Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: a248.e.akamai.net

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 23.10.2011, 13:02   #1
31178
 
a248.e.akamai.net - Standard

a248.e.akamai.net



Komme nicht weiter mit Infos bei Google, wende mich mal hier in dass Forum mit dem Problem. Hatte die Meldung von Firefox erhalten (a248.e.akamai.net) nachdem ich mit dem Tor Browser anonym surfte, irgend etwas mit einem Zertifikat, war alles in Englisch (was ich nicht kann) und eine Sicherheitswarnung. Seitdem verhält sich der PC merkwürdig, in dem unteren Firefox Sichtfenster (wo auch die Systemuhr ist) flackert es in unregelmäßigen Abständen, so als ob irgend was auf das Netz zugreift, nur wenn ich Online bin!

Habe mal ein Hijakthis Logfile (Im Anhang) gemacht, wenn mal jemand bitte drüber schauen könnte wäre ich dankbar. Der Virenscanner ( Avira Security Premium ) ist ohne Befund durchgelaufen! Dank im Voraus!!!

HiJackthis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:04:45, on 23.10.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
O4 - HKLM\..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'Default user')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O8 - Extra context menu item: Free YouTube Download - C:\Users\Mahan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Mahan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira FireWall (AntiVirFirewallService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira Email Schutz (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Echtzeit Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Browser Schutz (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Gadget Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 2010 CBE\Dfsdks.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9004 bytes
         
--- --- ---

Geändert von 31178 (23.10.2011 um 13:05 Uhr) Grund: Nachtrag Anhang***

Alt 23.10.2011, 15:45   #2
markusg
/// Malware-holic
 
a248.e.akamai.net - Standard

a248.e.akamai.net



hi
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
  • Doppelklick auf die
    OTL.exe

    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal
    Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan
    links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

Akamai NetSession Interface | was ist das?
__________________

__________________

Alt 23.10.2011, 17:27   #3
31178
 
a248.e.akamai.net - Standard

a248.e.akamai.net



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 23.10.2011 17:20:32 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Mahan\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,87 Gb Available Physical Memory | 71,67% Memory free
8,00 Gb Paging File | 6,61 Gb Available in Paging File | 82,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,04 Gb Total Space | 101,87 Gb Free Space | 68,35% Space Free | Partition Type: NTFS
Drive D: | 148,65 Gb Total Space | 127,16 Gb Free Space | 85,54% Space Free | Partition Type: NTFS
 
Computer Name: MAHAN-TOSH | User Name: Mahan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Mahan\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirFirewallService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (DfSdkS) -- C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 2010 CBE\Dfsdks.exe (mst software GmbH, Germany)
SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION)
SRV - (ConfigFree Gadget Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avfwot) -- C:\Windows\SysNative\drivers\avfwot.sys (Avira GmbH)
DRV:64bit: - (avfwim) -- C:\Windows\SysNative\drivers\avfwim.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (rtl8192se) -- C:\Windows\SysNative\drivers\rtl8192se.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (RTL2832UUSB) -- C:\Windows\SysNative\drivers\RTL2832UUSB.sys (REALTEK SEMICONDUCTOR Corp.)
DRV:64bit: - (RTL2832UBDA) -- C:\Windows\SysNative\drivers\RTL2832UBDA.sys (REALTEK SEMICONDUCTOR Corp.)
DRV:64bit: - (RTL2832U_IRHID) -- C:\Windows\SysNative\drivers\RTL2832U_IRHID.sys (Realtek)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\drivers\tos_sps64.sys (TOSHIBA Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (LPCFilter) -- C:\Windows\SysNative\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (RTL8187Se) -- C:\Windows\SysNative\drivers\RTL8187Se.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - (avfwot) -- C:\Windows\SysWOW64\drivers\avfwot.sys (Avira GmbH)
DRV - (RTL2832UUSB) -- C:\Windows\SysWOW64\drivers\RTL2832UUSB.sys (REALTEK SEMICONDUCTOR Corp.)
DRV - (RTL2832UBDA) -- C:\Windows\SysWOW64\drivers\RTL2832UBDA.sys (REALTEK SEMICONDUCTOR Corp.)
DRV - (RTL2832U_IRHID) -- C:\Windows\SysWOW64\drivers\RTL2832U_IRHID.sys (Realtek)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/ncr"
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.1
FF - prefs.js..extensions.enabledItems: de_DE@dicts.j3e.de:20101229
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.49
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8118
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 8118
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_10_3_162.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.10.03 14:55:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.05.21 17:55:05 | 000,000,000 | ---D | M]
 
