Home » Viren, Trojaner & Malware Forum » Avira: TR/Spy.98370. gefunden » Themenansicht

Firefox Tipp: Instantfox - Quick Search Add-On!

Seite(n): 1 2

Antworten

Avira: TR/Spy.98370. gefunden

09.08.2010, 19:57

Manfred1977

Member

Themenstarter

Beiträge: 39

#16 heir die OTL.Txt:

Zitat

OTL Extras logfile created on: 09.08.2010 19:41:48 - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Stefan\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 52,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 92,77 Gb Total Space | 27,94 Gb Free Space | 30,11% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 92,07 Gb Total Space | 26,13 Gb Free Space | 28,38% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: Stefan
Current User Name: Stefan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-4224013243-733336848-3315584339-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{213B6063-EEA0-4DAB-8C07-6E3840784CEE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{58257C49-AA02-4317-8DC5-E2155446DC30}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{5845BC1C-131A-4065-9B4F-6E94F5225732}" = rport=2869 | protocol=6 | dir=out | app=system |
"{6C36B477-F876-4A13-8895-A4F3F6754577}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8C593CB2-C1D9-4D1C-9E25-D5CFC0427755}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{8EC6317B-D948-405E-9F0D-E710EF524B68}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BC4644C6-1406-4667-9B91-5F95E812659E}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C1E293CD-3B87-4201-8E4E-8DD1288BAE2B}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{38F94ECA-E91F-44AE-888A-5FFB3019BD4A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BF8B29BB-EACC-48E1-A181-729007375529}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{FCE8C68C-E26D-459F-8BF6-5EBC49BDA270}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"TCP Query User{06FEF7F7-68C0-41FB-8D54-82687C77AD8D}C:\users\stefan\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.icd" = protocol=6 | dir=in | app=c:\users\stefan\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.icd |
"TCP Query User{0A7D8949-670B-4F77-924D-41C7042C48F3}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{236E4B37-5D26-4064-BFE6-0EB697F05991}C:\users\stefan\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.exe" = protocol=6 | dir=in | app=c:\users\stefan\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.exe |
"TCP Query User{38D23013-620F-488C-84B8-2099AA880EA9}C:\users\stefan\desktop\age_of_empires_2_fullrip\age_of_empires_2_fullrip\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\stefan\desktop\age_of_empires_2_fullrip\age_of_empires_2_fullrip\age2_x1.exe |
"TCP Query User{4F79B3F1-2E02-4680-B901-81BF758F989F}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{62DEB3E5-C603-4760-BD4D-E466BB6F3202}C:\users\stefan\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.exe" = protocol=6 | dir=in | app=c:\users\stefan\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.exe |
"TCP Query User{9184F94E-94E6-472D-9BAD-C2181F0FBAA9}E:\program files\ea sports\fifa 10\fifa10.exe" = protocol=6 | dir=in | app=e:\program files\ea sports\fifa 10\fifa10.exe |
"TCP Query User{B76F7F90-4C5D-4478-A5D5-9C4486D4F300}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{C90B67C5-B5D2-4726-9CEA-8163FD138EBF}C:\users\stefan\desktop\age_of_empires_2_fullrip\age_of_empires_2_fullrip\empires2.exe" = protocol=6 | dir=in | app=c:\users\stefan\desktop\age_of_empires_2_fullrip\age_of_empires_2_fullrip\empires2.exe |
"TCP Query User{CBA3E1FE-E9D2-42A7-BDA5-27CDDBBFE435}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{D305DED3-7531-4A8F-9894-91866BF6B75C}C:\users\stefan\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.icd" = protocol=6 | dir=in | app=c:\users\stefan\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.icd |
"TCP Query User{D4D3A80C-7390-48BA-9798-88FECC33A0CB}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{3360E5B3-EE72-4B20-92C8-A14C4E2C5579}E:\program files\ea sports\fifa 10\fifa10.exe" = protocol=17 | dir=in | app=e:\program files\ea sports\fifa 10\fifa10.exe |
"UDP Query User{4D2C1353-3239-4894-8E69-FC297582F7ED}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{54A35FCB-F92B-4173-93FE-E2C5902A0A04}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{8B5A7DC0-56CB-4D06-B88C-F49FB2CD3057}C:\users\stefan\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.exe" = protocol=17 | dir=in | app=c:\users\stefan\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.exe |
"UDP Query User{9C1D0029-BD85-45DE-AC82-F45238EE5F91}C:\users\stefan\desktop\age_of_empires_2_fullrip\age_of_empires_2_fullrip\empires2.exe" = protocol=17 | dir=in | app=c:\users\stefan\desktop\age_of_empires_2_fullrip\age_of_empires_2_fullrip\empires2.exe |
"UDP Query User{A3E16757-D387-4723-8AE1-BCBFBB63399B}C:\users\stefan\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.icd" = protocol=17 | dir=in | app=c:\users\stefan\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.icd |
"UDP Query User{B196D91B-02FE-4B89-BD5D-3268A1AF68FD}C:\users\stefan\desktop\age_of_empires_2_fullrip\age_of_empires_2_fullrip\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\stefan\desktop\age_of_empires_2_fullrip\age_of_empires_2_fullrip\age2_x1.exe |
"UDP Query User{B75F893E-9DA3-4046-BEDE-CF738FFA659C}C:\users\stefan\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.exe" = protocol=17 | dir=in | app=c:\users\stefan\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.exe |
"UDP Query User{BA0DEA0A-BB90-444F-9FEC-31E1AC96C5E2}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{C9AFD9F0-2DA8-478A-AAB3-A4A59F102D6A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{ED2B6065-3918-4327-8E6D-B0F2B3AA86AB}C:\users\stefan\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.icd" = protocol=17 | dir=in | app=c:\users\stefan\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.icd |
"UDP Query User{F764786B-58FF-4B45-820E-1FC3992C7FB8}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04CB6099-90D2-896A-8E01-8F1228499D93}" = Catalyst Control Center Localization Dutch
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{068138BE-11F5-8F56-8D88-13837314558E}" = CCC Help German
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A2F0BB6-D45B-AF3C-C19A-6950342AF6B1}" = Catalyst Control Center Localization Turkish
"{0B2FF6D9-359D-4481-8A0D-43A674B665C9}" = TA 33 USB
"{0BAA36F4-8138-AD8A-3791-44A7F0DD63E7}" = CCC Help Japanese
"{0C2B0B35-CF80-1384-D2F0-14F119F1784E}" = Catalyst Control Center Localization Chinese Standard
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1A998953-E64F-CE34-4517-C58EF5092157}" = CCC Help Turkish
"{1AED74D3-4C54-3CAA-65DE-4EAB7B589AE1}" = Catalyst Control Center Localization Greek
"{228A2F09-4557-92B9-44A9-E13D41FFAD02}" = Catalyst Control Center Localization Hungarian
"{228D6BCB-7B30-39F5-5442-A99CD76A9762}" = Catalyst Control Center Localization Danish
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{2672817F-EB60-5FA1-9691-FE03D3E674F9}" = CCC Help French
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2CC25320-CD83-B987-4B0A-B53B8413CC87}" = CCC Help Italian
"{33A0D18A-019E-8F30-6EDA-776CDC319771}" = CCC Help Norwegian
"{34537704-7E4C-F552-AFC7-E3FDB0A4FDC1}" = Catalyst Control Center Localization Italian
"{357D2DAA-1743-AC07-D88B-0077FC725DF6}" = Catalyst Control Center Graphics Full Existing
"{3899B709-95BD-752E-B320-1686DACA370E}" = CCC Help Portuguese
"{3E84E56E-FC81-4E08-AA90-E8B2FDC02557}" = Catalyst Control Center Localization Norwegian
"{469DFB95-185F-CA9E-3D5E-0036754B5033}" = Catalyst Control Center Localization German
"{475BF3D4-E418-18CF-34FC-1D8DD3E67F46}" = Catalyst Control Center Localization Chinese Traditional
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D881F9F-90B1-6992-BA30-72333A6BC669}" = CCC Help Danish
"{51035563-B7F5-01AF-0BE4-47533DEE5B51}" = Catalyst Control Center Localization Russian
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5AC66835-7850-401E-AC93-65AD4D6A7E2E}" = Catalyst Control Center Localization Portuguese
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6789E743-FF41-3E96-8C59-0F43ADE6D9E6}" = Catalyst Control Center Localization French
"{698CEC51-8E29-5B7C-2C88-20CDE9DC3DFF}" = ccc-core-static
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B4DAD2F-38F5-4F2A-87BF-924B175A38F3}" = CD/DVD Label Printer LPCW-100
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74E2F60E-5C4D-3200-3AB5-6A5C1806A64F}" = CCC Help Hungarian
"{759D7567-3027-5605-BF42-9363090FAF71}" = CCC Help Czech
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator
"{85737D46-5FDE-7798-02BA-68AC06CD0B17}" = CCC Help Spanish
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{892DB0A0-CF31-DA46-8142-2B3953CA7B38}" = CCC Help English
"{8D7A8160-B777-4073-B1BE-62CFDD14A1D3}" = BitDefender Antivirus 2010
"{8F2E8ADC-871F-7B91-708D-BC2899C7D986}" = Catalyst Control Center Localization Swedish
"{8FC9A62D-90DB-7122-09F3-587C42EE9FAC}" = Catalyst Control Center Localization Czech
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{911B0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{9128A108-FE27-997F-A118-E6C65FAE2256}" = CCC Help Korean
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9809A7E4-3B3B-4547-3B80-0073E0115EB4}" = Catalyst Control Center Graphics Previews Vista
"{9842DEA7-806B-08CA-608C-9717F5F5D7F3}" = Catalyst Control Center Graphics Light
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C6ABCF3-A9BF-2A09-0974-777B6C421E28}" = CCC Help Swedish
"{A04BF5DC-6DD3-4B6D-BABD-B1BC5DB23CF0}" = Ulead DVD PowerTools
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A6F2C0CD-E0A2-BCC1-5BEF-600AC4D9AE62}" = Catalyst Control Center Localization Spanish
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{AED8FA19-763C-BA3F-A243-3136EEF255E8}" = CCC Help Russian
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B80CC46C-5839-4A48-B051-3CACF23A2718}_is1" = Eraser 5.8.7
"{BA98E840-DCB3-10B7-D016-8890E4F8F4CC}" = Catalyst Control Center Graphics Full New
"{C1F4123D-6C93-D087-F50F-8D7AC51AFE76}" = ATI Catalyst Install Manager
"{C3E7A3AD-142E-2433-0107-D2CA4D85F19F}" = CCC Help Greek
"{C5A5F901-08F3-7E96-3049-A950A80ACCF4}" = Catalyst Control Center Graphics Previews Common
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB082B01-F65B-05DA-3048-8979BF7B5BD2}" = CCC Help Dutch
"{CC0E0442-B3BA-6FB5-3E94-C5F96B9B8915}" = Skins
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D121161E-AD64-4438-97A0-66A1AB7FFDE3}" = Works Suite-Betriebssystem-Pack
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D281F20C-FA11-D09A-8A20-B78D771222F8}" = Catalyst Control Center Localization Japanese
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{DD766B16-BE10-F87C-73A7-A6FC09148633}" = CCC Help Polish
"{DDF91F62-6CBF-2932-93BA-D487B60635B5}" = Catalyst Control Center Core Implementation
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DEC00B1F-5E63-D40F-6291-A2A531414613}" = CCC Help Chinese Traditional
"{DF066D23-C0C8-8755-8244-A8A78B8798A5}" = CCC Help Thai
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E60BFE17-F44C-4A28-9ACF-1DD7362B0278}_is1" = Acunetix Web Vulnerability Scanner 6.5
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EC2F2081-6B46-810C-8408-EC04D29EDFF0}" = Catalyst Control Center Localization Thai
"{ED5EDCD0-5745-4B13-8061-58C9833FD06D}" = Microsoft Works 6.0
"{F0EF93AE-6B13-DB6A-3C03-8CB5A51D0A7A}" = CCC Help Finnish
"{F0FFE43C-7FCC-55F3-6BDE-11F6E9F9FB4A}" = CCC Help Chinese Standard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E1E2E3-2F93-E548-7675-10A78CDD04A6}" = Catalyst Control Center Localization Finnish
"{F20B6876-0F18-1A47-D858-D0D9F6888B99}" = Catalyst Control Center Localization Polish
"{F2260E94-80F2-4CB1-B6B1-6043D9BFFA47}" = Works-Synchronisierung
"{F400ED9E-848C-DB0B-CED5-F69DAA2CE8AD}" = ccc-utility
"{F5EFBB2D-2CD6-FD3D-FA53-DFB962BFD14C}" = Catalyst Control Center Localization Korean
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla Client" = FileZilla Client 3.2.4.1
"FreeUndelete" = FreeUndelete
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"Paros_is1" = Paros 3.2.13
"PersonalFax" = PersonalFax 1.50
"Recuva" = Recuva
"SuperMailer" = SuperMailer 4.90
"Surf & E-Mail-Stick" = Surf & E-Mail-Stick
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"VLC media player" = VLC media player 1.0.1
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinRAR archiver" = WinRAR
"Works2002Setup" = Microsoft Works 2002-Setup-Start

