| |
| |||||||
Log-Analyse und Auswertung: Windows Update deaktiviert sich - hosts nicht mehr zu öffnen - Browser frieren einWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
28.10.2010, 16:10
| #1 |
 |  Windows Update deaktiviert sich - hosts nicht mehr zu öffnen - Browser frieren ein Hallo, ich habe leider ein größeres Problem bekommen, und ich befürchte, dass ich mir was eingefangen habe. Folgendes kann ich feststellen: - Firefox und IneternetExplorer frieren nach einiger Zeit meist ein. Sie lassen sich danach auch nicht mehr öffnen - dann passiert einfach gar nix, ausser dass der Prozess im taskmanager erscheint. - Wenn ich im taskmanager auf "Zeige Prozesse aller Nutzer" klicke, friert sofort der Taskmanager ein - nach einer gewissen Zeit (ca. 10-30 Min) bekomme ich plötzlich die Meldung, dass sich die automatischen Windows-Updates deaktiviert haben. Wenn ich sie wieder aktivieren will, friert das entsprechende Fenster ein. - HiJackThis meldet, dass die hosts schreibgschützt ist. Das ist tatsächlich so, aber nur manchmal - dann ich sie selbst auch noch nciht mal öffnen. Wenn ich sie mal öffnen kann, steht aber nix böses drin. - Ich habe die "Desinfec't" von der c't offline laufen lassen - wirklich was gefunden wurde jedoch nicht. Ich habe MS Security Essentals installiert - aber der hat nie was gemeldet und findet nix. Mein Rechner wird zur Zeit also nach 10-30 Minuten unbrauchbar - und ich habe keine Ahnung warum. Es ist nur eine Vermutung, dass es sich hierbei um einen Schädling handelt (wer sonst deaktiviert plötzlich die Win-Updates?) Hier das HiJackThis-Log (ich habe es wie gewünscht anonymisiert und Links unbrauchbar gemacht): Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:53:07, on 28.10.2010 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16671) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Microsoft Security Essentials\msseces.exe C:\Windows\WindowsMobile\wmdc.exe C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe C:\Program Files\Hercules\Deluxe Optical Glass\XtrCtrl.exe C:\Program Files\pdf24\pdf24.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Program Files\GMX\GMX SMS-Manager\SMSMngr.exe C:\Program Files\Sandboxie\SbieCtrl.exe C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\Program Files\Steam\Steam.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe O4 - HKLM\..\Run: [CamserviceOG] C:\Program Files\Hercules\Deluxe Optical Glass\XtrCtrl.exe /startup O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [PDFPrint] C:\Program Files\pdf24\pdf24.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [GMX SMS-Manager] C:\Program Files\GMX\GMX SMS-Manager\SMSMngr.exe O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - Global Startup: Air Mouse.lnk = C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: &Download with BitKinex - C:\Program Files\BitKinex\ieext_cp.htm O8 - Extra context menu item: &Register in BitKinex - C:\Program Files\BitKinex\ieext_reg.htm O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll O9 - Extra 'Tools' menuitem: Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware server\vsocklib.dll O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware server\vsocklib.dll O13 - Gopher Prefix: O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} (F5 Networks Dynamic Application Tunnel Control) - C:\Users\CHRIST~1\AppData\Local\Temp\f5tmp\f5tunsrv.cab O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - C:\Users\CHRIST~1\AppData\Local\Temp\IXP000.TMP\InstallerControl.cab O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - h**p://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/mjss/MJSS.cab109791.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - h**p://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - h**ps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - h**p://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - C:\Users\*****T~1\AppData\Local\Temp\f5tmp\urxhost.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: BitKinex File Transfer Service (BitKinex) - Unknown owner - C:\Program Files\BitKinex\bitkinexsvc.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: SMServer - SMServer - C:\Windows\system32\snmvtsvc.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: STSService - Unknown owner - C:\Program Files\SoundTaxi Media Suite\STSService.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe O23 - Service: VMware Host Agent (VMwareHostd) - Unknown owner - C:\Program Files\VMware\VMware Server\vmware-hostd.exe O23 - Service: VMware Server Web Access (VMwareServerWebAccess) - Apache Software Foundation - C:\Program Files\VMware\VMware Server\tomcat\bin\Tomcat6.exe O23 - Service: VMware VSS Writer (vmwriter) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmVssWriter.