Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: gefälschte Windows Scan-Software "Security Protection"

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 16.06.2011, 21:38   #1
just 1999
 
gefälschte Windows Scan-Software "Security Protection" - Standard

gefälschte Windows Scan-Software "Security Protection"



Hallo,

ich habe das gleiche Problem in diesem Forum bereits gefunden (am 06.06. gepostet von plastefuchs1) und einige Tipps dazu gelesen.

auch hier eine kurzes Problembeschreibung:
folgendes Problem stellt sich auf dem Computer einer Freundin:
Es hat sich eine gefälschte Malware Protection-Software Namens "Security Protection" im System festgesetzt. Es kommt von dieser Software (in der Sprechblase rechts unten)
"...is infected by W32/Blaster.worm"
Please activate Security Protection to protect your computer.
Manchmal blinkt auch kurz noch eine weitere vermeintliche Virenmeldung auf.
Außerdem versucht die Software nach dem Hochfahren von Windows einen Scan durchzuführen mit dem Ziel, dass man die Software "aktiviert" und bezahlt.

Dieser PC hat mehrere Profile. Das Problem taucht nur in einem Profil auf.

Installiertes System: Windows Vista
Virenprogramm: Avira AntiVir Personal

Habe nun versucht einen Scan mit Anti Maleware von Malwarebytes laufen zu lassen. Mitten im Scan bekam ich eine Blue Screen und der Rechner hat neu gebootet, einige Zahlen und Buchstaben hochgezählt, dann konnte ich mich wieder als Admin anmelden.

Jetzt habe ich einen Scan von OTL laufen lassen und folgenden Report bekommen:

Vielen Dank schon jetzt für die Hilfe!

just1999

OTL.TXTOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 16.06.2011 21:18:02 - Run 1
OTL by OldTimer - Version 3.2.24.0     Folder = C:\Users\Unser Spaß\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,75 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 65,81% Memory free
5,71 Gb Paging File | 4,63 Gb Available in Paging File | 81,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,29 Gb Total Space | 53,51 Gb Free Space | 46,02% Space Free | Partition Type: NTFS
Drive E: | 115,13 Gb Total Space | 105,04 Gb Free Space | 91,24% Space Free | Partition Type: NTFS
 
Computer Name: UNSERSPAß-PC | User Name: Unser Spaß | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.06.16 21:15:20 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Unser Spaß\Downloads\OTL.exe
PRC - [2009.08.05 21:28:17 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.06.11 14:44:10 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.03.02 12:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008.10.25 11:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008.09.26 14:22:44 | 000,417,792 | ---- | M] (Chicony) -- C:\Programme\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2008.08.26 15:27:04 | 000,103,824 | ---- | M] (Toshiba Europe GmbH) -- C:\Programme\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
PRC - [2008.08.26 15:26:44 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) -- C:\Programme\Toshiba TEMPRO\TempoSVC.exe
PRC - [2008.08.25 09:58:20 | 000,077,824 | ---- | M] (Toshiba) -- C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
PRC - [2008.04.24 13:03:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2008.04.17 00:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2008.04.17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008.04.17 00:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2008.04.11 00:51:58 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008.03.19 13:35:42 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2008.01.25 13:33:50 | 000,509,816 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2008.01.21 04:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.17 16:27:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2008.01.17 16:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- c:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2007.12.03 17:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- c:\Programme\TOSHIBA\SMARTLogService\TosIPCSrv.exe
PRC - [2007.11.21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2007.07.10 09:24:10 | 000,581,632 | ---- | M] (TOSHIBA) -- C:\Programme\TOSHIBA\Toshiba Online Product Information\TOPI.exe
PRC - [2006.08.23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.06.16 21:15:20 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Unser Spaß\Downloads\OTL.exe
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2009.08.05 21:28:17 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.06.11 14:44:10 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.11.04 03:37:58 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2008.08.26 15:26:44 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe -- (TempoMonitoringService)
SRV - [2008.08.25 09:58:20 | 000,077,824 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008.04.17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008.04.16 15:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Programme\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2008.04.11 00:51:58 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008.01.21 04:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.17 16:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007.12.03 17:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007.11.21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2006.08.23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010.03.04 13:50:14 | 000,261,152 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009.12.08 19:36:56 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.06.11 14:44:10 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.06.11 14:44:10 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.11.04 03:32:20 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2008.07.29 05:05:04 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.07.15 19:59:06 | 000,017,960 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2008.04.28 16:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008.04.23 00:36:32 | 003,551,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.04.10 21:25:30 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2007.11.09 14:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2006.11.20 14:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006.11.02 09:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.10.30 11:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2006.10.18 11:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEE&bmod=TSEE;
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEE&bmod=TSEE
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEE&bmod=TSEE;
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/home?AF=16508
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2431245&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.3&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=16508"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "hxxp://start.facemoods.com/?a=stonicde"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://start.facemoods.com/results.php?f=5&a=stonicde&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.21 10:58:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.21 10:58:45 | 000,000,000 | ---D | M]
 