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 10.06.2010 06:00:44 | Computer Name = Stefan | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung ccSvcHst.exe, Version 109.0.3.4, Zeitstempel
0x4b86e0bf, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x05700d80, Prozess-ID 0x4a0, Anwendungsstartzeit
01cb080a816324ff.

Error - 10.06.2010 06:51:03 | Computer Name = Stefan | Source = Windows Search Service | ID = 3013
Description =

Error - 10.06.2010 06:51:03 | Computer Name = Stefan | Source = Windows Search Service | ID = 3013
Description =

Error - 10.06.2010 12:23:47 | Computer Name = Stefan | Source = Application Hang | ID = 1002
Description = Programm WinMail.exe, Version 6.0.6001.18000 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: b48 Anfangszeit: 01cb08b89449bd82 Zeitpunkt
der Beendigung: 0

Error - 10.06.2010 12:24:35 | Computer Name = Stefan | Source = Windows Search Service | ID = 3013
Description =

Error - 10.06.2010 16:46:04 | Computer Name = Stefan | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung msworks.exe, Version 6.0.1911.0, Zeitstempel
0x396c5281, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03821,
Ausnahmecode 0xc0000005, Fehleroffset 0x00067409, Prozess-ID 0x1768, Anwendungsstartzeit
01cb08ddea566420.

Error - 11.06.2010 07:47:38 | Computer Name = Stefan | Source = VSS | ID = 8193
Description =

Error - 12.06.2010 14:39:47 | Computer Name = Stefan | Source = VSS | ID = 8193
Description =

Error - 12.06.2010 21:00:17 | Computer Name = Stefan | Source = VSS | ID = 8193
Description =

Error - 12.06.2010 21:28:43 | Computer Name = Stefan | Source = EventSystem | ID = 4621
Description =

[ System Events ]
Error - 08.08.2010 06:35:08 | Computer Name = Stefan | Source = DCOM | ID = 10005
Description =

Error - 08.08.2010 06:35:11 | Computer Name = Stefan | Source = DCOM | ID = 10005
Description =

Error - 08.08.2010 06:36:08 | Computer Name = Stefan | Source = Service Control Manager | ID = 7001
Description =

Error - 08.08.2010 06:36:08 | Computer Name = Stefan | Source = Service Control Manager | ID = 7026
Description =

Error - 08.08.2010 09:36:56 | Computer Name = Stefan | Source = Service Control Manager | ID = 7000
Description =

Error - 08.08.2010 09:36:56 | Computer Name = Stefan | Source = Service Control Manager | ID = 7000
Description =

Error - 08.08.2010 10:27:16 | Computer Name = Stefan | Source = BROWSER | ID = 8032
Description =

Error - 09.08.2010 08:35:06 | Computer Name = Stefan | Source = DCOM | ID = 10010
Description =

Error - 09.08.2010 08:37:07 | Computer Name = Stefan | Source = Service Control Manager | ID = 7000
Description =

Error - 09.08.2010 08:37:07 | Computer Name = Stefan | Source = Service Control Manager | ID = 7000
Description =

< End of report >

09.08.2010, 20:30

Swisstreasure

Moderator

Beiträge: 5694

#17 Die Host Einträge werden beim Immunisieren von Spybot angelegt

Lade ComboFix von einem der unten aufgeführten Links herunter. Du musst diese umbenennen, bevor Du es auf den Desktop speicherst. Speichere ComboFix auf deinen Desktop.
• BleepingComputer
• ForoSpyware**NB: Es ist wichtig, das ComboFix.exe auf dem Desktop gespeichert wird**

• Doppel-klicke auf ComboFix.exe und folge den Aufforderungen.
• Wenn ComboFix fertig ist, wird es ein Log für dich erstellen.
• Bitte füge das C:\ComboFix.txt Log in deiner Antwort im Forum bei, so dass wir uns diese analysieren können.

09.08.2010, 22:36

Manfred1977

Member

Themenstarter

Beiträge: 39

#18 Hier die Log-Datei:

Zitat

ComboFix 10-08-09.01 - Stefan 09.08.2010 22:09:58.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3070.1936 [GMT 2:00]
ausgeführt von:: c:\users\Stefan\Desktop\Combo-Fix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: AntiVir Desktop *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Stefan\AppData\Roaming\Microsoft\Windows\Recent\mxfilerelatedcache.mxc2
c:\windows\system32\%appdata%
c:\windows\system32\ReadMe.txt

.
((((((((((((((((((((((( Dateien erstellt von 2010-07-09 bis 2010-08-09 ))))))))))))))))))))))))))))))
.

