| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Internet Explorer öffnet willkürlichWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
16.08.2010, 16:17
| #1 |
 |  Internet Explorer öffnet willkürlich Hallo! Der IE öffnet sich willkürlich mit irgendwelchen Seiten auf dennen ich noch nie war. Ein Muster ist hier nicht zu erkennen. Auf dem Rechner läuft Vista Home Premium SP 2 32 Bit. Geschützt mit McAfee. Wer kann mir helfen?  |
|
16.08.2010, 17:57
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Internet Explorer öffnet willkürlich Hallo und
__________________ Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
16.08.2010, 21:21
| #3 |
| | Internet Explorer öffnet willkürlich Hallo Arne und erst einmal vielen Dank!
__________________Ich habe heute Früh mehre Stunden im Netz gesurft. Dann ging der IE auf. Etwa seit 15 Uhr geht der IE nicht mehr auf. Also noch bevor ich Malwarebytes gearbeitet habe. Kann es sein, dass McAfee hier in der Software etwas gegen diese Art von Malware mit bei hat? Wie auch immer, es gibt laut Malwarebytes 19 Probleme. Hier die Logfiles: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4436 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18943 16.08.2010 21:33:59 mbam-log-2010-08-16 (21-33-59).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|) Durchsuchte Objekte: 366730 Laufzeit: 1 Stunde(n), 48 Minute(n), 38 Sekunde(n) Infizierte Speicherprozesse: 2 Infizierte Speichermodule: 1 Infizierte Registrierungsschlüssel: 7 Infizierte Registrierungswerte: 2 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 7 Infizierte Speicherprozesse: C:\Windows\Ptifaa.exe (Trojan.Agent.Gen) -> Unloaded process successfully. C:\Users\Smiley\AppData\Local\Temp\Psr.exe (Trojan.Agent.Gen) -> Unloaded process successfully. Infizierte Speichermodule: C:\Windows\System32\sshnas21.dll (Trojan.Agent.Gen) -> Delete on reboot. Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\WEK9EMDHI9 (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\ZE18MW23GY (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\System\CurrentControlSet\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\metropolis (Trojan.Agent.Gen) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ze18mw23gy (Trojan.Agent.Gen) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Windows\System32\sshnas21.dll (Trojan.Agent.Gen) -> Delete on reboot. C:\Windows\Ptifaa.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Smiley\AppData\Local\Temp\Psr.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Smiley\AppData\Local\Temp\Psp.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Smiley\AppData\Local\Temp\Psq.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully. Ich habe alles löschen lassen. Malwarebytes konnte nicht alles beheben. Ich habe den Rechner dann neu gestartet. OTL.txtOTL Logfile: Code:
ATTFilter OTL logfile created on: 16.08.2010 21:49:09 - Run 1 OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Smiley\Desktop\Systemsoftware Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 52,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 66,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 93,16 Gb Total Space | 27,64 Gb Free Space | 29,68% Space Free | Partition Type: NTFS Drive D: | 186,31 Gb Total Space | 9,94 Gb Free Space | 5,34% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 91,69 Gb Total Space | 7,34 Gb Free Space | 8,00% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SMILEY-PC Current User Name: Smiley Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Smiley\Desktop\Systemsoftware\OTL.exe (OldTimer Tools) PRC - C:\Programme\Napster\napster.exe (Napster) PRC - C:\Programme\IncrediMail\Bin\IncMail.exe (IncrediMail, Ltd.) PRC - C:\Programme\IncrediMail\Bin\ImApp.exe (IncrediMail, Ltd.) PRC - C:\Programme\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.) PRC - C:\Programme\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.) PRC - C:\Programme\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.) PRC - C:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) PRC - C:\Programme\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia) PRC - C:\Programme\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) PRC - C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) PRC - C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia) PRC - C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia) PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () PRC - C:\Programme\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH) PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Synaptics\SynTP\SynToshiba.exe (Synaptics Incorporated) PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Programme\PRTG Traffic Grapher\PRTG Traffic Grapher.exe (Paessler GmbH) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Camera Assistant Software for Toshiba\CEC_MAIN.exe () PRC - C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) PRC - C:\Programme\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Programme\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) PRC - C:\Programme\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) PRC - C:\Programme\Camera Assistant Software for Toshiba\traybar.exe (Chicony) PRC - c:\Programme\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.) PRC - C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation) PRC - C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) PRC - C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) PRC - c:\Programme\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.) PRC - c:\Programme\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) PRC - C:\Programme\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) PRC - F:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe (The Privoxy team - www.privoxy.org) PRC - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Programme\TOSHIBA\Utilities\KeNotify.exe () PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) PRC - C:\Programme\PRTG Traffic Grapher\watchdog\prtgwatchdog.exe () PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) PRC - c:\Programme\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.) ========== Modules (SafeList) ========== MOD - C:\Users\Smiley\Desktop\Systemsoftware\OTL.exe (OldTimer Tools) MOD - c:\Programme\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (lxdu_device) -- C:\Windows\System32\lxducoms.exe File not found SRV - (ASKUpgrade) -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe File not found SRV - (ASKService) -- C:\Program Files\AskBarDis\bar\bin\AskService.exe File not found SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.) SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe () SRV - (mfevtp) -- C:\Programme\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.) SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (getPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) SRV - (OMSI download service) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () SRV - (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO) -- C:\Program Files\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH) SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (PRTGService) -- C:\Programme\PRTG Traffic Grapher\PRTG Traffic Grapher.exe (Paessler GmbH) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (TNaviSrv) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV - (TOSHIBA Bluetooth Service) -- c:\Programme\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) SRV - (CFSvcs) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) SRV - (prtgwatchservice) -- C:\Programme\PRTG Traffic Grapher\watchdog\prtgwatchdog.exe () SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV - (TpChoice) -- C:\Windows\System32\DRIVERS\TpChoice.sys File not found DRV - (PCASp50) -- C:\Windows\System32\Drivers\PCASp50.sys File not found DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (ntcdrdrv) -- C:\Windows\System32\DRIVERS\ntcdrdrv.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (cpuz130) -- C:\Users\Smiley\AppData\Local\Temp\cpuz130\cpuz_x32.sys File not found DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found DRV - (mfehidk) -- C:\Windows\system32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.) DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.) DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.) DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.) DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.) DRV - (mfenlfk) -- C:\Windows\System32\drivers\mfenlfk.sys (McAfee, Inc.) DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.) DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.) DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia) DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia) DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia) DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia) DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia) DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (GT72NDISIPXP) -- C:\Windows\System32\drivers\Gt51Ip.sys (Option N.V.) DRV - (GT72UBUS) -- C:\Windows\System32\drivers\gt72ubus.sys (Option N.V.) