| |
| |||||||
Log-Analyse und Auswertung: Virus oder Trojaner? Browser reagieren nicht oder verzögert.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
17.10.2010, 22:24
| #1 |
 |  Virus oder Trojaner? Browser reagieren nicht oder verzögert. Hallo Gemeinde, ich habe mich angemeldet weil es mich wohl nun nach "vielen jahren" mit Glück wohl nun auch irgendwie erwischt hat. Da ich einen highjackthis check gemacht habe denke ich das es hier zu posten richtig ist. Hier also mein Problem einmal geschildert. Seit gestern habe ich ein Problem mit meinen Browsern (Firefox und Opera) sowie auch mit Outlook (andere Programme habe ich nicht weiter gestestet). Firefox reagiert nicht mehr.Wenn es dann doch mal aufgeht dann kommt kurze zeit später "keine Rückmeldung" und es "friert ein". Opera bringt mir die "Keine Rückmeldung" auch ab und an, arbeitet aber dann nach kurzer Pause weiter.Outlook brauch ewig bis überhaupt mal was passiert.Ich hatte alles gestern mit "Malewarebytes" gecheckt der meldetet mir dann 2 trojaner die er dann löschte (hoffe ich doch.Ein neuer Scan zeigte dann auch nichts mehr an.Mit "Stinger" habe ich es dann auch noch einmal gecheckt, es kam keine Meldung.Nun habe ich noch mal mit highjackthis einen scan gemacht und stelle den hier mal rein. Vielleicht kann mir dort einer mal sagen, ob da was faul ist. Ich verstehe von diesen ganzen zahlencombis nichts Sollte ich vielleicht mittels einen damaligen Wiederherstellungspunkt das System zurücksetzen? Wäre für jede Hilfe dankbar. Mein Betriebssystem ist vista.Wenn ich noch weiteres posten müßte was Ihr braucht schreibt es doch bitte. Ich habe auch Antivir 10 (welches auch nicht mehr richtig reagierte) und auch Firefox deinstalliert und beides wieder in den neuesten Versionen neu aufgespielt. Bei einem Test den ich eben noch mal machte, kam die Meldung "Windows wird in weniger als einer Minute runtergefahren, das passierte dann auch und es fuhr anschließend wieder hoch. Als ich eben Euer empfohlenes /zip downloaden wollte ging ein Fenster von Antivir mir Meldung "Trojaner Dropper,Gen. auf... Vielleicht ist dies wichtig. Von daher muß ich beide scans dann mal hinten anhängen und nicht so gut sortiert wie in anderen Postings.Ich hoffe Ihr seit mir nicht böse wegen der Länge. Malewarebytes Scan von gestern. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4851 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18975 16.10.2010 19:11:03 mbam-log-2010-10-16 (19-11-03).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 153260 Laufzeit: 10 Minute(n), 57 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\helper (Trojan.Agent) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Users\Heidi\AppData\Roaming\Helper\bin\liveu.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Heidi\AppData\Local\Temp\0.11824772379125847.exe (Trojan.Dropper) -> Quarantined and deleted successfully. und der Highkackthis Scan von heute. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:10:37, on 17.10.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18975) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe E:\iTunes\iTunesHelper.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\explorer.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Users\Heidi\Downloads\HiJackThis204.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - - (no file) R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll O1 - Hosts: ::1 localhost O2 - BHO: CBAbzockschutz.InitToolbarBHO - {2e250b90-0e7a-42a3-9d65-e39f9f227fa4} - mscoree.dll (file missing) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll O3 - Toolbar: COMPUTERBILD-Abzockschutz - {353e2a48-6254-4bd3-88f4-3b51a0ca7870} - mscoree.dll (file missing) O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "E:\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Restray] C:\Users\Heidi\AppData\Roaming\Adobe\Update\wndcor.exe O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user') O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing) O9 - Extra button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 (file missing) O9 - Extra button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - hxxp://express.foto.com/ImageUploader5.cab O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CyberGhost VPN Client (CGVPNCliSrvc) - mobile concepts GmbH - C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 8825 bytes |
|
18.10.2010, 11:05
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Virus oder Trojaner? Browser reagieren nicht oder verzögert. Gibt es noch weitere Logs von Malwarebytes? Wenn ja, bitte alle posten.