2010-08-09 20:18 . 2010-08-09 20:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-08 13:42 . 2010-08-08 13:42 -------- d-----w- c:\program files\ESET
2010-08-08 08:16 . 2010-08-09 19:56 -------- d-----w- c:\programdata\BitDefender
2010-08-08 08:16 . 2010-08-08 08:17 -------- d-----w- c:\users\Stefan\AppData\Roaming\BitDefender
2010-08-08 08:16 . 2010-08-08 08:16 -------- d-----w- c:\program files\BitDefender
2010-08-08 08:14 . 2010-08-09 19:56 -------- d-----w- c:\program files\Common Files\BitDefender
2010-07-28 16:13 . 2010-07-28 16:13 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2010-07-28 16:09 . 2010-07-28 16:09 -------- d-----w- c:\program files\Adobe Media Player
2010-07-28 16:08 . 2010-07-28 16:08 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-19 09:09 . 2010-07-19 09:10 -------- d-----w- C:\rsit
2010-07-19 08:46 . 2010-07-19 08:46 -------- d-----w- c:\program files\CCleaner
2010-07-13 17:41 . 2010-07-13 17:41 -------- d-----w- c:\users\Stefan\paros
2010-07-13 07:50 . 2010-07-13 17:40 -------- d-----w- c:\program files\Paros

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-08 07:32 . 2009-08-20 19:46 -------- d-----w- c:\users\Stefan\AppData\Roaming\vlc
2010-08-07 19:14 . 2009-08-19 16:22 -------- d-----w- c:\users\Stefan\AppData\Roaming\FileZilla
2010-07-30 05:53 . 2010-05-28 07:38 680 ----a-w- c:\users\Stefan\AppData\Local\d3d9caps.dat
2010-07-28 16:14 . 2009-08-19 11:18 81648 ----a-w- c:\users\Stefan\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-28 16:11 . 2007-04-16 06:30 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-28 08:27 . 2009-11-05 20:16 -------- d-----w- c:\program files\IrfanView
2010-07-28 08:26 . 2009-08-20 12:53 -------- d-----w- c:\users\Stefan\AppData\Roaming\gtk-2.0
2010-07-26 20:45 . 2010-05-20 17:03 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-07-19 09:09 . 2009-09-13 14:54 -------- d-----w- c:\program files\trend micro
2010-07-19 09:00 . 2010-05-15 12:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-15 12:38 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-12 11:32 . 2006-11-02 15:33 618368 ----a-w- c:\windows\system32\perfh007.dat
2010-07-12 11:32 . 2006-11-02 15:33 122830 ----a-w- c:\windows\system32\perfc007.dat
2010-07-06 10:35 . 2009-08-26 09:43 -------- d-----w- c:\users\Stefan\AppData\Roaming\SuperMailer
2010-07-06 08:57 . 2009-08-26 09:43 -------- d-----w- c:\program files\SuperMailer
2010-06-29 19:42 . 2010-06-29 19:42 -------- d-----w- c:\program files\Acunetix
2010-06-20 21:14 . 2009-10-08 21:46 -------- d-----w- c:\users\Stefan\AppData\Roaming\dvdcss
2010-06-12 17:34 . 2010-05-20 17:03 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-26 17:06 . 2010-06-11 11:53 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-11 11:53 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 12:14 . 2009-11-22 06:50 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-20 11:03 . 2010-05-20 11:03 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-18 16:02 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-05-18 16:02 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-05-16 15:13 . 2010-05-16 15:13 2560 ----a-w- c:\windows\_MSRSTRT.EXE
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 34352]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-22 438272]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-22 538744]
"NDSTray.exe"="NDSTray.exe" [BU]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 204800]
"WorksFUD"="c:\program files\Microsoft Works\wkfud.exe" [2001-10-09 24576]
"Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2001-10-04 331830]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-10-04 28738]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"PDFPrint"="c:\program files\pdf24\pdf24.exe" [2010-02-22 207504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-03 4702208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CAPIControl.lnk - c:\windows\Installer\{0B2FF6D9-359D-4481-8A0D-43A674B665C9}\Ta33usb.exe [2010-5-9 2238]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):24,64,fd,2a,3a,f8,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4224013243-733336848-3315584339-1000]
"EnableNotificationsRef"=dword:00000001

R2 gnuftqknioen;gnuftqknioen;c:\windows\system32\drivers\hrbmvwhahv.sys [x]
R3 CW100;CW100 Device;c:\windows\system32\DRIVERS\CW100.sys [2002-05-24 24092]
R3 iComp;Python2 USB WDM Encoder;c:\windows\system32\DRIVERS\p2usbwdm.sys [2005-08-24 1622144]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-04-29 38224]
R3 RelayFax;RelayFax Server Engine;c:\progra~1\RelayFax\App\RFEngine.exe [2010-03-26 1265732]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [x]
R3 ulisa;DeTeWe ISDN-Adapter (USB);c:\windows\system32\Drivers\ulisa.sys [2004-05-14 122716]
R4 CplIR;Embedded IR Driver;c:\windows\system32\DRIVERS\CplIR.SYS [2007-03-06 14848]
S2 AcuWVSSchedulerv6;Acunetix WVS Scheduler v6;c:\program files\Acunetix\Web Vulnerability Scanner 6\WVSScheduler.exe [2010-06-16 670520]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 CAPI20;Eumex 504PC USB; [x]
S2 DETEWECP;DeTeWe CapiPort;c:\windows\System32\drivers\detewecp.sys [2001-09-18 38480]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/707-44556-9400-3/4
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home
IE: {{C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url_de.pl?http://www.ebay.de/
Handler: fluxhttp - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - c:\program files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax
Handler: fluxhttp\0x00000007 - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - c:\program files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax
FF - ProfilePath - c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\z5gf9b9g.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2431245&SearchSource=13
FF - component: c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\z5gf9b9g.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components\FFExternalAlert.dll
FF - component: c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\z5gf9b9g.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components\RadioWMPCore.dll
FF - component: c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\z5gf9b9g.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAPIX.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPFluxBrowserHelper.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMPDRM.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPWMDRMWrapper.dll
FF - plugin: c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\z5gf9b9g.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\z5gf9b9g.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-09 22:21
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\windows\RtHDVCpl.exe
c:\program files\Synaptics\SynTP\SynToshiba.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-08-09 22:33:47 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-08-09 20:33

Vor Suchlauf: 14 Verzeichnis(se), 30.534.602.752 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 30.463.221.760 Bytes frei

- - End Of File - - 717DEC4BB7B48674710A2D172AF96B4D

10.08.2010, 19:39

Swisstreasure

Moderator

Beiträge: 5694

#19 Schritt 1

Fixen mit OTL

• Starte die OTL.exe.
• Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
• Kopiere folgendes Skript:

Code

:OTL
DRV - (gnuftqknioen) -- C:\Windows\System32\drivers\hrbmvwhahv.sys File not found
:Commands
[purity]
[emptytemp]

• und füge es hier ein:

• Schließe alle Programme.
• Klicke auf den Fix Button.
• Klick auf

.
• OTL verlangt einen Neustart. Bitte zulassen.
• Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Code-Tags in Deinen Thread.

Schritt 2

Erneuter Systemscan mit OTL

• Doppelklick auf die OTL.exe
• Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
• Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Minimal-Ausgabe
• Unter Extra-Registrierung wähle bitte Benutze SafeList.
• Mache Häckchen bei LOP- und Purity-Prüfung.
• Klicke nun auf Scan links oben.

• Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
• Poste die Logfiles in Code-Tags hier in den Thread.

10.08.2010, 20:56

Manfred1977

Member

Themenstarter

Beiträge: 39

#20 Schritt 1:

Zitat

All processes killed
========== OTL ==========
Service gnuftqknioen stopped successfully!
Service gnuftqknioen deleted successfully!
File C:\Windows\System32\drivers\hrbmvwhahv.sys File not found not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Freenet_3
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Stefan
->Temp folder emptied: 21523386 bytes
->Temporary Internet Files folder emptied: 77202788 bytes
->Java cache emptied: 3421650 bytes
->FireFox cache emptied: 99046980 bytes
->Flash cache emptied: 1970463 bytes

User: TEMP
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4108 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 194,00 mb

OTL by OldTimer - Version 3.2.9.1 log created on 08102010_205212

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

10.08.2010, 21:10

Manfred1977

Member

Themenstarter

Beiträge: 39

#21 Schritt 2:

OTL.txt:

Zitat

OTL logfile created on: 10.08.2010 20:57:23 - Run 3
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Stefan\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 68,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 92,77 Gb Total Space | 26,66 Gb Free Space | 28,73% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 92,07 Gb Total Space | 25,96 Gb Free Space | 28,20% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: Stefan
Current User Name: Stefan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - C:\Users\Stefan\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Acunetix\Web Vulnerability Scanner 6\WVSScheduler.exe (Acunetix Ltd.)
PRC - C:\Programme\pdf24\pdf24.exe (Geek Software GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Synaptics\SynTP\SynToshiba.exe (Synaptics, Inc.)
PRC - C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\TOSHIBA\Utilities\KeNotify.exe ()
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Works Shared\WkUFind.exe (Microsoft® Corporation)
PRC - C:\Programme\Common Files\microsoft shared\VS7Debug\mdm.exe (Microsoft Corporation)

