Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: IE öffnet selbstständig bei laufenden Firefox

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 19.06.2010, 15:34   #1
Flieger
 
IE öffnet selbstständig bei laufenden Firefox - Standard

IE öffnet selbstständig bei laufenden Firefox



Hi, bin ganz neu hier und habe das wohl schon bekannte Problem, dass sich der IE plötzlich öffnet. Avira meldet "sshnas21.dll" - finde ich aber nicht. Löschen oder in Quarantäne schieben bringt auch nichts. Es wäre toll, wenn ich eine für Anfänger gut verständliche Lösung bekäme.
Hier mein logfile:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:19:04, on 19.06.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\Flieger\AppData\Local\Temp\Sxq.exe
C:\Users\Flieger\AppData\Local\Temp\Sxr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SparVoip\sparvoip.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\WerCon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Registry Mechanic\RMTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Flieger\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Remote Access Enhancer - {1D74E9DD-8987-448b-B2CB-67FFF2B8A932} - C:\Program Files\Remote Access Enhancer\4.5.0.6190\RAEIEAddOn.dll (file missing)
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: Web Access Controller - {42C7C39F-3128-4a17-BDB7-91C46032B5B9} - C:\Program Files\Web Access Controller\4.5.0.2570\WACIEAddOn.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Smart Content Wizard - {B72681C0-A222-4b21-A0E2-53A5A5CA3D41} - C:\Program Files\Smart Content Wizard\1.5.0.3700\SCWIE.dll (file missing)
O2 - BHO: Web Match Enhancer - {CAC89FF9-34A9-4431-8CFE-292A47F843BC} - C:\Program Files\Web Match Enhancer\1.5.0.3710\WMEIE.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Internet Search Helper - {EB4A577D-BCAD-4b1c-8AF2-9A74B8DD3431} - C:\Program Files\Internet Search Helper\4.5.0.2690\ISHIEAddOn.dll (file missing)
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Foxit Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD
O4 - HKLM\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe" /command:faststart
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Communication Today Task] "C:\Program Files\Communication Today\1.5.0.2200\InternetToday.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SparVoip] "C:\Program Files\SparVoip\sparvoip.exe" -nosplash -minimized
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Halo2] rundll32.exe C:\Users\Flieger\AppData\Local\Temp\sshnas21.dll,GetMainWnd
O4 - HKCU\..\Run: [M5T8QL3YW3] C:\Users\Flieger\AppData\Local\Temp\Sxr.exe
O4 - HKCU\..\Run: [fccyaasys] rundll32.exe "c:\users\flieger\appdata\local\temp\jkjghe.dll",DllRegisterServer
O4 - HKCU\..\Run: [opollmdrv] rundll32.exe "c:\users\flieger\appdata\local\temp\mlklkk.dll",s
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe /H
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing)
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing) (HKCU)
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{4F1DE4D0-DB2E-4BB7-AEBE-9BA81C9B114A}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Update Service (gupdate1ca7c8bd23c0a25) (gupdate1ca7c8bd23c0a25) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - PC Tools - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 13961 bytes

Alt 19.06.2010, 16:43   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
IE öffnet selbstständig bei laufenden Firefox - Standard

IE öffnet selbstständig bei laufenden Firefox



Hallo und

bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 20.06.2010, 09:39   #3
Flieger
 
IE öffnet selbstständig bei laufenden Firefox - Standard

IE öffnet selbstständig bei laufenden Firefox



Habe Malwarebytes heruntergeladen, aber nach dem Starten tut sich gar nichts. Habe daraufhin, wie aufgefordert, mit OTL folgende logfiles bekommen:


OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 19.06.2010 18:27:34 - Run 1
OTL by OldTimer - Version 3.2.6.0     Folder = C:\Users\Flieger\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 70,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 576,16 Gb Total Space | 418,88 Gb Free Space | 72,70% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 2,75 Gb Free Space | 13,73% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: FLIEGER-PC
Current User Name: Flieger
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Flieger\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Flieger\Downloads\HiJackThis.exe (Trend Micro Inc.)
PRC - C:\Users\Flieger\AppData\Local\Temp\Sxr.exe ()
PRC - C:\Users\Flieger\AppData\Local\Temp\Sxq.exe ()
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Program Files\Registry Mechanic\RMTray.exe (PC Tools  )
PRC - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
PRC - C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
PRC - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
PRC - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
PRC - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\SparVoip\sparvoip.exe (SparVoip)
PRC - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
PRC - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\System32\wercon.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\ieuser.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\AutoHotkey\AutoHotkey.exe ()
PRC - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe (Google)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
PRC - C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe (ScanSoft, Inc.)
PRC - C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe (SlySoft, Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Flieger\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Spyware Doctor\smum32.dll (PC Tools)
MOD - C:\Program Files\Spyware Doctor\PCTGMhk.dll (PC Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (PCToolsSSDMonitorSvc) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (Browser Defender Update Service) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (GoogleDesktopManager) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe (Google)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (PCTCore) -- C:\Windows\system32\drivers\PCTCore.sys (PC Tools)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (NuidFltr) -- C:\Windows\System32\drivers\nuidfltr.sys (Microsoft Corporation)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (MSDV) -- C:\Windows\System32\drivers\msdv.sys (Microsoft Corporation)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (61883) -- C:\Windows\System32\drivers\61883.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (Avc) -- C:\Windows\System32\drivers\avc.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (ElbyDelay) -- C:\Windows\System32\drivers\ElbyDelay.sys (Elaborate Bytes AG)
DRV - (PID_0928) Logitech QuickCam Express(PID_0928) -- C:\Windows\System32\drivers\LV561AV.SYS (Logitech Inc.)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (Gigusb) -- C:\Windows\System32\drivers\Gigusb.sys (Siemens AG)
DRV - (siellif) -- C:\Windows\System32\drivers\siellif.sys (Siemens AG)
DRV - (IUAPIWDM) ISDN USB Interface (Ver. 1.10.0021) -- C:\Windows\System32\drivers\IUAPIWDM.sys (SIEMENS AG)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
IE - HKCU\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "free-downloads.net Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.1
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:4.0.0
FF - prefs.js..extensions.enabledItems: fb_add_on@avm.de:1.5.5
FF - prefs.js..extensions.enabledItems: {2A1D5949-B519-4924-BF62-8522FE0D5274}:0.13
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: {56dadc58-4c5e-4815-8553-d6a737f02fc9}:0.3.026
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {E63605FC-D583-4C81-867F-9457BDB3EA1B}:4.5.0.2690
FF - prefs.js..extensions.enabledItems: {8141440E-08F0-4339-9959-5C31C6A69F23}:4.5.0.6190
FF - prefs.js..extensions.enabledItems: {E889F097-B0BE-471B-89AD-B86B6F04B506}:4.5.0.2570
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FXTV5&o=101699&locale=en_US&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.08.20 08:39:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{E63605FC-D583-4C81-867F-9457BDB3EA1B}: C:\Program Files\Internet Search Helper\4.5.0.2690\FF [2010.04.20 20:29:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{8141440E-08F0-4339-9959-5C31C6A69F23}: C:\Program Files\Remote Access Enhancer\4.5.0.6190\FF [2010.04.20 20:27:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{E889F097-B0BE-471B-89AD-B86B6F04B506}: C:\Program Files\Web Access Controller\4.5.0.2570\FF [2010.04.20 20:30:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{AA1ACB70-B5F1-4037-909E-1F725B04D2A8}: C:\Program Files\Smart Content Wizard\1.5.0.3700\FF
FF - HKLM\software\mozilla\Firefox\Extensions\\{5909FC3D-7F8B-415d-A5D1-7C7E941E536E}: C:\Program Files\Web Match Enhancer\1.5.0.3710\FF
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.06.11 14:25:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.06.12 09:49:03 | 000,000,000 | ---D | M]
 