__________________
__________________ |
|
18.10.2010, 11:48
| #3 |
| | Virus oder Trojaner? Browser reagieren nicht oder verzögert. Hey Arne,
__________________ja da maleware ja die logs (Gottseidank) speichert kann ich Dir noch einige posten. Nebst einen aktuellen von heute.Aber es sind eben keine weiteren Auffälligkeiten gemeldet. Also alles auf 0 von daher....sind sie alle gleich. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4858 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18975 17.10.2010 12:00:01 mbam-log-2010-10-17 (12-00-01).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 153085 Laufzeit: 6 Minute(n), 50 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4799 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18943 12.10.2010 13:20:51 mbam-log-2010-10-12 (13-20-51).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 152402 Laufzeit: 8 Minute(n), 29 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4869 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18975 18.10.2010 12:43:31 mbam-log-2010-10-18 (12-43-31).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 153213 Laufzeit: 11 Minute(n), 36 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objek |
|
18.10.2010, 12:42
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus oder Trojaner? Browser reagieren nicht oder verzögert. Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
18.10.2010, 18:48
| #5 |
| | Virus oder Trojaner? Browser reagieren nicht oder verzögert. OTL Logfile: Code:
ATTFilter OTL logfile created on: 18.10.2010 19:07:44 - Run 1 OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\****\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18975) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 53,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 69,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 148,97 Gb Total Space | 64,69 Gb Free Space | 43,42% Space Free | Partition Type: NTFS Drive E: | 147,66 Gb Total Space | 56,75 Gb Free Space | 38,43% Space Free | Partition Type: NTFS Computer Name: ****-PC | User Name: **** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Heidi\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Opera\opera.exe (Opera Software) PRC - C:\Programme\S.A.D\CyberGhost VPN\CGVPNCliService.exe (mobile concepts GmbH) PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft) PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Search Settings\SearchSettings.exe (Spigot, Inc.) PRC - C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - c:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) PRC - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - c:\Programme\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation) PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\****\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (CGVPNCliSrvc) -- C:\Programme\S.A.D\CyberGhost VPN\CGVPNCliService.exe (mobile concepts GmbH) SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) SRV - (GoogleDesktopManager) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) SRV - (TNaviSrv) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (TosCoSrv) -- c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (TOSHIBA SMART Log Service) -- c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation) SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH) DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project) DRV - (ACEDRV07) -- C:\Windows\System32\drivers\ACEDRV07.sys (Protect Software GmbH) DRV - (VClone) -- C:\Windows\System32\drivers\VClone.sys (Elaborate Bytes AG) DRV - (s3117obex) -- C:\Windows\System32\drivers\s3117obex.sys (MCCI Corporation) DRV - (s3117mdfl) -- C:\Windows\System32\drivers\s3117mdfl.sys (MCCI Corporation) DRV - (s3117mdm) -- C:\Windows\System32\drivers\s3117mdm.sys (MCCI Corporation) DRV - (s3117unic) Sony Ericsson Device 3117 USB Ethernet Emulation SEMC3117 (WDM) -- C:\Windows\System32\drivers\s3117unic.sys (MCCI Corporation) DRV - (s3117mgmt) Sony Ericsson Device 3117 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s3117mgmt.sys (MCCI Corporation) DRV - (s3117nd5) Sony Ericsson Device 3117 USB Ethernet Emulation SEMC3117 (NDIS) -- C:\Windows\System32\drivers\s3117nd5.sys (MCCI Corporation) DRV - (s3117bus) Sony Ericsson Device 3117 driver (WDM) -- C:\Windows\System32\drivers\s3117bus.sys (MCCI Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (RTL8187B) -- C:\Windows\System32\drivers\rtl8187B.sys (Realtek Semiconductor Corporation ) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation) DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.) DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (s125mgmt) Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s125mgmt.sys (MCCI Corporation) DRV - (s125obex) -- C:\Windows\System32\drivers\s125obex.sys (MCCI Corporation) DRV - (s125mdm) -- C:\Windows\System32\drivers\s125mdm.sys (MCCI Corporation) DRV - (s125mdfl) -- C:\Windows\System32\drivers\s125mdfl.sys (MCCI Corporation) DRV - (s125bus) Sony Ericsson Device 125 driver (WDM) -- C:\Windows\System32\drivers\s125bus.sys (MCCI Corporation) DRV - (RtlProt) -- C:\Windows\System32\drivers\RtlProt.sys (Windows (R) Codename Longhorn DDK provider) DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.) DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () DRV - (SoC PC-Camera Service) -- C:\Windows\System32\drivers\pfc027.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Search Settings\SearchSettings.dll (Spigot, Inc.) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "Kiss Official Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2371096&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.41 FF - prefs.js..extensions.enabledItems: {d49175b3-3fd8-43b8-b28e-da5d47f3c398}:1.0.29 FF - prefs.js..extensions.enabledItems: {4e5d93ac-be51-4885-95d6-60ebef828023}:2.7.2.0 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 4 FF - prefs.js..extensions.enabledItems: 9 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.16 19:54:08 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.16 19:48:12 | 000,000,000 | ---D | M] [2009.02.05 18:20:15 | 000,000,000 | ---D | M] -- C:\Users\Heidi\AppData\Roaming\mozilla\Extensions [2010.10.15 19:23:12 | 000,000,000 | ---D | M] -- C:\Users\Heidi\AppData\Roaming\mozilla\Firefox\Profiles\ri7wbk4w.default\extensions [2009.09.06 12:47:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\ri7wbk4w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.08.18 20:06:20 | 000,000,000 | ---D | M] (Kiss Official Toolbar) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\ri7wbk4w.default\extensions\{4e5d93ac-be51-4885-95d6-60ebef828023} [2010.08.18 20:06:20 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\ri7wbk4w.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.06.25 15:18:57 | 000,000,000 | ---D | M] (COMPUTERBILD-Abzockschutz) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\ri7wbk4w.default\extensions\{d49175b3-3fd8-43b8-b28e-da5d47f3c398} [2010.09.30 19:13:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\ri7wbk4w.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2010.03.16 09:09:29 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\ri7wbk4w.default\extensions\firefox@tvunetworks.com [2009.08.18 03:35:34 | 000,000,888 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\FireFox\Profiles\ri7wbk4w.default\searchplugins\conduit.xml [2010.10.09 23:41:50 | 000,000,944 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\FireFox\Profiles\ri7wbk4w.default\searchplugins\icqplugin.xml [2010.10.09 23:41:51 | 000,001,582 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\FireFox\Profiles\ri7wbk4w.default\searchplugins\kiss.xml [2010.10.16 19:48:19 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2009.09.26 17:20:57 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.09.14 23:32:39 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.09.14 23:32:39 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.09.14 23:32:39 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.09.14 23:32:39 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.09.14 23:32:39 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Search Settings\SearchSettings.dll (Spigot, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [SearchSettings] C:\Programme\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Restray] C:\Users\****\AppData\Roaming\Adobe\Update\wndcor.exe () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe File not found O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab (EPUImageControl Class) O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://express.foto.com/ImageUploader5.cab (Image Uploader Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} hxxp://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control) O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab (EPUImageControl Class) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Users\****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{0f9fbd13-6f9c-11df-825f-f2ad05f9b242}\Shell\AutoRun\command - "" = D:\ O33 - MountPoints2\{0f9fbd13-6f9c-11df-825f-f2ad05f9b242}\Shell\open\Command - "" = rundll32.exe .\\dxtranh.dll,InstallM O33 - MountPoints2\{39bc2eb2-d034-11de-9d4b-b2c1dd1073cc}\Shell - "" = AutoRun O33 - MountPoints2\{39bc2eb2-d034-11de-9d4b-b2c1dd1073cc}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found O33 - MountPoints2\{4c1bde4e-67ee-11df-9a14-cc67e390204e}\Shell\AutoRun\command - "" = D:\InstallTomTomHOME.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.10.16 20:14:00 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010.10.16 20:13:59 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys [2010.10.16 20:13:58 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys [2010.10.16 20:13:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2010.10.16 18:56:36 | 000,000,000 | ---D | C] -- C:\Users\Heidi\AppData\Roaming\Helper [2010.10.13 16:11:54 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2010.10.13 16:11:41 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll [2010.10.13 16:11:33 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll [2010.10.13 16:11:30 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2010.10.13 16:11:29 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2010.10.13 16:11:29 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.10.13 16:11:29 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2010.10.13 16:11:28 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.10.13 16:11:28 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.10.13 16:11:28 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.10.13 16:11:28 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.10.13 16:11:28 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2010.10.13 16:11:28 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.10.13 16:11:28 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010.10.13 16:11:28 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2010.10.13 16:11:28 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2010.10.13 16:11:28 