| |
| |||||||
Log-Analyse und Auswertung: IE öffnet selbstständig bei laufenden FirefoxWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
19.06.2010, 14:34
| #1 |
 |  IE öffnet selbstständig bei laufenden Firefox Hi, bin ganz neu hier und habe das wohl schon bekannte Problem, dass sich der IE plötzlich öffnet. Avira meldet "sshnas21.dll" - finde ich aber nicht. Löschen oder in Quarantäne schieben bringt auch nichts. Es wäre toll, wenn ich eine für Anfänger gut verständliche Lösung bekäme. Hier mein logfile: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:19:04, on 19.06.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Users\Flieger\AppData\Local\Temp\Sxq.exe C:\Users\Flieger\AppData\Local\Temp\Sxr.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\System32\rundll32.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Windows\WindowsMobile\wmdc.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\SparVoip\sparvoip.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Windows\system32\WerCon.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Registry Mechanic\RMTray.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\Flieger\Downloads\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing) R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Remote Access Enhancer - {1D74E9DD-8987-448b-B2CB-67FFF2B8A932} - C:\Program Files\Remote Access Enhancer\4.5.0.6190\RAEIEAddOn.dll (file missing) O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll O2 - BHO: Web Access Controller - {42C7C39F-3128-4a17-BDB7-91C46032B5B9} - C:\Program Files\Web Access Controller\4.5.0.2570\WACIEAddOn.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll O2 - BHO: Smart Content Wizard - {B72681C0-A222-4b21-A0E2-53A5A5CA3D41} - C:\Program Files\Smart Content Wizard\1.5.0.3700\SCWIE.dll (file missing) O2 - BHO: Web Match Enhancer - {CAC89FF9-34A9-4431-8CFE-292A47F843BC} - C:\Program Files\Web Match Enhancer\1.5.0.3710\WMEIE.dll (file missing) O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Internet Search Helper - {EB4A577D-BCAD-4b1c-8AF2-9A74B8DD3431} - C:\Program Files\Internet Search Helper\4.5.0.2690\ISHIEAddOn.dll (file missing) O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: Foxit Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing) O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD O4 - HKLM\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe" /command:faststart O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Communication Today Task] "C:\Program Files\Communication Today\1.5.0.2200\InternetToday.exe" O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [SparVoip] "C:\Program Files\SparVoip\sparvoip.exe" -nosplash -minimized O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Halo2] rundll32.exe C:\Users\Flieger\AppData\Local\Temp\sshnas21.dll,GetMainWnd O4 - HKCU\..\Run: [M5T8QL3YW3] C:\Users\Flieger\AppData\Local\Temp\Sxr.exe O4 - HKCU\..\Run: [fccyaasys] rundll32.exe "c:\users\flieger\appdata\local\temp\jkjghe.dll",DllRegisterServer O4 - HKCU\..\Run: [opollmdrv] rundll32.exe "c:\users\flieger\appdata\local\temp\mlklkk.dll",s O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe /H O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing) O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing) O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing) (HKCU) O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing) (HKCU) O13 - Gopher Prefix: O17 - HKLM\System\CCS\Services\Tcpip\..\{4F1DE4D0-DB2E-4BB7-AEBE-9BA81C9B114A}: NameServer = 208.67.222.222,208.67.220.220 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe O23 - Service: Google Update Service (gupdate1ca7c8bd23c0a25) (gupdate1ca7c8bd23c0a25) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - PC Tools - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 13961 bytes |
|
19.06.2010, 15:43
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | IE öffnet selbstständig bei laufenden Firefox Hallo und
__________________ bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
20.06.2010, 08:39
| #3 |
| | IE öffnet selbstständig bei laufenden Firefox Habe Malwarebytes heruntergeladen, aber nach dem Starten tut sich gar nichts. Habe daraufhin, wie aufgefordert, mit OTL folgende logfiles bekommen:
__________________OTL Logfile: Code:
ATTFilter OTL logfile created on: 19.06.2010 18:27:34 - Run 1 OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\Flieger\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 70,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 73,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 576,16 Gb Total Space | 418,88 Gb Free Space | 72,70% Space Free | Partition Type: NTFS Drive D: | 20,00 Gb Total Space | 2,75 Gb Free Space | 13,73% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: FLIEGER-PC Current User Name: Flieger Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Flieger\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Users\Flieger\Downloads\HiJackThis.exe (Trend Micro Inc.) PRC - C:\Users\Flieger\AppData\Local\Temp\Sxr.exe () PRC - C:\Users\Flieger\AppData\Local\Temp\Sxq.exe () PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools) PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.) PRC - C:\Program Files\Registry Mechanic\RMTray.exe (PC Tools ) PRC - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools) PRC - C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools) PRC - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools) PRC - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools) PRC - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.) PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files\SparVoip\sparvoip.exe (SparVoip) PRC - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) PRC - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe (Nokia) PRC - C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia) PRC - C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Windows\System32\wercon.exe (Microsoft Corporation) PRC - C:\Program Files\Internet Explorer\ieuser.