[2008.11.01 17:47:31 | 000,000,000 | ---D | M] -- C:\Users\Flieger\AppData\Roaming\mozilla\Extensions
[2010.06.14 08:43:32 | 000,000,000 | ---D | M] -- C:\Users\Flieger\AppData\Roaming\mozilla\Firefox\Profiles\xpugimxs.default\extensions
[2009.07.12 11:04:36 | 000,000,000 | ---D | M] (PDFescape Extension) -- C:\Users\Flieger\AppData\Roaming\mozilla\Firefox\Profiles\xpugimxs.default\extensions\{2A1D5949-B519-4924-BF62-8522FE0D5274}
[2009.10.16 15:30:39 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Flieger\AppData\Roaming\mozilla\Firefox\Profiles\xpugimxs.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010.02.01 16:52:04 | 000,000,000 | ---D | M] (kitadic) -- C:\Users\Flieger\AppData\Roaming\mozilla\Firefox\Profiles\xpugimxs.default\extensions\{56dadc58-4c5e-4815-8553-d6a737f02fc9}
[2010.01.29 10:11:28 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Users\Flieger\AppData\Roaming\mozilla\Firefox\Profiles\xpugimxs.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2010.02.01 18:33:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Flieger\AppData\Roaming\mozilla\Firefox\Profiles\xpugimxs.default\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}
[2010.01.09 17:53:27 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Flieger\AppData\Roaming\mozilla\Firefox\Profiles\xpugimxs.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.04.15 09:20:02 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Flieger\AppData\Roaming\mozilla\Firefox\Profiles\xpugimxs.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010.01.29 10:12:03 | 000,000,000 | ---D | M] (free-downloads.net Toolbar) -- C:\Users\Flieger\AppData\Roaming\mozilla\Firefox\Profiles\xpugimxs.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}
[2010.02.21 15:57:50 | 000,000,000 | ---D | M] -- C:\Users\Flieger\AppData\Roaming\mozilla\Firefox\Profiles\xpugimxs.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2009.10.04 15:50:52 | 000,000,000 | ---D | M] -- C:\Users\Flieger\AppData\Roaming\mozilla\Firefox\Profiles\xpugimxs.default\extensions\en-US@dictionaries.addons.mozilla.org
[2010.01.20 09:39:07 | 000,000,000 | ---D | M] -- C:\Users\Flieger\AppData\Roaming\mozilla\Firefox\Profiles\xpugimxs.default\extensions\fb_add_on@avm.de
[2010.01.20 09:39:07 | 000,000,000 | ---D | M] -- C:\Users\Flieger\AppData\Roaming\mozilla\Firefox\Profiles\xpugimxs.default\extensions\firefox@mailcatch.com
[2010.06.12 14:28:41 | 000,000,000 | ---D | M] -- C:\Users\Flieger\AppData\Roaming\mozilla\Firefox\Profiles\xpugimxs.default\extensions\toolbar@ask.com
[2010.06.12 14:28:43 | 000,002,427 | ---- | M] () -- C:\Users\Flieger\AppData\Roaming\Mozilla\FireFox\Profiles\xpugimxs.default\searchplugins\askcom.xml
[2008.10.28 14:24:00 | 000,000,898 | ---- | M] () -- C:\Users\Flieger\AppData\Roaming\Mozilla\FireFox\Profiles\xpugimxs.default\searchplugins\conduit.xml
[2010.04.15 19:16:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.04.14 19:06:01 | 000,000,000 | ---D | M] (BrowserZinc) -- C:\Program Files\Mozilla Firefox\extensions\{52ED9673-0722-4A1D-B859-959FD56143DC}
[2010.04.15 19:16:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.06.12 09:48:29 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010.06.11 14:25:17 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.06.11 14:25:17 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.06.11 14:25:17 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.06.11 14:25:17 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.06.11 14:25:17 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Remote Access Enhancer) - {1D74E9DD-8987-448b-B2CB-67FFF2B8A932} - C:\Program Files\Remote Access Enhancer\4.5.0.6190\RAEIEAddOn.dll File not found
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Web Access Controller) - {42C7C39F-3128-4a17-BDB7-91C46032B5B9} - C:\Program Files\Web Access Controller\4.5.0.2570\WACIEAddOn.dll File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Smart Content Wizard) - {B72681C0-A222-4b21-A0E2-53A5A5CA3D41} - C:\Program Files\Smart Content Wizard\1.5.0.3700\SCWIE.dll File not found
O2 - BHO: (Web Match Enhancer) - {CAC89FF9-34A9-4431-8CFE-292A47F843BC} - C:\Program Files\Web Match Enhancer\1.5.0.3710\WMEIE.dll File not found
O2 - BHO: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O2 - BHO: (Internet Search Helper) - {EB4A577D-BCAD-4b1c-8AF2-9A74B8DD3431} - C:\Program Files\Internet Search Helper\4.5.0.2690\ISHIEAddOn.dll File not found
O2 - BHO: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKLM\..\Toolbar: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (free-downloads.net Toolbar) - {ECDEE021-0D17-467F-A1FF-C7A115230949} - C:\Program Files\free-downloads.net\tbfre1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Communication Today Task] C:\Program Files\Communication Today\1.5.0.2200\InternetToday.exe File not found
O4 - HKLM..\Run: [ElbyCheckAnyDVD] C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [NokiaMusic FastStart] C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe (Nokia)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [fccyaasys] c:\users\flieger\appdata\local\temp\jkjghe.DLL ()
O4 - HKCU..\Run: [Halo2] C:\Users\Flieger\AppData\Local\Temp\sshnas21.DLL File not found
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [M5T8QL3YW3] C:\Users\Flieger\AppData\Local\Temp\Sxr.exe ()
O4 - HKCU..\Run: [opollmdrv] c:\users\flieger\appdata\local\temp\mlklkk.DLL ()
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe (PC Tools  )
O4 - HKCU..\Run: [SparVoip] C:\Program Files\SparVoip\sparvoip.exe (SparVoip)
O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Flieger\Desktop\Eigene Bilder\Bundeswehr\Toni\CIMG1062.JPG
O24 - Desktop BackupWallPaper: C:\Users\Flieger\Desktop\Eigene Bilder\Bundeswehr\Toni\CIMG1062.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.06.19 18:18:38 | 000,000,000 | ---D | C] -- C:\Users\Flieger\AppData\Roaming\Malwarebytes
[2010.06.19 18:17:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.06.19 18:17:56 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.06.19 18:17:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.06.19 18:17:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.06.19 18:15:37 | 006,153,352 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Flieger\Desktop\mbam146-setup.exe
[2010.06.18 16:54:51 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010.06.18 14:31:05 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBox210.ocx
[2010.06.18 14:31:05 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBox10.ocx
[2010.06.18 14:31:05 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBoxVB12.ocx
[2010.06.18 14:31:04 | 000,506,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml.dll
[2010.06.18 14:30:59 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2010.06.18 14:27:45 | 000,000,000 | ---D | C] -- C:\Users\Flieger\AppData\Local\Threat Expert
[2010.06.18 13:23:16 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll.old
[2010.06.18 13:23:16 | 001,652,664 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010.06.18 13:23:16 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010.06.18 13:23:16 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2010.06.18 13:21:17 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010.06.18 13:21:17 | 000,100,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010.06.18 13:21:16 | 000,218,592 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010.06.18 13:21:16 | 000,088,040 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010.06.18 13:21:13 | 000,063,360 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010.06.18 13:21:04 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010.06.18 13:21:04 | 000,000,000 | ---D | C] -- C:\Users\Flieger\AppData\Roaming\PC Tools
[2010.06.18 13:21:04 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010.06.18 13:21:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010.06.18 13:20:49 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010.06.17 15:05:15 | 000,000,000 | ---D | C] -- C:\Users\Flieger\AppData\Roaming\Foxit Software
[2010.06.12 09:49:22 | 000,000,000 | ---D | C] -- C:\Users\Flieger\AppData\Roaming\Foxit
[2010.06.12 09:49:08 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010.06.12 09:49:03 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2010.06.11 16:43:17 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.06.11 16:43:17 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010.06.11 16:43:16 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.06.11 16:43:13 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.06.11 16:43:13 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.06.11 16:43:13 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010.06.11 16:43:12 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.06.11 16:43:06 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.05.26 09:18:06 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.05.25 17:00:02 | 000,000,000 | ---D | C] -- C:\celtic_md
 