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 10698 bytes Falls ich was falsch gemacht haben sollte, bitte ich um Nachricht - ist das erste mal dass ich dieses Board benutze. Ich habe versucht, die "goldenen Regeln" zu befolgen ;-) Grüße ThePhantom Nachtrag: Ich habe evtl meine Flashplayer-Komponenten im Verdacht. Oft tritt das ganze auch genau dann auf, wenn ich Seiten mit Flash besuche - danach geht dann auch alles andere nicht mehr. Ich habe sie daher mal alle deinstalliert (was auch mal wieder nicht auf Anhieb ging, sondern nur nach Neustart) und sie neu installiert. Leider hat das nichts gebracht :-( Geändert von ThePhantom79 (28.10.2010 um 16:21 Uhr) Grund: Weitere Info eingefügt |
|
28.10.2010, 21:32
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Windows Update deaktiviert sich - hosts nicht mehr zu öffnen - Browser frieren ein Hallo und
__________________ Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
29.10.2010, 16:50
| #3 |
| | Windows Update deaktiviert sich - hosts nicht mehr zu öffnen - Browser frieren ein Hier schon mal die OTL-Logs:
__________________OTL Logfile: Code:
ATTFilter OTL logfile created on: 29.10.2010 17:35:57 - Run 1 OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\*****\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 195,31 Gb Total Space | 59,82 Gb Free Space | 30,63% Space Free | Partition Type: NTFS Drive D: | 292,97 Gb Total Space | 210,42 Gb Free Space | 71,82% Space Free | Partition Type: NTFS Drive E: | 390,62 Gb Total Space | 39,68 Gb Free Space | 10,16% Space Free | Partition Type: NTFS Drive J: | 7,60 Gb Total Space | 3,51 Gb Free Space | 46,20% Space Free | Partition Type: FAT32 Drive O: | 135,06 Gb Total Space | 125,65 Gb Free Space | 93,03% Space Free | Partition Type: NTFS Drive P: | 37,32 Gb Total Space | 4,17 Gb Free Space | 11,18% Space Free | Partition Type: NTFS Drive Q: | 60,50 Gb Total Space | 11,96 Gb Free Space | 19,77% Space Free | Partition Type: NTFS Computer Name: *****-PC | User Name: ***** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) PRC - C:\Programme\BitKinex\bitkinexsvc.exe () PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Air Mouse\Air Mouse\Air Mouse.exe () PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Programme\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) PRC - C:\Programme\pdf24\pdf24.exe (Geek Software GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) PRC - C:\Programme\VMware\VMware Server\tomcat\bin\tomcat6.exe (Apache Software Foundation) PRC - C:\Windows\System32\vmnat.exe (VMware, Inc.) PRC - C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.) PRC - C:\Programme\VMware\VMware Server\vmware-hostd.exe () PRC - C:\Programme\VMware\VMware Server\vmware-authd.exe (VMware, Inc.) PRC - C:\Programme\Hercules\Deluxe Optical Glass\XtrCtrl.exe (Guillemot Corporation S.A.) PRC - C:\Programme\Sandboxie\SbieCtrl.exe (tzuk) PRC - C:\Programme\Sandboxie\SbieSvc.exe (tzuk) PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe () PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\sppsvc.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.) PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) PRC - C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe (1&1 Internet AG) PRC - C:\Programme\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH) ========== Modules (SafeList) ========== MOD - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll File not found SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (BitKinex) -- C:\Program Files\BitKinex\bitkinexsvc.exe () SRV - (STSService) -- C:\Program Files\SoundTaxi Media Suite\STSService.exe () SRV - (SMServer) -- C:\Windows\System32\snmvtsvc.exe (SMServer) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (VMwareServerWebAccess) -- C:\Program Files\VMware\VMware Server\tomcat\bin\Tomcat6.exe (Apache Software Foundation) SRV - (VMware NAT Service) -- C:\Windows\System32\vmnat.exe (VMware, Inc.) SRV - (VMnetDHCP) -- C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.) SRV - (VMwareHostd) -- C:\Program Files\VMware\VMware Server\vmware-hostd.exe () SRV - (VMAuthdService) -- C:\Program Files\VMware\VMware Server\vmware-authd.exe (VMware, Inc.) SRV - (vmwriter) -- C:\Program Files\VMware\VMware Server\vmVssWriter.exe (VMware, Inc.) SRV - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (tzuk) SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe () SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (SndTAudio) -- C:\Windows\System32\drivers\SndTAudio.sys (Windows (R) Codename Longhorn DDK provider) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation) DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation) DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () DRV - (vmx86) -- C:\Windows\System32\drivers\vmx86.sys (VMware, Inc.) DRV - (vmci) -- C:\Windows\System32\drivers\vmci.sys (VMware, Inc.) DRV - (hcmon) -- C:\Windows\System32\drivers\hcmon.sys (VMware, Inc.) DRV - (VMnetuserif) -- C:\Windows\System32\drivers\vmnetuserif.sys (VMware, Inc.) DRV - (VMparport) -- C:\Windows\System32\drivers\vmparport.sys (VMware, Inc.) DRV - (VMnetBridge) -- C:\Windows\System32\drivers\vmnetbridge.sys (VMware, Inc.) DRV - (VMnetAdapter) -- C:\Windows\System32\drivers\vmnetadapter.sys (VMware, Inc.) DRV - (SbieDrv) -- C:\Programme\Sandboxie\SbieDrv.sys (tzuk) DRV - (vpcvmm) -- C:\Windows\System32\drivers\vpcvmm.sys (Microsoft Corporation) DRV - (vpcnfltr) -- C:\Windows\System32\drivers\vpcnfltr.sys (Microsoft Corporation) DRV - (vpcusb) -- C:\Windows\System32\drivers\vpcusb.sys (Microsoft Corporation) DRV - (vpcbus) -- C:\Windows\System32\drivers\vpchbus.sys (Microsoft Corporation) DRV - (vpcuxd) -- C:\Windows\System32\drivers\vpcuxd.sys (Microsoft Corporation) DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (61883) -- C:\Windows\System32\drivers\61883.sys (Microsoft Corporation) DRV - (Avc) -- C:\Windows\System32\drivers\avc.sys (Microsoft Corporation) DRV - (MSDV) -- C:\Windows\System32\drivers\msdv.sys (Microsoft Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (HCW85BDA) -- C:\Windows\System32\drivers\HCW85BDA.sys (Hauppauge Computer Works) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek Corporation ) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (L8042Kbd) -- C:\Windows\System32\drivers\L8042Kbd.sys (Logitech, Inc.) DRV - (hxctlflt) -- C:\Windows\System32\drivers\hxctlflt.sys (Guillemot Corporation) DRV - (CrystalSysInfo) -- C:\Programme\MediaCoder\SysInfo.sys () DRV - (SNPSTD3) -- C:\Windows\System32\drivers\snpstd3.sys (Sonix Co. Ltd.) DRV - (MarvinBus) -- C:\Windows\System32\drivers\MarvinBus.sys (Pinnacle Systems GmbH) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = h**p://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C2 B4 DE 60 19 75 CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: VMwareVMRC@vmware.com:2.5.0.122581 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.28 16:35:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.28 16:35:22 | 000,000,000 | ---D | M] [2010.02.01 20:24:47 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Extensions [2010.02.01 20:24:47 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Extensions\MediaCoder [2010.02.01 20:20:34 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Extensions\MediaCoder-MCEX [2010.02.01 20:22:34 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Extensions\MediaCoder-Setup-Wizard [2010.10.29 17:28:27 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\jt9kjgnv.default\extensions [2010.03.07 11:07:09 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\jt9kjgnv.default\extensions\VMwareVMRC@vmware.com [2010.10.28 14:46:35 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.04.27 20:52:46 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.05.14 19:18:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.16 18:35:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.28 14:46:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.08.16 18:52:10 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.08.16 18:52:10 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.08.16 18:52:10 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.08.16 18:52:10 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.08.16 18:52:10 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml Hosts file not found O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [CamserviceOG] C:\Program Files\Hercules\Deluxe Optical Glass\XtrCtrl.exe (Guillemot Corporation S.A.) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [PDFPrint] C:\Programme\pdf24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [USBToolTip] C:\Programme\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [GMX SMS-Manager] C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe (1&1 Internet AG) O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Programme\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (tzuk) O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: &Download with BitKinex - C:\Programme\BitKinex\ieext_cp.htm () O8 - Extra context menu item: &Register in BitKinex - C:\Programme\BitKinex\ieext_reg.