18 17:37 . 2009-04-09 11:38	104960	----a-w-	c:\windows\system32\drivers\ZTEusbmdm6k.sys
2010-05-18 17:37 . 2009-04-09 11:38	104960	----a-w-	c:\windows\system32\drivers\ZTEusbser6k.sys
2010-05-18 17:34 . 2010-05-18 17:34	--------	d-----w-	c:\users\Ediz\AppData\Local\{AADEF95F-E36B-426E-B7B1-70E7D4F6AA5B}
2010-05-17 00:20 . 2010-01-29 16:21	738304	----a-w-	c:\windows\system32\inetcomm.dll
2010-05-16 22:24 . 2010-05-16 22:24	--------	d-----w-	c:\users\Ediz\AppData\Roaming\Malwarebytes
2010-05-16 22:24 . 2010-04-29 13:39	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-16 22:24 . 2010-05-16 22:24	--------	d-----w-	c:\programdata\Malwarebytes
2010-05-16 22:24 . 2010-05-16 22:24	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-05-16 22:24 . 2010-04-29 13:39	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-05-16 21:32 . 2010-05-16 21:32	--------	d-----w-	c:\users\Ediz\AppData\Roaming\FLEXnet
2010-05-16 21:26 . 2010-05-16 21:26	--------	d-----w-	c:\users\Ediz\AppData\Roaming\Vodafone Mobile Connect
2010-05-16 21:16 . 2010-05-16 21:16	--------	d-----w-	c:\users\Ediz\AppData\Roaming\Vodafone
2010-05-16 21:16 . 2010-05-16 21:16	--------	d-----w-	c:\users\Ediz\AppData\Roaming\Bytemobile
2010-05-16 21:16 . 2009-06-29 15:59	112128	----a-w-	c:\windows\system32\drivers\ewusbnet.sys
2010-05-16 21:16 . 2009-04-09 11:38	102784	----a-w-	c:\windows\system32\drivers\ewusbmdm.sys
2010-05-16 21:16 . 2009-06-29 15:59	102912	----a-w-	c:\windows\system32\drivers\ewusbfake.sys
2010-05-16 21:15 . 2010-05-16 21:15	--------	d-----w-	c:\programdata\FLEXnet
2010-05-16 21:15 . 2010-05-16 21:15	--------	d-----w-	c:\program files\Vodafone
2010-05-16 21:14 . 2010-05-16 21:14	8464	----a-w-	c:\windows\system32\SpOrder.dll
2010-05-16 21:14 . 2010-05-16 21:14	--------	d-----w-	c:\users\Ediz\AppData\Local\{86DD38A2-C8BD-404A-A1BD-907F6B69C913}
2010-05-01 13:18 . 2010-02-12 10:48	293376	----a-w-	c:\windows\system32\browserchoice.exe
2010-04-26 20:08 . 2010-04-26 20:08	--------	d-----w-	c:\program files\Trend Micro

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-26 18:21 . 2007-04-18 09:14	882156	----a-w-	c:\windows\system32\perfc007.dat
2010-05-26 18:21 . 2007-04-18 09:14	2936490	----a-w-	c:\windows\system32\perfh007.dat
2010-05-21 21:35 . 2007-04-18 08:33	1660	----a-w-	c:\windows\bthservsdp.dat
2010-05-21 21:22 . 2009-09-11 20:53	--------	d-----w-	c:\users\Ediz\AppData\Roaming\vlc
2010-05-19 22:55 . 2007-10-19 19:05	45056	----a-w-	c:\windows\system32\acovcnt.exe
2010-05-19 19:17 . 2009-10-21 13:42	--------	d-----w-	c:\program files\Google
2010-05-17 21:34 . 2010-04-26 18:58	--------	d-----w-	c:\program files\FullAutoHoldem
2010-05-17 20:18 . 2009-08-31 17:25	--------	d-----w-	c:\users\Ediz\AppData\Roaming\Winamp
2010-05-17 11:27 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-05-17 11:07 . 2007-10-19 17:43	--------	d-----w-	c:\programdata\Microsoft Help
2010-05-06 08:36 . 2009-10-03 00:03	221568	------w-	c:\windows\system32\MpSigStub.exe
2010-04-26 19:50 . 2007-10-19 18:21	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-04-26 19:49 . 2009-09-04 17:09	--------	d-----w-	c:\program files\Common Files\DVDVideoSoft
2010-04-26 18:40 . 2010-04-26 18:40	--------	d-----w-	c:\users\Ediz\AppData\Roaming\Avira
2010-04-22 22:06 . 2010-01-06 20:29	--------	d-----w-	c:\program files\PokerStars.NET
2010-04-10 06:48 . 2010-03-14 14:39	--------	d-----w-	c:\program files\Full Tilt Poker
2010-03-30 20:53 . 2010-01-16 00:38	--------	d-----w-	c:\program files\PokerStars
2010-03-09 16:28 . 2010-03-31 09:31	833024	----a-w-	c:\windows\system32\wininet.dll
2010-03-09 16:25 . 2010-03-31 09:31	78336	----a-w-	c:\windows\system32\ieencode.dll
2010-03-09 14:01 . 2010-03-31 09:31	26624	----a-w-	c:\windows\system32\ieUnatt.exe
2010-03-04 18:54 . 2010-04-14 19:24	430080	----a-w-	c:\windows\system32\vbscript.dll
2010-03-01 08:05 . 2009-09-03 13:19	124784	----a-w-	c:\windows\system32\drivers\avipbb.sys
2010-02-26 21:46 . 2009-08-25 18:42	101600	----a-w-	c:\users\Ediz\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-13 21:55 . 2009-05-13 21:55	1044480	----a-w-	c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55	200704	----a-w-	c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08	143360	----a-w-	c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-26 161328]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-03-26 1057328]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
"Skytel"="Skytel.exe" [2007-06-15 1826816]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-24 174616]
"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-07-24 33304]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 857648]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2007-10-19 33136]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2007-10-19 37232]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-22 385024]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2009-09-11 2403840]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Push-Client.LNK - c:\program files\Interwise\Participant\pull.exe [2009-11-20 839680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=usbmn2x2.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-21 133104]
R3 BthAvrcp;Bluetooth-AVRCP-Profil;c:\windows\system32\DRIVERS\BthAvrcp.sys [2007-10-19 12800]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-06-29 112128]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2009-06-29 102912]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys [2009-04-09 7680]
R3 USB22LDR;M-Audio USB MidiSport 2x2 Loader;c:\windows\system32\drivers\usb22ldr.sys [2009-10-04 14272]
R3 USBMN2X2;M-Audio USB MidiSport 2x2;c:\windows\system32\drivers\usbmn2x2.sys [2009-10-04 22304]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [2009-04-09 110592]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2009-04-09 105344]
S0 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [2007-07-09 209408]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-09-11 9216]
S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\atl01v32.sys [2007-03-15 48128]
S3 BTHprint;Microsoft Bluetooth-Druckerklasse;c:\windows\system32\DRIVERS\bthprint.sys [2008-01-19 29696]
S3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2005-05-09 33792]