[2010.09.23 15:08:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mahan\AppData\Roaming\mozilla\Extensions
[2010.09.23 15:08:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mahan\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.07.22 12:20:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mahan\AppData\Roaming\mozilla\Firefox\Profiles\1i8s91t5.default\extensions
[2010.04.24 19:06:04 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Mahan\AppData\Roaming\mozilla\Firefox\Profiles\1i8s91t5.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010.04.24 15:04:05 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Mahan\AppData\Roaming\mozilla\Firefox\Profiles\1i8s91t5.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010.07.22 12:20:48 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Mahan\AppData\Roaming\mozilla\Firefox\Profiles\1i8s91t5.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.04.24 19:06:04 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\Mahan\AppData\Roaming\mozilla\Firefox\Profiles\1i8s91t5.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2011.10.16 15:40:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mahan\AppData\Roaming\mozilla\Firefox\Profiles\aunrgbyp.default\extensions
[2011.09.25 11:50:24 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Mahan\AppData\Roaming\mozilla\Firefox\Profiles\aunrgbyp.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011.07.17 14:53:51 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Mahan\AppData\Roaming\mozilla\Firefox\Profiles\aunrgbyp.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.08.06 17:05:40 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Mahan\AppData\Roaming\mozilla\Firefox\Profiles\aunrgbyp.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.10.16 15:40:04 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Mahan\AppData\Roaming\mozilla\Firefox\Profiles\aunrgbyp.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.10.13 16:17:13 | 000,000,000 | ---D | M] (Wörterbuch Deutsch (de-DE), Hunspell-unterstützt) -- C:\Users\Mahan\AppData\Roaming\mozilla\Firefox\Profiles\aunrgbyp.default\extensions\de_DE@dicts.j3e.de
[2011.10.23 12:41:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011.10.14 16:22:22 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.04.24 19:06:05 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.06.14 10:30:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.07.30 21:56:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.08 07:13:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.03 11:06:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.24 19:20:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\MAHAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AUNRGBYP.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\MAHAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AUNRGBYP.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
[2011.10.03 14:55:07 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.03 14:55:04 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.03 14:55:04 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.10.03 14:55:04 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.03 14:55:04 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.03 14:55:04 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.03 14:55:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.07.30 22:10:46 | 000,415,667 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	123fporn.info
O1 - Hosts: 14346 more lines...
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Programme\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Programme\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Mahan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Mahan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Mahan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Mahan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B2F5BE6-E297-41AD-BF10-4D6B1DB6A9E7}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9FECB6D0-4E6C-470A-BA28-E42DCF530AC9}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.10.23 17:15:52 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Mahan\Desktop\OTL.exe