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\AutoHotkey\AutoHotkey.exe () PRC - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe (Google) PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) PRC - C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe (ScanSoft, Inc.) PRC - C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe (SlySoft, Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\Flieger\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Program Files\Spyware Doctor\smum32.dll (PC Tools) MOD - C:\Program Files\Spyware Doctor\PCTGMhk.dll (PC Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (PCToolsSSDMonitorSvc) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools) SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools) SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools) SRV - (Browser Defender Update Service) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (ServiceLayer) -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (GoogleDesktopManager) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe (Google) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) ========== Driver Services (SafeList) ========== DRV - (PCTCore) -- C:\Windows\system32\drivers\PCTCore.sys (PC Tools) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (NuidFltr) -- C:\Windows\System32\drivers\nuidfltr.sys (Microsoft Corporation) DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia) DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia) DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (MSDV) -- C:\Windows\System32\drivers\msdv.sys (Microsoft Corporation) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (61883) -- C:\Windows\System32\drivers\61883.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (Avc) -- C:\Windows\System32\drivers\avc.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV - (ElbyDelay) -- C:\Windows\System32\drivers\ElbyDelay.sys (Elaborate Bytes AG) DRV - (PID_0928) Logitech QuickCam Express(PID_0928) -- C:\Windows\System32\drivers\LV561AV.SYS (Logitech Inc.) DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.) DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.) DRV - (Gigusb) -- C:\Windows\System32\drivers\Gigusb.sys (Siemens AG) DRV - (siellif) -- C:\Windows\System32\drivers\siellif.sys (Siemens AG) DRV - (IUAPIWDM) ISDN USB Interface (Ver. 1.10.0021) -- C:\Windows\System32\drivers\IUAPIWDM.sys (SIEMENS AG) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found IE - HKCU\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "free-downloads.net Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official" FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.1 FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:4.0.0 FF - prefs.js..extensions.enabledItems: fb_add_on@avm.de:1.5.5 FF - prefs.js..extensions.enabledItems: {2A1D5949-B519-4924-BF62-8522FE0D5274}:0.13 FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1 FF - prefs.js..extensions.enabledItems: {56dadc58-4c5e-4815-8553-d6a737f02fc9}:0.3.026 FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.3 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 FF - prefs.js..extensions.enabledItems: {E63605FC-D583-4C81-867F-9457BDB3EA1B}:4.5.0.2690 FF - prefs.js..extensions.enabledItems: {8141440E-08F0-4339-9959-5C31C6A69F23}:4.5.0.6190 FF - prefs.js..extensions.enabledItems: {E889F097-B0BE-471B-89AD-B86B6F04B506}:4.5.0.2570 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FXTV5&o=101699&locale=en_US&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.08.20 08:39:23 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{E63605FC-D583-4C81-867F-9457BDB3EA1B}: C:\Program Files\Internet Search Helper\4.5.0.2690\FF [2010.04.20 20:29:53 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{8141440E-08F0-4339-9959-5C31C6A69F23}: C:\Program Files\Remote Access Enhancer\4.5.0.6190\FF [2010.04.20 20:27:58 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{E889F097-B0BE-471B-89AD-B86B6F04B506}: C:\Program Files\Web Access Controller\4.5.0.2570\FF [2010.04.20 20:30:55 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{AA1ACB70-B5F1-4037-909E-1F725B04D2A8}: C:\Program Files\Smart Content Wizard\1.5.0.3700\FF FF - HKLM\software\mozilla\Firefox\Extensions\\{5909FC3D-7F8B-415d-A5D1-7C7E941E536E}: C:\Program Files\Web Match Enhancer\1.5.0.3710\FF FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.06.11 14:25:19 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.06.12 09:49:03 | 000,000,000 | ---D | M] [2008.11.01 17:47:31 | 000,000,000 | ---D | M] -- C:\Users\Flieger\AppData\Roaming\mozilla\Extensions [2010.06.14 08:43:32 | 000,000,000 | ---D | M] -- C:\Users\Flieger\AppData\Roaming\mozilla\Firefox\Profiles\xpugimxs.default\extensions [2009.07.12 11:04:36 | 000,000,000 | ---D | M] (PDFescape Extension) -- C:\Users\Flieger\AppData\Roaming\mozilla\Firefox\Profiles\xpugimxs.default\extensions\{2A1D5949-B519-4924-BF62-8522FE0D5274} [2009.10.16 15:30:39 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Flieger\AppData\Roaming\mozilla\Firefox\Profiles\xpugimxs.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250} [2010.02.01 16:52:04 | 000,000,000 | ---D | M] (kitadic) -- C:\Users\Flieger\AppData\Roaming\mozilla\Firefox\Profiles\xpugimxs.default\extensions\{56dadc58-4c5e-4815-8553-d6a737f02fc9} [2010.01.29 10:11:28 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Users\Flieger\AppData\Roaming\mozilla\Firefox\Profiles\xpugimxs.