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2010.10.13 16:11:28 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.10.13 16:11:28 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.10.13 16:11:28 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010.10.13 16:11:24 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll [2010.10.13 16:11:24 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll [2010.10.13 16:11:22 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll [2010.10.13 16:11:21 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll [2010.10.13 16:11:20 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.10.12 20:20:47 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\MAGIX_Video_easy_HD_Download-Version [2010.10.12 17:31:45 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\MAGIX Downloads [2010.10.12 17:21:46 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\Eigene Diashows [2010.10.12 17:21:45 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\mresreg [2010.10.12 17:21:27 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\IN-MEDIAKG [2010.10.12 17:20:20 | 000,000,000 | ---D | C] -- C:\Programme\mresreg [2010.09.29 13:34:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2008.11.09 14:44:18 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Heidi\AppData\Roaming\pcouffin.sys [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.10.18 19:05:26 | 000,664,282 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.10.18 19:05:26 | 000,625,582 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.10.18 19:05:26 | 000,142,622 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.10.18 19:05:26 | 000,117,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.10.18 19:03:45 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.10.18 19:03:45 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.10.18 19:03:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.10.18 12:17:43 | 2136,961,024 | -HS- | M] () -- C:\hiberfil.sys [2010.10.18 11:42:59 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.10.17 22:12:13 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7E1320E0-5882-4AE1-A589-7CB4C66FD46D}.job [2010.10.16 20:16:28 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.10.16 19:54:12 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat [2010.10.16 19:49:00 | 000,001,729 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010.10.15 19:17:48 | 000,139,776 | ---- | M] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.10.13 22:48:09 | 000,000,719 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk [2010.10.13 22:33:32 | 000,476,824 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.10.12 22:30:30 | 000,000,577 | ---- | M] () -- C:\Users\Public\Desktop\YouTube Downloader.lnk [2010.10.12 20:20:26 | 000,000,972 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Video easy HD Download-Version.lnk [2010.09.26 15:48:05 | 000,000,809 | ---- | M] () -- C:\Users\****\Desktop\CCleaner.lnk [2010.09.22 17:45:58 | 000,043,008 | ---- | M] () -- C:\Users\****\Documents\Gothenburg bis Frederikshaven Fahrpläne.doc [2010.09.22 10:31:23 | 000,000,488 | ---- | M] () -- C:\Users\****\Desktop\Azureus.lnk [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.10.16 20:16:28 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.10.16 19:54:12 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.10.16 19:49:00 | 000,001,729 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010.10.12 22:30:30 | 000,000,577 | ---- | C] () -- C:\Users\Public\Desktop\YouTube Downloader.lnk [2010.10.12 20:20:26 | 000,000,972 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX Video easy HD Download-Version.lnk [2010.09.22 17:45:57 | 000,043,008 | ---- | C] () -- C:\Users\****\Documents\Gothenburg bis Frederikshaven Fahrpläne.doc [2010.09.22 10:31:23 | 000,000,488 | ---- | C] () -- C:\Users\****\Desktop\Azureus.lnk [2009.09.24 10:18:32 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.01.23 19:32:12 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2008.12.04 21:21:44 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2008.11.09 14:45:14 | 000,000,034 | ---- | C] () -- C:\Users\****\AppData\Roaming\pcouffin.log [2008.11.09 14:44:18 | 000,087,608 | ---- | C] () -- C:\Users\****\AppData\Roaming\inst.exe [2008.11.09 14:44:18 | 000,007,887 | ---- | C] () -- C:\Users\****\AppData\Roaming\pcouffin.cat [2008.11.09 14:44:18 | 000,001,144 | ---- | C] () -- C:\Users\****\AppData\Roaming\pcouffin.inf [2008.09.19 17:48:10 | 000,000,680 | ---- | C] () -- C:\Users\****\AppData\Local\d3d9caps.dat [2008.09.19 16:37:12 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini [2008.08.18 22:02:19 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2008.08.12 16:32:11 | 000,000,093 | ---- | C] () -- C:\Users\****\AppData\Local\fusioncache.dat [2008.08.10 18:03:00 | 000,138,396 | ---- | C] () -- C:\Windows\System32\drivers\pfc027.sys [2008.08.10 18:03:00 | 000,011,170 | ---- | C] () -- C:\Windows\System32\PA207Usd.dll [2008.08.05 16:17:07 | 000,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI [2008.07.16 20:13:03 | 000,139,776 | ---- | C] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.07.11 20:47:35 | 000,000,016 | -H-- | C] () -- C:\Users\****\AppData\Roaming\mxfilerelatedcache.mxc2 [2008.07.11 20:47:35 | 000,000,016 | -H-- | C] () -- C:\Users\****\AppData\Local\mxfilerelatedcache.mxc2 [2008.07.11 16:58:55 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini [2008.07.11 16:58:55 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll [2008.07.11 16:58:55 | 000,009,480 | ---- | C] () -- C:\Windows\System32\tosmreg.ini [2008.07.11 16:58:55 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini [2008.07.11 16:56:10 | 000,131,072 | ---- | C] () -- C:\Windows\System32\EnumDevLib.dll [2008.02.22 11:34:00 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI [2008.02.18 17:58:18 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini [2008.02.18 17:44:09 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll [2008.02.18 17:44:09 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll [2008.02.18 17:44:09 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll [2008.02.18 17:44:09 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll [2008.02.18 17:44:09 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll [2008.02.18 17:44:09 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll [2008.02.18 16:57:01 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.02.18 16:55:43 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll [2008.02.18 16:55:43 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2008.02.18 16:55:43 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll [2008.02.18 16:55:43 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll [2007.04.27 10:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini ========== Alternate Data Streams ========== @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:1493A0EF < End of report > und der komplette von malewarebytes. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4870 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18975 18.10.2010 16:07:54 mbam-log-2010-10-18 (16-07-54).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|) Durchsuchte Objekte: 308051 Laufzeit: 2 Stunde(n), 16 Minute(n), 43 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) |
|
18.10.2010, 18:54
| #6 |
| | Virus oder Trojaner? Browser reagieren nicht oder verzögert. sorry. ich vergaß den 2.OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 18.10.2010 19:07:44 - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\****\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 53,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,97 Gb Total Space | 64,69 Gb Free Space | 43,42% Space Free | Partition Type: NTFS
Drive E: | 147,66 Gb Total Space | 56,75 Gb Free Space | 38,43% Space Free | Partition Type: NTFS
Computer Name: ****-PC | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15665376-7C92-49F5-AE7A-6D6C2E8E9A3E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{1624271E-21B2-4DCE-B9CB-46818B8887F1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2371D7A8-E4C6-4CA1-B9FC-556ACD5DD638}" = lport=138 | protocol=17 | dir=in | app=system |
"{2BE8B268-5474-4EA9-A215-B7E08DF87BD4}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{46A876DC-2210-4487-AE4F-0ECE1C6C5DE9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{70BA0F4A-7519-493E-A224-F5333340E045}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{875CDF65-47D2-43E2-8AC2-48CB4A288B50}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8F398D06-7BAF-48C4-890F-C0186E9A2971}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{922A58BF-7A3B-4BD3-801B-EB52503B235C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{92EE1580-31CA-41AF-8178-1B9891438361}" = lport=137 | protocol=17 | dir=in | app=system |
"{9B7251BF-D416-4A9A-BE62-AA62B89E38C0}" = rport=138 | protocol=17 | dir=out | app=system |
"{B32CB095-B7E5-410E-BDAB-B0957472C92A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C80CBEB4-98B3-43AB-8829-9D31750DF863}" = lport=139 | protocol=6 | dir=in | app=system |
"{C91B2774-8011-430B-A43E-9F1529EB660F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CF9B9451-9D88-4399-873F-632F80B1F88E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E360D09D-110E-4044-A29A-6247064FBE69}" = rport=139 | protocol=6 | dir=out | app=system |
"{ECDA54DB-AE61-4B83-83DE-9983361C0FA8}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{EE2686D8-15D5-4F46-9BE7-2DAD93E9BAC7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F44BC341-7076-49FC-8EC5-5DA48E16011E}" = rport=137 | protocol=17 | dir=out | app=system |
"{FA5B4B61-B6E0-4346-8D40-B68E6BD8A8FB}" = rport=445 | protocol=6 | dir=out | app=system |
"{FE018387-5A06-42B6-A53A-FB10AE190552}" = lport=445 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DB73C9F-B27C-445F-8227-FA3DE087326D}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{1295B6AD-3365-4813-A8FD-16E183BAEDF4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{18F77621-1CBC-41DB-AC71-44B5A70FE2B8}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{205C5ED6-E2DD-4206-97A2-97C070CDC5FE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{245E8BAC-2451-4BC7-A166-6A86A8D50F43}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{28726B54-F8F8-4BC1-8095-200D37825C96}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{321F6575-6321-4D2B-A31A-AA489375C465}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3281B8EE-EBAC-498F-9ED2-D6170302A6AE}" = protocol=17 | dir=in | app=e:\itunes\itunes.exe |
"{368C56A1-B0F2-41E8-80C1-F519F5450096}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3E858664-19A6-4094-AB09-602F95B1DF9C}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{43EFD37A-1426-4E0D-9124-8DF7E5A3194C}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{4816E587-2555-4297-8B07-9E527969A8D2}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{4C7E94DA-75CF-4517-B541-21431BBBA83A}" = protocol=6 | dir=in | app=e:\itunes\itunes.exe |