[2011.10.23 12:36:31 | 000,000,000 | ---D | C] -- C:\Users\Mahan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011.10.13 17:19:06 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.10.13 17:19:06 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.10.13 17:19:04 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011.10.13 17:19:04 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011.10.13 17:19:03 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011.10.13 17:19:02 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011.10.13 17:19:02 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011.10.13 17:19:02 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011.10.13 17:19:02 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011.10.13 15:42:50 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2011.10.13 15:42:50 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2011.10.13 15:42:50 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2011.10.13 15:42:50 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2011.10.13 15:42:31 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2011.10.13 15:42:30 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011.10.12 18:06:38 | 000,000,000 | ---D | C] -- C:\Users\Mahan\AppData\Roaming\Avira
[2011.10.12 18:06:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.10.12 18:05:59 | 000,139,512 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwot.sys
[2011.10.12 18:05:59 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.10.12 18:05:59 | 000,113,768 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwim.sys
[2011.10.12 18:05:59 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.10.12 18:05:59 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2011.10.12 18:05:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011.10.08 15:13:15 | 000,000,000 | ---D | C] -- C:\Users\Mahan\Desktop\Bilderpasswort
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.10.23 17:18:14 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.10.23 17:18:14 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.10.23 17:15:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Mahan\Desktop\OTL.exe
[2011.10.23 17:11:06 | 000,364,456 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.10.23 17:10:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.10.23 17:10:00 | 3219,935,232 | -HS- | M] () -- C:\hiberfil.sys
[2011.10.23 12:36:31 | 000,003,007 | ---- | M] () -- C:\Users\Mahan\Desktop\HiJackThis.lnk
[2011.10.13 17:20:48 | 001,519,874 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.10.13 17:20:48 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.10.13 17:20:48 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.10.13 17:20:48 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.10.13 17:20:48 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.10.12 18:06:31 | 000,001,967 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.10.08 16:33:39 | 000,046,906 | ---- | M] () -- C:\Users\Mahan\Documents\bookmarks.html
[2011.10.07 10:49:55 | 000,000,986 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.09.27 17:19:17 | 000,000,721 | ---- | M] () -- C:\Users\Mahan\Documents\Dokument Arbeit.rtf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.10.23 17:10:06 | 000,364,456 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.10.23 12:36:31 | 000,003,007 | ---- | C] () -- C:\Users\Mahan\Desktop\HiJackThis.lnk
[2011.10.12 18:06:31 | 000,001,967 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.10.08 16:33:39 | 000,046,906 | ---- | C] () -- C:\Users\Mahan\Documents\bookmarks.html
[2011.09.27 17:19:17 | 000,000,721 | ---- | C] () -- C:\Users\Mahan\Documents\Dokument Arbeit.rtf
[2011.04.20 10:12:51 | 000,000,032 | ---- | C] () -- C:\Windows\SysWow64\thxcfg.ini
[2011.03.14 12:50:42 | 000,073,832 | ---- | C] () -- C:\Windows\SysWow64\SuperFrameSplitter.dll
[2011.03.14 12:50:42 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\RTKDABMWare.dll
[2011.02.04 11:47:49 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.07.01 11:42:43 | 000,059,392 | R--- | C] () -- C:\Windows\SysWow64\streamhlp.dll
[2010.06.06 17:52:26 | 000,015,360 | ---- | C] () -- C:\Users\Mahan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.07 19:00:35 | 000,000,189 | ---- | C] () -- C:\Windows\wininit.ini
[2010.05.07 14:39:10 | 000,000,296 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010.04.26 12:40:22 | 000,000,000 | ---- | C] () -- C:\Users\Mahan\AppData\Roaming\wklnhst.dat
[2010.04.24 15:25:59 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.09.11 09:37:31 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009.04.28 04:37:00 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\SPCtl.dll
[2002.08.29 02:21:38 | 002,348,544 | ---- | C] () -- C:\Windows\SysWow64\bin2exe16.exe
[2002.07.18 02:21:38 | 000,382,976 | ---- | C] () -- C:\Windows\SysWow64\vspoolsv16.exe
[2002.04.21 02:21:38 | 000,616,960 | ---- | C] () -- C:\Windows\SysWow64\mshearts16.exe
 