========== Files - Modified Within 30 Days ==========
 
[2010.06.19 18:31:55 | 003,932,160 | -HS- | M] () -- C:\Users\Flieger\NTUSER.DAT
[2010.06.19 18:26:12 | 000,000,294 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010.06.19 18:21:01 | 000,000,782 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.19 18:15:37 | 006,153,352 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Flieger\Desktop\mbam146-setup.exe
[2010.06.19 18:08:21 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010.06.19 18:08:05 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.06.19 18:08:04 | 000,000,294 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.06.19 18:07:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.06.19 15:07:14 | 001,442,856 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.06.19 15:07:14 | 000,626,530 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.06.19 15:07:14 | 000,595,306 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.06.19 15:07:14 | 000,126,026 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.06.19 15:07:14 | 000,104,442 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.06.19 15:01:31 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.06.19 15:01:25 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.06.19 15:01:25 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.06.19 15:01:23 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.06.19 15:01:16 | 3219,312,640 | -HS- | M] () -- C:\hiberfil.sys
[2010.06.19 14:53:35 | 001,714,320 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.06.19 13:12:24 | 000,524,288 | -HS- | M] () -- C:\Users\Flieger\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.06.19 13:12:24 | 000,065,536 | -HS- | M] () -- C:\Users\Flieger\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.06.19 13:12:03 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.06.19 13:11:45 | 002,622,227 | -H-- | M] () -- C:\Users\Flieger\AppData\Local\IconCache.db
[2010.06.19 12:36:32 | 000,101,872 | ---- | M] () -- C:\Users\Flieger\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.06.19 12:36:06 | 000,002,597 | ---- | M] () -- C:\Users\Flieger\Desktop\Microsoft Office Word 2003.lnk
[2010.06.19 11:29:58 | 000,027,136 | ---- | M] () -- C:\Users\Flieger\Desktop\Rittermahles.doc
[2010.06.18 15:28:29 | 003,649,536 | ---- | M] () -- C:\Users\Flieger\s-1-5-21-3457977028-191445282-2813071779-1001.rrr
[2010.06.18 14:31:05 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\Registry Mechanic.lnk
[2010.06.18 13:21:15 | 000,001,709 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010.06.15 18:10:06 | 000,002,339 | ---- | M] () -- C:\Users\Flieger\Desktop\Skype.lnk
[2010.06.12 09:49:14 | 000,000,987 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2010.06.12 09:40:00 | 000,160,274 | ---- | M] () -- C:\Users\Flieger\Desktop\2010-06-11_Mietschulden.pdf
[2010.06.12 03:08:15 | 000,000,290 | ---- | M] () -- C:\Windows\win.ini
[2010.06.10 15:15:26 | 000,608,588 | ---- | M] () -- C:\Users\Flieger\Desktop\Heidberger0001.JPG
[2010.06.08 04:16:01 | 000,763,832 | ---- | M] () -- C:\Windows\BDTSupport.dll
[2010.06.08 02:21:02 | 001,652,664 | ---- | M] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010.06.06 17:53:21 | 000,025,088 | ---- | M] () -- C:\Users\Flieger\Desktop\Angebot eines Rittermahles.doc
[2010.05.26 19:06:41 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.05.26 16:47:41 | 000,289,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.05.23 10:13:22 | 001,034,661 | ---- | M] () -- C:\Users\Flieger\Desktop\CIMG4840.JPG
[2010.05.21 14:14:28 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
 
========== Files Created - No Company Name ==========
 
[2010.06.19 18:18:00 | 000,000,782 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.19 14:53:03 | 000,000,294 | -H-- | C] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.06.19 11:29:58 | 000,027,136 | ---- | C] () -- C:\Users\Flieger\Desktop\Rittermahles.doc
[2010.06.18 15:28:28 | 003,649,536 | ---- | C] () -- C:\Users\Flieger\s-1-5-21-3457977028-191445282-2813071779-1001.rrr
[2010.06.18 14:36:55 | 000,000,294 | -H-- | C] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010.06.18 14:31:05 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\Registry Mechanic.lnk
[2010.06.18 13:23:17 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll.old
[2010.06.18 13:23:17 | 000,763,832 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010.06.18 13:23:16 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2010.06.18 13:23:16 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2010.06.18 13:23:16 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2010.06.18 13:23:16 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2010.06.18 13:21:17 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2010.06.18 13:21:16 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2010.06.18 13:21:16 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2010.06.18 13:21:15 | 000,001,709 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010.06.18 13:21:13 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2010.06.14 09:47:17 | 001,034,661 | ---- | C] () -- C:\Users\Flieger\Desktop\CIMG4840.JPG
[2010.06.12 09:49:14 | 000,000,987 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2010.06.12 09:40:00 | 000,160,274 | ---- | C] () -- C:\Users\Flieger\Desktop\2010-06-11_Mietschulden.pdf
[2010.06.10 15:15:26 | 000,608,588 | ---- | C] () -- C:\Users\Flieger\Desktop\Heidberger0001.JPG
[2010.06.06 17:53:21 | 000,025,088 | ---- | C] () -- C:\Users\Flieger\Desktop\Angebot eines Rittermahles.doc
[2010.05.27 08:55:53 | 000,280,952 | ---- | C] () -- C:\UngerFrakturZierbuchstaben.ttf
[2010.05.27 08:55:53 | 000,117,628 | ---- | C] () -- C:\Jugend.ttf
[2010.05.27 08:55:53 | 000,055,404 | ---- | C] () -- C:\CHC.TTF
[2009.12.20 15:36:45 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.10.21 07:51:37 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.06.16 16:42:13 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009.06.16 16:41:41 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009.03.05 17:24:09 | 000,000,008 | ---- | C] () -- C:\Windows\odbcddp.ini
[2009.03.05 17:24:09 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
[2009.03.05 17:24:08 | 000,000,034 | ---- | C] () -- C:\Windows\odbcisam.ini
[2008.12.21 17:36:36 | 000,015,360 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2008.12.06 20:18:38 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008.11.10 07:56:09 | 000,000,510 | ---- | C] () -- C:\Windows\Siemens.INI
[2008.11.06 18:32:43 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IPPCPUID.DLL
[2008.11.06 18:32:31 | 000,011,776 | ---- | C] () -- C:\Windows\System32\pmsbfn32.dll
[2008.11.06 18:30:48 | 000,000,419 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2008.11.02 12:36:21 | 000,000,427 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.11.02 11:15:29 | 000,000,189 | ---- | C] () -- C:\Windows\OPHC.INI
[2008.08.08 15:49:44 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.01.31 09:37:58 | 000,009,255 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 72 bytes -> C:\Windows:70EECF74D560B183
@Alternate Data Stream - 170 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >
         