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Programme\SoundTaxi\YouTubeRipper.dll () O9 - Extra 'Tools' menuitem : Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Programme\SoundTaxi\YouTubeRipper.dll () O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\VMware\VMware Server\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\VMware\VMware Server\vsocklib.dll (VMware, Inc.) O13 - gopher Prefix: missing O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} C:\Users\*****T~1\AppData\Local\Temp\f5tmp\f5tunsrv.cab (F5 Networks Dynamic Application Tunnel Control) O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} C:\Users\*****T~1\AppData\Local\Temp\IXP000.TMP\InstallerControl.cab (F5 Networks Auto Update) O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} h**p://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/mjss/MJSS.cab109791.cab () O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} h**p://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class) O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} h**ps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab (DLC Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} h**p://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} C:\Users\*****T~1\AppData\Local\Temp\f5tmp\urxhost.cab (F5 Networks Host Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - P:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{4f01cdad-c409-11df-8071-001fd0a1d2f1}\Shell - "" = AutoRun O33 - MountPoints2\{4f01cdad-c409-11df-8071-001fd0a1d2f1}\Shell\AutoRun\command - "" = I:\WD SmartWare.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.10.29 17:30:56 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe [2010.10.28 16:41:32 | 000,000,000 | ---D | C] -- C:\HiJackThis [2010.10.28 16:05:38 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Malwarebytes [2010.10.28 16:05:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.10.28 16:05:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.10.28 16:05:27 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.10.28 16:05:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.10.28 15:58:00 | 006,153,648 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\*****\Desktop\mbam-setup.exe [2010.10.28 14:46:34 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.10.28 14:46:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.10.28 14:46:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010.10.28 07:36:30 | 000,000,000 | ---D | C] -- C:\DesinfectLogs [2010.10.27 20:25:21 | 000,000,000 | ---D | C] -- C:\INFECTED [2010.10.25 16:11:52 | 000,000,000 | ---D | C] -- C:\Converted [2010.10.25 16:11:17 | 000,000,000 | ---D | C] -- C:\Programme\SoundTaxi Media Suite [2010.10.25 16:10:31 | 000,245,760 | ---- | C] (SMServer) -- C:\Windows\System32\snmvtsvc.exe [2010.10.25 16:10:30 | 000,023,096 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\SndTAudio.sys [2010.10.25 16:10:30 | 000,023,096 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\drivers\SndTAudio.sys [2010.10.25 16:10:30 | 000,014,392 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\SndTVideo.dll [2010.10.25 16:10:30 | 000,005,688 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\SndTVideo.sys [2010.10.25 16:10:28 | 000,000,000 | ---D | C] -- C:\Programme\SoundTaxi [2010.10.18 05:06:38 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.10.18 05:06:38 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.10.18 05:06:38 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.10.18 05:06:38 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.10.18 05:06:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.10.18 05:06:38 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.10.18 05:06:38 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.10.18 05:06:38 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2010.10.18 05:06:38 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010.10.18 05:06:37 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.10.18 05:06:37 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2010.10.18 05:06:32 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll [2010.10.18 05:06:27 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll [2010.10.18 05:06:27 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll [2010.10.18 05:06:21 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2010.10.18 05:06:18 | 