"{5529FF12-2712-4282-A6DD-2062E9E07790}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{607D4D52-0933-4EAB-9389-604C030999AF}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{6101D752-C60C-41AE-BF37-8282003EED5C}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{74837E45-491A-4662-8E3D-506765266786}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{77EA3867-ADF6-4B7B-B62A-4E9848B31672}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{86EAC92A-6CF3-4428-9F2E-991EA287930A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{890C7056-FC7C-4A75-857E-0B1282A1BABE}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{9EC96613-59B4-4EB6-AEFD-0921DF2DE2F7}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{A6646765-2B6A-4F5B-A902-4973A7FB18C9}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{A8E84442-ADCA-48AF-8360-720341EA0BEC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{ADA26154-5E41-426A-B595-62438C216943}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{B5D67DEB-225F-4AFA-8E05-E05878D6B59A}" = protocol=6 | dir=in | app=f:\alicesetup.exe |
"{BF0A94C5-CEFA-4CB1-947F-CFC9E2B9D318}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C32A1107-78EF-4C8C-B936-FB567FA3BF08}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{D0CB5267-1074-451C-B5E2-D915E69F8519}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D1E98311-B2E1-46CE-A3AB-FFC794238591}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{D2D5CFC6-A2EB-4BC2-94BA-9DB02DF9709E}" = protocol=17 | dir=in | app=f:\alicesetup.exe |
"{D721E953-8521-4942-B57A-48378D8F6785}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D73E7EC0-27CF-4325-BD66-2F07BFBD0C35}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D828BAB7-80BA-402A-B788-C5A1FFC174F3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DA4DBEB5-D660-4AFE-9381-FB6EEA257524}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{E0770C9C-9983-4AC3-BEE9-23A3175A7082}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{E256CEEA-CE18-4A58-93CD-C0A2FB5F1A23}" = protocol=6 | dir=in | app=e:\itunes\itunes.exe |
"{E585B0DF-5AD5-410A-9E29-ED66900E563F}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{E9051317-D1E0-4022-A446-D5226F99C10E}" = protocol=17 | dir=in | app=e:\itunes\itunes.exe |
"{FD3BBD6F-CC3F-4A99-8BC8-C6F75689890A}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"TCP Query User{1EE60D8D-A002-4F12-9063-ABC4CA0C6B8B}E:\azureus\azureus.exe" = protocol=6 | dir=in | app=e:\azureus\azureus.exe |
"TCP Query User{2CB0ECBB-E7D7-40AB-B388-6EBD3BFD6067}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{438D1DB0-5FE8-42DC-90FD-052539882B1B}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{48DC171D-F599-4D64-AC64-A314C5050756}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{532A54C7-E9F7-407F-862E-0CD71F55E76F}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{5E3C3E24-A22D-4FA2-AC2C-9BD780891297}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{67F21BEF-5C15-4D87-A673-A4508D533D46}E:\dc++\dcplusplus.exe" = protocol=6 | dir=in | app=e:\dc++\dcplusplus.exe |
"TCP Query User{6F6C5951-D8D4-4A17-84E7-B5888DABD662}C:\program files\java\jre1.6.0_07\launch4j-tmp\jdownloader.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_07\launch4j-tmp\jdownloader.exe |
"TCP Query User{779E42F3-D0C0-44E7-8C78-C2DEB87B6A8A}E:\azureus\azureus.exe" = protocol=6 | dir=in | app=e:\azureus\azureus.exe |
"TCP Query User{924409C8-1A60-4529-9FED-40039B7ECA86}C:\program files\java\jre1.6.0_07\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_07\bin\javaw.exe |
"TCP Query User{CE50CD96-9C9A-4A1F-B3D2-D4C23DF3AD96}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{CFA88BEA-EE47-4C39-BC07-0D36040BD738}C:\ccproxy\ccproxy.exe" = protocol=6 | dir=in | app=c:\ccproxy\ccproxy.exe |
"TCP Query User{DD1B27B8-EA71-4F6D-9A17-80E39FF977E9}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{E2846E24-4CE8-4C7E-8DD9-5FF75EDE6190}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{E2DAAF93-82A8-44F8-A615-FF1CAC9125AE}E:\dc++\dcplusplus.exe" = protocol=6 | dir=in | app=e:\dc++\dcplusplus.exe |
"TCP Query User{E43F3E8F-CBA4-4A72-B78D-BFA7F0CDC356}C:\program files\windows media-komponenten\encoder\wmenc.exe" = protocol=6 | dir=in | app=c:\program files\windows media-komponenten\encoder\wmenc.exe |
"TCP Query User{E6D94095-7A83-4D22-A275-168B22EEAE19}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{172D89F3-82BC-4E41-86AE-F748C23167C0}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{3B8EE8CA-F951-4673-8AEB-170D46BC807D}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{54040202-30D5-4C89-BC91-695C6E29FCFF}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{67143DC9-6410-4656-8851-4A40597EFEB6}C:\program files\java\jre1.6.0_07\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_07\bin\javaw.exe |
"UDP Query User{7E340118-7026-4B75-8422-A2B3ED87C4EA}E:\dc++\dcplusplus.exe" = protocol=17 | dir=in | app=e:\dc++\dcplusplus.exe |
"UDP Query User{8CE0CB90-AC9B-4439-A435-E18671C7C244}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{90C7ADB0-81D5-47EA-9E89-E849ACBFB276}C:\program files\java\jre1.6.0_07\launch4j-tmp\jdownloader.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_07\launch4j-tmp\jdownloader.exe |
"UDP Query User{96DBDB37-26B6-4F0B-B9B6-BBE92D239056}E:\azureus\azureus.exe" = protocol=17 | dir=in | app=e:\azureus\azureus.exe |
"UDP Query User{97625CF4-7350-41E0-90AA-6A231EA33C5A}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{B82B4BFA-453B-404C-846A-8FF016E78FE7}C:\program files\windows media-komponenten\encoder\wmenc.exe" = protocol=17 | dir=in | app=c:\program files\windows media-komponenten\encoder\wmenc.exe |