========== LOP Check ==========
 
[2010.05.17 16:56:41 | 000,000,000 | ---D | M] -- C:\Users\Mahan\AppData\Roaming\apm
[2010.08.13 17:25:18 | 000,000,000 | ---D | M] -- C:\Users\Mahan\AppData\Roaming\ASCOMP Software
[2010.04.26 08:06:46 | 000,000,000 | ---D | M] -- C:\Users\Mahan\AppData\Roaming\BitDefender
[2011.05.13 16:34:03 | 000,000,000 | ---D | M] -- C:\Users\Mahan\AppData\Roaming\CoreFTP
[2011.08.06 17:25:50 | 000,000,000 | ---D | M] -- C:\Users\Mahan\AppData\Roaming\DVDVideoSoft
[2011.08.06 17:25:46 | 000,000,000 | ---D | M] -- C:\Users\Mahan\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.05.02 18:26:24 | 000,000,000 | ---D | M] -- C:\Users\Mahan\AppData\Roaming\eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2011.05.17 17:40:40 | 000,000,000 | ---D | M] -- C:\Users\Mahan\AppData\Roaming\EurekaLog
[2011.08.10 16:00:54 | 000,000,000 | ---D | M] -- C:\Users\Mahan\AppData\Roaming\f-secure
[2010.05.07 18:50:11 | 000,000,000 | ---D | M] -- C:\Users\Mahan\AppData\Roaming\FileZilla
[2011.05.21 17:52:38 | 000,000,000 | ---D | M] -- C:\Users\Mahan\AppData\Roaming\Foxit Software
[2010.05.02 18:21:20 | 000,000,000 | ---D | M] -- C:\Users\Mahan\AppData\Roaming\gnupg
[2011.05.13 15:10:56 | 000,000,000 | ---D | M] -- C:\Users\Mahan\AppData\Roaming\gtk-2.0
[2011.05.13 15:10:56 | 000,000,000 | ---D | M] -- C:\Users\Mahan\AppData\Roaming\IrfanView
[2011.05.11 17:55:18 | 000,000,000 | ---D | M] -- C:\Users\Mahan\AppData\Roaming\LibreOffice
[2010.04.25 16:59:43 | 000,000,000 | ---D | M] -- C:\Users\Mahan\AppData\Roaming\OpenOffice.org
[2011.06.11 20:28:05 | 000,000,000 | ---D | M] -- C:\Users\Mahan\AppData\Roaming\QFX Software
[2010.09.12 16:22:27 | 000,000,000 | ---D | M] -- C:\Users\Mahan\AppData\Roaming\Software Informer
[2010.04.26 12:40:23 | 000,000,000 | ---D | M] -- C:\Users\Mahan\AppData\Roaming\Template
[2010.09.23 15:08:55 | 000,000,000 | ---D | M] -- C:\Users\Mahan\AppData\Roaming\Thunderbird
[2011.04.22 22:37:20 | 000,000,000 | ---D | M] -- C:\Users\Mahan\AppData\Roaming\Toshiba
[2010.07.01 11:47:47 | 000,000,000 | ---D | M] -- C:\Users\Mahan\AppData\Roaming\TrojanHunter
[2011.05.11 18:55:43 | 000,000,000 | ---D | M] -- C:\Users\Mahan\AppData\Roaming\TrueCrypt
[2010.05.18 15:50:44 | 000,000,000 | ---D | M] -- C:\Users\Mahan\AppData\Roaming\TuneUp Software
[2011.08.26 09:05:14 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:CB0AACC9
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:BA437959
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:C61DDE12
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
         
--- --- ---










''''''''''''''''''''''''''''''''''''''''''''
''''''''''''''''''''''''''''''''''''''''''''
''''''''''''''''''''''''''''''''''''''''''''
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 23.10.2011 17:20:32 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Mahan\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,87 Gb Available Physical Memory | 71,67% Memory free
8,00 Gb Paging File | 6,61 Gb Available in Paging File | 82,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,04 Gb Total Space | 101,87 Gb Free Space | 68,35% Space Free | Partition Type: NTFS
Drive D: | 148,65 Gb Total Space | 127,16 Gb Free Space | 85,54% Space Free | Partition Type: NTFS
 