[2009.05.23 12:44:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Unser Spaß\AppData\Roaming\mozilla\Extensions
[2011.06.16 20:32:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Unser Spaß\AppData\Roaming\mozilla\Firefox\Profiles\t045zyoo.default\extensions
[2010.03.26 21:41:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Unser Spaß\AppData\Roaming\mozilla\Firefox\Profiles\t045zyoo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.06.16 20:32:45 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Unser Spaß\AppData\Roaming\mozilla\Firefox\Profiles\t045zyoo.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010.12.08 16:47:52 | 000,000,927 | ---- | M] () -- C:\Users\Unser Spaß\AppData\Roaming\Mozilla\Firefox\Profiles\t045zyoo.default\searchplugins\conduit.xml
[2011.06.13 21:20:20 | 000,000,950 | ---- | M] () -- C:\Users\Unser Spaß\AppData\Roaming\Mozilla\Firefox\Profiles\t045zyoo.default\searchplugins\icqplugin-1.xml
[2010.12.18 13:34:16 | 000,000,947 | ---- | M] () -- C:\Users\Unser Spaß\AppData\Roaming\Mozilla\Firefox\Profiles\t045zyoo.default\searchplugins\icqplugin.xml
[2011.02.07 17:28:22 | 000,003,915 | ---- | M] () -- C:\Users\Unser Spaß\AppData\Roaming\Mozilla\Firefox\Profiles\t045zyoo.default\searchplugins\sweetim.xml
[2011.06.16 20:27:42 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.05.23 19:21:36 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
File not found (No name found) -- C:\USERS\UNSER SPAß\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T045ZYOO.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}
File not found (No name found) -- C:\USERS\UNSER SPAß\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T045ZYOO.DEFAULT\EXTENSIONS\{A0D7CCB3-214D-498B-B4AA-0E8FDA9A7BF7}
[2011.03.07 18:13:52 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.02.07 17:20:57 | 000,002,226 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\babylon.xml
[2011.03.07 18:13:52 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.28 18:14:06 | 000,002,040 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\fcmdSrchstonicde.xml
[2011.03.07 18:13:52 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.03.07 18:13:52 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.07 18:13:52 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [cfFncEnabler.exe]  File not found
O4 - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [NDSTray.exe]  File not found
O4 - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [Toshiba TEMPO] C:\Programme\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe (Toshiba Europe GmbH)
O4 - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [TOSCDSPD] C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Unser Spaß\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Free YouTube Download - C:\Users\Unser Spaß\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} -  File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} -  File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{c9319606-6696-11e0-8217-001e33b224cf}\Shell - "" = AutoRun
O33 - MountPoints2\{c9319606-6696-11e0-8217-001e33b224cf}\Shell\AutoRun\command - "" = D:\LGAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.06.16 20:37:08 | 000,000,000 | ---D | C] -- C:\Users\Unser Spaß\AppData\Roaming\Malwarebytes
[2011.06.16 20:36:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.06.16 20:36:50 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.06.16 20:36:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.06.16 20:36:44 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.06.16 20:36:44 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.06.16 20:02:52 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.06.16 20:02:45 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.06.16 20:02:44 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.06.16 20:02:44 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.06.16 20:02:44 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.06.16 20:02:43 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.06.16 20:02:43 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.06.16 20:02:43 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.06.16 20:02:43 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.06.16 20:02:43 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.06.16 20:02:43 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.06.16 20:02:43 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.06.16 20:02:43 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.06.16 20:02:43 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.06.16 20:02:43 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.06.16 20:02:43 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.06.16 20:02:42 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.06.16 20:01:39 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.05.28 08:55:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Easybits GO
[2011.05.27 19:22:51 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.06.16 21:05:42 | 000,001,833 | ---- | M] () -- C:\Users\Unser Spaß\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
[2011.06.16 21:04:14 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.06.16 21:04:13 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.06.16 21:04:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.06.16 21:03:22 | 2950,524,928 | -HS- | M] () -- C:\hiberfil.sys
[2011.06.16 21:01:37 | 247,907,088 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.06.16 20:36:51 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.06.15 21:30:20 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.06.15 21:30:20 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.06.15 21:30:20 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.06.15 21:30:20 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.05.29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.05.28 08:05:27 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.05.28 08:04:56 | 000,602,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.05.28 08:04:56 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.05.28 08:04:30 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.05.28 08:04:22 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.05.28 08:04:17 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.05.28 08:04:03 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.05.28 08:04:03 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.05.28 08:04:03 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.05.28 08:04:02 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.05.28 08:04:02 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.05.28 08:03:58 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.05.28 07:10:26 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.05.28 06:33:03 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.05.28 06:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.05.28 06:32:15 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.05.28 06:31:44 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.05.27 19:22:51 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.05.21 20:10:33 | 000,000,680 | ---- | M] () -- C:\Users\Unser Spaß\AppData\Local\d3d9caps.dat
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.06.16 21:01:37 | 247,907,088 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.06.16 20:36:51 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.12.21 19:20:31 | 000,000,680 | ---- | C] () -- C:\Users\Unser Spaß\AppData\Local\d3d9caps.dat
[2010.08.11 18:54:49 | 000,005,120 | ---- | C] () -- C:\Users\Unser Spaß\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.03 09:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.09.25 14:19:05 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.09.25 14:19:04 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.05.23 20:42:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.05.23 12:03:23 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2009.05.23 12:03:23 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2009.05.23 12:03:23 | 000,009,480 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2009.05.23 12:03:23 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008.10.07 14:34:25 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008.10.07 14:34:25 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008.10.07 14:34:25 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008.10.07 14:34:25 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008.10.07 14:34:25 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008.10.07 14:34:25 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008.10.07 14:22:29 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008.10.07 14:10:22 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008.10.07 13:17:29 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.10.07 13:02:18 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.10.07 13:00:10 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008.10.07 13:00:09 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.10.07 13:00:08 | 000,168,883 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008.10.07 13:00:08 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2008.01.21 10:21:25 | 000,618,442 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 10:21:25 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 10:21:25 | 000,122,842 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 10:21:25 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:44:53 | 000,405,408 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 12:33:01 | 000,587,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,101,250 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2011.01.27 17:05:31 | 000,000,000 | ---D | M] -- C:\Users\Unser Spaß\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.05.23 12:33:49 | 000,000,000 | ---D | M] -- C:\Users\Unser Spaß\AppData\Roaming\Toshiba
[2011.06.15 21:31:51 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