[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - C:\Users\Stefan\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe File not found
SRV - (AcuWVSSchedulerv6) -- C:\Programme\Acunetix\Web Vulnerability Scanner 6\WVSScheduler.exe (Acunetix Ltd.)
SRV - (RelayFax) -- C:\Programme\RelayFax\App\RFEngine.exe (Alt-N Technologies, Ltd.)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TNaviSrv) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (CFSvcs) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - (TpChoice) -- C:\Windows\System32\DRIVERS\TpChoice.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (igfx) -- C:\Windows\System32\DRIVERS\igdkmd32.sys File not found
DRV - (catchme) -- C:\Combo-Fix\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (61883) -- C:\Windows\System32\drivers\61883.sys (Microsoft Corporation)
DRV - (Avc) -- C:\Windows\System32\drivers\avc.sys (Microsoft Corporation)
DRV - (MSDV) -- C:\Windows\System32\drivers\msdv.sys (Microsoft Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (CplIR) -- C:\Windows\system32\DRIVERS\CplIR.SYS (COMPAL ELECTRONIC INC.)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)
DRV - (KR10N) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION)
DRV - (KR10I) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (LPCFilter) -- C:\Windows\system32\DRIVERS\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV - (iComp) -- C:\Windows\System32\drivers\p2usbwdm.sys (Conexant Systems Inc.)
DRV - (CAPI20) -- C:\Windows\System32\drivers\Capi20.sys (DeTeWe Berlin)
DRV - (ulisa) DeTeWe ISDN-Adapter (USB) -- C:\Windows\System32\drivers\ULISA.SYS (DeTeWe Berlin)
DRV - (CW100) -- C:\Windows\System32\drivers\CW100.sys (CASIO COMPUTER CO.,LTD.)
DRV - (DETEWECP) -- C:\Windows\System32\drivers\detewecp.sys (DeTeWe Berlin)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2431245&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.22
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:3.0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.5.8.6
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1

FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.07 22:37:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.07 22:37:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.03.18 14:44:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2007.01.17 13:18:04 | 000,095,200 | ---- | M] ()

[2009.09.13 11:32:59 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\mozilla\Extensions
[2010.08.10 16:05:17 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\z5gf9b9g.default\extensions
[2009.11.27 09:54:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\z5gf9b9g.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.11.21 22:04:53 | 000,000,000 | ---D | M] (Fast Video Download) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\z5gf9b9g.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2010.05.01 14:08:53 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\z5gf9b9g.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2010.05.20 12:56:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\z5gf9b9g.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2009.11.26 10:04:55 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\z5gf9b9g.default\extensions\firefox@tvunetworks.com
[2010.03.16 11:42:56 | 000,000,927 | ---- | M] () -- C:\Users\Stefan\AppData\Roaming\Mozilla\FireFox\Profiles\z5gf9b9g.default\searchplugins\conduit.xml
[2010.05.20 13:03:43 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.05.20 13:03:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2007.03.02 15:17:24 | 000,095,200 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPAPIX.dll
[2010.05.20 13:03:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2007.01.17 13:18:04 | 000,095,200 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPFluxBrowserHelper.dll
[2007.09.07 16:25:50 | 000,103,064 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPMPDRM.dll
[2007.09.07 15:46:48 | 000,098,968 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPWMDRMWrapper.dll
[2010.08.07 22:37:31 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.08.07 22:37:31 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.08.07 22:37:31 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.08.07 22:37:31 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.08.07 22:37:31 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010.08.09 22:20:36 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [KeNotify] C:\Programme\TOSHIBA\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Programme\Common Files\microsoft shared\Works Shared\WkUFind.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [PDFPrint] C:\Programme\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WorksFUD] C:\Programme\Microsoft Works\wkfud.exe (Microsoft® Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found
O9 - Extra Button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab (F-Secure Online Scanner Launcher)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - File not found
O24 - Desktop WallPaper: C:\Toshiba\Wallpapers\Wallpaper1.jpg
O24 - Desktop BackupWallPaper: C:\Toshiba\Wallpapers\Wallpaper1.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.10.13 13:56:09 | 000,000,078 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010.08.10 20:52:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.08.09 22:33:55 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010.08.09 22:20:45 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2010.08.09 22:06:07 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010.08.09 22:06:07 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010.08.09 22:06:07 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010.08.09 22:05:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010.08.09 21:55:31 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010.08.09 21:51:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.08.08 15:42:42 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2010.08.08 11:53:13 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe
[2010.08.08 11:44:47 | 001,178,320 | ---- | C] (Piriform Ltd) -- C:\Users\Stefan\Desktop\ccsetup234_slim.exe
[2010.08.08 10:16:39 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\BitDefender
[2010.08.08 10:16:39 | 000,000,000 | ---D | C] -- C:\ProgramData\BitDefender
[2010.08.08 10:16:38 | 000,000,000 | ---D | C] -- C:\Programme\BitDefender
[2010.08.08 10:14:55 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\BitDefender
[2010.08.08 10:10:23 | 000,159,704 | ---- | C] (Microsoft Corporation) -- C:\Users\Stefan\Desktop\bitdefender_antivirus.exe
[2010.07.31 10:22:50 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Desktop\duon-power
[2010.07.28 18:13:36 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010.07.28 18:09:54 | 000,000,000 | ---D | C] -- C:\Programme\Adobe Media Player
[2010.07.28 18:08:11 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe AIR
[2010.07.28 17:55:33 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Desktop\Adobe CS5
[2010.07.28 10:48:56 | 001,228,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Stefan\Desktop\Photoshop_12_LS4.exe
[2010.07.28 10:30:40 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Desktop\irfanview_plugins_427
[2010.07.28 10:26:41 | 001,391,616 | ---- | C] (Irfan Skiljan) -- C:\Users\Stefan\Desktop\iview427_setup.exe
[2010.07.19 11:09:49 | 000,000,000 | ---D | C] -- C:\rsit
[2010.07.19 10:46:47 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.07.19 10:46:26 | 003,396,176 | ---- | C] (Piriform Ltd) -- C:\Users\Stefan\Desktop\ccsetup233.exe
[2010.07.17 17:01:07 | 006,153,648 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Stefan\Desktop\mbam-setup.exe
[6 C:\Users\Stefan\Documents\*.tmp files -> C:\Users\Stefan\Documents\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010.08.10 20:57:30 | 007,602,176 | -HS- | M] () -- C:\Users\Stefan\NTUSER.DAT
[2010.08.10 20:54:24 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.10 20:54:24 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.10 20:54:23 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.10 20:54:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.10 20:53:12 | 000,524,288 | -HS- | M] () -- C:\Users\Stefan\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.08.10 20:53:12 | 000,065,536 | -HS- | M] () -- C:\Users\Stefan\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.08.10 16:55:39 | 003,592,152 | -H-- | M] () -- C:\Users\Stefan\AppData\Local\IconCache.db
[2010.08.10 16:53:41 | 000,000,141 | ---- | M] () -- C:\Users\Stefan\Documents\~.inf
[2010.08.10 15:17:59 | 000,006,435 | ---- | M] () -- C:\Users\Stefan\.recently-used.xbel82010.xlr
[2010.08.09 22:21:12 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010.08.09 22:20:36 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.08.09 22:05:23 | 003,817,918 | R--- | M] () -- C:\Users\Stefan\Desktop\Combo-Fix.exe
[2010.08.09 21:55:40 | 000,000,052 | ---- | M] () -- C:\Windows\System32\ashttpstats.csv
[2010.08.08 12:21:04 | 397,676,714 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.08.08 12:12:57 | 000,293,376 | ---- | M] () -- C:\Users\Stefan\Desktop\oybtvisc.exe
[2010.08.08 11:53:14 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe
[2010.08.08 11:44:48 | 001,178,320 | ---- | M] (Piriform Ltd) -- C:\Users\Stefan\Desktop\ccsetup234_slim.exe
[2010.08.08 10:32:30 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pcwords2.dat
[2010.08.08 10:32:30 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pcwords.dat
[2010.08.08 10:32:30 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_webproxy.dat
[2010.08.08 10:32:30 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_video.dat
[2010.08.08 10:32:30 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_tabloids.dat
[2010.08.08 10:32:30 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_socialnetworks.dat
[2010.08.08 10:32:30 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_sign.slf
[2010.08.08 10:32:30 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_searchengines.dat
[2010.08.08 10:32:30 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_regionaltlds.dat
[2010.08.08 10:32:30 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_pornography.dat
[2010.08.08 10:32:30 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_onlineshop.dat
[2010.08.08 10:32:30 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_onlinepay.dat
[2010.08.08 10:32:30 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_onlinedating.dat
[2010.08.08 10:32:30 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_news.dat
[2010.08.08 10:32:30 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_im.dat
[2010.08.08 10:32:30 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_illegal.dat
[2010.08.08 10:32:30 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_hate.dat
[2010.08.08 10:32:30 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_games.dat
[2010.08.08 10:32:30 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_gambling.dat
[2010.08.08 10:32:30 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_drugs.dat
[2010.08.08 10:29:59 | 000,000,385 | ---- | M] () -- C:\Windows\System32\user_gensett.xml
[2010.08.08 10:10:26 | 000,159,704 | ---- | M] (Microsoft Corporation) -- C:\Users\Stefan\Desktop\bitdefender_antivirus.exe
[2010.08.07 21:28:54 | 000,162,304 | ---- | M] () -- C:\Users\Stefan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.30 15:58:24 | 003,668,392 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.07.30 07:53:09 | 000,000,680 | ---- | M] () -- C:\Users\Stefan\AppData\Local\d3d9caps.dat
[2010.07.28 18:14:25 | 000,081,648 | ---- | M] () -- C:\Users\Stefan\AppData\Local\GDIPFONTCACHEV1.DAT044819371779.pdf
[2010.07.28 11:17:22 | 1052,205,375 | ---- | M] () -- C:\Users\Stefan\Desktop\Photoshop_12_LS4.7z
[2010.07.28 10:49:25 | 000,514,120 | ---- | M] () -- C:\Users\Stefan\Desktop\AkamaiDownloadManagerInstaller.exe
[2010.07.28 10:49:04 | 001,228,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Stefan\Desktop\Photoshop_12_LS4.exe
[2010.07.28 10:30:27 | 007,955,033 | ---- | M] () -- C:\Users\Stefan\Desktop\irfanview_plugins_427.zip
[2010.07.28 10:27:23 | 000,001,692 | ---- | M] () -- C:\Users\Stefan\Desktop\IrfanView Thumbnails.lnk
[2010.07.28 10:27:23 | 000,000,812 | ---- | M] () -- C:\Users\Stefan\Desktop\IrfanView.lnk
[2010.07.28 10:26:42 | 001,391,616 | ---- | M] (Irfan Skiljan) -- C:\Users\Stefan\Desktop\iview427_setup.exe
[2010.07.19 11:08:33 | 000,339,991 | ---- | M] () -- C:\Users\Stefan\Desktop\RSIT.exe
[2010.07.19 11:00:07 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Stefan\Desktop\mbam-setup.exe
[2010.07.19 10:56:54 | 000,478,104 | ---- | M] () -- C:\Users\Stefan\Documents\cc_20100719_105637.reg
[2010.07.19 10:46:50 | 000,000,809 | ---- | M] () -- C:\Users\Stefan\Desktop\CCleaner.lnk
[2010.07.19 10:46:31 | 003,396,176 | ---- | M] (Piriform Ltd) -- C:\Users\Stefan\Desktop\ccsetup233.exe
[2010.07.14 00:17:06 | 000,199,519 | ---- | M] () -- C:\Users\Stefan\Documents\scan.pre
[2010.07.13 13:36:42 | 000,000,810 | ---- | M] () -- C:\Windows\WVS_InstDBLogFile.csv
[2010.07.13 13:36:31 | 000,001,108 | ---- | M] () -- C:\Users\Stefan\Desktop\Acunetix Web Vulnerability Scanner 6.lnk
[2010.07.13 13:36:31 | 000,001,099 | ---- | M] () -- C:\Users\Stefan\Desktop\Acunetix WVS Reporter 6.lnk
[2010.07.12 13:32:21 | 001,418,720 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.07.12 13:32:21 | 000,618,368 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.07.12 13:32:21 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.07.12 13:32:21 | 000,122,830 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.07.12 13:32:21 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[6 C:\Users\Stefan\Documents\*.tmp files -> C:\Users\Stefan\Documents\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