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics Incorporated) DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH) DRV - (s1018mdm) -- C:\Windows\System32\drivers\s1018mdm.sys (MCCI Corporation) DRV - (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s1018mgmt.sys (MCCI Corporation) DRV - (s1018bus) Sony Ericsson Device 1018 driver (WDM) -- C:\Windows\System32\drivers\s1018bus.sys (MCCI Corporation) DRV - (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS) -- C:\Windows\System32\drivers\s1018nd5.sys (MCCI Corporation) DRV - (s1018mdfl) -- C:\Windows\System32\drivers\s1018mdfl.sys (MCCI Corporation) DRV - (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM) -- C:\Windows\System32\drivers\s1018unic.sys (MCCI Corporation) DRV - (s1018obex) -- C:\Windows\System32\drivers\s1018obex.sys (MCCI Corporation) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (LTXMD_VAC) Litex Media Virtual Audio Cable (WDM) -- C:\Windows\System32\drivers\lmvac.sys (Windows (R) Codename Longhorn DDK provider) DRV - (DrmCDriverV32) -- C:\Windows\System32\drivers\DrmCDriverV32.sys (Windows (R) Codename Longhorn DDK provider) DRV - (DrmCVideo32) -- C:\Windows\System32\drivers\DrmCVideo32.sys (Windows (R) 2000 DDK provider) DRV - (SndTDriverV32) -- C:\Windows\System32\drivers\SndTDriverV32.sys (Windows (R) Codename Longhorn DDK provider) DRV - (MovRVDrv32) -- C:\Windows\System32\drivers\MovRVDrv32.sys (Windows (R) 2000 DDK provider) DRV - (wsvad_driver) -- C:\Windows\System32\drivers\VirtualAudio.sys (Wondershare) DRV - (tbhsd) -- C:\Windows\System32\drivers\tbhsd.sys (RapidSolution Software AG) DRV - (zebrmdmc) Sony Ericsson mRouter Port (WDM) -- C:\Windows\System32\drivers\zebrmdmc.sys (MCCI) DRV - (zebrmdm) Sony Ericsson Port (WDM) -- C:\Windows\System32\drivers\zebrmdm.sys (MCCI) DRV - (zebrbus) -- C:\Windows\System32\drivers\zebrbus.sys (MCCI) DRV - (zebrmdfl) -- C:\Windows\System32\drivers\zebrmdfl.sys (MCCI Corporation) DRV - (zebrsce) -- C:\Windows\System32\drivers\zebrsce.sys (MCCI) DRV - (zebrceb) Sony Ericsson Cable Emulation Bus (WDM) -- C:\Windows\System32\drivers\zebrceb.sys (MCCI) DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV - (vburner) -- C:\Windows\system32\DRIVERS\vburner.sys () DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation) DRV - (GTUQBUS) -- C:\Windows\System32\drivers\gtuqbus.sys (Option N.V.) DRV - (GTPTSER) -- C:\Windows\System32\drivers\gtptser.sys (Option N.V.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (Cdralw2k) -- C:\Windows\System32\drivers\cdralw2k.sys (Sonic Solutions) DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.) DRV - (CplIR) -- C:\Windows\system32\DRIVERS\CplIR.SYS (COMPAL ELECTRONIC INC.) DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.) DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments) DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation) DRV - (KR10N) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION) DRV - (KR10I) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.) DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation) DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.) DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation) DRV - (LPCFilter) -- C:\Windows\system32\DRIVERS\LPCFilter.sys (COMPAL ELECTRONIC INC.) DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.) DRV - (ASPI) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredimail.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Secure Search" FF - prefs.js..browser.search.order.1: "Ask" FF - prefs.js..browser.search.selectedEngine: "Secure Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.web.de/" FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1 FF - prefs.js..extensions.enabledItems: 6 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: 48 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1 FF - prefs.js..extensions.enabledItems: {E6C1199F-E687-42da-8C24-E7770CC3AE66}:1.7.2 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5 FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=mcafee&p=" FF - prefs.js..network.proxy.type: 1 FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009.04.01 20:29:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010.06.26 09:57:20 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.03.28 19:24:01 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.11 22:54:57 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.16 15:31:46 | 000,000,000 | ---D | M] [2009.01.13 22:26:26 | 000,000,000 | ---D | M] -- C:\Users\Smiley\AppData\Roaming\mozilla\Extensions [2010.08.16 13:30:18 | 000,000,000 | ---D | M] -- C:\Users\Smiley\AppData\Roaming\mozilla\Firefox\Profiles\8o88g7y4.default\extensions [2010.08.06 01:29:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Smiley\AppData\Roaming\mozilla\Firefox\Profiles\8o88g7y4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.08.06 01:38:57 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\Smiley\AppData\Roaming\mozilla\Firefox\Profiles\8o88g7y4.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca} [2009.11.09 12:31:50 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Smiley\AppData\Roaming\mozilla\Firefox\Profiles\8o88g7y4.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010.06.18 18:41:28 | 000,000,000 | ---D | M] (QuickJava) -- C:\Users\Smiley\AppData\Roaming\mozilla\Firefox\Profiles\8o88g7y4.default\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66} [2009.12.04 23:46:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Smiley\AppData\Roaming\mozilla\Firefox\Profiles\8o88g7y4.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} [2009.12.06 19:37:51 | 000,000,681 | ---- | M] () -- C:\Users\Smiley\AppData\Roaming\Mozilla\FireFox\Profiles\8o88g7y4.default\searchplugins\ask.xml [2010.06.01 23:32:34 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.04.17 11:50:37 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.06.01 23:32:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.04.27 17:16:24 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Programme\Mozilla Firefox\components\Scriptff.dll [2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.08.16 15:31:29 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Programme\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll [2008.02.22 17:24:06 | 000,095,832 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPPDLicenseHelper.dll [2010.07.20 17:21:40 | 000,106,192 | ---- | M] ( ) -- C:\Programme\Mozilla Firefox\plugins\npstrlnk.dll [2010.05.14 15:57:04 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll [2010.07.29 14:39:14 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.07.29 14:39:14 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.07.29 14:39:14 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.07.29 14:39:14 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.07.29 14:39:14 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.03.23 17:44:31 | 000,381,127 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.123topsearch.com O1 - Hosts: 127.0.0.1 123topsearch.com O1 - Hosts: 127.0.0.1 www.132.com O1 - Hosts: 127.0.0.1 132.com O1 - Hosts: 127.0.0.1 www.136136.net O1 - Hosts: 127.0.0.1 136136.net O1 - Hosts: 127.0.0.1 www.163ns.com O1 - Hosts: 13130 more lines... O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\McAfee\MSK\mskapbho.dll () O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\McAfee\SystemCore\ScriptSn.20100731082442.dll (McAfee, Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found O4 - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony) O4 - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [KeNotify] C:\Programme\TOSHIBA\Utilities\KeNotify.exe () O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe (Napster) O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.) O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation) O4 - HKCU..\Run: [Orb] C:\Program Files\Winamp Remote\bin\OrbTray.exe (Orb Networks) O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites) O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{164a1e59-10ab-11df-a01b-001eec01d493}\Shell\AutoRun\command - "" = E:\Get_Started_for_Win.exe -- File not found O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Get_Started_for_Win.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.08.16 19:37:29 | 000,000,000 | ---D | C] -- C:\Users\Smiley\AppData\Roaming\Malwarebytes [2010.08.16 19:37:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.08.16 19:37:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.08.16 19:37:03 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.08.16 19:37:03 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.08.16 15:57:02 | 000,000,000 | ---D | C] -- C:\Users\Smiley\AppData\Local\Apps [2010.08.16 15:25:49 | 000,000,000 | ---D | C] -- C:\Users\Smiley\AppData\Roaming\Foxit Software [2010.08.16 15:05:02 | 000,000,000 | ---D | C] -- C:\Users\Smiley\AppData\Roaming\SumatraPDF [2010.08.16 14:30:11 | 000,000,000 | ---D | C] -- C:\Users\Smiley\AppData\Roaming\Foxit [2010.08.16 14:30:08 | 000,000,000 | ---D | C] -- C:\Programme\Foxit Software [2010.08.16 14:24:26 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.08.12 17:57:58 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.08.12 17:57:57 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2010.08.12 17:57:56 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.08.12 17:57:55 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2010.08.12 17:57:55 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.08.12 17:57:54 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.08.12 17:57:53 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.08.12 17:57:53 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.08.12 17:57:53 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010.08.12 17:57:53 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2010.08.12 17:57:53 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2010.08.12 17:57:53 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2010.08.12 17:57:53 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.08.12 17:57:53 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.08.12 17:57:53 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010.08.12 17:57:49 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll [2010.08.12 17:57:41 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.08.12 17:57:33 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll [2010.08.12 17:56:18 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010.08.12 17:56:18 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2010.08.12 00:07:45 | 000,000,000 | ---D | C] -- C:\Filme [2010.08.06 01:38:07 | 000,000,000 | ---D | C] -- C:\Programme\Vidalia Bundle [2010.07.31 08:24:40 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeclnk.sys [2010.07.31 08:24:05 | 000,385,880 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys [2010.07.31 08:24:05 | 000,312,616 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfefirek.sys [2010.07.31 08:24:05 | 000,160,720 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfewfpk.sys [2010.07.31 08:24:05 | 000,152,320 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys [2010.07.31 08:24:05 | 000,095,568 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeapfk.sys [2010.07.31 08:24:05 | 000,083,496 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys [2010.07.31 08:24:05 | 000,064,304 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfenlfk.sys [2010.07.31 08:24:05 | 000,055,456 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\cfwids.sys [2010.07.31 08:24:05 | 000,051,688 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys [2010.07.20 11:28:24 | 000,000,000 | ---D | C] -- C:\Users\Smiley\Desktop\X [2009.11.08 19:26:24 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe475B.dll [2009.10.16 19:39:14 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe295C.dll [2008.10.15 20:36:52 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Smiley\AppData\Roaming\pcouffin.sys [2 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.08.16 21:49:19 | 006,553,600 | -HS- | M] () -- C:\Users\Smiley\ntuser.dat [2010.08.16 21:44:24 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2010.08.16 21:41:25 | 000,001,740 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk [2010.08.16 21:41:15 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.08.16 21:41:02 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.08.16 21:41:02 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.08.16 21:41:01 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.08.16 21:40:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.08.16 21:38:39 | 000,065,536 | -HS- | M] () -- C:\Users\Smiley\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.08.16 21:38:38 | 000,524,288 | -HS- | M] () -- C:\Users\Smiley\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2010.08.16 21:38:32 | 003,762,417 | -H-- | M] () -- C:\Users\Smiley\AppData\Local\IconCache.db [2010.08.16 21:18:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.08.16 19:28:51 | 000,020,942 | ---- | M] () -- C:\Users\Smiley\Desktop\Ablage.odt [2010.08.16 15:31:49 | 000,001,028 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2010.08.15 11:14:37 | 000,000,556 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk [2010.08.14 22:53:00 | 000,324,904 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.08.13 22:45:49 | 000,000,392 | ---- | M] () -- C:\Users\Smiley\Desktop\Musik.lnk [2010.08.13 20:53:52 | 001,541,530 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.08.13 20:53:52 | 000,664,282 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.08.13 20:53:52 | 000,625,582 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.08.13 20:53:52 | 000,142,428 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.08.13 20:53:52 | 000,117,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.08.12 22:32:00 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2010.08.12 00:15:59 | 000,126,464 | ---- | M] () -- C:\Users\Smiley\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.07.20 21:29:28 | 225,859,981 | ---- | M] () -- C:\Windows\MEMORY.DMP [2 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.08.16 15:31:49 | 000,001,028 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2010.08.16 14:09:39 | 000,020,942 | ---- | C] () -- C:\Users\Smiley\Desktop\Ablage.odt [2010.07.31 09:07:41 | 000,001,740 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk [2010.07.20 21:29:28 | 225,859,981 | ---- | C] () -- C:\Windows\MEMORY.DMP [2010.03.22 18:43:51 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010.03.15 17:47:42 | 000,000,504 | ---- | C] () -- C:\ProgramData\FastPics.log [2010.03.15 17:42:29 | 000,000,000 | ---- | C] () -- C:\ProgramData\UpdaterLog.txt [2009.10.21 18:51:27 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.25 13:31:20 | 000,000,094 | ---- | C] () -- C:\Users\Smiley\AppData\Local\fusioncache.dat [2009.08.20 01:45:47 | 000,000,680 | ---- | C] () -- C:\Users\Smiley\AppData\Local\d3d9caps.dat [2009.07.26 21:38:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.07.09 11:01:55 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll [2009.07.09 10:59:47 | 000,031,664 | ---- | C] () -- C:\Windows\maxlink.ini [2009.04.09 16:47:04 | 000,013,824 | ---- | C] () -- C:\Windows\System32\CallSimReader.dll [2009.04.09 16:46:04 | 000,055,808 | ---- | C] () -- C:\Windows\System32\SimReader.dll [2009.04.09 13:44:42 | 000,108,066 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 [2009.03.12 17:49:39 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2009.03.12 17:49:39 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2009.01.21 14:16:42 | 000,000,046 | ---- | C] () -- C:\Windows\winter.ini [2008.11.25 23:46:38 | 000,000,016 | -H-- | C] () -- C:\Users\Smiley\AppData\Roaming\mxfilerelatedcache.mxc2 [2008.11.25 23:46:36 | 000,000,016 | -H-- | C] () -- C:\Users\Smiley\AppData\Local\mxfilerelatedcache.mxc2 [2008.10.15 20:37:33 | 000,000,034 | ---- | C] () -- C:\Users\Smiley\AppData\Roaming\pcouffin.log [2008.10.15 20:36:52 | 000,087,608 | ---- | C] () -- C:\Users\Smiley\AppData\Roaming\inst.exe [2008.10.15 20:36:52 | 000,007,887 | ---- | C] () -- C:\Users\Smiley\AppData\Roaming\pcouffin.cat [2008.10.15 20:36:52 | 000,001,144 | ---- | C] () -- C:\Users\Smiley\AppData\Roaming\pcouffin.inf [2008.09.19 23:57:34 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.09.19 23:55:10 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest [2008.09.15 15:08:02 | 000,053,248 | ---- | C] () -- C:\Windows\System32\TSLV.dll [2008.09.15 15:08:01 | 000,266,240 | ---- | C] () -- C:\Windows\System32\ExportModeller.dll [2008.09.15 15:08:01 | 000,016,473 | ---- | C] () -- C:\Windows\System32\SELF32.INI [2008.08.28 12:43:43 | 000,012,288 | ---- | C] () -- C:\Windows\System32\Hlinkprx.dll [2008.08.28 12:43:42 | 000,195,072 | ---- | C] () -- C:\Windows\System32\Msodeger.dll [2008.08.28 12:42:48 | 000,001,859 | ---- | C] () -- C:\Windows\HME_ISIS32E.INI [2008.08.28 12:42:48 | 000,000,155 | ---- | C] () -- C:\Windows\HME_INST32.INI [2008.08.11 16:55:42 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI [2008.07.06 00:28:59 | 000,017,408 | ---- | C] () -- C:\Windows\System32\drivers\vburner.sys [2008.07.03 07:33:34 | 000,441,342 | ---- | C] () -- C:\Users\Smiley\AppData\Local\ukgaiwy_nav.dat [2008.07.03 07:33:34 | 000,005,124 | ---- | C] () -- C:\Users\Smiley\AppData\Local\ukgaiwy.dat [2008.07.03 07:33:34 | 000,000,331 | ---- | C] () -- C:\Users\Smiley\AppData\Local\ukgaiwy_navps.dat [2008.06.22 23:03:26 | 000,000,809 | ---- | C] () -- C:\Windows\wininit.ini [2008.06.20 21:46:35 | 000,000,093 | ---- | C] () -- C:\Users\Smiley\AppData\Local\etrif.bat [2008.05.30 07:36:34 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2008.05.29 21:43:32 | 000,126,464 | ---- | C] () -- C:\Users\Smiley\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.04.04 17:49:12 | 000,044,550 | ---- | C] () -- C:\Windows\System32\konto_pruefz.dll [2007.08.27 19:52:19 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini [2007.08.27 19:26:27 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll [2007.08.27 19:26:26 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll [2007.08.27 19:26:26 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll [2007.08.27 19:26:26 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll [2007.08.27 19:26:26 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll [2007.08.27 19:26:26 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll [2007.08.27 19:17:16 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI [2007.08.27 19:04:58 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll [2007.08.27 18:42:25 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini [2007.08.27 18:42:25 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll [2007.08.27 18:42:25 | 000,010,146 | ---- | C] () -- C:\Windows\System32\tosmreg.ini [2007.08.27 18:42:25 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini [2007.08.27 18:39:35 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2007.08.27 17:19:09 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006.12.05 13:05:04 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.04.05 17:06:40 | 000,077,824 | ---- | C] () -- C:\Windows\System32\systeminfoapi.dll [2005.12.08 11:37:56 | 000,089,088 | ---- | C] () -- C:\Windows\System32\Tszd.dll [2005.11.23 13:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll [2005.09.30 07:32:38 | 000,906,784 | ---- | C] () -- C:\Windows\System32\owl52f.dll [2005.07.22 21:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll [2002.02.27 11:41:28 | 000,024,576 | ---- | C] () -- C:\Windows\System32\nsldappr32v50.dll [2002.02.27 11:41:26 | 000,139,264 | ---- | C] () -- C:\Windows\System32\nsldap32v50.dll [2002.02.27 11:41:26 | 000,040,960 | ---- | C] () -- C:\Windows\System32\nsldapssl32v50.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 198 bytes -> C:\ProgramData\TEMP:CEB1746D @Alternate Data Stream - 164 bytes -> C:\ProgramData\TEMP:C39E55C5 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:66E02052 < End of report > und Extras.txtOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 16.08.2010 21:49:09 - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Smiley\Desktop\Systemsoftware
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 52,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 93,16 Gb Total Space | 27,64 Gb Free Space | 29,68% Space Free | Partition Type: NTFS
Drive D: | 186,31 Gb Total Space | 9,94 Gb Free Space | 5,34% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 91,69 Gb Total Space | 7,34 Gb Free Space | 8,00% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: SMILEY-PC
Current User Name: Smiley
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 1
"FirewallOverride" = 1
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{363C1EFB-AB0B-4B73-86EE-B474C2978E41}" = lport=2869 | protocol=6 | dir=in | app=system |
"{77F966BC-4B16-440B-A0F5-85DFCF7B3A91}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02B66D2D-E683-4C75-A89F-749FECDDE80A}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{0999C535-F734-49AF-9B68-02F71C80C90D}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{0D5F2B9C-7CBF-4BC8-ADD1-DC0F98CD5AEE}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{0E274873-19DE-46FE-9900-6B2A4051EF97}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{16E6D493-AD8A-4628-812B-150BEB396EBE}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{1CDF8A89-837F-44C5-A70A-4299FE678711}" = protocol=6 | dir=in | app=c:\windows\system32\lxcrcoms.exe |