Extras.TXTOTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 16.06.2011 21:18:02 - Run 1
OTL by OldTimer - Version 3.2.24.0     Folder = C:\Users\Unser Spaß\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,75 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 65,81% Memory free
5,71 Gb Paging File | 4,63 Gb Available in Paging File | 81,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,29 Gb Total Space | 53,51 Gb Free Space | 46,02% Space Free | Partition Type: NTFS
Drive E: | 115,13 Gb Total Space | 105,04 Gb Free Space | 91,24% Space Free | Partition Type: NTFS
 
Computer Name: UNSERSPAß-PC | User Name: Unser Spaß | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{822B431E-26D3-4DD9-8E71-A4E72BC447AE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2CE93259-02A9-4A98-B39B-5605D0231C2D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{3414D663-B09D-4930-A433-A506D5BAE010}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{92C3E2A0-BF29-4A16-8637-7772D6DA01C4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{945C3589-864A-4B6B-A701-37266E6C6BBF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{A17B7613-AA5E-44B4-A07E-2D73C9526E13}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"TCP Query User{3A86FFC0-4C53-47D5-BF03-A782BC229417}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{7D59D736-676E-4557-8740-AD8D4B8AE4A9}C:\users\antonia\appdata\roaming\icq\application\icq7.1\icq.exe" = protocol=6 | dir=in | app=c:\users\antonia\appdata\roaming\icq\application\icq7.1\icq.exe | 
"UDP Query User{0EE591ED-3B73-4AAD-B55F-6238386EE03F}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{7EA067AA-85E9-4005-A7D3-05099F301D20}C:\users\antonia\appdata\roaming\icq\application\icq7.1\icq.exe" = protocol=17 | dir=in | app=c:\users\antonia\appdata\roaming\icq\application\icq7.1\icq.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}" = Toshiba TEMPRO
"{07C9627A-CA0B-2AA2-062E-204359DF7BA1}" = Catalyst Control Center Core Implementation
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{0EFB2016-41D2-5F30-8F60-25250F6DABDD}" = CCC Help Thai
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1C971EE3-B4C4-4367-9676-57549919C6CE}" = TOSHIBA Benutzerhandbücher
"{1E57A11B-AB65-C6D1-F999-B3B37AB2298E}" = Catalyst Control Center Localization Japanese
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{27265B80-303E-EFFF-6052-B11F91B634C3}" = Catalyst Control Center Localization Italian
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2920435D-CE92-5024-1694-DFD43A5FF074}" = Catalyst Control Center Localization Greek
"{2CD6D3D2-1EFC-F0B4-1761-FD4FA7F8750F}" = CCC Help Finnish
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{358004B9-3A16-87FF-4487-4D6F0C70E52F}" = Catalyst Control Center Localization Russian
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{38A3E884-313A-7AE0-11BC-482DE0C8766A}" = CCC Help Czech
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3BB12DBC-0A8E-ECE2-F179-D06B99B8CD02}" = Catalyst Control Center Localization Czech
"{3E0E28DC-DA90-1BA2-FA36-AA3C2E4FB74A}" = Catalyst Control Center Graphics Previews Vista
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{4C90501F-864B-5AC4-867D-6AC35BE50721}" = ccc-utility
"{55398A75-13E0-570F-BD16-2EE5D9E5523D}" = Catalyst Control Center Localization Norwegian
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5F131988-3326-AD64-1817-D76A2FE3C2D3}" = CCC Help Chinese Traditional
"{5FBF37CD-B7F9-564C-BDFC-73D970CF7AF2}" = CCC Help Italian
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{61C63422-E5E2-8576-2B82-0E01F5AD2538}" = CCC Help English
"{61F90A4F-AD49-7FFB-F027-5B2CB64F0A70}" = Catalyst Control Center Graphics Light
"{629044C7-745A-64B8-467F-2F93ED50008B}" = CCC Help Chinese Standard
"{65BF23C0-4EF9-27CC-7B6F-190F4008A569}" = Catalyst Control Center Localization Polish
"{65D602E4-DCDE-0743-6A0A-F1A203449F47}" = CCC Help German
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69E5255D-9D43-4CFF-8984-843ABD7753B7}" = Catalyst Control Center - Branding
"{6B4874CA-13CF-2477-B697-B448201B56B6}" = CCC Help Norwegian
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6EB0B23B-AA51-6F4E-C94C-C1015ED61EEC}" = CCC Help Japanese
"{70495081-1DC8-AD4B-C197-12138B8FBC9E}" = CCC Help Danish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71B929E2-3556-93DB-DEC0-FD56D3EFB473}" = Catalyst Control Center Localization Chinese Traditional
"{71C47830-182D-79FA-0790-0366E6E2C2EB}" = Catalyst Control Center Localization Spanish
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{77CAD946-C573-6647-B222-B6870C072932}" = CCC Help Korean
"{7E83516C-931B-870F-5CDF-01FDF9A4AEF0}" = Catalyst Control Center Localization Turkish
"{86728841-C151-B8E4-43C6-DD289DE570B6}" = Catalyst Control Center Localization Swedish
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86DBA852-5D5E-1856-D828-620E792EDC0D}" = Catalyst Control Center Localization Chinese Standard
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{88BA2601-8A62-7AB7-DB8A-7AA2840B7C87}" = Catalyst Control Center Localization Thai
"{8B587895-7716-1B99-5D85-3CA4AAF8A0F4}" = Catalyst Control Center Localization Dutch
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9244F321-0BBD-9D4A-C1FB-6437E3D0550D}" = Catalyst Control Center Localization German
"{93F3EBDD-4007-C233-7320-977AC0941054}" = CCC Help Turkish
"{94AB6CE0-DB26-7048-2A5B-4647EA1FC693}" = ccc-core-static
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A103C127-2168-4493-8D01-4BF180BED12C}" = CCC Help Portuguese
"{A7F27ADB-3C56-0F2B-6B4B-0B8E02A49186}" = ATI Catalyst Install Manager
"{AC2EE52D-05CD-8140-5D29-5AA29590971E}" = CCC Help French
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{B02A78AE-EA3B-8261-AEBC-8221E22DCC1E}" = CCC Help Polish
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
"{B1D67B62-35A8-A9A1-AA74-F6A495C8271A}" = Catalyst Control Center Localization Danish
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{BC2EA92A-A5A9-A137-5204-F150EDB05DB3}" = CCC Help Hungarian
"{BC713970-8C3C-852B-4139-636F21114B7F}" = CCC Help Dutch
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C5F1A9C4-C041-2E95-5D7E-EF56CED2B522}" = Skins
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D7CC05AF-067D-0D1A-1E4D-9DCBCDCC2D41}" = Catalyst Control Center Graphics Full New
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E0FC3A5D-CF52-ABA7-92EF-D9794F372121}" = Catalyst Control Center Graphics Full Existing
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{EA7D1919-A6BF-979A-E3A2-F753E23D45FA}" = Catalyst Control Center Localization Hungarian
"{ED2BC5D9-20EE-FBB6-8483-240F19EFCAA5}" = CCC Help Swedish
"{F0345A2F-1D78-0AEA-7CBB-CEF48622EB44}" = Catalyst Control Center Localization Portuguese
"{F0646787-1A2F-34E9-A61D-9DAD69F606F8}" = CCC Help Spanish
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F50E4D66-5280-FDF8-7F55-2E47FCF23E7D}" = Catalyst Control Center Localization Korean
"{F67E6AE5-F87B-025F-2D6B-26491304393F}" = CCC Help Russian
"{F9DAAC4B-5E3F-1D39-9D4B-6998664EF402}" = Catalyst Control Center Localization Finnish
"{F9F66B99-C1B3-ACEA-1F80-404CC4DD96BF}" = Catalyst Control Center Localization French
"{FA493449-3E34-4E05-8CA7-26A42E9F180E}" = CCC Help Greek
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"ENTERPRISER" = Microsoft Office Enterprise 2007
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.0.1200
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"myphotobook" = myphotobook 3.6
"NAVIGON Fresh" = NAVIGON Fresh 3.2.0
"Picasa 3" = Picasa 3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 06.06.2010 07:00:58 | Computer Name = UnserSpaß-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 06.06.2010 07:02:19 | Computer Name = UnserSpaß-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 06.06.2010 07:05:22 | Computer Name = UnserSpaß-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 06.06.2010 07:48:49 | Computer Name = UnserSpaß-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 06.06.2010 07:53:42 | Computer Name = UnserSpaß-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 06.06.2010 08:37:04 | Computer Name = UnserSpaß-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 06.06.2010 08:56:06 | Computer Name = UnserSpaß-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 06.06.2010 10:40:50 | Computer Name = UnserSpaß-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 06.06.2010 13:13:36 | Computer Name = UnserSpaß-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 06.06.2010 13:23:28 | Computer Name = UnserSpaß-PC | Source = WinMgmt | ID = 10
Description = 
 