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE} [2010.02.01 18:33:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Flieger\AppData\Roaming\mozilla\Firefox\Profiles\xpugimxs.default\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf} [2010.01.09 17:53:27 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Flieger\AppData\Roaming\mozilla\Firefox\Profiles\xpugimxs.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.04.15 09:20:02 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Flieger\AppData\Roaming\mozilla\Firefox\Profiles\xpugimxs.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2010.01.29 10:12:03 | 000,000,000 | ---D | M] (free-downloads.net Toolbar) -- C:\Users\Flieger\AppData\Roaming\mozilla\Firefox\Profiles\xpugimxs.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949} [2010.02.21 15:57:50 | 000,000,000 | ---D | M] -- C:\Users\Flieger\AppData\Roaming\mozilla\Firefox\Profiles\xpugimxs.default\extensions\de-DE@dictionaries.addons.mozilla.org [2009.10.04 15:50:52 | 000,000,000 | ---D | M] -- C:\Users\Flieger\AppData\Roaming\mozilla\Firefox\Profiles\xpugimxs.default\extensions\en-US@dictionaries.addons.mozilla.org [2010.01.20 09:39:07 | 000,000,000 | ---D | M] -- C:\Users\Flieger\AppData\Roaming\mozilla\Firefox\Profiles\xpugimxs.default\extensions\fb_add_on@avm.de [2010.01.20 09:39:07 | 000,000,000 | ---D | M] -- C:\Users\Flieger\AppData\Roaming\mozilla\Firefox\Profiles\xpugimxs.default\extensions\firefox@mailcatch.com [2010.06.12 14:28:41 | 000,000,000 | ---D | M] -- C:\Users\Flieger\AppData\Roaming\mozilla\Firefox\Profiles\xpugimxs.default\extensions\toolbar@ask.com [2010.06.12 14:28:43 | 000,002,427 | ---- | M] () -- C:\Users\Flieger\AppData\Roaming\Mozilla\FireFox\Profiles\xpugimxs.default\searchplugins\askcom.xml [2008.10.28 14:24:00 | 000,000,898 | ---- | M] () -- C:\Users\Flieger\AppData\Roaming\Mozilla\FireFox\Profiles\xpugimxs.default\searchplugins\conduit.xml [2010.04.15 19:16:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010.04.14 19:06:01 | 000,000,000 | ---D | M] (BrowserZinc) -- C:\Program Files\Mozilla Firefox\extensions\{52ED9673-0722-4A1D-B859-959FD56143DC} [2010.04.15 19:16:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010.06.12 09:48:29 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll [2010.06.11 14:25:17 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.06.11 14:25:17 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.06.11 14:25:17 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.06.11 14:25:17 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.06.11 14:25:17 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Remote Access Enhancer) - {1D74E9DD-8987-448b-B2CB-67FFF2B8A932} - C:\Program Files\Remote Access Enhancer\4.5.0.6190\RAEIEAddOn.dll File not found O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Web Access Controller) - {42C7C39F-3128-4a17-BDB7-91C46032B5B9} - C:\Program Files\Web Access Controller\4.5.0.2570\WACIEAddOn.dll File not found O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.) O2 - BHO: (Smart Content Wizard) - {B72681C0-A222-4b21-A0E2-53A5A5CA3D41} - C:\Program Files\Smart Content Wizard\1.5.0.3700\SCWIE.dll File not found O2 - BHO: (Web Match Enhancer) - {CAC89FF9-34A9-4431-8CFE-292A47F843BC} - C:\Program Files\Web Match Enhancer\1.5.0.3710\WMEIE.dll File not found O2 - BHO: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found O2 - BHO: (Internet Search Helper) - {EB4A577D-BCAD-4b1c-8AF2-9A74B8DD3431} - C:\Program Files\Internet Search Helper\4.5.0.2690\ISHIEAddOn.dll File not found O2 - BHO: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found O3 - HKLM\..\Toolbar: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (free-downloads.net Toolbar) - {ECDEE021-0D17-467F-A1FF-C7A115230949} - C:\Program Files\free-downloads.net\tbfre1.dll (Conduit Ltd.) O4 - HKLM..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe (SlySoft, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Communication Today Task] C:\Program Files\Communication Today\1.5.0.2200\InternetToday.exe File not found O4 - HKLM..\Run: [ElbyCheckAnyDVD] C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe (Elaborate Bytes AG) O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools) O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) O4 - HKLM..\Run: [NokiaMusic FastStart] C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe (Nokia) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.) O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.) O4 - HKLM..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe ( ) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team) O4 - HKCU..\Run: [fccyaasys] c:\users\flieger\appdata\local\temp\jkjghe.DLL () O4 - HKCU..\Run: [Halo2] C:\Users\Flieger\AppData\Local\Temp\sshnas21.DLL File not found O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKCU..\Run: [M5T8QL3YW3] C:\Users\Flieger\AppData\Local\Temp\Sxr.exe () O4 - HKCU..\Run: [opollmdrv] c:\users\flieger\appdata\local\temp\mlklkk.DLL () O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe (PC Tools ) O4 - HKCU..