"{3C2B0F78-6EA8-46E5-922C-3CA38621269F}" = protocol=6 | dir=in | app=c:\program files\nakido\nakido.exe |
"{43A8034E-EBCC-4E62-9B12-4DF20CD79594}" = protocol=6 | dir=in | app=c:\program files\rapidsolution\tunebite\tunebitehelper.exe |
"{57BC05A0-4FDA-4E36-AAEB-F205E89F68DE}" = protocol=17 | dir=in | app=c:\program files\prtg traffic grapher\prtg traffic grapher.exe |
"{5C1772D5-B3CA-4490-81B6-0CD04217B3C3}" = protocol=6 | dir=in | app=c:\program files\lexmark 2400 series\lxcraiox.exe |
"{6B8F0412-B56E-4B58-9D44-70FD4F08F196}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{76ABD9D5-67C8-44E0-BEEA-9F74E627F408}" = protocol=17 | dir=in | app=c:\program files\rapidsolution\tunebite\tunebitehelper.exe |
"{7D784CFC-7DDE-4351-A197-7AA8FFC91478}" = protocol=17 | dir=in | app=c:\program files\lexmark 2400 series\lxcrmon.exe |
"{7E92B222-6101-40F2-8635-73E905A7D0B5}" = protocol=6 | dir=in | app=f:\program files\opera\opera.exe |
"{82FA200C-95A9-4A6C-B603-112C16CD2864}" = protocol=6 | dir=in | app=c:\program files\prtg traffic grapher\prtg traffic grapher.exe |
"{856E4497-B975-4403-9D91-37CAB4BB3CB2}" = protocol=17 | dir=in | app=c:\program files\lexmark 2400 series\lxcraiox.exe |
"{8E61F7E0-C7BB-4E47-9A33-ABE8E47A76E5}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{9D634586-9C66-4A4E-8238-A44FFEA12B44}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{A37F1BE0-1A0E-4888-AB02-31989EC87075}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe |
"{A491B4BE-9F46-4857-9370-2C1956F4326F}" = protocol=17 | dir=in | app=c:\program files\nakido\nakido.exe |
"{A4A0470F-58E1-4176-AC22-9679E9815B34}" = protocol=17 | dir=in | app=f:\program files\opera\opera.exe |
"{A59818A0-F8EC-482F-A0C6-6FE4E3766FE8}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe |
"{A6119208-93DA-4ACD-AD84-186CC2196589}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{B8BA3F8A-D96A-4F8C-8A13-5F011FC4D17B}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{BDD6CC16-2AB7-4A94-83D4-D32103ED2F60}" = protocol=17 | dir=in | app=c:\windows\system32\lxcrcoms.exe |
"{C1E6F2C1-4327-4D54-89FC-DF36469B6291}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{C244D955-D239-4046-B109-AD5141128256}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CD852CEB-4B60-4EE6-A97E-CA8CCB7428B8}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{D860C245-DC0B-4D0C-B3B8-70ACC33A4417}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{DFB0BDE3-0370-4B6D-99AD-DB7E502FFBDD}" = protocol=6 | dir=in | app=c:\program files\lexmark 2400 series\lxcrmon.exe |
"{E43C0482-FFA5-40E0-9584-826DA04206B5}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{EA6190B8-64B3-45BD-BF66-9475E5CAB77E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F8CDC2C3-2817-49CB-A8F8-D268989669B3}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04BFB305-A3DF-50F2-5D5C-95F5105192C4}" = CCC Help French
"{0EEF5E94-6190-6A2B-D98C-BF014BD0C191}" = CCC Help Czech
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{15382D89-6EF6-4D21-9484-B500F2B10E46}" = PhotoMail Maker
"{166E180E-9A3F-41AE-8B40-22D8FFF4AF87}" = McAfee Virtual Technician
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{19AD312E-0418-009D-330A-28E6615F85B2}" = CCC Help Korean
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{1A6A6531-08FC-47AD-BAC4-C41497E71031}" = Nero 7 Essentials
"{1BBE9E55-4754-8216-D159-7E6A35268793}" = CCC Help Italian
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22543949-70E8-45D0-A938-F38143EB8BF8}" = Catalyst Control Center - Branding
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java(TM) 6 Update 18
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2BC0D9D4-18AF-CC0C-ADCE-ACEC78315410}" = Catalyst Control Center Localization Greek
"{2C0C3C64-5A39-E87A-8FA3-3160811A6DEA}" = ccc-core-static
"{2E43C47C-173F-F78D-ABE4-458FC8A1AAEA}" = Catalyst Control Center Localization Finnish
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer
"{333A193E-D604-7490-7E53-9FF297A61359}" = CCC Help Russian
"{34031F05-4322-8B83-C601-1F75CD4DBAA7}" = Catalyst Control Center Localization Danish
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3FBD924A-53FD-F837-095C-7E0A5B645E33}" = Catalyst Control Center Localization Japanese
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{41FA7979-CD45-E218-053E-E67E8EDDD073}" = ATI Catalyst Install Manager
"{4477D0DF-EA61-4F6A-96E2-5E76B694E2C7}" = Heyer's Kalender-Studio 2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56995235-B76E-44A6-BA17-8FF13D3F907A}" = TOSHIBA Benutzerhandbücher
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59FEC06F-35A4-5E15-1410-04BECE5C5838}" = Skins
"{5C98D841-6392-41F1-A80E-B1A741F32A95}" = DSL-Speedtest
"{5CB55661-DDD4-FB75-DA05-8F91D0529B6F}" = Catalyst Control Center Graphics Full Existing
"{5D436318-C216-D3DE-C77B-2F9344EFF106}" = CCC Help Norwegian
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}" = PixiePack Codec Pack
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{644A5F1A-63D7-3A30-7FF5-EECF8856A732}" = CCC Help Dutch
"{64E8AF7E-B647-2870-6B7E-0B5F427736E5}" = CCC Help German
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BF03339-3267-A914-8F4E-BD3B060F81DD}" = Catalyst Control Center Graphics Light
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6CF47FD1-3CF8-4206-BA24-A2B1E43D8CCA}" = IncrediMail
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{70858C67-8761-4444-895A-0A8B2E9E144E}" = Opera 10.61
"{7397EDED-F38A-4654-B669-BF61065803D0}" = PC Connectivity Solution
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{7B48FA14-C0A1-6F2F-A87C-CD1A0106A468}" = Catalyst Control Center Graphics Full New
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7C30283C-8DC7-4FBB-805E-52BEA5F580E8}" = Toshiba TEMPRO
"{7F814F14-A2CA-7FE5-B0E4-51F37CA5E54A}" = CCC Help Japanese
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837C55B8-AE3B-06BA-62D7-DB03DE08E073}" = Catalyst Control Center Localization Norwegian
"{8381BCEB-2033-DD45-A117-2D65702E213F}" = CCC Help Swedish
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{89FF0B29-E0AE-91A1-6B62-0F304F42F381}" = CCC Help Finnish
"{8A61099D-BB07-02BF-0390-1B793D91B786}" = Catalyst Control Center Graphics Previews Vista
"{8E4E9D28-7E60-13BF-58D7-8F6DDB9AD772}" = CCC Help Chinese Standard
"{94DD10EA-6277-6E21-44CC-17341CD68D5F}" = CCC Help Chinese Traditional
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95ADC378-3A48-E3D1-33C3-CEC8D256C2AD}" = Catalyst Control Center Localization Polish
"{963FDF07-C76A-9A62-7104-0ED134FBA3BC}" = Catalyst Control Center Localization Dutch
"{967357E4-F447-BF51-26A6-CB4EA200732B}" = Catalyst Control Center Localization Chinese Standard
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DCE15C9-8DE7-06FD-C0C4-0A66A6327E1F}" = CCC Help Turkish
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A31C8374-DE84-7964-F454-F6738739E943}" = CCC Help Spanish
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{A6B1FD78-DA34-5B7F-7431-93FD1388F75C}" = Catalyst Control Center Localization Italian
"{A6D4234C-CB02-4048-AC3E-AD09404FA35A}" = Emdedded IR Driver
"{A6D7D8A9-A38C-FC52-7524-81493D36D7F5}" = CCC Help Portuguese
"{A7894110-9C15-43EF-89E9-060363290188}" = Samsung PC Studio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AE096240-0EE5-E38B-F30A-45E57B1DEA20}" = Catalyst Control Center Localization Russian
"{AE876373-23FF-87CF-2296-1437E29A24E6}" = CCC Help Danish
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B1928C9A-053C-38A5-C937-6478DEC4D2C6}" = Catalyst Control Center Core Implementation
"{B395BC1D-CC06-425E-9049-4CD985EFF004}" = LightScribe 1.8.15.1
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B676ED28-7A44-263A-2EFA-1CFFBFE1218A}" = Catalyst Control Center Localization Portuguese
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{B91CEFA1-D9D7-3AD4-DFC6-46051AA00DD6}" = Catalyst Control Center Localization French
"{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver
"{BA1919B8-F2B7-B57B-E3B8-15D3CD21A1C4}" = Catalyst Control Center Localization Thai
"{BA6CD645-443D-B2C9-C43E-D1EB0DA03C69}" = Catalyst Control Center Localization Czech
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C1ACFA72-D84E-DD23-456D-2F6D0076A82A}" = CCC Help Hungarian
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C67F36D2-DE45-40B4-8D87-DF4A66A59532}" = PC Suite for Sony Ericsson
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D058CBD9-7535-A5AD-E398-07018A7AE710}" = Catalyst Control Center Localization Swedish
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D452E861-CCAC-B37C-1EE8-48949A6BDB10}" = CCC Help English
"{D46D9697-B08D-4F40-1A97-AC353F7CF093}" = Catalyst Control Center Localization Chinese Traditional
"{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}" = Nokia Software Updater
"{DA7DB43E-254B-5C23-90A7-34B8A9321DB5}" = Catalyst Control Center Localization Hungarian
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{DDB263D3-2FD7-47BF-850E-9851EFFF6C6C}" = Sony Ericsson Media Manager 1.1
"{DE5A02B8-A5A1-69FD-9AB8-200E39A135D6}" = Catalyst Control Center Localization Korean
"{DF0BDE3B-E083-F534-024E-78C644DF2C28}" = Catalyst Control Center Localization Turkish
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{E1252473-6306-4d5d-904D-B06AA7F38161}" = PC Suite for Sony Ericsson
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3B99F3D-9856-482A-9048-305E28E2510C}" = Vodafone Mobile Connect
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EB573FE1-5033-78F0-45CE-56CE13BDFA30}" = CCC Help Thai
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EF3CEE6C-B17C-06F1-76A6-A087060A45CC}" = CCC Help Polish
"{F07031FC-0FB2-0221-51D2-F732CF41450C}" = Catalyst Control Center Localization Spanish
"{F0890F86-6A9D-4CDF-3EE2-BE462E4F6049}" = CCC Help Greek
"{F0895A26-F648-E99E-D51A-FC9DD2EAA180}" = ccc-utility
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3CED1FD-1087-6E84-390D-27EEF4C9E2F1}" = Catalyst Control Center Localization German
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Ask Toolbar_is1" = Vuze Toolbar
"CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Windows-Treiberpaket - Nokia Modem (03/05/2008 3.7)
"CCleaner" = CCleaner
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.1.0.0
"E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D" = Windows-Treiberpaket - Nokia Modem (03/13/2008 6.86.0.1)