--- --- ---
__________________

Alt 20.06.2010, 16:16   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
IE öffnet selbstständig bei laufenden Firefox - Standard

IE öffnet selbstständig bei laufenden Firefox



http://www.trojaner-board.de/82699-m...tet-nicht.html
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.06.2010, 18:32   #5
Flieger
 
IE öffnet selbstständig bei laufenden Firefox - Standard

IE öffnet selbstständig bei laufenden Firefox



Habe jetzt mit Malwarebytes gescannt und die markierten Dateien entfernt. Hier ist das logfile:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4052

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

20.06.2010 18:27:42
mbam-log-2010-06-20 (18-27-42).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 314676
Laufzeit: 1 Stunde(n), 27 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 46
Infizierte Registrierungswerte: 6
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 2
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\explorerbar.funexplorer (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.funexplorer.1 (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.scw (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.scw.1 (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.wme (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.wme.1 (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3de88beb-f271-484a-ba71-01d30f439f0c} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{50ad41d2-b1f0-47cc-9ea7-395355eaeebd} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{8ceb185e-81a5-46d3-bc20-c555d605afbd} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a72522ba-9ff3-4c83-abc6-9b476728a396} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c5762628-ae15-4ca6-96c4-b00dd17f3419} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d062e03e-65ca-49e4-9b15-31938ba98922} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Explorer\Bars\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Explorer\Bars\{b72681c0-a222-4b21-a0e2-53a5a5ca3d411} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\browserzinc (Adware.BrowserZinc) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\BrowserZinc (Adware.BrowserZinc) -> No action taken.
HKEY_CURRENT_USER\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{8141440e-08f0-4339-9959-5c31c6a69f23} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{e63605fc-d583-4c81-867f-9457bdb3ea1b} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{e889f097-b0be-471b-89ad-b86b6f04b506} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\opollmdrv (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fccyaasys (Trojan.Vundo) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\ProgramData\BrowserZinc (Adware.BrowserZinc) -> No action taken.
C:\Program Files\BrowserZinc (Adware.BrowserZinc) -> No action taken.

Infizierte Dateien:
C:\Program Files\BrowserZinc\uninstall.exe (Adware.BrowserZinc) -> No action taken.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken.
c:\Users\Flieger\AppData\Local\Temp\mlklkk.dll (Trojan.Agent) -> No action taken.
c:\Users\Flieger\AppData\Local\Temp\jkjghe.dll (Trojan.Vundo) -> No action taken.


Alt 20.06.2010, 19:22   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
IE öffnet selbstständig bei laufenden Firefox - Standard

IE öffnet selbstständig bei laufenden Firefox



Zitat:
Datenbank Version: 4052
Du hast Malwarebytes vorher nicht aktualisiert. Bitte die Datenbanken updaten und den Vollscan wiederholen.
__________________
--> IE öffnet selbstständig bei laufenden Firefox

Alt 21.06.2010, 14:22   #7
Flieger
 
IE öffnet selbstständig bei laufenden Firefox - Standard

IE öffnet selbstständig bei laufenden Firefox



Hallo Arne,
ich habe nach dem ersten Durchlauf mit aktualisierter Version noch einmal gescannt und dann nur noch 2 bösartige Dateien angezeigt bekommen. Ist denn jetzt der PC sauber?
Vielen Dank schon mal für deine Hilfe
Toni

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4219

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

21.06.2010 14:19:42
mbam-log-2010-06-21 (14-19-42).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 326255
Laufzeit: 1 Stunde(n), 21 Minute(n), 22 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Hi Arne, habe 2x die aktualisierte Version durchlaufen lassen und hier kommt das logfile, das offensichtlich einen "sauberen PC" zeigt, oder?

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\opoljisys (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hggfgedrv (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Alt 21.06.2010, 15:55   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
IE öffnet selbstständig bei laufenden Firefox - Standard

IE öffnet selbstständig bei laufenden Firefox



Gut. Ich brauch nun ein neues OTL-Log, da sich das System durch Malwarebytes ja verändert hat.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.06.2010, 17:36   #9
Flieger
 
IE öffnet selbstständig bei laufenden Firefox - Standard

IE öffnet selbstständig bei laufenden Firefox



Arne, noch zur Info: zwischenzeitlich war ich wieder mit Firefox im Internet und der IE ist nicht mehr aufgegangen. Allerding hat der FF recht lange für den Start gebraucht.
Hier erstmal das log von OTL.

Toni


OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 21.06.2010 17:26:53 - Run 2
OTL by OldTimer - Version 3.2.6.0     Folder = c:\Users\Flieger\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 70,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 576,16 Gb Total Space | 418,62 Gb Free Space | 72,66% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 2,75 Gb Free Space | 13,73% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: FLIEGER-PC
Current User Name: Flieger
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - c:\Users\Flieger\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
PRC - C:\Program Files\Registry Mechanic\RMTray.exe (PC Tools  )
PRC - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
PRC - C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
PRC - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
PRC - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
PRC - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\SparVoip\sparvoip.exe (SparVoip)
PRC - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
PRC - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\AutoHotkey\AutoHotkey.exe ()
PRC - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe (Google)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
PRC - C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe (ScanSoft, Inc.)
PRC - C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe (SlySoft, Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - c:\Users\Flieger\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Spyware Doctor\smum32.dll (PC Tools)
MOD - C:\Program Files\Spyware Doctor\PCTGMhk.dll (PC Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (PCToolsSSDMonitorSvc) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (Browser Defender Update Service) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (GoogleDesktopManager) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe (Google)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (PCTCore) -- C:\Windows\system32\drivers\PCTCore.sys (PC Tools)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (NuidFltr) -- C:\Windows\System32\drivers\nuidfltr.sys (Microsoft Corporation)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (MSDV) -- C:\Windows\System32\drivers\msdv.sys (Microsoft Corporation)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (61883) -- C:\Windows\System32\drivers\61883.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (Avc) -- C:\Windows\System32\drivers\avc.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (ElbyDelay) -- C:\Windows\System32\drivers\ElbyDelay.sys (Elaborate Bytes AG)
DRV - (PID_0928) Logitech QuickCam Express(PID_0928) -- C:\Windows\System32\drivers\LV561AV.SYS (Logitech Inc.)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (Gigusb) -- C:\Windows\System32\drivers\Gigusb.sys (Siemens AG)
DRV - (siellif) -- C:\Windows\System32\drivers\siellif.sys (Siemens AG)
DRV - (IUAPIWDM) ISDN USB Interface (Ver. 1.10.0021) -- C:\Windows\System32\drivers\IUAPIWDM.sys (SIEMENS AG)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.arcor.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
IE - HKCU\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "free-downloads.net Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.1
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:4.0.0
FF - prefs.js..extensions.enabledItems: fb_add_on@avm.de:1.5.5
FF - prefs.js..extensions.enabledItems: {2A1D5949-B519-4924-BF62-8522FE0D5274}:0.13
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: {56dadc58-4c5e-4815-8553-d6a737f02fc9}:0.3.026
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FXTV5&o=101699&locale=en_US&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.08.20 08:39:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{AA1ACB70-B5F1-4037-909E-1F725B04D2A8}: C:\Program Files\Smart Content Wizard\1.5.0.3700\FF
FF - HKLM\software\mozilla\Firefox\Extensions\\{5909FC3D-7F8B-415d-A5D1-7C7E941E536E}: C:\Program Files\Web Match Enhancer\1.5.0.3710\FF
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.06.11 14:25:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.06.12 09:49:03 | 000,000,000 | ---D | M]
 