[ OSession Events ]
Error - 14.04.2010 14:13:44 | Computer Name = UnserSpaß-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 224
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 11.06.2011 06:27:45 | Computer Name = UnserSpaß-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 13.06.2011 12:59:42 | Computer Name = UnserSpaß-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 13.06.2011 um 18:58:41 unerwartet heruntergefahren.
 
Error - 14.06.2011 08:23:30 | Computer Name = UnserSpaß-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 16.06.2011 13:53:10 | Computer Name = UnserSpaß-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease *********** für die Netzwerkkarte mit der Netzwerkadresse
 0024D25759D1 wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
 eine DHCPNACK-Meldung gesendet).
 
Error - 16.06.2011 14:07:56 | Computer Name = UnserSpaß-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 16.06.2011 14:07:56 | Computer Name = UnserSpaß-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 16.06.2011 14:07:56 | Computer Name = UnserSpaß-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 16.06.2011 14:07:56 | Computer Name = UnserSpaß-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 16.06.2011 14:07:56 | Computer Name = UnserSpaß-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 16.06.2011 15:04:03 | Computer Name = UnserSpaß-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 16.06.2011 um 21:00:27 unerwartet heruntergefahren.
 
 
< End of report >
         
--- --- ---

Geändert von just 1999 (16.06.2011 um 21:55 Uhr) Grund: scan einfügen

Alt 17.06.2011, 11:17   #2
markusg
/// Malware-holic
 
gefälschte Windows Scan-Software "Security Protection" - Standard

gefälschte Windows Scan-Software "Security Protection"



im betroffenen profil, evtl. im abgesicherten modus, zu erreichen mit f8:
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________

__________________

Alt 17.06.2011, 18:03   #3
just 1999
 
gefälschte Windows Scan-Software "Security Protection" - Standard

gefälschte Windows Scan-Software "Security Protection"



habe nun folgenden befehl ausgeführt unter
windows-start-menü-ausführen

taskkill.exe / F / IM defender.exe

anschließend konnte ich die Malware "Security Protection" nicht mehr sehen, Firefox lässt sich auch wieder aufrufen.