2010.08.10 16:53:41 | 000,000,141 | ---- | C] () -- C:\Users\Stefan\Documents\~.inf
[2010.08.10 15:17:59 | 000,006,435 | ---- | C] () -- C:\Users\Stefan\.recently-used.xbel
[2010.08.09 22:06:07 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.08.09 22:06:07 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.08.09 22:06:07 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010.08.09 22:06:07 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.08.09 21:49:53 | 003,817,918 | R--- | C] () -- C:\Users\Stefan\Desktop\Combo-Fix.exe
[2010.08.08 12:12:57 | 000,293,376 | ---- | C] () -- C:\Users\Stefan\Desktop\oybtvisc.exe
[2010.08.08 11:07:49 | 000,000,052 | ---- | C] () -- C:\Windows\System32\ashttpstats.csv
[2010.08.08 10:32:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pcwords2.dat
[2010.08.08 10:32:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pcwords.dat
[2010.08.08 10:32:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_webproxy.dat
[2010.08.08 10:32:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_video.dat
[2010.08.08 10:32:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_tabloids.dat
[2010.08.08 10:32:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_socialnetworks.dat
[2010.08.08 10:32:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_sign.slf
[2010.08.08 10:32:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_searchengines.dat
[2010.08.08 10:32:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_regionaltlds.dat
[2010.08.08 10:32:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_pornography.dat
[2010.08.08 10:32:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlineshop.dat
[2010.08.08 10:32:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlinepay.dat
[2010.08.08 10:32:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlinedating.dat
[2010.08.08 10:32:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_news.dat
[2010.08.08 10:32:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_im.dat
[2010.08.08 10:32:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_illegal.dat
[2010.08.08 10:32:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_hate.dat
[2010.08.08 10:32:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_games.dat
[2010.08.08 10:32:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_gambling.dat
[2010.08.08 10:32:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_drugs.dat
[2010.08.08 10:29:59 | 000,000,385 | ---- | C] () -- C:\Windows\System32\user_gensett.xml
[2010.07.28 11:16:33 | 1052,205,375 | ---- | C] () -- C:\Users\Stefan\Desktop\Photoshop_12_LS4.7z
[2010.07.28 10:49:23 | 000,514,120 | ---- | C] () -- C:\Users\Stefan\Desktop\AkamaiDownloadManagerInstaller.exe
[2010.07.28 10:30:23 | 007,955,033 | ---- | C] () -- C:\Users\Stefan\Desktop\irfanview_plugins_427.zip
[2010.07.28 10:27:23 | 000,001,692 | ---- | C] () -- C:\Users\Stefan\Desktop\IrfanView Thumbnails.lnk
[2010.07.28 10:27:23 | 000,000,812 | ---- | C] () -- C:\Users\Stefan\Desktop\IrfanView.lnk
[2010.07.24 23:56:54 | 397,676,714 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.07.19 11:08:31 | 000,339,991 | ---- | C] () -- C:\Users\Stefan\Desktop\RSIT.exe
[2010.07.19 10:56:39 | 000,478,104 | ---- | C] () -- C:\Users\Stefan\Documents\cc_20100719_105637.reg
[2010.07.19 10:46:50 | 000,000,809 | ---- | C] () -- C:\Users\Stefan\Desktop\CCleaner.lnk
[2010.07.18 18:11:41 | 000,021,611 | ---- | C] () -- C:\Users\Stefan\Documents\reportvirus.html
[2010.05.19 04:46:42 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.05.09 23:51:21 | 000,001,814 | ---- | C] () -- C:\Windows\FAXCPP1.INI
[2010.05.09 23:51:21 | 000,000,422 | ---- | C] () -- C:\Windows\FAXCPP.INI
[2010.05.09 23:51:12 | 000,000,034 | ---- | C] () -- C:\Windows\RFOIni.ini
[2010.05.09 23:51:04 | 000,000,034 | ---- | C] () -- C:\Windows\RFRIni.ini
[2010.05.09 23:45:57 | 000,000,034 | ---- | C] () -- C:\Windows\RFPIni.ini
[2010.05.09 16:54:49 | 000,000,059 | ---- | C] () -- C:\Windows\WINPHONE.INI
[2010.05.01 15:50:17 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2009.11.26 20:57:15 | 000,000,085 | ---- | C] () -- C:\Windows\System32\dojzjytg.dll
[2009.10.20 19:11:08 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.10.13 13:56:11 | 000,000,182 | ---- | C] () -- C:\Windows\ulead32.ini
[2009.10.13 13:53:06 | 000,000,000 | ---- | C] () -- C:\Windows\videodeLuxe.INI
[2009.10.13 13:49:47 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2009.10.13 13:49:38 | 000,019,968 | ---- | C] () -- C:\Windows\System32\cpuinf32.dll
[2009.10.13 13:47:12 | 000,000,133 | ---- | C] () -- C:\Windows\magix.ini
[2009.09.27 19:08:45 | 000,598,016 | ---- | C] () -- C:\Windows\System32\viscomqtde.dll
[2009.09.27 19:08:45 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2009.09.27 16:05:58 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.08.20 11:40:41 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.01.05 14:44:10 | 000,000,483 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2008.04.15 16:29:24 | 000,018,432 | ---- | C] () -- C:\Windows\vmmreg3.dll
[2008.01.08 10:35:57 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007.10.15 20:52:56 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007.10.15 20:51:56 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007.10.15 20:51:56 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007.10.15 20:51:56 | 000,010,146 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007.10.15 20:51:56 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007.07.12 10:26:24 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2007.04.16 08:35:21 | 000,000,887 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007.04.16 08:02:55 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007.04.16 06:38:28 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1227.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.11.23 14:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
[1999.01.22 19:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
[1997.06.14 10:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