[2008.11.01 17:47:31 | 000,000,000 | ---D | M] -- C:\Users\Flieger\AppData\Roaming\mozilla\Extensions
[2010.06.19 18:30:24 | 000,000,000 | ---D | M] -- C:\Users\Flieger\AppData\Roaming\mozilla\Firefox\Profiles\xpugimxs.default\extensions
[2009.07.12 11:04:36 | 000,000,000 | ---D | M] (PDFescape Extension) -- C:\Users\Flieger\AppData\Roaming\mozilla\Firefox\Profiles\xpugimxs.default\extensions\{2A1D5949-B519-4924-BF62-8522FE0D5274}
[2009.10.16 15:30:39 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Flieger\AppData\Roaming\mozilla\Firefox\Profiles\xpugimxs.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010.02.01 16:52:04 | 000,000,000 | ---D | M] (kitadic) -- C:\Users\Flieger\AppData\Roaming\mozilla\Firefox\Profiles\xpugimxs.default\extensions\{56dadc58-4c5e-4815-8553-d6a737f02fc9}
[2010.01.29 10:11:28 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Users\Flieger\AppData\Roaming\mozilla\Firefox\Profiles\xpugimxs.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2010.02.01 18:33:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Flieger\AppData\Roaming\mozilla\Firefox\Profiles\xpugimxs.default\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}
[2010.01.09 17:53:27 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Flieger\AppData\Roaming\mozilla\Firefox\Profiles\xpugimxs.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.04.15 09:20:02 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Flieger\AppData\Roaming\mozilla\Firefox\Profiles\xpugimxs.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010.01.29 10:12:03 | 000,000,000 | ---D | M] (free-downloads.net Toolbar) -- C:\Users\Flieger\AppData\Roaming\mozilla\Firefox\Profiles\xpugimxs.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}
[2010.02.21 15:57:50 | 000,000,000 | ---D | M] -- C:\Users\Flieger\AppData\Roaming\mozilla\Firefox\Profiles\xpugimxs.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2009.10.04 15:50:52 | 000,000,000 | ---D | M] -- C:\Users\Flieger\AppData\Roaming\mozilla\Firefox\Profiles\xpugimxs.default\extensions\en-US@dictionaries.addons.mozilla.org
[2010.01.20 09:39:07 | 000,000,000 | ---D | M] -- C:\Users\Flieger\AppData\Roaming\mozilla\Firefox\Profiles\xpugimxs.default\extensions\fb_add_on@avm.de
[2010.01.20 09:39:07 | 000,000,000 | ---D | M] -- C:\Users\Flieger\AppData\Roaming\mozilla\Firefox\Profiles\xpugimxs.default\extensions\firefox@mailcatch.com
[2010.06.12 14:28:41 | 000,000,000 | ---D | M] -- C:\Users\Flieger\AppData\Roaming\mozilla\Firefox\Profiles\xpugimxs.default\extensions\toolbar@ask.com
[2010.06.12 14:28:43 | 000,002,427 | ---- | M] () -- C:\Users\Flieger\AppData\Roaming\Mozilla\FireFox\Profiles\xpugimxs.default\searchplugins\askcom.xml
[2008.10.28 14:24:00 | 000,000,898 | ---- | M] () -- C:\Users\Flieger\AppData\Roaming\Mozilla\FireFox\Profiles\xpugimxs.default\searchplugins\conduit.xml
[2010.04.15 19:16:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.04.14 19:06:01 | 000,000,000 | ---D | M] (BrowserZinc) -- C:\Program Files\Mozilla Firefox\extensions\{52ED9673-0722-4A1D-B859-959FD56143DC}
[2010.04.15 19:16:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.06.12 09:48:29 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010.06.11 14:25:17 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.06.11 14:25:17 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.06.11 14:25:17 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.06.11 14:25:17 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.06.11 14:25:17 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O2 - BHO: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKLM\..\Toolbar: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (free-downloads.net Toolbar) - {ECDEE021-0D17-467F-A1FF-C7A115230949} - C:\Program Files\free-downloads.net\tbfre1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Communication Today Task] C:\Program Files\Communication Today\1.5.0.2200\InternetToday.exe File not found
O4 - HKLM..\Run: [ElbyCheckAnyDVD] C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [NokiaMusic FastStart] C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe (Nokia)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [Halo2] C:\Users\Flieger\AppData\Local\Temp\sshnas21.DLL File not found
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe (PC Tools  )
O4 - HKCU..\Run: [SparVoip] C:\Program Files\SparVoip\sparvoip.exe (SparVoip)
O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Flieger\Desktop\Eigene Bilder\Bundeswehr\Toni\CIMG1062.JPG
O24 - Desktop BackupWallPaper: C:\Users\Flieger\Desktop\Eigene Bilder\Bundeswehr\Toni\CIMG1062.JPG
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.06.19 18:18:38 | 000,000,000 | ---D | C] -- C:\Users\Flieger\AppData\Roaming\Malwarebytes
[2010.06.19 18:17:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.06.19 18:17:56 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.06.19 18:17:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.06.19 18:17:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.06.18 16:54:51 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010.06.18 14:31:05 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBox210.ocx
[2010.06.18 14:31:05 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBox10.ocx
[2010.06.18 14:31:05 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBoxVB12.ocx
[2010.06.18 14:31:04 | 000,506,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml.dll
[2010.06.18 14:30:59 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2010.06.18 14:27:45 | 000,000,000 | ---D | C] -- C:\Users\Flieger\AppData\Local\Threat Expert
[2010.06.18 13:23:16 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll.old
[2010.06.18 13:23:16 | 001,652,664 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010.06.18 13:23:16 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010.06.18 13:23:16 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2010.06.18 13:21:17 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010.06.18 13:21:17 | 000,100,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010.06.18 13:21:16 | 000,218,592 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010.06.18 13:21:16 | 000,088,040 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010.06.18 13:21:13 | 000,063,360 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010.06.18 13:21:04 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010.06.18 13:21:04 | 000,000,000 | ---D | C] -- C:\Users\Flieger\AppData\Roaming\PC Tools
[2010.06.18 13:21:04 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010.06.18 13:21:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010.06.18 13:20:49 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010.06.17 15:05:15 | 000,000,000 | ---D | C] -- C:\Users\Flieger\AppData\Roaming\Foxit Software
[2010.06.12 09:49:22 | 000,000,000 | ---D | C] -- C:\Users\Flieger\AppData\Roaming\Foxit
[2010.06.12 09:49:08 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010.06.12 09:49:03 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2010.06.11 16:43:17 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.06.11 16:43:17 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010.06.11 16:43:16 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.06.11 16:43:13 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.06.11 16:43:13 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.06.11 16:43:13 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010.06.11 16:43:12 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.06.11 16:43:06 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.05.26 09:18:06 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.05.25 17:00:02 | 000,000,000 | ---D | C] -- C:\celtic_md
 