\Run: [SparVoip] C:\Program Files\SparVoip\sparvoip.exe (SparVoip) O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Flieger\Desktop\Eigene Bilder\Bundeswehr\Toni\CIMG1062.JPG O24 - Desktop BackupWallPaper: C:\Users\Flieger\Desktop\Eigene Bilder\Bundeswehr\Toni\CIMG1062.JPG O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.06.19 18:18:38 | 000,000,000 | ---D | C] -- C:\Users\Flieger\AppData\Roaming\Malwarebytes [2010.06.19 18:17:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.06.19 18:17:56 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.06.19 18:17:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.06.19 18:17:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.06.19 18:15:37 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Flieger\Desktop\mbam146-setup.exe [2010.06.18 16:54:51 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch [2010.06.18 14:31:05 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBox210.ocx [2010.06.18 14:31:05 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBox10.ocx [2010.06.18 14:31:05 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBoxVB12.ocx [2010.06.18 14:31:04 | 000,506,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml.dll [2010.06.18 14:30:59 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic [2010.06.18 14:27:45 | 000,000,000 | ---D | C] -- C:\Users\Flieger\AppData\Local\Threat Expert [2010.06.18 13:23:16 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll.old [2010.06.18 13:23:16 | 001,652,664 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll [2010.06.18 13:23:16 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll [2010.06.18 13:23:16 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll [2010.06.18 13:21:17 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys [2010.06.18 13:21:17 | 000,100,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys [2010.06.18 13:21:16 | 000,218,592 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys [2010.06.18 13:21:16 | 000,088,040 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys [2010.06.18 13:21:13 | 000,063,360 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys [2010.06.18 13:21:04 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor [2010.06.18 13:21:04 | 000,000,000 | ---D | C] -- C:\Users\Flieger\AppData\Roaming\PC Tools [2010.06.18 13:21:04 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2010.06.18 13:21:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools [2010.06.18 13:20:49 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2010.06.17 15:05:15 | 000,000,000 | ---D | C] -- C:\Users\Flieger\AppData\Roaming\Foxit Software [2010.06.12 09:49:22 | 000,000,000 | ---D | C] -- C:\Users\Flieger\AppData\Roaming\Foxit [2010.06.12 09:49:08 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com [2010.06.12 09:49:03 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software [2010.06.11 16:43:17 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2010.06.11 16:43:17 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll [2010.06.11 16:43:16 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2010.06.11 16:43:13 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.06.11 16:43:13 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.06.11 16:43:13 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2010.06.11 16:43:12 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2010.06.11 16:43:06 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.05.26 09:18:06 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010.05.25 17:00:02 | 000,000,000 | ---D | C] -- C:\celtic_md ========== Files - Modified Within 30 Days ========== [2010.06.19 18:31:55 | 003,932,160 | -HS- | M] () -- C:\Users\Flieger\NTUSER.DAT [2010.06.19 18:26:12 | 000,000,294 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job [2010.06.19 18:21:01 | 000,000,782 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.06.19 18:15:37 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Flieger\Desktop\mbam146-setup.exe [2010.06.19 18:08:21 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2010.06.19 18:08:05 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.06.19 18:08:04 | 000,000,294 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2010.06.19 18:07:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.06.19 15:07:14 | 001,442,856 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.06.19 15:07:14 | 000,626,530 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.06.19 15:07:14 | 000,595,306 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.06.19 15:07:14 | 000,126,026 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.06.19 15:07:14 | 000,104,442 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.06.19 15:01:31 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.06.19 15:01:25 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.06.19 15:01:25 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.06.19 15:01:23 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.06.19 15:01:16 | 3219,312,640 | -HS- | M] () -- C:\hiberfil.sys [2010.06.19 14:53:35 | 001,714,320 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.06.19 13:12:24 | 000,524,288 | -HS- | M] () -- C:\Users\Flieger\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.06.19 13:12:24 | 000,065,536 | -HS- | M] () -- C:\Users\Flieger\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.06.19 13:12:03 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.06.19 13:11:45 | 002,622,227 | -H-- | M] () -- C:\Users\Flieger\AppData\Local\IconCache.db [2010.06.19 12:36:32 | 000,101,872 | ---- | M] () -- C:\Users\Flieger\AppData\Local\GDIPFONTCACHEV1.DAT [2010.06.19 12:36:06 | 000,002,597 | ---- | M] () -- C:\Users\Flieger\Desktop\Microsoft Office Word 2003.lnk [2010.06.19 11:29:58 | 000,027,136 | ---- | M] () -- C:\Users\Flieger\Desktop\Rittermahles.doc [2010.06.18 15:28:29 | 003,649,536 | ---- | M] () -- C:\Users\Flieger\s-1-5-21-3457977028-191445282-2813071779-1001.rrr [2010.06.18 14:31:05 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\Registry Mechanic.lnk [2010.06.18 