"ExpressBurn" = Express Burn Uninstall
"FileZilla Client" = FileZilla Client 3.2.8
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"Floses Spielesammlung_is1" = Floses Spielesammlung 1.3.3
"Foxit Reader" = Foxit Reader
"Google Updater" = Google Updater
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"GSview 4.9" = GSview 4.9
"HaaliMkx" = Haali Media Splitter
"HijackThis" = HijackThis 2.0.2
"IncrediMail" = IncrediMail 2.0
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{A6D4234C-CB02-4048-AC3E-AD09404FA35A}" = Emdedded IR Driver
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"MAGIX Digital Foto Maker SE D" = MAGIX Digital Foto Maker SE 4.1.0.835 (D)
"MAGIX Foto Suite D" = MAGIX Foto Suite 1.12.0.89 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mp3tag" = Mp3tag v2.46a
"MSC" = McAfee Internet Security Suite
"Nokia PC Suite" = Nokia PC Suite
"Nvu_is1" = Nvu 1.0
"OpenAL" = OpenAL
"Orb" = Winamp Remote
"PhotoMail" = PhotoMail Maker
"Polipo" = Polipo 1.0.4.1
"Privoxy" = Privoxy 3.0.6
"Protect Disc License Helper" = Protect Disc License Helper 1.0.118
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Protected Music Converter_is1" = Protected Music Converter 1.0.0.10
"RealPlayer 6.0" = RealPlayer
"Recovery for Works" = Recovery for Works
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Sony Ericsson" = Sony Ericsson Symbian 9 Drivers
"Sony Ericsson Themes Creator" = Sony Ericsson Themes Creator 4.08
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tor" = Tor 0.2.1.26
"Update Service" = Update Service
"Veetle TV" = Veetle TV 0.9.17
"Vidalia" = Vidalia 0.2.9
"VLC media player" = VLC media player 1.1.0
"WavePad" = WavePad Sound Editor
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"XMedia Recode" = XMedia Recode 2.0.5.6
"Zattoo" = Zattoo 3.3.4 Beta
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
Gruß Martin/smiley1803 |
|
17.08.2010, 08:34
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Internet Explorer öffnet willkürlich Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O33 - MountPoints2\{164a1e59-10ab-11df-a01b-001eec01d493}\Shell\AutoRun\command - "" = E:\Get_Started_for_Win.exe -- File not found
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Get_Started_for_Win.exe -- File not found
[2008.07.03 07:33:34 | 000,441,342 | ---- | C] () -- C:\Users\Smiley\AppData\Local\ukgaiwy_nav.dat
[2008.07.03 07:33:34 | 000,005,124 | ---- | C] () -- C:\Users\Smiley\AppData\Local\ukgaiwy.dat
[2008.07.03 07:33:34 | 000,000,331 | ---- | C] () -- C:\Users\Smiley\AppData\Local\ukgaiwy_navps.dat
@Alternate Data Stream - 198 bytes -> C:\ProgramData\TEMP:CEB1746D
@Alternate Data Stream - 164 bytes -> C:\ProgramData\TEMP:C39E55C5
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:66E02052
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
17.08.2010, 09:57
| #5 |
| | Internet Explorer öffnet willkürlich Der Rechner hat nach dem Neustart folgende Datei angezeigt: All processes killed ========== OTL ========== Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{164a1e59-10ab-11df-a01b-001eec01d493}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{164a1e59-10ab-11df-a01b-001eec01d493}\ not found. File E:\Get_Started_for_Win.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found. File E:\Get_Started_for_Win.exe not found. File C:\Users\Smiley\AppData\Local\ukgaiwy_nav.dat not found. File C:\Users\Smiley\AppData\Local\ukgaiwy.dat not found. File C:\Users\Smiley\AppData\Local\ukgaiwy_navps.dat not found. ADS C:\ProgramData\TEMP:CEB1746D deleted successfully. Unable to delete ADS C:\ProgramData\TEMP:C39E55C5 . Unable to delete ADS C:\ProgramData\TEMP:66E02052 . ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Opera cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Patch ->Temp folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: Smiley ->Temp folder emptied: 1399574 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 5589159 bytes ->Opera cache emptied: 0 bytes ->Flash cache emptied: 51576 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 558880 bytes Windows Temp folder emptied: 85082020 bytes RecycleBin emptied: 6155001 bytes Total Files Cleaned = 94,00 mb OTL by OldTimer - Version 3.2.10.0 log created on 08172010_103404 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
|
17.08.2010, 10:30
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Internet Explorer öffnet willkürlich Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ --> Internet Explorer öffnet willkürlich |
|
17.08.2010, 12:19
| #7 |
| | Internet Explorer öffnet willkürlich und hier ist das Ergebnis Combofix Logfile: Code:
ATTFilter ComboFix 10-08-16.04 - Smiley 17.08.2010 12:52:49.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2045.924 [GMT 2:00]
ausgeführt von:: c:\users\Smiley\Desktop\cofi.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\hpe295C.dll
c:\programdata\hpe475B.dll
c:\users\Smiley\AppData\Roaming\inst.exe
c:\users\Smiley\AppData\Roaming\Microsoft\Windows\Recent\mxfilerelatedcache.mxc2
c:\users\Smiley\AppData\Roaming\Microsoft\Windows\Recent\wfp 1.bmp.URL
c:\users\Smiley\Downloads\Documents\cc_20100817_124238.reg
c:\windows\system32\uninstall.exe
.
((((((((((((((((((((((( Dateien erstellt von 2010-07-17 bis 2010-08-17 ))))))))))))))))))))))))))))))
.
2010-08-17 10:21 . 2010-08-17 10:21 -------- d-----w- c:\program files\CCleaner
2010-08-17 08:15 . 2010-08-17 08:15 -------- d-----w- C:\_OTL
2010-08-16 17:37 . 2010-08-16 17:37 -------- d-----w- c:\users\Smiley\AppData\Roaming\Malwarebytes
2010-08-16 17:37 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-16 17:37 . 2010-08-16 17:37 -------- d-----w- c:\programdata\Malwarebytes
2010-08-16 17:37 . 2010-08-16 17:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-16 17:37 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-16 13:57 . 2010-08-16 13:57 -------- d-----w- c:\users\Smiley\AppData\Local\Apps
2010-08-16 13:25 . 2010-08-16 13:25 -------- d-----w- c:\users\Smiley\AppData\Roaming\Foxit Software
2010-08-16 13:05 . 2010-08-16 13:14 -------- d-----w- c:\users\Smiley\AppData\Roaming\SumatraPDF
2010-08-16 12:30 . 2010-08-16 12:30 -------- d-----w- c:\users\Smiley\AppData\Roaming\Foxit
2010-08-16 12:30 . 2010-08-16 13:31 -------- d-----w- c:\program files\Foxit Software
2010-08-12 15:58 . 2010-06-11 16:16 274944 ----a-w- c:\windows\system32\schannel.dll
2010-08-12 15:56 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-12 15:56 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-12 15:56 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-08-12 15:56 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-12 15:56 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-12 15:55 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-11 22:07 . 2010-08-11 22:11 -------- d-----w- C:\Filme
2010-08-05 23:38 . 2010-08-05 23:38 -------- d-----w- c:\program files\Vidalia Bundle
2010-07-31 06:24 . 2010-04-27 15:16 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-07-31 06:24 . 2010-04-27 15:16 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-07-31 06:24 . 2010-04-27 15:16 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-07-31 06:24 . 2010-04-27 15:16 64304 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2010-07-31 06:24 . 2010-04-27 15:16 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-07-31 06:24 . 2010-04-27 15:16 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-07-31 06:24 . 2010-04-27 15:16 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-07-31 06:24 . 2010-04-27 15:16 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-07-31 06:24 . 2010-04-27 15:16 160720 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2010-07-31 06:24 . 2010-04-27 15:16 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-17 10:40 . 2008-06-22 20:43 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-08-17 07:21 . 2008-12-03 13:01 -------- d-----w- c:\programdata\NOS
2010-08-16 21:59 . 2009-07-03 21:13 -------- d-----w- c:\users\Smiley\AppData\Roaming\Vidalia
2010-08-16 21:35 . 2009-07-03 21:13 -------- d-----w- c:\users\Smiley\AppData\Roaming\Tor
2010-08-16 17:25 . 2009-03-28 21:35 1 ----a-w- c:\users\Smiley\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-16 12:14 . 2008-11-16 11:43 -------- d-----w- c:\programdata\Google Updater
2010-08-14 15:43 . 2010-02-11 19:48 -------- d-----w- c:\program files\Microsoft Silverlight
2010-08-13 18:53 . 2006-11-02 15:33 664282 ----a-w- c:\windows\system32\perfh007.dat
2010-08-13 18:53 . 2006-11-02 15:33 142428 ----a-w- c:\windows\system32\perfc007.dat
2010-08-11 21:50 . 2009-07-22 18:36 -------- d-----w- c:\users\Smiley\AppData\Roaming\dvdcss
2010-08-11 20:55 . 2008-08-08 05:59 -------- d-----w- c:\program files\Napster
2010-08-11 20:54 . 2008-11-12 10:58 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-08-05 18:05 . 2009-01-16 23:55 -------- d-----w- c:\users\Smiley\AppData\Roaming\Azureus
2010-08-05 16:11 . 2009-01-16 23:54 -------- d-----w- c:\program files\Vuze
2010-08-05 16:11 . 2009-01-16 23:57 176 ----a-w- c:\users\Smiley\AppData\Roaming\Azureus\restart.bat
2010-07-31 12:11 . 2009-12-03 09:28 -------- d-----w- c:\program files\McAfee.com
2010-07-31 07:01 . 2009-12-03 09:28 -------- d-----w- c:\program files\McAfee
2010-07-31 07:01 . 2009-12-03 09:06 -------- d-----w- c:\programdata\McAfee
2010-07-31 07:00 . 2009-12-03 09:28 -------- d-----w- c:\program files\Common Files\McAfee
2010-07-16 13:42 . 2010-04-23 07:25 -------- d-----w- c:\users\Smiley\AppData\Roaming\vlc
2010-07-13 21:03 . 2009-07-26 19:31 -------- d-----w- c:\users\Smiley\AppData\Roaming\Skype
2010-07-13 19:28 . 2009-07-26 19:38 -------- d-----w- c:\users\Smiley\AppData\Roaming\skypePM
2010-07-12 12:59 . 2009-08-19 23:45 680 ----a-w- c:\users\Smiley\AppData\Local\d3d9caps.dat
2010-06-30 08:17 . 2010-06-30 08:17 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-06-29 20:18 . 2010-06-29 20:18 -------- d-----w- c:\program files\Microsoft
2010-06-29 20:18 . 2010-06-29 20:17 -------- d-----w- c:\program files\Windows Live
2010-06-29 20:18 . 2010-06-29 20:18 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-06-29 20:13 . 2010-06-29 20:13 -------- d-----w- c:\program files\Common Files\Windows Live