========== Files - Modified Within 30 Days ==========
 
[2010.06.21 17:26:49 | 003,932,160 | -HS- | M] () -- C:\Users\Flieger\NTUSER.DAT
[2010.06.21 17:03:58 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.06.21 17:03:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.06.21 14:47:04 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.06.21 14:47:04 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.06.21 12:52:34 | 001,442,856 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.06.21 12:52:34 | 000,626,530 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.06.21 12:52:34 | 000,595,306 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.06.21 12:52:34 | 000,126,026 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.06.21 12:52:34 | 000,104,442 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.06.21 12:49:45 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010.06.21 12:47:08 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.06.21 12:47:06 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.06.21 12:46:58 | 3219,312,640 | -HS- | M] () -- C:\hiberfil.sys
[2010.06.21 12:46:05 | 000,524,288 | -HS- | M] () -- C:\Users\Flieger\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.06.21 12:46:05 | 000,065,536 | -HS- | M] () -- C:\Users\Flieger\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.06.21 12:45:46 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.06.21 12:45:40 | 002,624,567 | -H-- | M] () -- C:\Users\Flieger\AppData\Local\IconCache.db
[2010.06.20 16:52:17 | 000,000,782 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.19 18:34:30 | 000,002,597 | ---- | M] () -- C:\Users\Flieger\Desktop\Microsoft Office Word 2003.lnk
[2010.06.19 14:53:35 | 001,714,320 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.06.19 12:36:32 | 000,101,872 | ---- | M] () -- C:\Users\Flieger\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.06.19 11:29:58 | 000,027,136 | ---- | M] () -- C:\Users\Flieger\Desktop\Rittermahles.doc
[2010.06.18 15:28:29 | 003,649,536 | ---- | M] () -- C:\Users\Flieger\s-1-5-21-3457977028-191445282-2813071779-1001.rrr
[2010.06.18 14:31:05 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\Registry Mechanic.lnk
[2010.06.18 13:21:15 | 000,001,709 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010.06.15 18:10:06 | 000,002,339 | ---- | M] () -- C:\Users\Flieger\Desktop\Skype.lnk
[2010.06.12 09:49:14 | 000,000,987 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2010.06.12 03:08:15 | 000,000,290 | ---- | M] () -- C:\Windows\win.ini
[2010.06.08 04:16:01 | 000,763,832 | ---- | M] () -- C:\Windows\BDTSupport.dll
[2010.06.08 02:21:02 | 001,652,664 | ---- | M] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010.06.06 17:53:21 | 000,025,088 | ---- | M] () -- C:\Users\Flieger\Desktop\Angebot eines Rittermahles.doc
[2010.05.26 19:06:41 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.05.26 16:47:41 | 000,289,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
 
========== Files Created - No Company Name ==========
 
[2010.06.19 18:18:00 | 000,000,782 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.19 11:29:58 | 000,027,136 | ---- | C] () -- C:\Users\Flieger\Desktop\Rittermahles.doc
[2010.06.18 15:28:28 | 003,649,536 | ---- | C] () -- C:\Users\Flieger\s-1-5-21-3457977028-191445282-2813071779-1001.rrr
[2010.06.18 14:31:05 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\Registry Mechanic.lnk
[2010.06.18 13:23:17 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll.old
[2010.06.18 13:23:17 | 000,763,832 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010.06.18 13:23:16 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2010.06.18 13:23:16 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2010.06.18 13:23:16 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2010.06.18 13:23:16 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2010.06.18 13:21:17 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2010.06.18 13:21:16 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2010.06.18 13:21:16 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2010.06.18 13:21:15 | 000,001,709 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010.06.18 13:21:13 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2010.06.12 09:49:14 | 000,000,987 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2010.06.06 17:53:21 | 000,025,088 | ---- | C] () -- C:\Users\Flieger\Desktop\Angebot eines Rittermahles.doc
[2010.05.27 08:55:53 | 000,280,952 | ---- | C] () -- C:\UngerFrakturZierbuchstaben.ttf
[2010.05.27 08:55:53 | 000,117,628 | ---- | C] () -- C:\Jugend.ttf
[2010.05.27 08:55:53 | 000,055,404 | ---- | C] () -- C:\CHC.TTF
[2009.12.20 15:36:45 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.10.21 07:51:37 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.06.16 16:42:13 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009.06.16 16:41:41 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009.03.05 17:24:09 | 000,000,008 | ---- | C] () -- C:\Windows\odbcddp.ini
[2009.03.05 17:24:09 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
[2009.03.05 17:24:08 | 000,000,034 | ---- | C] () -- C:\Windows\odbcisam.ini
[2008.12.21 17:36:36 | 000,015,360 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2008.12.06 20:18:38 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008.11.10 07:56:09 | 000,000,510 | ---- | C] () -- C:\Windows\Siemens.INI
[2008.11.06 18:32:43 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IPPCPUID.DLL
[2008.11.06 18:32:31 | 000,011,776 | ---- | C] () -- C:\Windows\System32\pmsbfn32.dll
[2008.11.06 18:30:48 | 000,000,419 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2008.11.02 12:36:21 | 000,000,427 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.11.02 11:15:29 | 000,000,189 | ---- | C] () -- C:\Windows\OPHC.INI
[2008.08.08 15:49:44 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.01.31 09:37:58 | 000,009,255 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 72 bytes -> C:\Windows:70EECF74D560B183
@Alternate Data Stream - 170 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >
         
--- --- ---

Alt 21.06.2010, 19:54   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
IE öffnet selbstständig bei laufenden Firefox - Standard

IE öffnet selbstständig bei laufenden Firefox



Ok, ich würde aber noch einen Durchgang mit CF empfehlen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.07.2010, 16:53   #11
Flieger
 
IE öffnet selbstständig bei laufenden Firefox - Standard

IE öffnet selbstständig bei laufenden Firefox



Hallo Arne,
war einige Tage weg, deshalb erst jetzt die Zusendung der Auswertung:
Combofix Logfile:
Code:
ATTFilter
ComboFix 10-07-01.02 - Flieger 03.07.2010  15:46:01.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3069.1825 [GMT 2:00]
ausgeführt von:: c:\users\Flieger\Desktop\cofi.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
 ADS - Windows: deleted 72 bytes in 1 streams. 

(((((((((((((((((((((((   Dateien erstellt von 2010-06-03 bis 2010-07-03  ))))))))))))))))))))))))))))))
.