--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - BMLoad

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners

2010-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-21 13:42]

2010-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-21 13:42]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.ask.com?o=15015&l=dis
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Save YouTube Video as MP3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
LSP: bmnet.dll
FF - ProfilePath - c:\users\Ediz\AppData\Roaming\Mozilla\Firefox\Profiles\etjbbe2b.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: keyword.URL - 
FF - component: c:\program files\Common Files\DVDVideoSoft\Dll\FFContextMenuY\components\FFContextMenu.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Native Instruments Xpress Keyboards v1.0.1.4 - d:\cubase~1\NATIVE~1\XPRESS~1\UNWISE.EXE
AddRemove-Steinberg Cubase SX v3.1.1.944 - d:\cubase~1\UNWISE.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-05-26 21:15
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 


C:\ADSM_PData_0150

Scan erfolgreich abgeschlossen
versteckte Dateien: 1

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-757389222-3283283760-1537071911-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7681D6EF-332F-E2C7-8067-8FC4D6530C6D}*]
"halmfnepaegmamnn"=hex:6b,61,6e,6c,6b,65,70,6d,65,67,6d,6b,64,6f,67,68,67,63,
   66,6e,62,62,00,00
"iabnpfdcomipfahbee"=hex:6b,61,6f,6c,66,66,67,64,63,6c,63,6e,64,67,61,70,6c,6f,
   63,64,64,64,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'lsass.exe'(764)
c:\windows\system32\bmnet.dll

- - - - - - - > 'Explorer.exe'(536)
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
Zeit der Fertigstellung: 2010-05-26  21:23:10
ComboFix-quarantined-files.txt  2010-05-26 19:23

Vor Suchlauf: 12 Verzeichnis(se), 29.246.001.152 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 30.401.495.040 Bytes frei

- - End Of File - - 63CB64EC38F0A8541F7FDD38123D6548

cosinus · 26.05.2010, 21:09

Sieht eigentlich nicht schlecht aus. Wie ist es um Deinen Rechner bestellt, öffnen sich immer noch IE-Fenster automatisch? Gabs in der zwischenzeit weitere Funde?

ediz85 · 26.05.2010, 23:37

Also der IE öffnet sich nicht mehr automatisch.. Hab nur bedenken, dass bei den gelöschten Sachen vorher irgendwas wichtiges dabei sein könnte, wodurch ich sich evtl. Probleme ergeben?! Aber soweit gibt es keine Probleme.. Ganz großes Danke!!!

cosinus · 27.05.2010, 18:42

Das einzige was von Malwarebytes gelöscht wurde aber wichtig sein könnte wird wohl das sein, kannst Du bei Problemen aus der MBAM-Quarantäne wiederherstellen.

Zitat:

D:\Cubase SX 3\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
D:\Cubase SX 3\Native Instruments\Xpress Keyboards\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.

Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

16.05.2010, 19:13	#5
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Internet Explorer öffnet sich von selbst! Was ist mit Malwarebytes? __________________ Logfiles bitte immer in CODE-Tags posten

26.05.2010, 21:09	#10
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Internet Explorer öffnet sich von selbst! Sieht eigentlich nicht schlecht aus. Wie ist es um Deinen Rechner bestellt, öffnen sich immer noch IE-Fenster automatisch? Gabs in der zwischenzeit weitere Funde? __________________ Logfiles bitte immer in CODE-Tags posten

Internet Explorer öffnet sich von selbst!

Log-Analyse und Auswertung: Internet Explorer öffnet sich von selbst!