002,327,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.10.18 05:06:16 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll [2010.10.18 05:06:16 | 000,363,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\StructuredQuery.dll [2010.10.03 08:18:47 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys [2009.11.30 15:38:32 | 000,057,344 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll [2009.11.30 15:38:32 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll ========== Files - Modified Within 30 Days ========== [2010.10.29 17:33:59 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.10.29 17:33:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.10.29 17:33:19 | 2616,053,760 | -HS- | M] () -- C:\hiberfil.sys [2010.10.29 17:29:13 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe [2010.10.28 21:15:54 | 000,001,412 | ---- | M] () -- C:\Windows\Sandboxie.ini [2010.10.28 20:00:15 | 000,731,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.10.28 20:00:15 | 000,679,632 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.10.28 20:00:15 | 000,156,688 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.10.28 20:00:15 | 000,128,014 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.10.28 19:52:31 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\Funambol Outlook Sync Client - *****.job [2010.10.28 19:05:02 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.10.28 16:56:24 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.10.28 16:56:24 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.10.28 16:05:30 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.28 15:58:19 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\*****\Desktop\mbam-setup.exe [2010.10.28 14:37:21 | 002,343,544 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.10.26 16:45:59 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.10.19 22:51:33 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2010.10.18 05:16:32 | 000,001,029 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk ========== Files Created - No Company Name ========== [2010.10.28 16:05:30 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.26 16:45:59 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.10.25 16:10:30 | 000,019,099 | ---- | C] () -- C:\Windows\System32\SndTAudio.inf [2010.10.25 16:10:30 | 000,002,577 | ---- | C] () -- C:\Windows\System32\SndTVideo.inf [2010.10.25 16:10:30 | 000,002,539 | ---- | C] () -- C:\Windows\System32\SndTVideo.cat [2010.10.25 16:10:30 | 000,002,100 | ---- | C] () -- C:\Windows\System32\SndTAudio.cat [2010.07.05 21:29:12 | 000,000,847 | ---- | C] () -- C:\Windows\wiso.ini [2010.06.18 22:44:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.06.03 15:05:46 | 000,003,456 | ---- | C] () -- C:\Users\*****\AppData\Roaming\movie_gui_builder_layout1280x720.xml [2010.05.31 18:29:52 | 000,004,226 | ---- | C] () -- C:\Users\*****\AppData\Roaming\movie_gui_builder.pref [2010.05.31 18:29:47 | 000,003,448 | ---- | C] () -- C:\Users\*****\AppData\Roaming\movie_gui_builder_layout.xml [2010.05.31 18:29:46 | 000,000,026 | ---- | C] () -- C:\Users\*****\AppData\Roaming\movie_gui_builder_sync.pref [2010.02.02 16:19:16 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2010.02.02 12:42:37 | 000,000,017 | ---- | C] () -- C:\Windows\MovingPicture.ini [2010.02.02 11:54:08 | 001,254,288 | ---- | C] () -- C:\ProgramData\__wdump.txt [2009.11.30 15:38:32 | 000,015,478 | ---- | C] () -- C:\Windows\snpstd3.ini [2009.11.25 21:52:37 | 000,009,216 | ---- | C] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.11.16 18:32:46 | 000,001,412 | ---- | C] () -- C:\Windows\Sandboxie.ini [2009.11.14 23:37:03 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2009.11.10 12:54:14 | 000,000,600 | ---- | C] () -- C:\Users\*****\AppData\Roaming\winscp.rnd [2009.10.29 16:44:50 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll [2009.10.29 16:44:50 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll [2009.10.26 18:59:26 | 000,007,597 | ---- | C] () -- C:\Users\*****\AppData\Local\resmon.resmoncfg [2009.10.26 18:35:15 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009.10.20 16:21:06 | 000,055,856 | ---- | C] () -- C:\Windows\System32\vnetinst.dll [2009.07.14 02:55:09 | 000,587,776 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [1997.06.14 13:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll < End of report > Code:
ATTFilter OTL Extras logfile created on: 29.10.2010 17:35:58 - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\*****\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 195,31 Gb Total Space | 59,82 Gb Free Space | 30,63% Space Free | Partition Type: NTFS