habe combofix drüberlaufen lassen... hier ist der log

Combofix Logfile:
Code:
ATTFilter
ComboFix 11-06-16.02 - Unser Spaß 17.06.2011  17:19:24.1.2 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.49.1031.18.2813.1449 [GMT 2:00]
ausgeführt von:: c:\******\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-05-17 bis 2011-06-17  ))))))))))))))))))))))))))))))
.
.
2011-06-17 15:30 . 2011-06-17 15:31	--------	d-----w-	c:\users\Unser Spaß\AppData\Local\temp
2011-06-17 15:30 . 2011-06-17 15:30	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-06-17 15:30 . 2011-06-17 15:30	--------	d-----w-	c:\users\a****\AppData\Local\temp
2011-06-17 15:30 . 2011-06-17 15:30	--------	d-----w-	c:\users\i****\AppData\Local\temp
2011-06-17 15:30 . 2011-06-17 15:30	--------	d-----w-	c:\users\b*****\AppData\Local\temp
2011-06-17 14:39 . 2011-05-09 20:46	6962000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{0ECE0026-88A4-4083-9535-3ACB6FF2EA17}\mpengine.dll
2011-06-16 20:51 . 2011-06-16 20:51	--------	d-----w-	c:\program files\Windows Portable Devices
2011-06-16 20:45 . 2009-09-10 02:00	1164800	----a-w-	c:\windows\system32\UIRibbonRes.dll
2011-06-16 20:45 . 2009-09-10 02:00	92672	----a-w-	c:\windows\system32\UIAnimation.dll
2011-06-16 20:45 . 2009-09-10 02:01	3023360	----a-w-	c:\windows\system32\UIRibbon.dll
2011-06-16 20:44 . 2009-09-25 01:33	369664	----a-w-	c:\windows\system32\WMPhoto.dll
2011-06-16 20:44 . 2009-09-25 02:10	974848	----a-w-	c:\windows\system32\WindowsCodecs.dll
2011-06-16 20:44 . 2009-09-25 02:07	189440	----a-w-	c:\windows\system32\WindowsCodecsExt.dll
2011-06-16 20:44 . 2009-09-25 02:04	321024	----a-w-	c:\windows\system32\PhotoMetadataHandler.dll
2011-06-16 20:44 . 2009-09-25 01:33	195584	----a-w-	c:\windows\system32\dxdiagn.dll
2011-06-16 20:44 . 2009-09-25 01:32	252928	----a-w-	c:\windows\system32\dxdiag.exe
2011-06-16 20:44 . 2009-09-25 01:31	519680	----a-w-	c:\windows\system32\d3d11.dll
2011-06-16 20:42 . 2009-10-08 21:07	4096	----a-w-	c:\windows\system32\oleaccrc.dll
2011-06-16 20:42 . 2009-10-08 21:08	555520	----a-w-	c:\windows\system32\UIAutomationCore.dll
2011-06-16 20:42 . 2009-10-08 21:08	234496	----a-w-	c:\windows\system32\oleacc.dll
2011-06-16 20:29 . 2011-06-16 20:29	--------	d-----w-	c:\users\Unser Spaß\AppData\Roaming\Avira
2011-06-16 19:59 . 2011-04-14 16:40	89048	----a-w-	c:\program files\Mozilla Firefox\libEGL.dll
2011-06-16 19:59 . 2011-04-14 16:40	781272	----a-w-	c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-06-16 19:59 . 2011-04-14 16:40	465880	----a-w-	c:\program files\Mozilla Firefox\libGLESv2.dll
2011-06-16 19:59 . 2011-04-14 16:40	1874904	----a-w-	c:\program files\Mozilla Firefox\mozjs.dll
2011-06-16 19:59 . 2011-04-14 16:40	15832	----a-w-	c:\program files\Mozilla Firefox\mozalloc.dll
2011-06-16 19:59 . 2010-01-01 08:00	1974616	----a-w-	c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-06-16 19:59 . 2010-01-01 08:00	1892184	----a-w-	c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-06-16 18:37 . 2011-06-16 18:37	--------	d-----w-	c:\users\Unser Spaß\AppData\Roaming\Malwarebytes
2011-06-16 18:36 . 2011-05-29 07:11	39984	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-16 18:36 . 2011-06-16 18:36	--------	d-----w-	c:\programdata\Malwarebytes
2011-06-16 18:36 . 2011-06-16 18:36	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-06-16 18:36 . 2011-05-29 07:11	22712	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-06-16 18:03 . 2011-04-29 13:25	146432	----a-w-	c:\windows\system32\drivers\srv2.sys
2011-06-16 18:03 . 2011-04-29 13:25	102400	----a-w-	c:\windows\system32\drivers\srvnet.sys
2011-06-16 18:03 . 2011-04-14 14:59	75264	----a-w-	c:\windows\system32\drivers\dfsc.sys
2011-05-28 06:55 . 2011-06-03 06:54	--------	d-----w-	c:\users\brigitte\AppData\Roaming\go
2011-05-28 06:55 . 2011-06-15 14:37	--------	d-----w-	c:\programdata\Easybits GO
2011-05-27 17:22 . 2011-05-27 17:22	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-16 17:56 . 2011-03-18 13:24	0	----a-w-	c:\windows\system32\ConduitEngine.tmp
2011-04-13 22:40 . 2011-04-13 22:40	4284416	----a-w-	c:\windows\system32\GPhotos.scr
2011-04-01 15:07 . 2009-06-11 12:37	61960	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-04-01 15:07 . 2009-06-11 12:37	137656	----a-w-	c:\windows\system32\drivers\avipbb.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-23 136600]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"NDSTray.exe"="NDSTray.exe" [BU]
"Toshiba TEMPO"="c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe" [2008-08-26 103824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-09-26 417792]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-10-31 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 574864]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
.
c:\users\Unser Spaá\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2008-04-16 954368]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2008-04-28 20384]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-16 40960]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\Toshiba TEMPRO\TempoSVC.exe [2008-08-26 99720]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-08-25 77824]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
HsfXAudioService	REG_MULTI_SZ   	HsfXAudioService
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.babylon.com/home?AF=16508
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEE&bmod=TSEE
IE: Free YouTube Download - c:\users\Unser Spaß\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Unser Spaß\AppData\Roaming\Mozilla\Firefox\Profiles\t045zyoo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2431245&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.3&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
URLSearchHooks-{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
WebBrowser-{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-06-17 17:31
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i????????#?y????Y???Y???Y?( Y?P  
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3623748575-3796781263-4243265749-1000\Software\SecuROM\License information*]
"datasecu"=hex:6e,6c,84,fc,b1,59,fa,fa,da,7a,d7,19,e8,c2,f2,55,8c,17,c9,9d,d4,
   df,f7,72,59,18,e6,2c,86,eb,8c,16,e8,97,7a,01,04,e1,65,70,c0,0e,34,9d,75,18,\
"rkeysecu"=hex:ba,05,ed,cb,a3,30,f6,51,6b,0b,15,28,8f,e7,e4,cd
.
[HKEY_USERS\S-1-5-21-3623748575-3796781263-4243265749-1003\Software\SecuROM\License information*]
"datasecu"=hex:6a,fa,45,8d,a8,99,6d,52,94,f1,60,f8,16,40,4a,19,5c,90,12,df,35,
   cf,59,03,65,68,67,79,36,d2,07,ac,1d,aa,64,7b,30,45,31,21,69,4e,e2,31,76,49,\
"rkeysecu"=hex:eb,09,5c,52,d2,98,20,ec,8f,00,52,5e,62,4d,58,c4
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-06-17  17:35:41
ComboFix-quarantined-files.txt  2011-06-17 15:35
.
Vor Suchlauf: 9 Verzeichnis(se), 65.880.039.424 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 65.990.557.696 Bytes frei
.
- - End Of File - - BC39A45A95A952965503A33253A3D50C
         