Computer Name: MAHAN-TOSH | User Name: Mahan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}" = TOSHIBA Bulletin Board
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{7782916E-3D46-4F1F-AC4B-3FB9D17049F4}" = Microsoft Antimalware Service DE-DE Language Pack
"{81F3BC27-141B-635F-5D6B-5DE08D3B5884}" = ccc-utility64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A0880F03-8480-482E-1606-BC91669B0882}" = ATI Catalyst Install Manager
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C2DDF845-7107-40E8-8D2A-8719F1799570}" = TOSHIBA ReelTime
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Adobe Flash Player Plugin 64" = Adobe Flash Player 10 Plugin 64-bit
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0823A2E3-69DD-A37A-7CD9-1CBEB037545C}" = Toshiba Photo Service - powered by myphotobook
"{0DB8F853-899A-8628-E0D7-29FB190CF848}" = Catalyst Control Center Graphics Full Existing
"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{117BCF94-6A1E-6741-39F5-09444381445E}" = CCC Help Italian
"{1211D6B0-B7B5-CB9A-99A2-066473FC35CA}" = CCC Help Swedish
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{14956199-1890-C3D4-F8B8-3C0C6FD82993}" = ccc-core-static
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist
"{1D210042-41EE-4472-2219-6A900366B9A3}" = CCC Help French
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26D8DF7E-DBF8-43A6-8D42-F37497CE603D}" = Skype(TM) Launcher
"{2ABB6396-785C-E2CB-579E-79BAF98E0527}" = Catalyst Control Center Graphics Previews Vista
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3A5E209D-6C21-488B-B7C0-9BBBAD55ECFE}" = Druckstudio Einladungen Glueckwuensche
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E1B8E31-9692-207B-77B7-A8339AF03795}" = Catalyst Control Center Graphics Full New
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{58630658-9DF7-E873-9F5D-0EAF87D25DAA}" = CCC Help Norwegian
"{594A3C2C-19B3-E02E-359C-B8D134F6B939}" = CCC Help Korean
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6055830B-40E4-C794-3F04-2D0CD8AF1AAC}" = CCC Help Russian
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6E932CA6-FD17-7694-FD7C-14CE25770EA5}" = Catalyst Control Center Graphics Previews Common
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{739A6E9D-5D7D-8A5D-EC8A-4BD11E5749AA}" = CCC Help Hungarian
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C72927B-7410-131A-E641-B9C505F4973C}" = CCC Help Japanese
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{911AB6CA-E04C-1E98-523D-8FCFAB4F456C}" = CCC Help Czech
"{9216C6A7-694A-4437-BD00-BD1CF58E1839}" = CCC Help Spanish
"{92DE68CE-BC3E-7323-EA53-99490C8BD34D}" = Catalyst Control Center Graphics Light
"{9668AE11-E05C-8169-F6D8-FBF7B507D7DB}" = CCC Help German
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{979587FD-F264-3C71-B0BE-6FC8DA993790}" = CCC Help Thai
"{999307CD-D57D-8C98-27ED-07F384ACFAA1}" = CCC Help Turkish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{A7594D38-0B7E-BCF7-A938-1AC03A6477FB}" = CCC Help English
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC7BE07B-14D3-6EB5-814A-EB0A63CBFB47}" = CCC Help Polish
"{B1CDB3C6-8DD8-4864-8589-BDFBDA033941}" = CCC Help Chinese Traditional
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BDABF8CD-7436-EC6C-DD82-439225E22557}" = CCC Help Finnish
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C5A15C68-0DF3-8A13-352E-E605491D7E3D}" = Catalyst Control Center InstallProxy
"{CEE2613D-3B53-4447-BA2D-E88C08272581}" = LibreOffice 3.3
"{CFAE78A9-A7A4-537E-7CC0-5A794FFBF73F}" = Catalyst Control Center Core Implementation
"{D19A1978-2FB2-B39A-5D30-C1EA38F788DD}" = CCC Help Danish
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D8634D93-03DD-01F1-AC7D-EE468AA24F45}" = CCC Help Dutch
"{DBB7021A-3437-446F-ACE5-7261644A972C}" = Toshiba TEMPRO
"{DDBB7C89-1A09-441E-AA0F-6AA465755C17}" = REALTEK DTV USB DEVICE
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E151E679-4EC8-36F9-A691-C7600688A1CA}" = CCC Help Chinese Standard
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3D63B95-4B21-414A-A2C7-D6D6A6AC6D79}" = Catalyst Control Center - Branding
"{E83BA61A-5D77-4DD5-9C92-A3447F11E27D}" = eBay
"{EBC6193C-ED23-E332-9A9C-D5CB83CDDE2B}" = Catalyst Control Center Localization All
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F544CA20-6810-E275-D288-F0D92CFADE4A}" = CCC Help Greek
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FEED29DD-7BF3-582C-3353-1F2634C2323D}" = CCC Help Portuguese
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ashampoo WinOptimizer 2010 CBE_is1" = Ashampoo WinOptimizer 2010 CBE
"Avira AntiVir Desktop" = Avira Internet Security 2012
"eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = Toshiba Photo Service - powered by myphotobook
"Foxit Reader" = Foxit Reader
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.6.727
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}" = TOSHIBA Bulletin Board
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{C2DDF845-7107-40E8-8D2A-8719F1799570}" = TOSHIBA ReelTime
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"IrfanView" = IrfanView (remove only)
"Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de)
"TrueCrypt" = TrueCrypt
"WinGimp-2.0_is1" = GIMP 2.6.11
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 10.10.2011 05:39:43 | Computer Name = Mahan-TOSH | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: vidalia.exe, Version: 0.2.14.0, Zeitstempel:
 0x4e6f7067  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften Prozesses:
 0xf58  Startzeit der fehlerhaften Anwendung: 0x01cc872ef24b535a  Pfad der fehlerhaften
 Anwendung: C:\Users\Mahan\Downloads\Tor Browser\App\vidalia.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: c7bd552e-f323-11e0-8c7d-705ab67a8744
 