Drive D: | 292,97 Gb Total Space | 210,42 Gb Free Space | 71,82% Space Free | Partition Type: NTFS
Drive E: | 390,62 Gb Total Space | 39,68 Gb Free Space | 10,16% Space Free | Partition Type: NTFS
Drive J: | 7,60 Gb Total Space | 3,51 Gb Free Space | 46,20% Space Free | Partition Type: FAT32
Drive O: | 135,06 Gb Total Space | 125,65 Gb Free Space | 93,03% Space Free | Partition Type: NTFS
Drive P: | 37,32 Gb Total Space | 4,17 Gb Free Space | 11,18% Space Free | Partition Type: NTFS
Drive Q: | 60,50 Gb Total Space | 11,96 Gb Free Space | 19,77% Space Free | Partition Type: NTFS
Computer Name: *****-PC | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm Fotowelt] -- "C:\Program Files\dm Fotowelt\dm Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C58EBE-223E-4AB6-8AE9-38F27F4420BD}" = WISO Steuer 2009
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0C171CF9-E6CB-427F-B1E8-55637C603586}_is1" = FarmHelper
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{102CDCAA-A884-6DC5-9FA8-DDFF77023FF8}" = Catalyst Control Center HydraVision Full
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 22
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3DB2107E-82FE-3167-6E71-B9D44EA4FD26}" = AMD Drag and Drop Transcoding
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45A1BF92-700A-4408-B95E-79F462E3D67D}" = Studio 11 Bonus DVD
"{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Steuer 2010
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C00B132-7446-9C4D-F0D5-FC00F965B7CA}" = ccc-utility
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{566D674E-819E-75E0-ADBE-685613F73627}" = Catalyst Control Center Graphics Previews Vista
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67A1A0C5-DB63-48F5-8356-BFD6D3D7F645}" = Vasco da Gama 4 HDPro Demo
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{68D3EB18-6708-486D-B58E-A97B92713B71}" = Xelerator 2.0
"{6C7DAF94-0520-19F0-7666-8A7334714E81}" = Catalyst Control Center Graphics Full Existing
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Treiber
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77077FFF-8831-470F-9627-E86F06A50CCD}" = Avery Wizard 3.1
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84ED5482-CFB0-4DD9-BF18-489FFDACD18A}" = Microsoft Antimalware Service DE-DE Language Pack
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ULTIMATER_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ULTIMATER_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ULTIMATER_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9BDB07A4-22C8-AE44-29C5-CA5B46E0E58D}" = Catalyst Control Center Graphics Light
"{9CC99440-C974-427E-A218-9E79752BC7DB}_is1" = Rock Your Phone 1.63.18
"{A066194B-DC8F-449A-8E0F-B57BDD3A2072}" = SyncToy 2.1 (x86)
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe
"{A7CE3C9E-78B4-4855-8D24-5CDF498E31F9}" = BitKinex
"{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADD1C8F-D59F-4D55-A726-768C71A205A8}" = Pinnacle Studio 14
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{AD0EBF26-ABE2-4E40-8C02-152A944C78A7}" = WDTV MSG 1.6.3
"{AF08C71F-F822-4416-87A9-2BBF5A8A5F12}" = VMware Server
"{B25C7F0C-A06D-4C92-85D3-4A3E34E18EEE}" = WDTV Movie Sheet Generator
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BF19FE33-C168-04D1-9E58-17E7248B9EF7}" = ATI Catalyst Install Manager
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C8E73595-C7C1-F1A4-ECD1-7EA8F7DBD3A8}" = CCC Help English
"{C92CE7AF-B104-4710-8F5C-9F833976D308}" = Schrankplaner
"{C976F327-2337-17E7-CAD3-133607CD321B}" = Catalyst Control Center Core Implementation
"{CBF78A5F-7950-4CF1-A063-C4C7B2B82CE6}" = SoundSoap PE
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CC874CBB-BD87-4126-9465-AE73BB62D6E0}" = Studio 11 Ultimate
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU
"{D893FFAF-5DEE-6EDA-5153-2925E0B5FAFF}" = Catalyst Control Center InstallProxy
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{E6F043EB-FEF5-4C34-95AF-99B3EB68F7D9}" = Hercules Deluxe Optical Glass
"{E8F857C4-E153-6B03-909E-0006D803F865}" = ccc-core-static
"{E9AF8687-6055-C82B-00A0-9B1B93BF0DCA}" = Catalyst Control Center Graphics Previews Common
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F5796AEB-D38E-A4C0-F02F-B14A04945143}" = Catalyst Control Center Graphics Full New
"{F5AEB5A7-D4EA-49A5-89F2-A799F1C620B9}" = TViXiE
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"{F87F2E18-4720-4F97-B3E5-E930D649D92B}" = Mobile Mouse Server
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU
"7-Zip" = 7-Zip 4.65