2010-06-26 06:05 . 2010-08-12 15:57 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-12 15:57 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-12 15:57 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-12 15:57 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-21 13:37 . 2010-08-12 15:57 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 17:31 . 2010-08-12 15:57 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-05-27 20:08 . 2010-08-12 15:57 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-05-26 17:06 . 2010-06-11 05:46 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-11 05:46 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-24 17:04 . 2010-05-24 17:04 1 ----a-w- c:\users\Patch\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-27 15:16 . 2010-07-31 06:24 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2010-05-31 353736]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-22 538744]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 34352]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-03 4702208]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-05-22 413696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-25 142120]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-04-01 1180976]
"NapsterShell"="c:\program files\Napster\napster.exe" [2010-07-20 323280]
" Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240]
c:\users\Patch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-5-22 2756608]
Privoxy.lnk - f:\program files\Vidalia Bundle\Privoxy\privoxy.exe [2006-11-20 250368]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
2010-07-20 15:21 323280 ----a-w- c:\program files\Napster\napster.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite for Smartphones]
2007-12-25 12:53 548864 ----a-r- c:\program files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2007-04-03 14:52 509496 ----a-w- c:\program files\TOSHIBA\SmoothView\SmoothView.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2009-09-24 13:41 434176 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration]
2007-05-04 11:05 571024 ----a-w- c:\program files\TOSHIBA\Registration\ToshibaRegistration.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-05-14 13:55 37888 ----a-w- c:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiSpywareOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"VistaSp2"=hex(b):87,ec,2e,dc,25,62,ca,01
R0 ntcdrdrv;ntcdrdrv;c:\windows\system32\DRIVERS\ntcdrdrv.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 135664]
R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe [x]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R2 prtgwatchservice;PRTG Watchdog;c:\program files\PRTG Traffic Grapher\watchdog\prtgwatchdog.exe [2006-07-26 443904]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
R3 cpuz130;cpuz130;c:\users\Smiley\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]
R3 DrmCDriverV32;DrmCDriverV32;c:\windows\system32\drivers\DrmCDriverV32.sys [2008-06-04 23096]
R3 DrmCVideo32;DrmCVideo32;c:\windows\system32\DRIVERS\DrmCVideo32.sys [2008-06-04 3768]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2009-09-18 13224]
R3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\DRIVERS\Gt51Ip.sys [2009-04-09 106624]
R3 GT72UBUS;GT 72 U BUS;c:\windows\system32\DRIVERS\gt72ubus.sys [2009-04-09 59648]
R3 GTUQBUS;GT UQ BUS;c:\windows\system32\DRIVERS\gtuqbus.sys [2007-09-19 37120]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-04-27 83496]
R3 MovRVDrv32;MovRVDrv32;c:\windows\system32\DRIVERS\MovRVDrv32.sys [2008-06-04 3768]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-12-30 137344]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-12-30 8320]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2008-01-19 21504]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2008-11-04 86696]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2008-11-04 15016]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2008-11-04 114472]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2008-11-04 108328]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2008-11-04 26024]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2008-11-04 104616]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2008-11-04 109736]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [x]
R3 wsvad_driver;Daniusoft Audio Device;c:\windows\system32\drivers\VirtualAudio.sys [2008-05-28 20352]
R4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [x]
R4 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [x]
S0 CplIR;Embedded IR Driver;c:\windows\system32\DRIVERS\CplIR.SYS [2007-03-06 14848]
S0 vburner;vburner;c:\windows\system32\DRIVERS\vburner.sys [2008-01-08 17408]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-04-27 64304]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-04-27 160720]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2009-01-19 277544]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2010-03-26 93320]
S2 McMPFSvc;McAfee Personal Firewall;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2009-12-14 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2009-12-14 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-04-27 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-04-27 141792]
S2 PRTGService;PRTG Service;c:\program files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe [2008-07-08 3941704]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\Toshiba TEMPRO\TemproSvc.exe [2009-04-21 116104]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-04-20 9216]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-04-27 55456]
S3 LTXMD_VAC;Litex Media Virtual Audio Cable (WDM);c:\windows\system32\drivers\lmvac.sys [2008-06-30 18912]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-04-27 312616]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
--- Andere Dienste/Treiber im Speicher ---
*Deregistered* - mfeavfk01
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-07-18 15:53 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
2008-02-25 09:55 7680 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
2010-08-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-16 10:47]
2010-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 08:55]
2010-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 08:55]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://mystart.incredimail.com/
uInternet Settings,ProxyOverride = *.local
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - eBay: Neue und gebrauchte Elektronikartikel, Autos, Kleidung, Sammlerstücke, Sportartikel und mehr ? alles zu günstigen Preisen
Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath - c:\users\Smiley\AppData\Roaming\Mozilla\Firefox\Profiles\8o88g7y4.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.web.de/
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npstrlnk.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\ProtectDisc\License Helper\NPPDLicenseHelper.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: f:\program files\Opera\program\plugins\npqtplugin.dll
FF - plugin: f:\program files\Opera\program\plugins\npqtplugin2.dll
FF - plugin: f:\program files\Opera\program\plugins\npqtplugin3.dll
FF - plugin: f:\program files\Opera\program\plugins\npqtplugin4.dll
FF - plugin: f:\program files\Opera\program\plugins\npqtplugin5.dll
FF - plugin: f:\program files\Opera\program\plugins\npqtplugin6.dll
FF - plugin: f:\program files\Opera\program\plugins\npqtplugin7.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-08-17 13:03
Windows 6.0.6002 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{1e1bb942-bbf7-4fc7-8177-79c99a8f3bf0}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:1200037a
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{7e7b5212-853a-420e-bec5-bef1c8dca848}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07020054
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{96a19c1f-9834-4868-a803-63fc30551efa}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0e001b9e
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{e2388f1a-f2fb-4258-bf9d-daca784a68d1}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c001b38
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000
.
Zeit der Fertigstellung: 2010-08-17 13:08:31
ComboFix-quarantined-files.txt 2010-08-17 11:08
Vor Suchlauf: 13 Verzeichnis(se), 29.172.817.920 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 29.079.474.176 Bytes frei
- - End Of File - - ECFB997951AD3F1044E52074D3564323
|
|
17.08.2010, 12:31
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Internet Explorer öffnet willkürlich Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter File::
c:\windows\system32\DRIVERS\ntcdrdrv.sys
Driver::
ntcdrdrv
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.08.2010, 14:04
| #9 |
| | Internet Explorer öffnet willkürlich Habe alles so gemacht wie zuvor beschrieben. Der Rechner hat neu gestartet. Combofix war noch zu sehen und war dabei die log-Datei zu erstellen. Danach war eine Log-Datei im Editor geöffnet. Ich habe dann versucht die die combofix.txt zu öffnen. Windows meldet mit rotem X (daneben wird der Pfad der Datei angezeigt) in einem kleinen Fenster: "Es wurde versucht, einen Regestrierungsschlüssel einem unzulässigen Vorgang zu unterziehen, der zum Löschen markiert wurde." Das Selbe passiert, wenn ich versuche Opera oder Firefox zu öffnen. Ich habe die geöffnete log.txt auf Stick gespeichert und sitze am Zweitrechner. Die Firewall und die Antivierensoftware (McAfee) hat sich beim Neustart wieder aktiviert. Ich kann nicht sagen ob das zu einem Problem geführt hat. Was soll ich jetzt tun? Auch die McAfee Oberfläche lässt sich vom Desktop aus nicht öffnen (selbe Fehlermeldung), allerdings rechts aus der Taskleiste heraus Hier das Ergebnis. Combofix Logfile: Code:
ATTFilter ComboFix 10-08-16.04 - Smiley 17.08.2010 13:53:12.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2045.919 [GMT 2:00]
ausgeführt von:: c:\users\Smiley\Desktop\cofi.exe
Benutzte Befehlsschalter :: c:\users\Smiley\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FILE ::
"c:\windows\system32\DRIVERS\ntcdrdrv.sys"
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_ntcdrdrv
((((((((((((((((((((((( Dateien erstellt von 2010-07-17 bis 2010-08-17 ))))))))))))))))))))))))))))))
.