Error - 10.10.2011 06:16:33 | Computer Name = Mahan-TOSH | Source = ESENT | ID = 455
Description = Windows (2480) Windows: Fehler -1811 beim Öffnen von Protokolldatei
 C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0004F.log.
 
Error - 10.10.2011 06:16:33 | Computer Name = Mahan-TOSH | Source = Windows Search Service | ID = 9000
Description = 
 
Error - 10.10.2011 06:16:33 | Computer Name = Mahan-TOSH | Source = Windows Search Service | ID = 7040
Description = 
 
Error - 10.10.2011 06:16:33 | Computer Name = Mahan-TOSH | Source = Windows Search Service | ID = 7042
Description = 
 
Error - 10.10.2011 06:16:33 | Computer Name = Mahan-TOSH | Source = Windows Search Service | ID = 9002
Description = 
 
Error - 10.10.2011 06:16:33 | Computer Name = Mahan-TOSH | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 10.10.2011 06:16:34 | Computer Name = Mahan-TOSH | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 10.10.2011 06:16:34 | Computer Name = Mahan-TOSH | Source = Windows Search Service | ID = 3028
Description = 
 
Error - 10.10.2011 06:16:34 | Computer Name = Mahan-TOSH | Source = Windows Search Service | ID = 3058
Description = 
 