"UDP Query User{BE664344-CC4C-4325-BC02-01A89E95F4FA}E:\azureus\azureus.exe" = protocol=17 | dir=in | app=e:\azureus\azureus.exe |
"UDP Query User{D3C9A219-2CFC-43F4-8D57-5E7BF1F63675}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{D5EFA0C9-82E4-4C39-9137-1E9CC768C2D4}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{DF3E35C8-8960-40A6-A6E3-736FAD937537}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{E0DDC82E-D054-49D5-9A3A-12847537A8B9}C:\ccproxy\ccproxy.exe" = protocol=17 | dir=in | app=c:\ccproxy\ccproxy.exe |
"UDP Query User{E59DE80F-8566-4575-B6E3-68978C2FA982}E:\dc++\dcplusplus.exe" = protocol=17 | dir=in | app=e:\dc++\dcplusplus.exe |
"UDP Query User{EE2DC59B-15A6-4CFD-AA49-26931EA2F21C}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02CA24DD-C8B0-4280-BE53-7862869C2EB1}" = Realtek WiFi Protected Setup Library
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP520_series" = Canon MP520 series
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{18DC1F9A-15B9-4707-A9CD-C2F66239261E}" = COMPUTERBILD-Abzockschutz
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56995235-B76E-44A6-BA17-8FF13D3F907A}" = TOSHIBA Benutzerhandbücher
"{5741E9DB-5BE4-4446-9D03-E5F228ACC920}" = MAGIX Speed burnR (MSI)
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5F05C28D-DEA9-4AD6-A73A-064175988EAB}" = Search Settings v1.2.3
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{87CC8013-56D1-43E1-A0A5-AD406B4EBA95}" = Opera 10.63
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{895722FE-25FE-4854-95AC-B0C42F9DBEDA}" = REALTEK RTL8187B Wireless LAN Driver
"{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1031}" = Nero 8
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91473F13-F4E2-4140-9AD7-F3657C68D1A9}" = MAGIX Video easy HD Download-Version
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9665B325-3F96-11D6-A1FA-000374890932}" = TuneUp Utilities 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F5C1ED8-F249-45D4-84FA-D88F813F9651}" = MAGIX Screenshare
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audiograbber" = Audiograbber 1.83 SE
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Azureus" = Azureus
"Canon MP520 series Benutzerregistrierung" = Canon MP520 series Benutzerregistrierung
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2C06&SUBSYS_14F10000" = HDAUDIO Soft Data Fax Modem with SmartCP
"CyberGhost VPN_is1" = CyberGhost VPN Patch 4.5.20 PrePatch
"DC++" = DC++ 0.674
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.7.2
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Foxit Reader" = Foxit Reader
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"FreePDF_XP" = FreePDF XP (Remove only)
"Google Desktop" = Google Desktop
"GPL Ghostscript 8.62" = GPL Ghostscript 8.62
"GPL Ghostscript Fonts" = GPL Ghostscript Fonts
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"MAGIX Digital Foto Maker SE D" = MAGIX Digital Foto Maker SE 4.1.0.835 (D)
"MAGIX Foto Suite D" = MAGIX Foto Suite 1.12.0.89 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"MAGIX_MSI_Video_easy_2" = MAGIX Video easy HD Download-Version
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"Orb" = Winamp Remote
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"ratDVD" = ratDVD 0.78.1444
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Switch" = Switch Sound File Converter
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Video Converter 3" = Video Converter 3
"VLC media player" = VideoLAN VLC media player 0.8.6i
"Winamp" = Winamp
"WinAVI Video Converter_is1" = WinAVI Video Converter
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"xp-AntiSpy" = xp-AntiSpy 3.96-8
"Yahoo! Messenger" = Yahoo! Messenger
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 22.11.2009 05:01:08 | Computer Name = ****-PC | Source = WinMgmt | ID = 10
Description =
Error - 22.11.2009 14:16:17 | Computer Name = ****-PC | Source = WinMgmt | ID = 10
Description =
Error - 23.11.2009 03:53:27 | Computer Name = ****-PC | Source = WinMgmt | ID = 10
Description =
Error - 23.11.2009 13:56:38 | Computer Name = ****-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 24.11.2009 05:04:48 | Computer Name = ****-PC | Source = WinMgmt | ID = 10
Description =
Error - 25.11.2009 04:30:20 | Computer Name = ****-PC | Source = WinMgmt | ID = 10
Description =
Error - 25.11.2009 10:05:43 | Computer Name = ****-PC | Source = WinMgmt | ID = 10
Description =
Error - 25.11.2009 13:32:28 | Computer Name = ****-PC | Source = WinMgmt | ID = 10
Description =
Error - 26.11.2009 03:48:55 | Computer Name = ****-PC | Source = WinMgmt | ID = 10
Description =
Error - 26.11.2009 07:29:15 | Computer Name = ****-PC | Source = WinMgmt | ID = 10
Description =
[ OSession Events ]
Error - 09.11.2008 05:05:33 | Computer Name = ****-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 35
seconds with 0 seconds of active time. This session ended with a crash.
Error - 11.03.2010 10:08:29 | Computer Name = ****-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.
Error - 22.03.2010 16:03:03 | Computer Name = ****-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.
Error - 23.03.2010 13:54:30 | Computer Name = ****-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 625
seconds with 60 seconds of active time. This session ended with a crash.
Error - 23.05.2010 04:37:37 | Computer Name = ****-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1244
seconds with 120 seconds of active time. This session ended with a crash.