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Air Video Server" = Air Video Server 2.2.5
"AviSynth" = AviSynth 2.5
"BZFTrainer2010_is1" = BZFTrainer2010_1.1.0.10
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"dm Fotowelt" = dm Fotowelt
"Edelweiss_is1" = Edelweiss
"Enigma" = Enigma
"ffdshow_is1" = ffdshow [rev 3233] [2010-01-28]
"FileZilla Client" = FileZilla Client 3.2.7.1
"Flight Planner_is1" = Flight Planner 5.5
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.08
"FRITZ! 2.0" = AVM FRITZ!fax für FRITZ!Box
"Funambol Outlook Sync Client" = Funambol Outlook Sync Client 8.0.5
"GMX SMS-Manager" = GMX SMS-Manager
"Google Chrome" = Google Chrome
"HUFFYUV" = Huffyuv AVI lossless video codec (Remove Only)
"InstallShield_{68D3EB18-6708-486D-B58E-A97B92713B71}" = Xelerator 2.0
"InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaCoder" = MediaCoder 0.7.2.4582
"MediaInfo" = MediaInfo 0.7.27
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Essentials" = Microsoft Security Essentials
"Miranda IM" = Miranda IM 0.8.15
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MSSTDFMT Update_is1" = MSSTDFMT Update
"proDAD-Heroglyph-2.5" = proDAD Heroglyph 2.5
"proDAD-Vitascene-1.0" = proDAD Vitascene 1.0
"Sandboxie" = Sandboxie 3.40
"SkyMap" = Sky-Map
"SoundTaxi_is1" = SoundTaxi 4.0.4
"Spb Mobile Shell" = Spb Mobile Shell
"Steam App 400" = Portal
"STMediaSuite" = SoundTaxi Media Suite 4.0.4
"SubtitleWorkshop" = Subtitle Workshop 2.51
"SystemRequirementsLab" = System Requirements Lab
"TrueCrypt" = TrueCrypt
"TUGZip_is1" = TUGZip 3.5
"ULTIMATER" = Microsoft Office Ultimate 2007
"Unlocker" = Unlocker 1.8.8
"VLC media player" = VLC media player 1.1.0
"Warcraft III" = Warcraft III
"WinFF_is1" = WinFF 1.2
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.2.4 beta
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
malwarebytes kommt noch ... |
|
29.10.2010, 19:10
| #4 |
| | Windows Update deaktiviert sich - hosts nicht mehr zu öffnen - Browser frieren ein Nun nun noch MBAM: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4974
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
29.10.2010 20:02:39
mbam-log-2010-10-29 (20-02-39).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|O:\|P:\|Q:\|)
Durchsuchte Objekte: 623068
Laufzeit: 2 Stunde(n), 17 Minute(n), 27 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
|
|
30.10.2010, 20:47
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Update deaktiviert sich - hosts nicht mehr zu öffnen - Browser frieren ein Gibt es noch weitere Logs von Malwarebytes? Wäre sehr sinnfrei, wenn Du nur das ohne Funde gepostet hättest!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
31.10.2010, 00:33
| #6 |
| | Windows Update deaktiviert sich - hosts nicht mehr zu öffnen - Browser frieren ein Hi,nein - es gibt kein weiteres Log. Malwarebytes findet nichts ... |
|
31.10.2010, 13:08
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Update deaktiviert sich - hosts nicht mehr zu öffnen - Browser frieren ein Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - P:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4f01cdad-c409-11df-8071-001fd0a1d2f1}\Shell - "" = AutoRun
O33 - MountPoints2\{4f01cdad-c409-11df-8071-001fd0a1d2f1}\Shell\AutoRun\command - "" = I:\WD SmartWare.exe -- File not found
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.10.2010, 22:21
| #8 |
| | Windows Update deaktiviert sich - hosts nicht mehr zu öffnen - Browser frieren ein Hi, erst mal vielen Dank für die bisherige Mühe. Hier das Log: Code:
ATTFilter All processes killed
========== OTL ==========
P:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f01cdad-c409-11df-8071-001fd0a1d2f1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4f01cdad-c409-11df-8071-001fd0a1d2f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f01cdad-c409-11df-8071-001fd0a1d2f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4f01cdad-c409-11df-8071-001fd0a1d2f1}\ not found.
File I:\WD SmartWare.exe not found.
========== COMMANDS ==========
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: *****
->Temp folder emptied: 415029325 bytes
->Temporary Internet Files folder emptied: 202179204 bytes
->Java cache emptied: 53055226 bytes
->FireFox cache emptied: 96455762 bytes
->Flash cache emptied: 62758 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 170356089 bytes
RecycleBin emptied: 1445048750 bytes
Total Files Cleaned = 2.272,00 mb
OTL by OldTimer - Version 3.2.17.1 log created on 10312010_220017
Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\hsperfdata_*****-PC$\2072 not found!