13:21:15 | 000,001,709 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk [2010.06.15 18:10:06 | 000,002,339 | ---- | M] () -- C:\Users\Flieger\Desktop\Skype.lnk [2010.06.12 09:49:14 | 000,000,987 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2010.06.12 09:40:00 | 000,160,274 | ---- | M] () -- C:\Users\Flieger\Desktop\2010-06-11_Mietschulden.pdf [2010.06.12 03:08:15 | 000,000,290 | ---- | M] () -- C:\Windows\win.ini [2010.06.10 15:15:26 | 000,608,588 | ---- | M] () -- C:\Users\Flieger\Desktop\Heidberger0001.JPG [2010.06.08 04:16:01 | 000,763,832 | ---- | M] () -- C:\Windows\BDTSupport.dll [2010.06.08 02:21:02 | 001,652,664 | ---- | M] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll [2010.06.06 17:53:21 | 000,025,088 | ---- | M] () -- C:\Users\Flieger\Desktop\Angebot eines Rittermahles.doc [2010.05.26 19:06:41 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2010.05.26 16:47:41 | 000,289,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2010.05.23 10:13:22 | 001,034,661 | ---- | M] () -- C:\Users\Flieger\Desktop\CIMG4840.JPG [2010.05.21 14:14:28 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe ========== Files Created - No Company Name ========== [2010.06.19 18:18:00 | 000,000,782 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.06.19 14:53:03 | 000,000,294 | -H-- | C] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2010.06.19 11:29:58 | 000,027,136 | ---- | C] () -- C:\Users\Flieger\Desktop\Rittermahles.doc [2010.06.18 15:28:28 | 003,649,536 | ---- | C] () -- C:\Users\Flieger\s-1-5-21-3457977028-191445282-2813071779-1001.rrr [2010.06.18 14:36:55 | 000,000,294 | -H-- | C] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job [2010.06.18 14:31:05 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\Registry Mechanic.lnk [2010.06.18 13:23:17 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll.old [2010.06.18 13:23:17 | 000,763,832 | ---- | C] () -- C:\Windows\BDTSupport.dll [2010.06.18 13:23:16 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip [2010.06.18 13:23:16 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml [2010.06.18 13:23:16 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml [2010.06.18 13:23:16 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip [2010.06.18 13:21:17 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat [2010.06.18 13:21:16 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat [2010.06.18 13:21:16 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat [2010.06.18 13:21:15 | 000,001,709 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk [2010.06.18 13:21:13 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat [2010.06.14 09:47:17 | 001,034,661 | ---- | C] () -- C:\Users\Flieger\Desktop\CIMG4840.JPG [2010.06.12 09:49:14 | 000,000,987 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2010.06.12 09:40:00 | 000,160,274 | ---- | C] () -- C:\Users\Flieger\Desktop\2010-06-11_Mietschulden.pdf [2010.06.10 15:15:26 | 000,608,588 | ---- | C] () -- C:\Users\Flieger\Desktop\Heidberger0001.JPG [2010.06.06 17:53:21 | 000,025,088 | ---- | C] () -- C:\Users\Flieger\Desktop\Angebot eines Rittermahles.doc [2010.05.27 08:55:53 | 000,280,952 | ---- | C] () -- C:\UngerFrakturZierbuchstaben.ttf [2010.05.27 08:55:53 | 000,117,628 | ---- | C] () -- C:\Jugend.ttf [2010.05.27 08:55:53 | 000,055,404 | ---- | C] () -- C:\CHC.TTF [2009.12.20 15:36:45 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2009.10.21 07:51:37 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.06.16 16:42:13 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2009.06.16 16:41:41 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2009.03.05 17:24:09 | 000,000,008 | ---- | C] () -- C:\Windows\odbcddp.ini [2009.03.05 17:24:09 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI [2009.03.05 17:24:08 | 000,000,034 | ---- | C] () -- C:\Windows\odbcisam.ini [2008.12.21 17:36:36 | 000,015,360 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll [2008.12.06 20:18:38 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2008.11.10 07:56:09 | 000,000,510 | ---- | C] () -- C:\Windows\Siemens.INI [2008.11.06 18:32:43 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IPPCPUID.DLL [2008.11.06 18:32:31 | 000,011,776 | ---- | C] () -- C:\Windows\System32\pmsbfn32.dll [2008.11.06 18:30:48 | 000,000,419 | ---- | C] () -- C:\Windows\MAXLINK.INI [2008.11.02 12:36:21 | 000,000,427 | ---- | C] () -- C:\Windows\ODBC.INI [2008.11.02 11:15:29 | 000,000,189 | ---- | C] () -- C:\Windows\OPHC.INI [2008.08.08 15:49:44 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2005.01.31 09:37:58 | 000,009,255 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI ========== Alternate Data Streams ========== @Alternate Data Stream - 72 bytes -> C:\Windows:70EECF74D560B183 @Alternate Data Stream - 170 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D1B5B4F1 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8 < End of report > |
|
20.06.2010, 15:16
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | IE öffnet selbstständig bei laufenden Firefox
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
20.06.2010, 17:32
| #5 |