[color=#E56717]========== LOP Check ==========[/color]

[2010.02.28 17:58:02 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\AnvSoft
[2009.11.26 23:04:06 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Any Video Converter
[2010.08.08 10:17:25 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\BitDefender
[2010.03.13 10:46:53 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Das Fussball Studio
[2010.08.10 20:44:59 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\FileZilla
[2009.11.21 22:12:21 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\FreeFLVConverter
[2010.05.09 19:57:59 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\FRITZ!
[2010.08.10 15:17:59 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\gtk-2.0
[2009.08.27 10:59:23 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\IBP
[2010.05.13 21:10:07 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\ICQ
[2009.11.05 22:16:29 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\IrfanView
[2009.12.06 20:16:33 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Leadertech
[2009.09.13 13:07:31 | 000,000,000 | -HSD | M] -- C:\Users\Stefan\AppData\Roaming\lowsec
[2010.04.30 15:56:12 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Opera
[2010.06.09 15:49:45 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\PersonalFax
[2010.05.20 12:58:51 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\QuickScan
[2010.05.16 16:27:03 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\RelayFax
[2010.07.06 12:35:09 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\SuperMailer
[2009.08.19 14:19:28 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Thunderbird
[2010.06.10 13:42:39 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Tific
[2009.08.19 14:09:46 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Toshiba
[2010.05.09 20:55:56 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\winsuite
[2010.08.10 20:53:13 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:661DFA1C
< End of report >

Extras.Txt:

Zitat

OTL Extras logfile created on: 10.08.2010 20:57:23 - Run 3
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Stefan\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 68,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 92,77 Gb Total Space | 26,66 Gb Free Space | 28,73% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 92,07 Gb Total Space | 25,96 Gb Free Space | 28,20% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: Stefan
Current User Name: Stefan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-4224013243-733336848-3315584339-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{213B6063-EEA0-4DAB-8C07-6E3840784CEE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{58257C49-AA02-4317-8DC5-E2155446DC30}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{5845BC1C-131A-4065-9B4F-6E94F5225732}" = rport=2869 | protocol=6 | dir=out | app=system |
"{6C36B477-F876-4A13-8895-A4F3F6754577}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8C593CB2-C1D9-4D1C-9E25-D5CFC0427755}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{8EC6317B-D948-405E-9F0D-E710EF524B68}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BC4644C6-1406-4667-9B91-5F95E812659E}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C1E293CD-3B87-4201-8E4E-8DD1288BAE2B}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{38F94ECA-E91F-44AE-888A-5FFB3019BD4A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BF8B29BB-EACC-48E1-A181-729007375529}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{FCE8C68C-E26D-459F-8BF6-5EBC49BDA270}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"TCP Query User{06FEF7F7-68C0-41FB-8D54-82687C77AD8D}C:\users\stefan\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.icd" = protocol=6 | dir=in | app=c:\users\stefan\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.icd |
"TCP Query User{0A7D8949-670B-4F77-924D-41C7042C48F3}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{236E4B37-5D26-4064-BFE6-0EB697F05991}C:\users\stefan\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.exe" = protocol=6 | dir=in | app=c:\users\stefan\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.exe |
"TCP Query User{38D23013-620F-488C-84B8-2099AA880EA9}C:\users\stefan\desktop\age_of_empires_2_fullrip\age_of_empires_2_fullrip\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\stefan\desktop\age_of_empires_2_fullrip\age_of_empires_2_fullrip\age2_x1.exe |
"TCP Query User{4F79B3F1-2E02-4680-B901-81BF758F989F}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{62DEB3E5-C603-4760-BD4D-E466BB6F3202}C:\users\stefan\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.exe" = protocol=6 | dir=in | app=c:\users\stefan\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.exe |
"TCP Query User{9184F94E-94E6-472D-9BAD-C2181F0FBAA9}E:\program files\ea sports\fifa 10\fifa10.exe" = protocol=6 | dir=in | app=e:\program files\ea sports\fifa 10\fifa10.exe |
"TCP Query User{B76F7F90-4C5D-4478-A5D5-9C4486D4F300}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{C90B67C5-B5D2-4726-9CEA-8163FD138EBF}C:\users\stefan\desktop\age_of_empires_2_fullrip\age_of_empires_2_fullrip\empires2.exe" = protocol=6 | dir=in | app=c:\users\stefan\desktop\age_of_empires_2_fullrip\age_of_empires_2_fullrip\empires2.exe |
"TCP Query User{CBA3E1FE-E9D2-42A7-BDA5-27CDDBBFE435}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{D305DED3-7531-4A8F-9894-91866BF6B75C}C:\users\stefan\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.icd" = protocol=6 | dir=in | app=c:\users\stefan\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.icd |
"TCP Query User{D4D3A80C-7390-48BA-9798-88FECC33A0CB}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{3360E5B3-EE72-4B20-92C8-A14C4E2C5579}E:\program files\ea sports\fifa 10\fifa10.exe" = protocol=17 | dir=in | app=e:\program files\ea sports\fifa 10\fifa10.exe |
"UDP Query User{4D2C1353-3239-4894-8E69-FC297582F7ED}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{54A35FCB-F92B-4173-93FE-E2C5902A0A04}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{8B5A7DC0-56CB-4D06-B88C-F49FB2CD3057}C:\users\stefan\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.exe" = protocol=17 | dir=in | app=c:\users\stefan\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.exe |
"UDP Query User{9C1D0029-BD85-45DE-AC82-F45238EE5F91}C:\users\stefan\desktop\age_of_empires_2_fullrip\age_of_empires_2_fullrip\empires2.exe" = protocol=17 | dir=in | app=c:\users\stefan\desktop\age_of_empires_2_fullrip\age_of_empires_2_fullrip\empires2.exe |
"UDP Query User{A3E16757-D387-4723-8AE1-BCBFBB63399B}C:\users\stefan\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.icd" = protocol=17 | dir=in | app=c:\users\stefan\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.icd |
"UDP Query User{B196D91B-02FE-4B89-BD5D-3268A1AF68FD}C:\users\stefan\desktop\age_of_empires_2_fullrip\age_of_empires_2_fullrip\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\stefan\desktop\age_of_empires_2_fullrip\age_of_empires_2_fullrip\age2_x1.exe |
"UDP Query User{B75F893E-9DA3-4046-BEDE-CF738FFA659C}C:\users\stefan\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.exe" = protocol=17 | dir=in | app=c:\users\stefan\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.exe |
"UDP Query User{BA0DEA0A-BB90-444F-9FEC-31E1AC96C5E2}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{C9AFD9F0-2DA8-478A-AAB3-A4A59F102D6A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{ED2B6065-3918-4327-8E6D-B0F2B3AA86AB}C:\users\stefan\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.icd" = protocol=17 | dir=in | app=c:\users\stefan\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.icd |
"UDP Query User{F764786B-58FF-4B45-820E-1FC3992C7FB8}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04CB6099-90D2-896A-8E01-8F1228499D93}" = Catalyst Control Center Localization Dutch
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{068138BE-11F5-8F56-8D88-13837314558E}" = CCC Help German
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A2F0BB6-D45B-AF3C-C19A-6950342AF6B1}" = Catalyst Control Center Localization Turkish
"{0B2FF6D9-359D-4481-8A0D-43A674B665C9}" = TA 33 USB
"{0BAA36F4-8138-AD8A-3791-44A7F0DD63E7}" = CCC Help Japanese
"{0C2B0B35-CF80-1384-D2F0-14F119F1784E}" = Catalyst Control Center Localization Chinese Standard
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1A998953-E64F-CE34-4517-C58EF5092157}" = CCC Help Turkish
"{1AED74D3-4C54-3CAA-65DE-4EAB7B589AE1}" = Catalyst Control Center Localization Greek
"{228A2F09-4557-92B9-44A9-E13D41FFAD02}" = Catalyst Control Center Localization Hungarian
"{228D6BCB-7B30-39F5-5442-A99CD76A9762}" = Catalyst Control Center Localization Danish
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{2672817F-EB60-5FA1-9691-FE03D3E674F9}" = CCC Help French
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2CC25320-CD83-B987-4B0A-B53B8413CC87}" = CCC Help Italian
"{33A0D18A-019E-8F30-6EDA-776CDC319771}" = CCC Help Norwegian
"{34537704-7E4C-F552-AFC7-E3FDB0A4FDC1}" = Catalyst Control Center Localization Italian
"{357D2DAA-1743-AC07-D88B-0077FC725DF6}" = Catalyst Control Center Graphics Full Existing
"{3899B709-95BD-752E-B320-1686DACA370E}" = CCC Help Portuguese
"{3E84E56E-FC81-4E08-AA90-E8B2FDC02557}" = Catalyst Control Center Localization Norwegian
"{469DFB95-185F-CA9E-3D5E-0036754B5033}" = Catalyst Control Center Localization German
"{475BF3D4-E418-18CF-34FC-1D8DD3E67F46}" = Catalyst Control Center Localization Chinese Traditional
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D881F9F-90B1-6992-BA30-72333A6BC669}" = CCC Help Danish
"{51035563-B7F5-01AF-0BE4-47533DEE5B51}" = Catalyst Control Center Localization Russian
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5AC66835-7850-401E-AC93-65AD4D6A7E2E}" = Catalyst Control Center Localization Portuguese
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6789E743-FF41-3E96-8C59-0F43ADE6D9E6}" = Catalyst Control Center Localization French
"{698CEC51-8E29-5B7C-2C88-20CDE9DC3DFF}" = ccc-core-static
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B4DAD2F-38F5-4F2A-87BF-924B175A38F3}" = CD/DVD Label Printer LPCW-100
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74E2F60E-5C4D-3200-3AB5-6A5C1806A64F}" = CCC Help Hungarian
"{759D7567-3027-5605-BF42-9363090FAF71}" = CCC Help Czech
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator
"{85737D46-5FDE-7798-02BA-68AC06CD0B17}" = CCC Help Spanish
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{892DB0A0-CF31-DA46-8142-2B3953CA7B38}" = CCC Help English
"{8F2E8ADC-871F-7B91-708D-BC2899C7D986}" = Catalyst Control Center Localization Swedish
"{8FC9A62D-90DB-7122-09F3-587C42EE9FAC}" = Catalyst Control Center Localization Czech
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{911B0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{9128A108-FE27-997F-A118-E6C65FAE2256}" = CCC Help Korean
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9809A7E4-3B3B-4547-3B80-0073E0115EB4}" = Catalyst Control Center Graphics Previews Vista
"{9842DEA7-806B-08CA-608C-9717F5F5D7F3}" = Catalyst Control Center Graphics Light
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C6ABCF3-A9BF-2A09-0974-777B6C421E28}" = CCC Help Swedish
"{A04BF5DC-6DD3-4B6D-BABD-B1BC5DB23CF0}" = Ulead DVD PowerTools
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A6F2C0CD-E0A2-BCC1-5BEF-600AC4D9AE62}" = Catalyst Control Center Localization Spanish
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{AED8FA19-763C-BA3F-A243-3136EEF255E8}" = CCC Help Russian
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B80CC46C-5839-4A48-B051-3CACF23A2718}_is1" = Eraser 5.8.7
"{BA98E840-DCB3-10B7-D016-8890E4F8F4CC}" = Catalyst Control Center Graphics Full New
"{C1F4123D-6C93-D087-F50F-8D7AC51AFE76}" = ATI Catalyst Install Manager
"{C3E7A3AD-142E-2433-0107-D2CA4D85F19F}" = CCC Help Greek
"{C5A5F901-08F3-7E96-3049-A950A80ACCF4}" = Catalyst Control Center Graphics Previews Common
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB082B01-F65B-05DA-3048-8979BF7B5BD2}" = CCC Help Dutch
"{CC0E0442-B3BA-6FB5-3E94-C5F96B9B8915}" = Skins
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D121161E-AD64-4438-97A0-66A1AB7FFDE3}" = Works Suite-Betriebssystem-Pack
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D281F20C-FA11-D09A-8A20-B78D771222F8}" = Catalyst Control Center Localization Japanese
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{DD766B16-BE10-F87C-73A7-A6FC09148633}" = CCC Help Polish
"{DDF91F62-6CBF-2932-93BA-D487B60635B5}" = Catalyst Control Center Core Implementation
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DEC00B1F-5E63-D40F-6291-A2A531414613}" = CCC Help Chinese Traditional
"{DF066D23-C0C8-8755-8244-A8A78B8798A5}" = CCC Help Thai
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E60BFE17-F44C-4A28-9ACF-1DD7362B0278}_is1" = Acunetix Web Vulnerability Scanner 6.5
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EC2F2081-6B46-810C-8408-EC04D29EDFF0}" = Catalyst Control Center Localization Thai
"{ED5EDCD0-5745-4B13-8061-58C9833FD06D}" = Microsoft Works 6.0
"{F0EF93AE-6B13-DB6A-3C03-8CB5A51D0A7A}" = CCC Help Finnish
"{F0FFE43C-7FCC-55F3-6BDE-11F6E9F9FB4A}" = CCC Help Chinese Standard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E1E2E3-2F93-E548-7675-10A78CDD04A6}" = Catalyst Control Center Localization Finnish
"{F20B6876-0F18-1A47-D858-D0D9F6888B99}" = Catalyst Control Center Localization Polish
"{F2260E94-80F2-4CB1-B6B1-6043D9BFFA47}" = Works-Synchronisierung
"{F400ED9E-848C-DB0B-CED5-F69DAA2CE8AD}" = ccc-utility
"{F5EFBB2D-2CD6-FD3D-FA53-DFB962BFD14C}" = Catalyst Control Center Localization Korean
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla Client" = FileZilla Client 3.2.4.1
"FreeUndelete" = FreeUndelete
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"Paros_is1" = Paros 3.2.13
"PersonalFax" = PersonalFax 1.50
"Recuva" = Recuva
"SuperMailer" = SuperMailer 4.90
"Surf & E-Mail-Stick" = Surf & E-Mail-Stick
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"VLC media player" = VLC media player 1.0.1
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinRAR archiver" = WinRAR
"Works2002Setup" = Microsoft Works 2002-Setup-Start