[ Media Center Events ]
Error - 07.07.2011 09:33:29 | Computer Name = Mahan-TOSH | Source = MCUpdate | ID = 0
Description = 15:33:29 - Fehler beim Herstellen der Internetverbindung.  15:33:29 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 07.07.2011 09:33:49 | Computer Name = Mahan-TOSH | Source = MCUpdate | ID = 0
Description = 15:33:34 - Fehler beim Herstellen der Internetverbindung.  15:33:34 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 07.07.2011 10:33:56 | Computer Name = Mahan-TOSH | Source = MCUpdate | ID = 0
Description = 16:33:56 - Fehler beim Herstellen der Internetverbindung.  16:33:56 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 07.07.2011 10:34:08 | Computer Name = Mahan-TOSH | Source = MCUpdate | ID = 0
Description = 16:34:01 - Fehler beim Herstellen der Internetverbindung.  16:34:01 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 21.08.2011 08:25:51 | Computer Name = Mahan-TOSH | Source = MCUpdate | ID = 0
Description = 14:25:50 - Fehler beim Herstellen der Internetverbindung.  14:25:51 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 21.08.2011 08:26:19 | Computer Name = Mahan-TOSH | Source = MCUpdate | ID = 0
Description = 14:25:56 - Fehler beim Herstellen der Internetverbindung.  14:25:56 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 27.08.2011 07:17:52 | Computer Name = Mahan-TOSH | Source = MCUpdate | ID = 0
Description = 13:17:52 - Fehler beim Herstellen der Internetverbindung.  13:17:52 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 27.08.2011 07:19:17 | Computer Name = Mahan-TOSH | Source = MCUpdate | ID = 0
Description = 13:17:58 - Fehler beim Herstellen der Internetverbindung.  13:17:58 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 29.08.2011 07:18:38 | Computer Name = Mahan-TOSH | Source = MCUpdate | ID = 0
Description = 13:18:38 - Fehler beim Herstellen der Internetverbindung.  13:18:38 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 29.08.2011 07:18:55 | Computer Name = Mahan-TOSH | Source = MCUpdate | ID = 0
Description = 13:18:43 - Fehler beim Herstellen der Internetverbindung.  13:18:43 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 22.10.2011 15:41:22 | Computer Name = Mahan-TOSH | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 22.10.2011 15:41:22 | Computer Name = Mahan-TOSH | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 23.10.2011 05:16:30 | Computer Name = Mahan-TOSH | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 23.10.2011 05:16:30 | Computer Name = Mahan-TOSH | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 23.10.2011 06:23:31 | Computer Name = Mahan-TOSH | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 23.10.2011 06:23:31 | Computer Name = Mahan-TOSH | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 23.10.2011 07:39:31 | Computer Name = Mahan-TOSH | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 23.10.2011 07:39:31 | Computer Name = Mahan-TOSH | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 23.10.2011 11:10:24 | Computer Name = Mahan-TOSH | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 23.10.2011 11:10:24 | Computer Name = Mahan-TOSH | Source = atikmdag | ID = 43029
Description = Display is not active
 
 
< End of report >
         
--- --- ---
__________________

Alt 23.10.2011, 17:42   #4
markusg
/// Malware-holic
 
a248.e.akamai.net - Standard

a248.e.akamai.net



combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
  • Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
    Tool

    Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Hinweis:
    Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
  • Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 23.10.2011, 18:13   #5
31178
 
a248.e.akamai.net - Standard

a248.e.akamai.net



Ich kann Combofix.txt hier nicht einfügen und auch als Anhang nicht hoch laden, zu groß - 1,17 MB ?????


Alt 23.10.2011, 18:14   #6
markusg
/// Malware-holic
 
a248.e.akamai.net - Standard

a248.e.akamai.net



mit winrar packen und archiv anhängen.
__________________
--> a248.e.akamai.net

Alt 23.10.2011, 18:25   #7
31178
 
a248.e.akamai.net - Standard

a248.e.akamai.net



Ok, hier...
Angehängte Dateien
Dateityp: zip combofix.zip (52,0 KB, 135x aufgerufen)

Alt 23.10.2011, 18:31   #8
markusg
/// Malware-holic
 
a248.e.akamai.net - Standard

a248.e.akamai.net



muss da noch mal nachfragen:
"verhält sich der PC merkwürdig, in dem unteren Firefox Sichtfenster (wo auch die Systemuhr ist) flackert es in unregelmäßigen Abständen, so als ob irgend
was auf das Netz zugreift, nur wenn ich Online bin! "
du meinst also firefox läd dann immer noch was oder wie?
sind ansonsten probleme mit dem ff oder anderen browsern?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 23.10.2011, 18:34   #9
31178
 
a248.e.akamai.net - Standard

a248.e.akamai.net



Ja es flackert auf, so als ob ein Programm sich öffnet, oder der Avira Scanner etwas Check. Der Firefox verhält sich normal, keine Probleme damit, auch nicht mit dem IE9 den ich nur selten nutze.