--- --- ---
__________________

Alt 17.06.2011, 18:07   #4
markusg
/// Malware-holic
 
gefälschte Windows Scan-Software "Security Protection" - Standard

gefälschte Windows Scan-Software "Security Protection"



update mal Malwarebytes und scanne erneut, erst mal nen quick scan.
log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 17.06.2011, 18:40   #5
just 1999
 
gefälschte Windows Scan-Software "Security Protection" - Standard

gefälschte Windows Scan-Software "Security Protection"



nun habe ich ein neues problem...
seit dem combofix scan - das hatte ich eben nicht getestet - kann ich keine anwendung (malware, IE, firefox) mehr in dem betroffenen profil starten.
folgende fehlermeldung: "es wurde versucht einem registrierungsschlüssel einem unzulässigen Vorgang zu unterziehen, der zum Löschen vorgesehen war."


den malware scan habe ich über den admin gestartet.

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 6872

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19088

17.06.2011 18:31:58
mbam-log-2011-06-17 (18-31-58).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 191729
Laufzeit: 5 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


Alt 17.06.2011, 18:49   #6
markusg
/// Malware-holic
 
gefälschte Windows Scan-Software "Security Protection" - Standard

gefälschte Windows Scan-Software "Security Protection"



neustarten dann gehts wieder
__________________
--> gefälschte Windows Scan-Software "Security Protection"

Alt 17.06.2011, 19:05   #7
just 1999
 
gefälschte Windows Scan-Software "Security Protection" - Standard

gefälschte Windows Scan-Software "Security Protection"



haben wir jetzt das problem komplett beseitigt?

Alt 17.06.2011, 19:09   #8
markusg
/// Malware-holic
 
gefälschte Windows Scan-Software "Security Protection" - Standard

gefälschte Windows Scan-Software "Security Protection"



mach jetzt nen kompletten scan mit malwarebytes, scheint ja zu laufen jetzt
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 17.06.2011, 20:34   #9
just 1999
 
gefälschte Windows Scan-Software "Security Protection" - Standard

gefälschte Windows Scan-Software "Security Protection"



jetzt haben wir doch einen virus gefunden - siehe log.

soll ich in Malwarebytes auf "remove selected" klicken?

Malwarebytes' Anti-Malware 1.51.0.1200
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Database version: 6872

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19088

17.06.2011 20:25:31
mbam-log-2011-06-17 (20-25-15).txt

Scan type: Full scan (C:\|E:\|)
Objects scanned: 243821
Time elapsed: 1 hour(s), 11 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Security Protection (Rogue.Spypro) -> Value: Security Protection -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Alt 17.06.2011, 20:36   #10
markusg
/// Malware-holic
 
gefälschte Windows Scan-Software "Security Protection" - Standard

gefälschte Windows Scan-Software "Security Protection"



ok

lade den CCleaner standard:
CCleaner - Standard
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 17.06.2011, 20:57   #11
just 1999
 
gefälschte Windows Scan-Software "Security Protection" - Standard

gefälschte Windows Scan-Software "Security Protection"



hier hatte als erstes aufgeräumt...
hier die akteulle liste:

weiß nicht - Activation Assistant for the 2007 Microsoft Office suites Microsoft Corporation 22.05.2009 14,0MB
benötigt - Adobe Flash Player 10 Plugin Adobe Systems Incorporated 26.05.2011 10.3.181.14
benötigt - Adobe Reader 8.1.2 - Deutsch Adobe Systems Incorporated 06.10.2008 99,6MB 8.1.2
denke schon - Atheros Driver Installation Program Atheros 22.05.2009 1,06MB 5.0
denke schon - Atheros Wi-Fi Protected Setup Library Atheros 22.05.2009 3,99MB
weiß nicht - ATI Catalyst Install Manager ATI Technologies, Inc. 06.10.2008 13,9MB 3.0.664.0
benötigt - Avira AntiVir Personal - Free Antivirus Avira GmbH 15.06.2011 119,8MB 10.0.0.648
benötigt - Camera Assistant Software for Toshiba Chicony Electronics Co.,Ltd. 22.05.2009 62,5MB 1.7.231.1126L
weiß nicht - Catalyst Control Center - Branding ATI 06.10.2008 0,42MB 1.00.0000
benötigt - CCleaner Piriform 16.06.2011 2,53MB 3.07
benötigt - CD/DVD Drive Acoustic Silencer TOSHIBA 06.10.2008 0,59MB 2.02.03
benötigt - Compatibility Pack für 2007 Office System Microsoft Corporation 15.06.2011 12.0.6425.1000
benötigt - DVD MovieFactory for TOSHIBA Ulead Systems, Inc. 22.05.2009 253MB 5.51
weiß nicht - HDAUDIO Soft Data Fax Modem with SmartCP Conexant Systems 04.04.2010 1,01MB 7.80.2.0
benötigt - Java(TM) 6 Update 11 Sun Microsystems, Inc. 22.05.2009 94,4MB 6.0.110
benötigt - Java(TM) 6 Update 3 Sun Microsystems, Inc. 06.10.2008 168,1MB 1.6.0.30
benötigt - Malwarebytes' Anti-Malware Version 1.51.0.1200 Malwarebytes Corporation 15.06.2011 7,29MB 1.51.0.1200
benötigt - Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 15.06.2011 37,0MB
benötigt - Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 22.05.2009 27,8MB
benötigt - Microsoft Office Enterprise 2007 Microsoft Corporation 22.05.2009 627MB 12.0.6425.1000
benötigt - Microsoft Office Home and Student 2007 Microsoft Corporation 22.05.2009 627MB 12.0.6425.1000
benötigt - Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Corporation 15.06.2011 12.0.6425.1000
benötigt - Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 02.08.2009 0,25MB 8.0.50727.4053
benötigt - Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 15.06.2011 0,29MB 8.0.61001
benötigt - Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 02.08.2009 0,19MB 9.0.30729.4148
benötigt - Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 12.04.2011 0,58MB 9.0.30729.5570
benötigt - Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 10.06.2009 0,58MB 9.0.30729
benötigt - Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 15.06.2011 0,58MB 9.0.30729.6161
benötigt - benötigt - Microsoft Works Microsoft Corporation 15.12.2010 9.7.0621
benötigt - Mozilla Firefox 4.0.1 (x86 de) Mozilla 15.06.2011 30,3MB 4.0.1
benötigt - MSXML 4.0 SP2 (KB941833) Microsoft Corporation 06.10.2008 1,28MB 4.20.9849.0
benötigt - MSXML 4.0 SP2 (KB954430) Microsoft Corporation 22.05.2009 1,29MB 4.20.9870.0
benötigt - MSXML 4.0 SP2 (KB973688) Microsoft Corporation 24.11.2009 1,35MB 4.20.9876.0
benötigt - myphotobook 3.6 myphotobook 22.05.2009 18,7MB 3.6
benötigt - NAVIGON Fresh 3.2.0 NAVIGON 24.12.2010 66,9MB 3.2.0
weiß nicht - NetWaiting BVRP Software, Inc 22.05.2009 5,23MB 2.5.52
weiß nicht - Picasa 3 Google, Inc. 01.01.2011 74,3MB 3.8
benötigt - Realtek 8169 8168 8101E 8102E Ethernet Driver Realtek 06.10.2008 1,50MB 1.00.0000
benötigt - Realtek USB 2.0 Card Reader Realtek Semiconductor Corp. 06.10.2008 3,07MB
benötigt - Skype™ 5.0 Skype Technologies S.A. 02.01.2011 23,5MB 5.0.156
benötigt - Synaptics Pointing Device Driver Synaptics 06.10.2008 13,9MB 10.1.8.0
benötigt - TOSHIBA Assist TOSHIBA 06.10.2008 1,16MB 2.01.04
benötigt - TOSHIBA Benutzerhandbücher TOSHIBA 22.05.2009 4,09MB 7.40
benötigt - TOSHIBA ConfigFree TOSHIBA Corporation 06.10.2008 74,3MB 7.2.13
benötigt - TOSHIBA Disc Creator TOSHIBA Corporation 06.10.2008 9,71MB 2.0.1.3
benötigt - TOSHIBA DVD PLAYER TOSHIBA Corporation 06.10.2008 22,7MB 1.30.12
benötigt - TOSHIBA Extended Tiles for Windows Mobility Center Toshiba 06.10.2008 1,28MB 1.01.00
benötigt - TOSHIBA Face Recognition TOSHIBA Corporation 22.05.2009 267MB 2.0.17.32
benötigt - TOSHIBA Hardware Setup 22.05.2009 2,98MB 2.00.08
benötigt - Toshiba Online Product Information TOSHIBA 06.10.2008 5,51MB 1.00.0012
benötigt - TOSHIBA Recovery Disc Creator TOSHIBA 06.10.2008 2,54MB 2.0.0.1b
benötigt - TOSHIBA Supervisor Password 22.05.2009 3,00MB 2.00.04
benötigt - Toshiba TEMPRO Toshiba Europe GmbH 06.10.2008 8,25MB 1.2
benötigt - TOSHIBA Value Added Package TOSHIBA Corporation 22.05.2009 64,00KB 1.1.19
weiß nicht - TRDCReminder TOSHIBA 06.10.2008 0,38MB 1.00.0015
weiß nicht - TRORDCLauncher TOSHIBA 06.10.2008 3,35MB 1.0.0.1
benötigt - Windows Media Encoder 9-Reihe 06.10.2008 13,7MB