2010-07-03 13:53 . 2010-07-03 13:53	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-07-03 13:39 . 2010-07-03 13:39	--------	d-----w-	c:\program files\CCleaner
2010-06-30 06:18 . 2010-06-21 19:00	501936	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtb8350.tmp.exe
2010-06-29 06:14 . 2010-06-29 07:03	--------	d-----w-	C:\8a772b7f6e7cf71159c506
2010-06-25 01:01 . 2009-11-08 08:55	99176	----a-w-	c:\windows\system32\PresentationHostProxy.dll
2010-06-25 01:01 . 2009-11-08 08:55	49472	----a-w-	c:\windows\system32\netfxperf.dll
2010-06-25 01:01 . 2009-11-08 08:55	297808	----a-w-	c:\windows\system32\mscoree.dll
2010-06-25 01:01 . 2009-11-08 08:55	295264	----a-w-	c:\windows\system32\PresentationHost.exe
2010-06-25 01:01 . 2009-11-08 08:55	1130824	----a-w-	c:\windows\system32\dfshim.dll
2010-06-24 06:49 . 2010-04-16 16:43	28672	----a-w-	c:\windows\system32\Apphlpdm.dll
2010-06-24 06:49 . 2010-04-16 14:39	4240384	----a-w-	c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-19 16:18 . 2010-06-19 16:18	--------	d-----w-	c:\users\Flieger\AppData\Roaming\Malwarebytes
2010-06-19 16:17 . 2010-04-29 10:19	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-19 16:17 . 2010-06-19 16:17	--------	d-----w-	c:\programdata\Malwarebytes
2010-06-19 16:17 . 2010-04-29 10:19	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-06-19 16:17 . 2010-06-21 15:26	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-06-18 14:54 . 2010-06-18 14:54	--------	d-----w-	c:\programdata\WindowsSearch
2010-06-18 12:31 . 2004-08-04 05:00	506368	----a-w-	c:\windows\system32\msxml.dll
2010-06-18 12:27 . 2010-06-18 12:27	--------	d-----w-	c:\users\Flieger\AppData\Local\Threat Expert
2010-06-18 11:23 . 2010-06-08 02:16	763832	----a-w-	c:\windows\BDTSupport.dll
2010-06-18 11:23 . 2010-06-08 00:21	1652664	----a-w-	c:\windows\PCTBDCore.dll
2010-06-18 11:23 . 2010-01-22 06:56	149456	----a-w-	c:\windows\SGDetectionTool.dll
2010-06-18 11:23 . 2010-01-22 06:56	165840	----a-w-	c:\windows\PCTBDRes.dll
2010-06-18 11:23 . 2009-10-27 22:36	1152444	----a-w-	c:\windows\UDB.zip
2010-06-18 11:23 . 2008-11-26 09:08	131	----a-w-	c:\windows\IDB.zip
2010-06-18 11:21 . 2010-02-05 07:18	100136	----a-w-	c:\windows\system32\drivers\pctwfpfilter.sys
2010-06-18 11:21 . 2010-02-05 07:17	233136	----a-w-	c:\windows\system32\drivers\pctgntdi.sys
2010-06-18 11:21 . 2010-03-29 08:06	218592	----a-w-	c:\windows\system32\drivers\PCTCore.sys
2010-06-18 11:21 . 2009-11-23 11:54	88040	----a-w-	c:\windows\system32\drivers\PCTAppEvent.sys
2010-06-18 11:21 . 2010-04-08 12:29	63360	----a-w-	c:\windows\system32\drivers\pctplsg.sys
2010-06-18 11:21 . 2010-07-03 13:44	--------	d-----w-	c:\program files\Spyware Doctor
2010-06-18 11:21 . 2010-06-18 12:31	--------	d-----w-	c:\program files\Common Files\PC Tools
2010-06-18 11:21 . 2010-06-18 11:21	--------	d-----w-	c:\users\Flieger\AppData\Roaming\PC Tools
2010-06-18 11:21 . 2010-06-18 11:21	--------	d-----w-	c:\programdata\PC Tools
2010-06-17 13:05 . 2010-06-17 13:05	--------	d-----w-	c:\users\Flieger\AppData\Roaming\Foxit Software
2010-06-12 07:49 . 2010-06-12 07:49	--------	d-----w-	c:\users\Flieger\AppData\Roaming\Foxit
2010-06-12 07:49 . 2010-06-19 11:08	--------	d-----w-	c:\program files\Ask.com
2010-06-12 07:49 . 2010-06-12 07:49	--------	d-----w-	c:\program files\Foxit Software
2010-06-09 08:06 . 2010-06-09 08:06	976832	----a-w-	c:\programdata\Adobe\Reader\9.3\ARM\22260\AdobeARM.exe
2010-06-09 08:06 . 2010-06-09 08:06	70584	----a-w-	c:\programdata\Adobe\Reader\9.3\ARM\22260\AdobeExtractFiles.dll
2010-06-09 08:06 . 2010-06-09 08:06	331176	----a-w-	c:\programdata\Adobe\Reader\9.3\ARM\22260\ReaderUpdater.exe
2010-06-09 08:06 . 2010-06-09 08:06	331176	----a-w-	c:\programdata\Adobe\Reader\9.3\ARM\22260\AcrobatUpdater.exe

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-03 13:28 . 2008-01-21 07:15	636830	----a-w-	c:\windows\system32\perfh007.dat
2010-07-03 13:28 . 2008-01-21 07:15	129638	----a-w-	c:\windows\system32\perfc007.dat
2010-07-03 13:25 . 2008-10-21 15:57	101872	----a-w-	c:\users\Flieger\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-03 13:22 . 2009-09-14 13:48	12	----a-w-	c:\windows\bthservsdp.dat
2010-07-03 07:14 . 2008-08-04 11:59	--------	d-----w-	c:\programdata\Microsoft Help
2010-07-02 14:16 . 2008-11-22 09:33	--------	d-----w-	c:\programdata\Google Updater
2010-06-29 06:16 . 2008-08-04 12:00	--------	d-----w-	c:\program files\Microsoft.NET
2010-06-25 01:19 . 2009-03-24 16:51	--------	d-----w-	c:\users\Flieger\AppData\Roaming\Skype
2010-06-25 01:00 . 2008-11-02 16:12	--------	d-----w-	c:\users\Flieger\AppData\Roaming\skypePM
2010-06-12 01:24 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-06-11 06:18 . 2008-08-04 09:13	--------	d-----w-	c:\program files\Microsoft Silverlight
2010-05-30 06:42 . 2010-03-12 18:47	443912	----a-w-	c:\users\Flieger\AppData\Roaming\Real\Update\setup3.10\setup.exe
2010-05-27 09:26 . 2009-01-26 09:31	--------	d-----w-	c:\program files\Okidata
2010-05-26 17:06 . 2010-06-11 14:43	34304	----a-w-	c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-11 14:43	289792	----a-w-	c:\windows\system32\atmfd.dll
2010-05-21 12:14 . 2009-10-03 06:01	221568	------w-	c:\windows\system32\MpSigStub.exe
2010-05-18 10:17 . 2008-12-06 18:20	--------	d-----w-	c:\program files\free-downloads.net
2010-05-05 18:02 . 2010-04-23 08:49	--------	d-----w-	c:\program files\Opera
2010-05-04 19:15 . 2010-06-11 14:43	834048	----a-w-	c:\windows\system32\wininet.dll
2010-05-04 18:37 . 2010-06-11 14:43	78336	----a-w-	c:\windows\system32\ieencode.dll
2010-05-01 14:13 . 2010-06-11 14:43	2037248	----a-w-	c:\windows\system32\win32k.sys
2010-04-23 14:13 . 2010-05-26 07:18	2048	----a-w-	c:\windows\system32\tzres.dll
2010-04-20 19:28 . 2010-04-20 19:28	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtb8D29.tmp.exe
2010-04-16 16:43 . 2010-06-24 06:49	173056	----a-w-	c:\windows\AppPatch\AcXtrnal.dll
2010-04-16 16:43 . 2010-06-24 06:49	458752	----a-w-	c:\windows\AppPatch\AcSpecfc.dll
2010-04-16 16:43 . 2010-06-24 06:49	542720	----a-w-	c:\windows\AppPatch\AcLayers.dll
2010-04-16 16:43 . 2010-06-24 06:49	2159616	----a-w-	c:\windows\AppPatch\AcGenral.dll
2010-04-12 15:29 . 2010-04-15 17:16	411368	----a-w-	c:\windows\system32\deployJava1.dll
2010-04-05 17:01 . 2010-06-11 14:43	67072	----a-w-	c:\windows\system32\asycfilt.dll
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfre1.dll" [2010-05-18 2515552]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2010-05-18 10:17	2515552	----a-w-	c:\program files\free-downloads.net\tbfre1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfre1.dll" [2010-05-18 2515552]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfre1.dll" [2010-05-18 2515552]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"SparVoip"="c:\program files\SparVoip\sparvoip.exe" [2009-11-16 9167144]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-11-23 203720]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2008-01-21 49664]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-22 39408]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"RegistryMechanic"="c:\program files\Registry Mechanic\RMTray.exe" [2010-04-08 292824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-09 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-09 92704]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-10-21 220160]
"toolbar_eula_launcher"="c:\program files\GoogleEULA\EULALauncher.exe" [2007-02-09 16896]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 155648]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"ElbyCheckAnyDVD"="c:\program files\SlySoft\AnyDVD\ElbyCheck.exe" [2002-11-02 45056]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVD.exe" [2003-08-22 210432]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-14 198160]
"NokiaMusic FastStart"="c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe" [2009-11-06 2090272]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-05-11 1287120]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-04-08 104408]
" Malwarebytes Anti-Malware  (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):62,24,19,2f,0e,74,ca,01