2010-08-17 12:02 . 2010-08-17 12:02 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-17 12:02 . 2010-08-17 12:02 -------- d-----w- c:\users\Patch\AppData\Local\temp
2010-08-17 12:02 . 2010-08-17 12:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-17 10:50 . 2010-08-17 11:08 -------- d-----w- C:\cofi
2010-08-17 10:21 . 2010-08-17 10:21 -------- d-----w- c:\program files\CCleaner
2010-08-17 08:15 . 2010-08-17 08:15 -------- d-----w- C:\_OTL
2010-08-16 17:37 . 2010-08-16 17:37 -------- d-----w- c:\users\Smiley\AppData\Roaming\Malwarebytes
2010-08-16 17:37 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-16 17:37 . 2010-08-16 17:37 -------- d-----w- c:\programdata\Malwarebytes
2010-08-16 17:37 . 2010-08-16 17:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-16 17:37 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-16 13:57 . 2010-08-16 13:57 -------- d-----w- c:\users\Smiley\AppData\Local\Apps
2010-08-16 13:25 . 2010-08-16 13:25 -------- d-----w- c:\users\Smiley\AppData\Roaming\Foxit Software
2010-08-16 13:05 . 2010-08-16 13:14 -------- d-----w- c:\users\Smiley\AppData\Roaming\SumatraPDF
2010-08-16 12:30 . 2010-08-16 12:30 -------- d-----w- c:\users\Smiley\AppData\Roaming\Foxit
2010-08-16 12:30 . 2010-08-16 13:31 -------- d-----w- c:\program files\Foxit Software
2010-08-12 15:58 . 2010-06-11 16:16 274944 ----a-w- c:\windows\system32\schannel.dll
2010-08-12 15:56 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-12 15:56 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-12 15:56 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-08-12 15:56 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-12 15:56 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-12 15:55 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-11 22:07 . 2010-08-11 22:11 -------- d-----w- C:\Filme
2010-08-05 23:38 . 2010-08-05 23:38 -------- d-----w- c:\program files\Vidalia Bundle
2010-07-31 06:24 . 2010-04-27 15:16 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-07-31 06:24 . 2010-04-27 15:16 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-07-31 06:24 . 2010-04-27 15:16 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-07-31 06:24 . 2010-04-27 15:16 64304 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2010-07-31 06:24 . 2010-04-27 15:16 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-07-31 06:24 . 2010-04-27 15:16 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-07-31 06:24 . 2010-04-27 15:16 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-07-31 06:24 . 2010-04-27 15:16 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-07-31 06:24 . 2010-04-27 15:16 160720 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2010-07-31 06:24 . 2010-04-27 15:16 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-17 10:40 . 2008-06-22 20:43 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-08-17 07:21 . 2008-12-03 13:01 -------- d-----w- c:\programdata\NOS
2010-08-16 21:59 . 2009-07-03 21:13 -------- d-----w- c:\users\Smiley\AppData\Roaming\Vidalia
2010-08-16 21:35 . 2009-07-03 21:13 -------- d-----w- c:\users\Smiley\AppData\Roaming\Tor
2010-08-16 17:25 . 2009-03-28 21:35 1 ----a-w- c:\users\Smiley\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-16 12:14 . 2008-11-16 11:43 -------- d-----w- c:\programdata\Google Updater
2010-08-14 15:43 . 2010-02-11 19:48 -------- d-----w- c:\program files\Microsoft Silverlight
2010-08-13 18:53 . 2006-11-02 15:33 664282 ----a-w- c:\windows\system32\perfh007.dat
2010-08-13 18:53 . 2006-11-02 15:33 142428 ----a-w- c:\windows\system32\perfc007.dat
2010-08-11 21:50 . 2009-07-22 18:36 -------- d-----w- c:\users\Smiley\AppData\Roaming\dvdcss
2010-08-11 20:55 . 2008-08-08 05:59 -------- d-----w- c:\program files\Napster
2010-08-11 20:54 . 2008-11-12 10:58 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-08-05 18:05 . 2009-01-16 23:55 -------- d-----w- c:\users\Smiley\AppData\Roaming\Azureus
2010-08-05 16:11 . 2009-01-16 23:54 -------- d-----w- c:\program files\Vuze
2010-08-05 16:11 . 2009-01-16 23:57 176 ----a-w- c:\users\Smiley\AppData\Roaming\Azureus\restart.bat
2010-07-31 12:11 . 2009-12-03 09:28 -------- d-----w- c:\program files\McAfee.com
2010-07-31 07:01 . 2009-12-03 09:28 -------- d-----w- c:\program files\McAfee
2010-07-31 07:01 . 2009-12-03 09:06 -------- d-----w- c:\programdata\McAfee
2010-07-31 07:00 . 2009-12-03 09:28 -------- d-----w- c:\program files\Common Files\McAfee
2010-07-16 13:42 . 2010-04-23 07:25 -------- d-----w- c:\users\Smiley\AppData\Roaming\vlc
2010-07-13 21:03 . 2009-07-26 19:31 -------- d-----w- c:\users\Smiley\AppData\Roaming\Skype
2010-07-13 19:28 . 2009-07-26 19:38 -------- d-----w- c:\users\Smiley\AppData\Roaming\skypePM
2010-07-12 12:59 . 2009-08-19 23:45 680 ----a-w- c:\users\Smiley\AppData\Local\d3d9caps.dat
2010-06-30 08:17 . 2010-06-30 08:17 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-06-29 20:18 . 2010-06-29 20:18 -------- d-----w- c:\program files\Microsoft
2010-06-29 20:18 . 2010-06-29 20:17 -------- d-----w- c:\program files\Windows Live
2010-06-29 20:18 . 2010-06-29 20:18 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-06-29 20:13 . 2010-06-29 20:13 -------- d-----w- c:\program files\Common Files\Windows Live
2010-06-26 06:05 . 2010-08-12 15:57 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-12 15:57 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-12 15:57 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-12 15:57 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-21 13:37 . 2010-08-12 15:57 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 17:31 . 2010-08-12 15:57 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-05-27 20:08 . 2010-08-12 15:57 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-05-26 17:06 . 2010-06-11 05:46 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-11 05:46 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-24 17:04 . 2010-05-24 17:04 1 ----a-w- c:\users\Patch\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-27 15:16 . 2010-07-31 06:24 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2010-05-31 353736]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-22 538744]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 34352]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-03 4702208]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-05-22 413696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-25 142120]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-04-01 1180976]
"NapsterShell"="c:\program files\Napster\napster.exe" [2010-07-20 323280]
" Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240]
c:\users\Patch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-5-22 2756608]
Privoxy.lnk - f:\program files\Vidalia Bundle\Privoxy\privoxy.exe [2006-11-20 250368]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
2010-07-20 15:21 323280 ----a-w- c:\program files\Napster\napster.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite for Smartphones]
2007-12-25 12:53 548864 ----a-r- c:\program files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2007-04-03 14:52 509496 ----a-w- c:\program files\TOSHIBA\SmoothView\SmoothView.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2009-09-24 13:41 434176 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration]
2007-05-04 11:05 571024 ----a-w- c:\program files\TOSHIBA\Registration\ToshibaRegistration.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-05-14 13:55 37888 ----a-w- c:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiSpywareOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"VistaSp2"=hex(b):87,ec,2e,dc,25,62,ca,01
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 135664]
R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe [x]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
R3 cpuz130;cpuz130;c:\users\Smiley\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]
R3 DrmCDriverV32;DrmCDriverV32;c:\windows\system32\drivers\DrmCDriverV32.sys [2008-06-04 23096]
R3 DrmCVideo32;DrmCVideo32;c:\windows\system32\DRIVERS\DrmCVideo32.sys [2008-06-04 3768]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2009-09-18 13224]
R3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\DRIVERS\Gt51Ip.sys [2009-04-09 106624]
R3 GT72UBUS;GT 72 U BUS;c:\windows\system32\DRIVERS\gt72ubus.sys [2009-04-09 59648]
R3 GTUQBUS;GT UQ BUS;c:\windows\system32\DRIVERS\gtuqbus.sys [2007-09-19 37120]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-04-27 83496]
R3 MovRVDrv32;MovRVDrv32;c:\windows\system32\DRIVERS\MovRVDrv32.sys [2008-06-04 3768]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-12-30 137344]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-12-30 8320]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2008-01-19 21504]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2008-11-04 86696]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2008-11-04 15016]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2008-11-04 114472]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2008-11-04 108328]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2008-11-04 26024]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2008-11-04 104616]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2008-11-04 109736]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [x]
R3 wsvad_driver;Daniusoft Audio Device;c:\windows\system32\drivers\VirtualAudio.sys [2008-05-28 20352]
R4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [x]
R4 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [x]
S0 CplIR;Embedded IR Driver;c:\windows\system32\DRIVERS\CplIR.SYS [2007-03-06 14848]
S0 vburner;vburner;c:\windows\system32\DRIVERS\vburner.sys [2008-01-08 17408]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-04-27 64304]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-04-27 160720]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2009-01-19 277544]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2010-03-26 93320]
S2 McMPFSvc;McAfee Personal Firewall;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2009-12-14 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2009-12-14 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-04-27 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-04-27 141792]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
S2 PRTGService;PRTG Service;c:\program files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe [2008-07-08 3941704]
S2 prtgwatchservice;PRTG Watchdog;c:\program files\PRTG Traffic Grapher\watchdog\prtgwatchdog.exe [2006-07-26 443904]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\Toshiba TEMPRO\TemproSvc.exe [2009-04-21 116104]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-04-20 9216]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-04-27 55456]
S3 LTXMD_VAC;Litex Media Virtual Audio Cable (WDM);c:\windows\system32\drivers\lmvac.sys [2008-06-30 18912]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-04-27 312616]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
--- Andere Dienste/Treiber im Speicher ---
*Deregistered* - mfeavfk01
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-07-18 15:53 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
2008-02-25 09:55 7680 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
2010-08-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-16 10:47]
2010-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 08:55]
2010-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 08:55]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://mystart.incredimail.com/
uInternet Settings,ProxyOverride = *.local