Error - 24.05.2010 16:03:38 | Computer Name = ****-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 13.10.2010 11:10:28 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 13.10.2010 11:10:28 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 13.10.2010 11:10:52 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 13.10.2010 11:10:52 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 13.10.2010 11:11:08 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 13.10.2010 11:11:08 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 14.10.2010 17:35:03 | Computer Name = ****-PC | Source = DCOM | ID = 10010
Description =
Error - 16.10.2010 03:54:10 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 16.10.2010 14:16:48 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7006
Description =
Error - 18.10.2010 13:03:41 | Computer Name = ****-PC | Source = DCOM | ID = 10010
Description =
< End of report >
|
|
18.10.2010, 19:03
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus oder Trojaner? Browser reagieren nicht oder verzögert. Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Kiss Official Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2371096&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
O4 - HKCU..\Run: [Restray] C:\Users\****\AppData\Roaming\Adobe\Update\wndcor.exe ()
O33 - MountPoints2\{0f9fbd13-6f9c-11df-825f-f2ad05f9b242}\Shell\AutoRun\command - "" = D:\
O33 - MountPoints2\{0f9fbd13-6f9c-11df-825f-f2ad05f9b242}\Shell\open\Command - "" = rundll32.exe .\\dxtranh.dll,InstallM
O33 - MountPoints2\{39bc2eb2-d034-11de-9d4b-b2c1dd1073cc}\Shell - "" = AutoRun
O33 - MountPoints2\{39bc2eb2-d034-11de-9d4b-b2c1dd1073cc}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{4c1bde4e-67ee-11df-9a14-cc67e390204e}\Shell\AutoRun\command - "" = D:\InstallTomTomHOME.exe -- File not found
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:1493A0EF
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.10.2010, 19:12
| #8 |
| | Virus oder Trojaner? Browser reagieren nicht oder verzögert. okay, also die sterne wieder rückgängig machen.hoffentlich entdecke ich die alle.sonst mach ich nen neuen scan. das ging ja relativ zügig. |
|
18.10.2010, 19:17
| #9 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus oder Trojaner? Browser reagieren nicht oder verzögert.Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.10.2010, 19:30
| #10 |
| | Virus oder Trojaner? Browser reagieren nicht oder verzögert. och naja der scan ging ja fix. das die neue meldung. All processes killed ========== OTL ========== Prefs.js: "ICQ Search" removed from browser.search.defaultenginename Prefs.js: "Kiss Official Customized Web Search" removed from browser.search.defaultthis.engineName Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2371096&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl Prefs.js: "chr-greentree_ff&type=867034" removed from browser.search.param.yahoo-fr Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Restray deleted successfully. File C:\Users\****\AppData\Roaming\Adobe\Update\wndcor.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0f9fbd13-6f9c-11df-825f-f2ad05f9b242}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f9fbd13-6f9c-11df-825f-f2ad05f9b242}\ not found. File D:\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0f9fbd13-6f9c-11df-825f-f2ad05f9b242}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f9fbd13-6f9c-11df-825f-f2ad05f9b242}\ not found. File rundll32.exe .\\dxtranh.dll,InstallM not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{39bc2eb2-d034-11de-9d4b-b2c1dd1073cc}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39bc2eb2-d034-11de-9d4b-b2c1dd1073cc}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{39bc2eb2-d034-11de-9d4b-b2c1dd1073cc}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39bc2eb2-d034-11de-9d4b-b2c1dd1073cc}\ not found. File G:\LaunchU3.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c1bde4e-67ee-11df-9a14-cc67e390204e}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4c1bde4e-67ee-11df-9a14-cc67e390204e}\ not found. File D:\InstallTomTomHOME.exe not found. ADS C:\ProgramData\TEMP:1493A0EF deleted successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: Administrator ->Temp folder emptied: 34077 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->FireFox cache emptied: 4870010 bytes ->Opera cache emptied: 240 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: **** ->Temp folder emptied: 125081 bytes ->Temporary Internet Files folder emptied: 66340 bytes ->Java cache emptied: 49462785 bytes ->FireFox cache emptied: 45859496 bytes ->Apple Safari cache emptied: 0 bytes ->Opera cache emptied: 0 bytes ->Flash cache emptied: 14730 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 561152 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 604 bytes %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 34264 bytes %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 1426 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 96,00 mb OTL by OldTimer - Version 3.2.15.2 log created on 10182010_202458 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
|
18.10.2010, 19:33
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus oder Trojaner? Browser reagieren nicht oder verzögert. Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.10.2010, 20:03
| #12 |
| | Virus oder Trojaner? Browser reagieren nicht oder verzögert. Kurze Zwischenfrage.ist es normal das der suchlauf nicht zu sehen ist.es öffnete sich kurz ein blaues Fenster und das war's.ich hab das gefuehl es passiert nichts.schreibe vom Handy hab also noch nichts angeruehrt. |
|
18.10.2010, 20:21
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus oder Trojaner? Browser reagieren nicht oder verzögert. Warte noch ein bisschen ab.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.10.2010, 20:44
| #14 |
| | Virus oder Trojaner? Browser reagieren nicht oder verzögert. Nichts.keinerlei Anzeige oder Geräusche das das Gerät was macht.Mist dabei hat doch alles bisher so gut funktioniert.nochmal von vorne? |
|
18.10.2010, 20:47
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus oder Trojaner? Browser reagieren nicht oder verzögert. Hm ja. Probiers aus...
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Virus oder Trojaner? Browser reagieren nicht oder verzögert. |
| ad-aware, antivir, antivir guard, avira, bho, bonjour, browser, cyberghost, desktop, ebay, firefox, helper, highjackthis, hijack, hijackthis, hängen, object, plug-in, pop-up-blocker, problem, reagiert nicht, saver, scan, senden, software, spigot, system, trojaner, uleadburninghelper, virus, windows |
Linear-Darstellung