Alt 23.10.2011, 18:36   #10
markusg
/// Malware-holic
 
a248.e.akamai.net - Standard

a248.e.akamai.net



kannst du mal den avira surf schutz deaktivieren und dann probieren.
müsst über rechtsklick auf den regenschirm gehen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 23.10.2011, 18:41   #11
31178
 
a248.e.akamai.net - Standard

a248.e.akamai.net



nichts mehr im Moment???

Alt 23.10.2011, 18:53   #12
markusg
/// Malware-holic
 
a248.e.akamai.net - Standard

a248.e.akamai.net



ist avira surf schutz aus oder hat sich das problem allgemein gelöst?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 23.10.2011, 18:57   #13
31178
 
a248.e.akamai.net - Standard

a248.e.akamai.net



er war aus, muss ich mir sorgen machen?

Alt 23.10.2011, 19:23   #14
markusg
/// Malware-holic
 
a248.e.akamai.net - Standard

a248.e.akamai.net



nein, schalt ihn jetzt wieder ein und gucke ob das problem erneut auftritt
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 23.10.2011, 19:25   #15
31178
 
a248.e.akamai.net - Standard

a248.e.akamai.net



ja, ich glaub es ist das live Update??? Sagt der/die Logfile etwas aus?

Antwort

Themen zu a248.e.akamai.net
anhang, anonym, avira, befund, browser, englisch, erhalte, erhalten, fenster, firefox, flackert, forum, google, hkus\s-1-5-18, infos, logfile, meldung, merkwürdig, ohne befund, online, scan, scanner, security, tor browser, unregelmäßige, virenscan, virenscanner, zertifikat



Ähnliche Themen: a248.e.akamai.net


  1. Reinigung + komisches Akamai
    Log-Analyse und Auswertung - 07.08.2015 (11)
  2. Akamai schickt Sicherheitsexperten in die Cloud
    Nachrichten - 16.04.2015 (0)
  3. Akamai warnt vor Linux-Server-Botnet
    Nachrichten - 04.09.2014 (0)
  4. SSL-Verbindungsfehler, Chrome: Neuer Link, Akamai
    Plagegeister aller Art und deren Bekämpfung - 19.05.2014 (7)
  5. Skype Zertifikat Problem a248.e.akamai.net wegen Werbung in Skype?
    Plagegeister aller Art und deren Bekämpfung - 05.03.2014 (3)
  6. DDoS-Abwehr: Akamai kauft Prolexic
    Nachrichten - 02.12.2013 (0)
  7. http://dlm.tools.akamai.com im log
    Log-Analyse und Auswertung - 26.03.2013 (3)
  8. jeder Doppelklick auf irgend eine exe versucht eine Verbindung zu Akamai aufzubauen
    Plagegeister aller Art und deren Bekämpfung - 18.11.2011 (1)
  9. a.248.e.akamai.net
    Plagegeister aller Art und deren Bekämpfung - 23.09.2011 (1)
  10. http://a389.cp.akamai.net/ popt immer auf.
    Plagegeister aller Art und deren Bekämpfung - 18.07.2011 (16)
  11. Akamai - Gefährlich oder nicht ?
    Log-Analyse und Auswertung - 20.06.2011 (1)
  12. Akamai ein Virus ?
    Plagegeister aller Art und deren Bekämpfung - 27.02.2010 (2)
  13. Hält der McAfee Siteadvisor Kontakt zu Akamai? (Spyware?)
    Plagegeister aller Art und deren Bekämpfung - 07.06.2008 (13)
  14. a248.e.akamai.net mit firefox gefährlich?
    Log-Analyse und Auswertung - 10.05.2007 (4)

Zum Thema a248.e.akamai.net - Komme nicht weiter mit Infos bei Google, wende mich mal hier in dass Forum mit dem Problem. Hatte die Meldung von Firefox erhalten (a248.e.akamai.net) nachdem ich mit dem Tor Browser - a248.e.akamai.net...
Archiv
Du betrachtest: a248.e.akamai.net auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.