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - eBay: Neue und gebrauchte Elektronikartikel, Autos, Kleidung, Sammlerstücke, Sportartikel und mehr ? alles zu günstigen Preisen
Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath - c:\users\Smiley\AppData\Roaming\Mozilla\Firefox\Profiles\8o88g7y4.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.web.de/
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien:
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'Explorer.exe'(3252)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ger.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\rundll32.exe
c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\windows\system32\conime.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-08-17 14:18:13 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-08-17 12:17
ComboFix2.txt 2010-08-17 11:08
Vor Suchlauf: 17 Verzeichnis(se), 29.134.905.344 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 28.794.372.096 Bytes frei
- - End Of File - - 7E1809466EB90547B52472D4E52890C1
|
|
17.08.2010, 14:10
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Internet Explorer öffnet willkürlich Starte den Rechner nochmal neu. Ist es dann weg?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.08.2010, 14:24
| #11 |
| | Internet Explorer öffnet willkürlich Hallo, ja geht wieder alles. Ist der loggfile der Richtige? Gruß Martin |
|
17.08.2010, 14:47
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Internet Explorer öffnet willkürlich Ja, Log ist richtig. Mit CF müssen wir nicht weiter ran. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus. Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen. Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.08.2010, 19:07
| #13 |
| | Internet Explorer öffnet willkürlich GMER hat genau bis zum Speichern des Logfiles funktioniert. Mit Editor oder Open Office ist das System genau beim Speichern abgestürzt. OSAM.exe wird von McAfee einfach gelöscht, auch bei deaktiviertem Vierenscanner (klassifiziert das Programm als Trojaner). Ich musste MA deinstallieren. Laut Beschreibung von undoreal für OSAM, soll ich nach dem OSAM-Scan "Einträge deaktivieren" und das mit dem Kompetenzler abspechen oder doch erst remove.exe ausführen? Erst einmal vielen Dank bis hierhin und LG nach Bremen! hier das OSAMLog: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 Online Solutions. Complex Protection for Information Systems Saved at 19:49:21 on 17.08.2010 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Opera Software Opera Internet Browser 10.61 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "BrnStiCp.cpl" - "Brother Industries,Ltd." - C:\Windows\system32\BrnStiCp.cpl "ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl "LocalCOM.cpl" - "TOSHIBA CORPORATION" - C:\Windows\system32\LocalCOM.cpl "TOSCDSPD.cpl" - "TOSHIBA" - C:\Windows\system32\TOSCDSPD.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "ECSEPM" - "Sony Ericsson Mobile Communications AB" - C:\Program Files\Sony Ericsson\Mobile4\Mobile Phone Monitor\ecsepm.cpl "Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl "NokiaConnectionManager" - "Nokia" - C:\PROGRA~1\Nokia\NOKIAP~1\CONNEC~1.CPL "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "acedrv11" (acedrv11) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv11.sys "Advanced SCSI Programming Interface Driver" (ASPI) - ? - C:\Windows\System32\DRIVERS\ASPI32.sys "catchme" (catchme) - ? - C:\cofi20138c\catchme.sys (File not found) "Cdralw2k" (Cdralw2k) - "Sonic Solutions" - C:\Windows\system32\drivers\Cdralw2k.sys "cpuz130" (cpuz130) - ? - C:\Users\Smiley\AppData\Local\Temp\cpuz130\cpuz_x32.sys (File not found) "Daniusoft Audio Device" (wsvad_driver) - "Wondershare" - C:\Windows\System32\drivers\VirtualAudio.sys "DrmCDriverV32" (DrmCDriverV32) - "Windows (R) Codename Longhorn DDK provider" - C:\Windows\System32\drivers\DrmCDriverV32.sys "ENTECH" (ENTECH) - "EnTech Taiwan" - C:\Windows\system32\DRIVERS\ENTECH.sys "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "PCASp50 NDIS Protocol Driver" (PCASp50) - ? - C:\Windows\System32\Drivers\PCASp50.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys "SndTDriverV32" (SndTDriverV32) - "Windows (R) Codename Longhorn DDK provider" - C:\Windows\System32\drivers\SndTDriverV32.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "Touch Pad Detection Filter driver" (TpChoice) - ? - C:\Windows\System32\DRIVERS\TpChoice.sys (File not found) "vburner" (vburner) - ? - C:\Windows\System32\DRIVERS\vburner.sys (File found, but it contains no detailed information) [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" {61E3FE32-07B9-4563-A3E0-2DE2D620FE10} "PixiePack Codec Pack 0.10.6.0" - ? - C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe (File found, but it contains no detailed information) -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? - C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll (File found, but it contains no detailed information) {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {7B1CA48B-9874-4B9B-83F5-809E6FBC35E1} "4movy DVD Video Converter" - ? - (File not found | COM-object registry key not found) {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? - C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll (File found, but it contains no detailed information) {5574006C-28F5-4a65-A28C-74DE6BFBE0BB} "Haali Matroska Shell Property Page" - ? - C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll (File found, but it contains no detailed information) {327669A0-59A7-4be9-B99E-1C9F3A57611A} "Haali Matroska Thumbnail Extractor" - ? - C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll (File found, but it contains no detailed information) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" - "Nokia" - C:\Program Files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? - (File not found | COM-object registry key not found) {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll {738D66C6-0149-4D40-84E4-A7BB2D0CE949} "Sony Ericsson Datei-Manager" - "Teleca Sweden AB" - C:\Program Files\Sony Ericsson\Mobile4\File Manager\FM.dll {BBD2BACA-BEED-4307-86F7-563562FCFC13} "Sony Ericsson Datei-Manager" - "Teleca Sweden AB" - C:\Program Files\Sony Ericsson\Mobile4\File Manager\FM.dll {13D3C4B8-B179-4ebb-BF62-F704173E7448} "Windows Contact Preview Handler" - ? - (File not found | COM-object registry key not found) {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "eBay - Der weltweite Online Marktplatz" - ? - eBay: Neue und gebrauchte Elektronikartikel, Autos, Kleidung, Sammlerstücke, Sportartikel und mehr ? alles zu günstigen Preisen (HTTP value) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Smiley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "Bluetooth Manager.lnk" - "TOSHIBA CORPORATION." - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Privoxy.lnk" - "The Privoxy team - www.privoxy.org" - F:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" - "Nero AG" - "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" "IncrediMail" - "IncrediMail, Ltd." - C:\Program Files\IncrediMail\bin\IncMail.exe /c "ISUSPM" - "Macrovision Corporation" - "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler "Orb" - "Orb Networks" - "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background "PC Suite Tray" - "Nokia" - "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "00TCrdMain" - "TOSHIBA Corporation" - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe "Camera Assistant Software" - "Chicony" - "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" "HSON" - "TOSHIBA Corporation" - %ProgramFiles%\TOSHIBA\TBS\HSON.exe "IndexSearch" - "Nuance Communications, Inc." - "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" "KeNotify" - ? - C:\Program Files\TOSHIBA\Utilities\KeNotify.exe " Malwarebytes Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript "NapsterShell" - "Napster" - C:\Program Files\Napster\napster.exe /systray "PaperPort PTD" - "Nuance Communications, Inc." - "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" "PPort11reminder" - "Nuance Communications, Inc." - "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "SSBkgdUpdate" - "Nuance Communications, Inc." - "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot "StartCCC" - ? - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (File found, but it contains no detailed information) "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "TPwrMain" - "TOSHIBA Corporation" - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Toshiba Bluetooth Monitor" - "TOSHIBA CORPORATION." - C:\Windows\system32\tbtmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "ConfigFree Service" (CFSvcs) - "TOSHIBA CORPORATION" - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe "getPlus(R) Helper 3004" (nosGetPlusHelper) - ? - C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (File not found) "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe "lxdu_device" (lxdu_device) - ? - C:\Windows\system32\lxducoms.exe -service (File not found) "NBService" (NBService) - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe "NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe "Notebook Performance Tuning Service (TEMPRO)" (TemproMonitoringService) - "Toshiba Europe GmbH" - C:\Program Files\Toshiba TEMPRO\TemproSvc.exe "PRTG Service" (PRTGService) - "Paessler GmbH" - C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe "PRTG Watchdog" (prtgwatchservice) - ? - C:\Program Files\PRTG Traffic Grapher\watchdog\prtgwatchdog.exe (File found, but it contains no detailed information) "SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe "ServiceLayer" (ServiceLayer) - "Nokia" - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe "Sony Ericsson OMSI download service" (OMSI download service) - ? - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe (File found, but it contains no detailed information) "TOSHIBA Bluetooth Service" (TOSHIBA Bluetooth Service) - "TOSHIBA CORPORATION" - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe "TOSHIBA Navi Support Service" (TNaviSrv) - "TOSHIBA Corporation" - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe "TOSHIBA Optical Disc Drive Service" (TODDSrv) - "TOSHIBA Corporation" - C:\Windows\system32\TODDSrv.exe "TOSHIBA Power Saver" (TosCoSrv) - "TOSHIBA Corporation" - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe "Ulead Burning Helper" (UleadBurningHelper) - "Ulead Systems, Inc." - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe "Vodafone Mobile Connect Service" (VMCService) - "Vodafone" - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit Online Solutions :: Index |
|
17.08.2010, 19:51
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Internet Explorer öffnet willkürlichZitat:
Und ja, leider meckert McAfee bei OSAM rum  Es hätte aber eine Deaktivierung gereicht, normalerweise. Naja. Das OSAM-Log ist ok, mach bitte mit dem Bottkit-Remover weiter.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.08.2010, 20:57
| #15 |
| | Internet Explorer öffnet willkürlich Bootkit Remover Ich weis nicht was hier wichtig ist, aber aus DOS lässt sich ja nicht kopieren. Kann hier nur einen Eintrag erkennen: size: 186 GB Device Name: \\.\PhysicalDrive0 MBR Status: OK (DOS/Win32 Boot code found) ...quit... |
|
| Themen zu Internet Explorer öffnet willkürlich |
| erkenne, explorer, geschützt, home, home premium, inter, interne, internet, internet explorer, muster, premium, rechner, seite, seiten, vista, vista home premium, werbung, willkürlich, öffnet, öffnet automatisch |
Linear-Darstellung