| | IE öffnet selbstständig bei laufenden Firefox Habe jetzt mit Malwarebytes gescannt und die markierten Dateien entfernt. Hier ist das logfile: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4052 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 20.06.2010 18:27:42 mbam-log-2010-06-20 (18-27-42).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 314676 Laufzeit: 1 Stunde(n), 27 Minute(n), 31 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 46 Infizierte Registrierungswerte: 6 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 2 Infizierte Dateien: 4 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\explorerbar.funexplorer (Adware.Agent) -> No action taken. HKEY_CLASSES_ROOT\explorerbar.funexplorer.1 (Adware.Agent) -> No action taken. HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.Agent) -> No action taken. HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.Agent) -> No action taken. HKEY_CLASSES_ROOT\explorerbar.scw (Adware.Agent) -> No action taken. HKEY_CLASSES_ROOT\explorerbar.scw.1 (Adware.Agent) -> No action taken. HKEY_CLASSES_ROOT\explorerbar.wme (Adware.Agent) -> No action taken. HKEY_CLASSES_ROOT\explorerbar.wme.1 (Adware.Agent) -> No action taken. HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> No action taken. HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.DoubleD) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{3de88beb-f271-484a-ba71-01d30f439f0c} (Adware.DoubleD) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{50ad41d2-b1f0-47cc-9ea7-395355eaeebd} (Adware.DoubleD) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{8ceb185e-81a5-46d3-bc20-c555d605afbd} (Adware.DoubleD) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{a72522ba-9ff3-4c83-abc6-9b476728a396} (Adware.DoubleD) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{c5762628-ae15-4ca6-96c4-b00dd17f3419} (Adware.DoubleD) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{d062e03e-65ca-49e4-9b15-31938ba98922} (Adware.DoubleD) -> No action taken. HKEY_CLASSES_ROOT\Typelib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> No action taken. HKEY_CLASSES_ROOT\Typelib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.DoubleD) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Explorer\Bars\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Explorer\Bars\{b72681c0-a222-4b21-a0e2-53a5a5ca3d411} (Adware.DoubleD) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\browserzinc (Adware.BrowserZinc) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\BrowserZinc (Adware.BrowserZinc) -> No action taken. HKEY_CURRENT_USER\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} (Adware.DoubleD) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{8141440e-08f0-4339-9959-5c31c6a69f23} (Adware.DoubleD) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{e63605fc-d583-4c81-867f-9457bdb3ea1b} (Adware.DoubleD) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{e889f097-b0be-471b-89ad-b86b6f04b506} (Adware.DoubleD) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\opollmdrv (Trojan.Agent) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fccyaasys (Trojan.Vundo) -> No action taken. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: C:\ProgramData\BrowserZinc (Adware.BrowserZinc) -> No action taken. C:\Program Files\BrowserZinc (Adware.BrowserZinc) -> No action taken. Infizierte Dateien: C:\Program Files\BrowserZinc\uninstall.exe (Adware.BrowserZinc) -> No action taken. C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken. c:\Users\Flieger\AppData\Local\Temp\mlklkk.dll (Trojan.Agent) -> No action taken. c:\Users\Flieger\AppData\Local\Temp\jkjghe.dll (Trojan.Vundo) -> No action taken. |
|
20.06.2010, 18:22
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | IE öffnet selbstständig bei laufenden FirefoxZitat:
__________________ --> IE öffnet selbstständig bei laufenden Firefox |
|
21.06.2010, 13:22
| #7 |
| | IE öffnet selbstständig bei laufenden Firefox Hallo Arne, ich habe nach dem ersten Durchlauf mit aktualisierter Version noch einmal gescannt und dann nur noch 2 bösartige Dateien angezeigt bekommen. Ist denn jetzt der PC sauber? Vielen Dank schon mal für deine Hilfe Toni Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4219 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 21.06.2010 14:19:42 mbam-log-2010-06-21 (14-19-42).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 326255 Laufzeit: 1 Stunde(n), 21 Minute(n), 22 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 2 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Hi Arne, habe 2x die aktualisierte Version durchlaufen lassen und hier kommt das logfile, das offensichtlich einen "sauberen PC" zeigt, oder? Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\opoljisys (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hggfgedrv (Trojan.Agent) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
21.06.2010, 14:55
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | IE öffnet selbstständig bei laufenden Firefox Gut. Ich brauch nun ein neues OTL-Log, da sich das System durch Malwarebytes ja verändert hat.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.06.2010, 16:36
| #9 |
| | IE öffnet selbstständig bei laufenden Firefox Arne, noch zur Info: zwischenzeitlich war ich wieder mit Firefox im Internet und der IE ist nicht mehr aufgegangen. Allerding hat der FF recht lange für den Start gebraucht. Hier erstmal das log von OTL. Toni OTL Logfile: Code:
ATTFilter OTL logfile created on: 21.06.2010 17:26:53 - Run 2 OTL by OldTimer - Version 3.2.6.0 Folder = c:\Users\Flieger\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 70,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 73,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 576,16 Gb Total Space | 418,62 Gb Free Space | 72,66% Space Free | Partition Type: NTFS Drive D: | 20,00 Gb Total Space | 2,75 Gb Free Space | 13,73% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: FLIEGER-PC Current User Name: Flieger Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - c:\Users\Flieger\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools) PRC - C:\Program Files\Registry Mechanic\RMTray.exe (PC Tools ) PRC - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools) PRC - C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools) PRC - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools) PRC - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools) PRC - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.) PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files\SparVoip\sparvoip.exe (SparVoip) PRC - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) PRC - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe (Nokia) PRC - C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia) PRC - C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\AutoHotkey\AutoHotkey.exe () PRC - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe (Google) PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) PRC - C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe (ScanSoft, Inc.) PRC - C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe (SlySoft, Inc.) ========== Modules (SafeList) ========== MOD - c:\Users\Flieger\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Program Files\Spyware Doctor\smum32.dll (PC Tools) MOD - C:\Program Files\Spyware Doctor\PCTGMhk.dll (PC Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (PCToolsSSDMonitorSvc) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools) SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools) SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools) SRV - (Browser Defender Update Service) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (ServiceLayer) -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (GoogleDesktopManager) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe (Google) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) ========== Driver Services (SafeList) ========== DRV - (PCTCore) -- C:\Windows\system32\drivers\PCTCore.sys (PC Tools) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (NuidFltr) -- C:\Windows\System32\drivers\nuidfltr.sys (Microsoft Corporation) DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia) DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia) DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (MSDV) -- C:\Windows\System32\drivers\msdv.sys (Microsoft Corporation) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (61883) -- C:\Windows\System32\drivers\61883.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (Avc) -- C:\Windows\System32\drivers\avc.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV - (ElbyDelay) -- C:\Windows\System32\drivers\ElbyDelay.sys (Elaborate Bytes AG) DRV - (PID_0928) Logitech QuickCam Express(PID_0928) -- C:\Windows\System32\drivers\LV561AV.SYS (Logitech Inc.) DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.) DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.) DRV - (Gigusb) -- C:\Windows\System32\drivers\Gigusb.sys (Siemens AG) DRV - (siellif) -- C:\Windows\System32\drivers\siellif.sys (Siemens AG) DRV - (IUAPIWDM) ISDN USB Interface (Ver. 1.10.0021) -- C:\Windows\System32\drivers\IUAPIWDM.sys (SIEMENS AG) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.arcor.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found IE - HKCU\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "free-downloads.net Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official" FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.1 FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:4.0.0 FF - prefs.js..extensions.enabledItems: fb_add_on@avm.de:1.5.5 FF - prefs.js..extensions.enabledItems: {2A1D5949-B519-4924-BF62-8522FE0D5274}:0.13 FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1 FF - prefs.js..extensions.enabledItems: {56dadc58-4c5e-4815-8553-d6a737f02fc9}:0.3.026 FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.3 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FXTV5&o=101699&locale=en_US&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.08.20 08:39:23 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{AA1ACB70-B5F1-4037-909E-1F725B04D2A8}: C:\Program Files\Smart Content Wizard\1.5.0.3700\FF FF - HKLM\software\mozilla\Firefox\Extensions\\{5909FC3D-7F8B-415d-A5D1-7C7E941E536E}: C:\Program Files\Web Match Enhancer\1.5.0.3710\FF FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.06.11 14:25:19 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.06.12 09:49:03 | 000,000,000 | ---D | M] [2008.11.01 17:47:31 | 000,000,000 | ---D | M] -- C:\Users\Flieger\AppData\Roaming\mozilla\Extensions [2010.06.19 18:30:24 | 000,000,000 | ---D | M] -- C:\Users\Flieger\AppData\Roaming\mozilla\Firefox\Profiles\xpugimxs.default\extensions [2009.07.12 11:04:36 | 000,000,000 | ---D | M] (PDFescape Extension) -- C:\Users\Flieger\AppData\Roaming\mozilla\Firefox\Profiles\xpugimxs.default\extensions\{2A1D5949-B519-4924-BF62-8522FE0D5274} [2009.10.16 15:30:39 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Flieger\AppData\Roaming\mozilla\Firefox\Profiles\xpugimxs.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250} [2010.02.01 16:52:04 | 000,000,000 | ---D | M] (kitadic) -- C:\Users\Flieger\AppData\Roaming\mozilla\Firefox\Profiles\xpugimxs.default\extensions\{56dadc58-4c5e-4815-8553-d6a737f02fc9} [2010.01.29 10:11:28 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Users\Flieger\AppData\Roaming\mozilla\Firefox\Profiles\xpugimxs.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE} [2010.02.01 18:33:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Flieger\AppData\Roaming\mozilla\Firefox\Profiles\xpugimxs.default\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf} [2010.01.09 17:53:27 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Flieger\AppData\Roaming\mozilla\Firefox\Profiles\xpugimxs.