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 10.06.2010 12:23:47 | Computer Name = Stefan | Source = Application Hang | ID = 1002
Description = Programm WinMail.exe, Version 6.0.6001.18000 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: b48 Anfangszeit: 01cb08b89449bd82 Zeitpunkt
der Beendigung: 0

Error - 10.06.2010 12:24:35 | Computer Name = Stefan | Source = Windows Search Service | ID = 3013
Description =

Error - 10.06.2010 16:46:04 | Computer Name = Stefan | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung msworks.exe, Version 6.0.1911.0, Zeitstempel
0x396c5281, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03821,
Ausnahmecode 0xc0000005, Fehleroffset 0x00067409, Prozess-ID 0x1768, Anwendungsstartzeit
01cb08ddea566420.

Error - 11.06.2010 07:47:38 | Computer Name = Stefan | Source = VSS | ID = 8193
Description =

Error - 12.06.2010 14:39:47 | Computer Name = Stefan | Source = VSS | ID = 8193
Description =

Error - 12.06.2010 21:00:17 | Computer Name = Stefan | Source = VSS | ID = 8193
Description =

Error - 12.06.2010 21:28:43 | Computer Name = Stefan | Source = EventSystem | ID = 4621
Description =

Error - 15.06.2010 02:54:31 | Computer Name = Stefan | Source = VSS | ID = 8193
Description =

Error - 15.06.2010 04:13:48 | Computer Name = Stefan | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung CD DVD LABEL PRINTER LPCW-100.exe, Version 2.0.0.0,
Zeitstempel 0x3ed31778, fehlerhaftes Modul CD DVD LABEL PRINTER LPCW-100.exe, Version
2.0.0.0, Zeitstempel 0x3ed31778, Ausnahmecode 0xc0000005, Fehleroffset 0x000090ad,
Prozess-ID
0x11ec, Anwendungsstartzeit 01cb0c629691d8a0.

Error - 15.06.2010 04:16:40 | Computer Name = Stefan | Source = EventSystem | ID = 4621
Description =

[ System Events ]
Error - 09.08.2010 16:09:31 | Computer Name = Stefan | Source = Service Control Manager | ID = 7030
Description =

Error - 09.08.2010 16:18:45 | Computer Name = Stefan | Source = Service Control Manager | ID = 7030
Description =

Error - 09.08.2010 16:20:14 | Computer Name = Stefan | Source = Service Control Manager | ID = 7000
Description =

Error - 09.08.2010 16:20:14 | Computer Name = Stefan | Source = Service Control Manager | ID = 7000
Description =

Error - 10.08.2010 10:55:47 | Computer Name = Stefan | Source = DCOM | ID = 10010
Description =

Error - 10.08.2010 10:57:11 | Computer Name = Stefan | Source = Service Control Manager | ID = 7000
Description =

Error - 10.08.2010 10:57:11 | Computer Name = Stefan | Source = Service Control Manager | ID = 7000
Description =

Error - 10.08.2010 14:52:12 | Computer Name = Stefan | Source = Service Control Manager | ID = 7034
Description =

Error - 10.08.2010 14:54:35 | Computer Name = Stefan | Source = Service Control Manager | ID = 7000
Description =

Error - 10.08.2010 14:54:35 | Computer Name = Stefan | Source = Service Control Manager | ID = 7000
Description =

< End of report >

11.08.2010, 18:03

Swisstreasure

Moderator

Beiträge: 5694

#22 Kommen noch Meldungen?