Registry entries deleted on Reboot...
Und auf Laufwerk P: (wo wohl einiges gelöscht wurde) liegt nur meine sehr alte Windows-Version (Vorgänger), die ich aber nie boote ... ... PS: Ich kann derzeit anscheinend kein MS Security Essentials Update mehr machen (wohl seit 6 Tagen nicht mehr). Angeblich habe ich keine Internetverbindung ... (Fehlercode 0x80072efe) PPS: Es öffnen sich jetzt auch hin und wieder urplötzlich irgendwelche Seiten (einmal wurde sie sogar geblockt wegen schädlichem Inhalt) |
|
31.10.2010, 23:10
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Update deaktiviert sich - hosts nicht mehr zu öffnen - Browser frieren ein Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.11.2010, 09:19
| #10 |
| | Windows Update deaktiviert sich - hosts nicht mehr zu öffnen - Browser frieren ein Hi, leider bin ich nun langsam wirklich am verzweifeln. - Habe erst den CCleaner ausgeführt: Kein Problem, alle Fehler behoben - Ich habe meinen MS Security Essentials deaktiviert. - Habe dann ComboFix ausgeführt. Erst kommt der grüne kurze Balken, dann kam ein Fenster vom ComboFix, dass das alles auf eigene Gefahr ist usw. Ich klicke unten auf "ja". Das Fenster schließt sich, aber nichts weiter passiert ... - Ich warte eine ganze Zeit. - Schließlich starte ich ComboFix erneut. Es wird mir gesagt, dass gewisse Dateien nicht erstellt werden können und ich erst rebooten soll. - Ich reboote und starte ComboFix erneut. - Diesmal kommt wieder fer kurze grüne Balken, danach jedoch rein gar nix mehr ... egal wie lange ich warte. - Ich mache das Spiel mit dem Reboot noch ein paar mal, aber immer das Gleiche - es passiert einfach nichts mehr, nachdem ich CF gestartet habe :-( Zur Info: In den Prozessen wird beim Start ein Prozess namens mbr.cfxxe angelegt (ich kann immerhin wieder Prozesse aller Nutzer anschauen!!!). Ich gehe davon aus, dass dieser Prozess von ComboFix stammt? Es wird ausserdem ein Ordner auf der OS-Partition angelegt namens 32788R22FWJFW. Auch hier gehe ich davon aus, dass der vom CF stammt. Nach dem Reboot ist zumindest der Prozess wieder weg und taucht erst beim Start von CF aus (leider passiert aber sonst nix :-( ) Gruß ThePhantom |
|
01.11.2010, 17:37
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Update deaktiviert sich - hosts nicht mehr zu öffnen - Browser frieren ein Lösch mal die bestehende cofi.exe und lad CF neu als cofi.exe herunter. Probier es dann noch einmal.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.11.2010, 18:18
| #12 |
| | Windows Update deaktiviert sich - hosts nicht mehr zu öffnen - Browser frieren ein Schon gemacht ... auch habe ich sie mal anders genannt ... wenn ich sie anders nenne, kommt wenigstens der disclaimer screen nochmal ... aber danach ... nix ... |
|
01.11.2010, 18:30
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Update deaktiviert sich - hosts nicht mehr zu öffnen - Browser frieren ein So bockig sollte CF eigentlich nicht sein  Und Wenn Du CF nicht umbennste also einfach combofix.exe lässt?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.11.2010, 22:21
| #14 |
| | Windows Update deaktiviert sich - hosts nicht mehr zu öffnen - Browser frieren ein Leider bringt auch das nix :-( |
|
02.11.2010, 14:49
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Update deaktiviert sich - hosts nicht mehr zu öffnen - Browser frieren ein Dann lassen wir CF erstmal weg. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Windows Update deaktiviert sich - hosts nicht mehr zu öffnen - Browser frieren ein |
| adobe, bho, bonjour, browser, cdburnerxp, desinfec't, erste mal, explorer, firefox, google, hijack, hijackthis, internet, internet explorer, logfile, microsoft security, microsoft security essentials, nicht mehr öffnen, pdf, plug-in, problem, prozess, prozesse, safer networking, schädling, security, server, software, system, taskmanager, temp, tunnel, usb, windows |
Linear-Darstellung