Alt 17.06.2011, 21:11   #12
markusg
/// Malware-holic
 
gefälschte Windows Scan-Software "Security Protection" - Standard

gefälschte Windows Scan-Software "Security Protection"



deinstaliere:
Adobe Reader 8.1.2
download:
Adobe - Adobe Reader herunterladen - Alle Versionen
bitte zusatz software den haken raus nehmen

nach instalation öffne adobe, bearbeiten voreinstellungen, internet, alle haken raus, java haken raus, updates auf instalieren stellen, übernehmen ok
deinstaliere:
Java(TM) 6 Update 11
Java(TM) 6 Update 3
downloade
Java SE Downloads
klicke download jre, downloade offline installer
deinstaliere:
Picasa

bereinige mit dem ccleaner.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 17.06.2011, 21:38   #13
just 1999
 
gefälschte Windows Scan-Software "Security Protection" - Standard

gefälschte Windows Scan-Software "Security Protection"



erledigt.
im cleaner ist der virus nicht erkannt bzw. gelöscht worden

Alt 17.06.2011, 21:46   #14
markusg
/// Malware-holic
 
gefälschte Windows Scan-Software "Security Protection" - Standard

gefälschte Windows Scan-Software "Security Protection"



ok, bitte deinstaliere avira, wir tauschen es durch ein besseres programm mit mehr schutz modulen.modulen aus.
http://www.trojaner-board.de/110895-...antivirus.html
nutze avast.
http://www.http://www.bremer-treff.d...e-edition.html
denke die haben das beste gesammt angebot für kostenlose produkte.
bitte nach pdf konfigurieren, heuristiken können auf "hoch" gestellt werden.
update avast und mache einen boot scan, ergebniss posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 17.06.2011, 22:10   #15
markusg
/// Malware-holic
 
gefälschte Windows Scan-Software "Security Protection" - Standard

gefälschte Windows Scan-Software "Security Protection"



edit, falsches topic
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu gefälschte Windows Scan-Software "Security Protection"
anti maleware, antivir, avira, avira antivir, bli, blinkt, blue, blue screen, computer, excel.exe, extras.txt, forum, infected, install.exe, maleware, malware, malwarebytes, meldung, microsoft office word, neu, office 2007, otl.txt, picasa, problem, programm, rechner, scan, screen, search the web, searchplugins, security, security update, shell32.dll, start menu, sweetim, system, tipps, usb 2.0, windows



Ähnliche Themen: gefälschte Windows Scan-Software "Security Protection"


  1. Plötzlich Software "picexa.exe" installiert, "delta-homes.com" als Startseite in sämtlichen Browsern
    Log-Analyse und Auswertung - 10.04.2015 (11)
  2. Beim Treiber Update "wiederspenstige" Software eingefangen. "SpeedUpMyComputer"
    Plagegeister aller Art und deren Bekämpfung - 27.05.2014 (3)
  3. "AppsHat", "DeltaToolbar" und div. andere Software nach Download von mcpatcher
    Plagegeister aller Art und deren Bekämpfung - 02.10.2013 (23)
  4. "System Progressive Protection" / "BDS/ZeroAccess.Gen"
    Log-Analyse und Auswertung - 11.01.2013 (12)
  5. Security Center - Gefälschte Windows Software - 100 € Lizens
    Log-Analyse und Auswertung - 15.03.2012 (1)
  6. "Security Protection" bezahlt ...
    Plagegeister aller Art und deren Bekämpfung - 19.07.2011 (1)
  7. gefälschte Windows Scan-Software "Security Protection"
    Plagegeister aller Art und deren Bekämpfung - 06.07.2011 (14)
  8. w32/Blaster.worm und "Security Protection"
    Plagegeister aller Art und deren Bekämpfung - 19.06.2011 (1)
  9. "Malware Protection" entfernt und nun "Windows Vista Restore" und diverse Festplattenwarnungen
    Plagegeister aller Art und deren Bekämpfung - 17.06.2011 (28)
  10. "System Tool", Scan gestartet hat bei "Scanning Useres StartMenue..." hängen
    Plagegeister aller Art und deren Bekämpfung - 14.01.2011 (1)
  11. "Microsoft Security Essential Alert" blockiert WinXP nach Neustart trotz MalwareBytes-Scan
    Plagegeister aller Art und deren Bekämpfung - 13.09.2010 (2)
  12. "YOUR PROTECTION" und "TDSS" volkommen gelöscht?
    Plagegeister aller Art und deren Bekämpfung - 21.04.2010 (13)
  13. Mc Afee Security Scan zeigt Bedrohung durch Trojaner "Artemis!7A810C195AF5" an
    Plagegeister aller Art und deren Bekämpfung - 11.03.2010 (5)
  14. Antivir-Fund in "C:\Windows\myproc.dll" und "C:\Windows\security\services.exe"
    Plagegeister aller Art und deren Bekämpfung - 22.04.2009 (4)
  15. "error cleaner" "privacy protector" "spyware&malware protection"
    Plagegeister aller Art und deren Bekämpfung - 28.06.2008 (7)
  16. "error cleaner" "privacy protector" "spyware und malware protection"
    Plagegeister aller Art und deren Bekämpfung - 28.06.2008 (2)
  17. "security software"
    Plagegeister aller Art und deren Bekämpfung - 12.04.2006 (5)

Zum Thema gefälschte Windows Scan-Software "Security Protection" - Hallo, ich habe das gleiche Problem in diesem Forum bereits gefunden (am 06.06. gepostet von plastefuchs1) und einige Tipps dazu gelesen. auch hier eine kurzes Problembeschreibung: folgendes Problem stellt sich - gefälschte Windows Scan-Software "Security Protection"...
Archiv
Du betrachtest: gefälschte Windows Scan-Software "Security Protection" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.