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca7c8bd23c0a25;Google Update Service (gupdate1ca7c8bd23c0a25);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-14 133104]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 Gigusb;Dect USB Driver;c:\windows\system32\Drivers\Gigusb.sys [2002-10-22 59070]
R3 IUAPIWDM;ISDN USB Interface (Ver. 1.10.0021);c:\windows\system32\DRIVERS\IUAPIWDM.sys [2001-07-20 49344]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-03-19 136704]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-03-19 8320]
R3 siellif;siellif;c:\windows\system32\Drivers\siellif.sys [2002-10-22 115856]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2008-12-06 717296]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-03-29 218592]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-02-03 1155072]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-04-08 632792]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]


--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - PCTSDInjDriver32

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners

2010-07-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-21 07:51]

2010-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-14 07:05]

2010-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-14 07:05]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.arcor.de/
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4
TCP: {4F1DE4D0-DB2E-4BB7-AEBE-9BA81C9B114A} = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\Flieger\AppData\Roaming\Mozilla\Firefox\Profiles\xpugimxs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FXTV5&o=101699&locale=en_US&q=
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\users\Flieger\AppData\Roaming\Mozilla\Firefox\Profiles\xpugimxs.default\extensions\fb_add_on@avm.de\components\FB_AddOn.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-07-03 15:53
Windows 6.0.6002 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(5788)
c:\program files\Spyware Doctor\pctgmhk.dll
c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
.
Zeit der Fertigstellung: 2010-07-03  15:57:45
ComboFix-quarantined-files.txt  2010-07-03 13:57

Vor Suchlauf: 15 Verzeichnis(se), 462.804.205.568 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 462.741.671.936 Bytes frei

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 1962DCDB305CAF23379A1A45EC71665E
         
--- --- ---

Vielleicht hast du auch noch eine Idee, wie man den Firefox schneller an den Start bekommt.

Grüße aus dem heißen Köln
Toni

Alt 03.07.2010, 17:01   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
IE öffnet selbstständig bei laufenden Firefox - Standard

IE öffnet selbstständig bei laufenden Firefox



Wie lange braucht der FF zum Starten denn??
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.07.2010, 18:07   #13
Flieger
 
IE öffnet selbstständig bei laufenden Firefox - Standard

IE öffnet selbstständig bei laufenden Firefox



Habs gerade nochmal probiert: 25 sec., wenn ich ihn aus dem Desktop aufrufe.
Toni

Alt 04.07.2010, 19:38   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
IE öffnet selbstständig bei laufenden Firefox - Standard

IE öffnet selbstständig bei laufenden Firefox



Nur der Firefox braucht so lange zum Starten? Oder auch andere Programme?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.07.2010, 21:05   #15
Flieger
 
IE öffnet selbstständig bei laufenden Firefox - Standard

IE öffnet selbstständig bei laufenden Firefox



Arne, nur der FF braucht so lange. Alle anderen Programme starten ganz schnell.
Toni

Antwort

Themen zu IE öffnet selbstständig bei laufenden Firefox
antivir, antivir guard, ask toolbar, ask.com, avira, bho, bonjour, browser, browser guard, computer, desktop, ebay, excel, firefox, google, gupdate, hijack, hijackthis, local\temp, logfile, mozilla, problem, registry, remote access, security, senden, skype.exe, software, spyware, sshnas21.dll, system, vista, windows



Ähnliche Themen: IE öffnet selbstständig bei laufenden Firefox


  1. Firefox öffnet selbstständig Tabs mit Werbung
    Plagegeister aller Art und deren Bekämpfung - 20.02.2015 (12)
  2. Firefox öffnet selbstständig Tabs mit Werbung
    Plagegeister aller Art und deren Bekämpfung - 02.02.2015 (11)
  3. Firefox öffnet selbstständig neue Tabs
    Plagegeister aller Art und deren Bekämpfung - 18.02.2014 (3)
  4. Win 8 Firefox öffnet selbstständig neuen TAB
    Plagegeister aller Art und deren Bekämpfung - 16.02.2014 (1)
  5. Win 7: Firefox öffnet selbstständig Tabs mit Werbung
    Log-Analyse und Auswertung - 13.09.2013 (11)
  6. Firefox öffnet selbstständig Tabs mit Werbung
    Plagegeister aller Art und deren Bekämpfung - 09.07.2013 (7)
  7. Firefox öffnet selbstständig Game Seiten im Tab
    Plagegeister aller Art und deren Bekämpfung - 24.04.2013 (11)
  8. Firefox öffnet selbstständig 209.59.195.20
    Log-Analyse und Auswertung - 17.09.2010 (21)
  9. Firefox öffnet Werbetabs&Internet Explorer öffnet sich selbstständig
    Log-Analyse und Auswertung - 09.05.2010 (64)
  10. HILFE: Firefox öffnet Werbetabs&Internet Explorer öffnet sich selbstständig
    Log-Analyse und Auswertung - 07.05.2010 (6)
  11. Firefox öffnet selbstständig Werbefenster
    Log-Analyse und Auswertung - 11.04.2010 (2)
  12. Firefox öffnet selbstständig Werbeseiten
    Log-Analyse und Auswertung - 08.01.2010 (6)
  13. firefox öffnet selbstständig werbeseiten
    Log-Analyse und Auswertung - 08.12.2008 (8)
  14. firefox öffnet selbstständig neue fenster
    Plagegeister aller Art und deren Bekämpfung - 04.12.2008 (3)
  15. Firefox öffnet selbstständig neue Browser
    Plagegeister aller Art und deren Bekämpfung - 26.11.2008 (14)
  16. Firefox öffnet selbstständig LEERE fenster !!
    Plagegeister aller Art und deren Bekämpfung - 16.05.2006 (20)
  17. Firefox öffnet selbstständig werbeseiten
    Log-Analyse und Auswertung - 02.02.2006 (12)

Zum Thema IE öffnet selbstständig bei laufenden Firefox - Hi, bin ganz neu hier und habe das wohl schon bekannte Problem, dass sich der IE plötzlich öffnet. Avira meldet "sshnas21.dll" - finde ich aber nicht. Löschen oder in Quarantäne - IE öffnet selbstständig bei laufenden Firefox...
Archiv
Du betrachtest: IE öffnet selbstständig bei laufenden Firefox auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.