11.08.2010, 20:04

Manfred1977

Member

Themenstarter

Beiträge: 39

#23 also so kommen keine Meldungen mehr. Soll ich Avira nochmal durchlaufen lassen oder ein anderes Programm?

11.08.2010, 23:21

Swisstreasure

Moderator

Beiträge: 5694

#24 Mach bitte noch folgende Onlinescans: FSecure, Bitdefender, ESET
http://forum.hijackthis.de/allgemeines/25893-kostenlose-online-scanner.html

15.08.2010, 17:34

Manfred1977

Member

Themenstarter

Beiträge: 39

#25 Hier der Bericht von F-Secure:

Zitat

Scanbericht
Sonntag, August 15, 2010 17:22:19 - 17:32:32

Name des Computers: Stefan
Scantyp: Scansystem für Malware, Spyware und Rootkits
Ziel: C:\ E:\
11 Malware gefunden
TrackingCookie.Questionmarket (Spyware)

* System (Desinfiziert)

TrackingCookie.Advertising (Spyware)

* System (Desinfiziert)

Suspicious:W32/Malware!Gemini (Spyware)

* System (Desinfiziert)

TrackingCookie.Adtech (Spyware)

* System (Desinfiziert)

TrackingCookie.Adform (Spyware)

* System (Desinfiziert)

TrackingCookie.Revsci (Spyware)

* System (Desinfiziert)

TrackingCookie.Zanox (Spyware)

* System (Desinfiziert)

TrackingCookie.Adbrite (Spyware)

* System (Desinfiziert)

TrackingCookie.Xiti (Spyware)

* System (Desinfiziert)

TrackingCookie.Webtrends (Spyware)

* System (Desinfiziert)

TrackingCookie.Yieldmanager (Spyware)

* System (Desinfiziert)

Statistik
Gescannt:

* Dateien: 17242
* System: 15493
* Nicht gescannt: 0

Aktionen:

* Desinfiziert: 11
* Umbenannt: 0
* Gelöscht: 0
* Nicht bereinigt: 0
* Übermittelt: 0

Optionen
Scan-Engines:

Scanoptionen:

* Festgelegte Dateien scannen: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
* Erweiterte Heuristik verwenden

15.08.2010, 19:22

Manfred1977

Member

Themenstarter

Beiträge: 39

#26

Zitat

BitDefender Online Scanner - Echtzeit-Virenmeldung

Erstellt am: Sun, Aug 15, 2010 - 19:21:04

Prüf-Info

Geprüfte Dateien

204164

Infizierte Dateien

0

Erkannte Viren

Keine Viren gefunden

16.08.2010, 13:12

Swisstreasure

Moderator

Beiträge: 5694

#27 Und noch ESET?

16.08.2010, 21:07

Manfred1977

Member

Themenstarter

Beiträge: 39

#28 Eset ist nun auch durchgelaufen: Keine Funde

17.08.2010, 12:53

Swisstreasure

Moderator

Beiträge: 5694

#29 Noch Fragen?

Nachsorge

Um Dein System vor Malware zu schützen, gebe ich Dir im Anschluss eine Kurzversion mit Tipps und Hinweisen auf Tools, die Dir helfen werden, Dein System abzusichern und in Zukunft frei von Infektionen zu halten. Wenn Dein System infiziert war, rate ich Dir, Deine Passwörter zu ändern. Bitte betrachte die Tipps als Vorschläge und nicht als Nonplusultra

.

Erstelle einen neuen Systemwiederherstellungspunkt

Das ist ein guter Zeitpunkt, die Systemwiederherstellung zu leeren und einen neuen sauberen Wiederherstellungspunkt zu erstellen (Anleitung für Vista-User).
• Start => Alle Programme => Zubehör => Systemprogramme => Systemwiederherstellung
• Wähle "Einen Wiederherstellungspunkt erstellen" => Weiter
• Gebe als Beschreibung z. B. "Nach_Bereinigung" ein => Erstellen => Schließen.
• Nun Start => Ausführen => cleanmgr (reinschreiben) => OK => Reiter Weitere Optionen
• Klicke unter Systemwiederherstellung auf Bereinigen und bestätige das Löschen mit Ja => OK.
Das wird alle Wiederherstellungspunkte bis auf den letzten neu erstellten löschen.

Diesen Punkt kannst Du weglassen, falls Du das System gerade neu aufgesetzt hast oder Combofix benutzt und ordentlich deinstalliert wurde, da Combofix das schon erledigt.

Massnahmen:

Um Dein System vor Malware zu schützen, gebe ich Dir im Anschluss eine Kurzversion mit Tipps und Hinweisen auf Tools, die Dir helfen werden, Dein System abzusichern und in Zukunft frei von Infektionen zu halten. Wenn Dein System infiziert war, rate ich Dir, Deine Passwörter zu ändern. Bitte betrachte die Tipps als Vorschläge und nicht als Nonplusultra

.

Falls bei Dir noch nicht installiert, solltest Du Dir die folgenden Programme installieren. Spybot Search&Destroy ist ein gutes Tool, welches bösartige Software sucht und unschädlich macht. Bei der Installation darauf achten, dass der TeaTimer nicht aktiviert wird. Lasse das Tool in regelmäßige Abständen (z. B. einmal pro Woche) laufen und lasse vor der Überprüfung immer nach Updates suchen, Details siehe ausführliche Anleitung. Um Dein System frei von temporären Dateien zu halten, empfehle ich [url="http://www.CCleaner.de"]CCleaner[/url], (Toolbar nicht mitinstallieren) eine Freeware-Software zur Optimierung und zum Aufräumen von Windows, Einzelheiten siehe die Anleitung von Hijackthis-Forum.de. Bei Java (Sun) immer nur die aktuellste Version auf dem Rechner haben, alle anderen deinstallieren.

Verwende einen alternativen Browser, ich empfehle Firefox. Es gibt eine große Anzahl von Erweiterungen, wie z. B. Adblock Plus und NoScript. Mit der Erweiterung IE Tab ist sogar das Windows- und Office-Upate über Firefox möglich. Die Erweiterung QuickJava sorgt dafür, dass Du Java und Java-Skript nur bei Bedarf einschalten kannst. Eine alternatives E-Mail-Programm ist Thunderbird. Auch dafür gibt es viele sehr gute Erweiterungen.

Als Alternative für die ganzen Messenger kommen Miranda-IM oder Trillian infrage. Miranda ist ein malwarefreier OpenSource Instant-Messenger, der mit Protokollen von AOL, ICQ, IRC, MSN und Yahoo zusammen arbeitet. Mit dem ebenfalls malwarefreien Trillian kannst du mit Nutzern von ICQ, AIM, Yahoo Messenger, MSN und IRC chatten.

"Wie konnte die Malware auf meinen Rechner kommen?", ist die wohl am häufigsten gestellte Frage. Malware gelangt in erster Linie über sogenannte Browser Exploits auf einen Rechner, also über Sicherheitslücken im Browser selbst. Weitere Schleusen sind E-Mail-Anhänge, Lecks im Betriebssystem oder Dateidownloads aus unsicheren Quellen.

Durch Einsatz Deines Köpfchens und folgende simple Maßnahmen kannst Du den Schutz optimieren:

• System immer auf aktuellem Stand halten (Windows Update regelmäßig machen und Software aktualisieren).
• Programme wenn möglich "benutzerdefiniert" installieren und Toolbars und Sponsoren abwählen.
• Internet Explorer sicher konfigurieren.
• Nur Original-Software nutzen und auf Programme aus dubiosen Quellen konsequent verzichten.
• Programme, die Du nicht mehr nutzt, über Systemsteuerung => Software entfernen/deinstallieren.
• Nicht alles anklicken, wo klickmich draufsteht!
• Gesunden Menschenverstand und Vorsicht walten lassen,
• insbesondere bei Dateien, die Du Dir auf den PC holst, also E-Mails, Downloads etc.,
• am besten auf Filesharing über P2P-Programme ganz verzichten.
• Router durch Vergabe eines Kennwortes vor Änderungen von außen schützen.
• Nicht benötigte Dienste und Programme gar nicht erst starten.
Bezüglich der Dienste ist es allerdings nötig, sich damit ausführlich zu beschäftigen, ansonsten die Dienste lieber lassen, wie sie sind.
• Nicht benötigte "Ports" (am eventuell vorhandenen DSL-Router), Freigaben u. ä. schließen.
• Port-Scan-Test.
• WLAN absichern.
• Sichere Passwörter vergeben.
• Nicht mehr als einen Virenscanner mit Hintergrundwächter installieren.
• Nicht mehr als ein Antispyware-Programm mit Hintergrundwächter ständig laufen lassen.
• Das System hin und wieder zusätzlich mit einem dieser kostenlosen Online Scanner überprüfen.
• Datensicherung nicht vergessen!
Immer eine saubere Datensicherung als zurückspielbares Image auf Lager haben.

Freiwillige Spende

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1 2