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.04.15 09:20:02 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Flieger\AppData\Roaming\mozilla\Firefox\Profiles\xpugimxs.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2010.01.29 10:12:03 | 000,000,000 | ---D | M] (free-downloads.net Toolbar) -- C:\Users\Flieger\AppData\Roaming\mozilla\Firefox\Profiles\xpugimxs.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949} [2010.02.21 15:57:50 | 000,000,000 | ---D | M] -- C:\Users\Flieger\AppData\Roaming\mozilla\Firefox\Profiles\xpugimxs.default\extensions\de-DE@dictionaries.addons.mozilla.org [2009.10.04 15:50:52 | 000,000,000 | ---D | M] -- C:\Users\Flieger\AppData\Roaming\mozilla\Firefox\Profiles\xpugimxs.default\extensions\en-US@dictionaries.addons.mozilla.org [2010.01.20 09:39:07 | 000,000,000 | ---D | M] -- C:\Users\Flieger\AppData\Roaming\mozilla\Firefox\Profiles\xpugimxs.default\extensions\fb_add_on@avm.de [2010.01.20 09:39:07 | 000,000,000 | ---D | M] -- C:\Users\Flieger\AppData\Roaming\mozilla\Firefox\Profiles\xpugimxs.default\extensions\firefox@mailcatch.com [2010.06.12 14:28:41 | 000,000,000 | ---D | M] -- C:\Users\Flieger\AppData\Roaming\mozilla\Firefox\Profiles\xpugimxs.default\extensions\toolbar@ask.com [2010.06.12 14:28:43 | 000,002,427 | ---- | M] () -- C:\Users\Flieger\AppData\Roaming\Mozilla\FireFox\Profiles\xpugimxs.default\searchplugins\askcom.xml [2008.10.28 14:24:00 | 000,000,898 | ---- | M] () -- C:\Users\Flieger\AppData\Roaming\Mozilla\FireFox\Profiles\xpugimxs.default\searchplugins\conduit.xml [2010.04.15 19:16:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010.04.14 19:06:01 | 000,000,000 | ---D | M] (BrowserZinc) -- C:\Program Files\Mozilla Firefox\extensions\{52ED9673-0722-4A1D-B859-959FD56143DC} [2010.04.15 19:16:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010.06.12 09:48:29 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll [2010.06.11 14:25:17 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.06.11 14:25:17 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.06.11 14:25:17 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.06.11 14:25:17 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.06.11 14:25:17 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.) O2 - BHO: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found O2 - BHO: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found O3 - HKLM\..\Toolbar: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (free-downloads.net Toolbar) - {ECDEE021-0D17-467F-A1FF-C7A115230949} - C:\Program Files\free-downloads.net\tbfre1.dll (Conduit Ltd.) O4 - HKLM..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe (SlySoft, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Communication Today Task] C:\Program Files\Communication Today\1.5.0.2200\InternetToday.exe File not found O4 - HKLM..\Run: [ElbyCheckAnyDVD] C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe (Elaborate Bytes AG) O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) O4 - HKLM..\Run: [NokiaMusic FastStart] C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe (Nokia) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.) O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.) O4 - HKLM..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe ( ) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team) O4 - HKCU..\Run: [Halo2] C:\Users\Flieger\AppData\Local\Temp\sshnas21.DLL File not found O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe (PC Tools ) O4 - HKCU..\Run: [SparVoip] C:\Program Files\SparVoip\sparvoip.exe (SparVoip) O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Flieger\Desktop\Eigene Bilder\Bundeswehr\Toni\CIMG1062.JPG O24 - Desktop BackupWallPaper: C:\Users\Flieger\Desktop\Eigene Bilder\Bundeswehr\Toni\CIMG1062.JPG O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.06.19 18:18:38 | 000,000,000 | ---D | C] -- C:\Users\Flieger\AppData\Roaming\Malwarebytes [2010.06.19 18:17:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.06.19 18:17:56 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.06.19 18:17:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.06.19 18:17:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.06.18 16:54:51 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch [2010.06.18 14:31:05 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBox210.ocx [2010.06.18 14:31:05 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBox10.ocx [2010.06.18 14:31:05 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBoxVB12.ocx [2010.06.18 14:31:04 | 000,506,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml.dll [2010.06.18 14:30:59 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic [2010.06.18 14:27:45 | 000,000,000 | ---D | C] -- C:\Users\Flieger\AppData\Local\Threat Expert [2010.06.18 13:23:16 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll.old [2010.06.18 13:23:16 | 001,652,664 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll [2010.06.18 13:23:16 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll [2010.06.18 13:23:16 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll [2010.06.18 13:21:17 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys [2010.06.18 13:21:17 | 000,100,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys [2010.06.18 13:21:16 | 000,218,592 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys [2010.06.18 13:21:16 | 000,088,040 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys [2010.06.18 13:21:13 | 000,063,360 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys [2010.06.18 13:21:04 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor [2010.06.18 13:21:04 | 000,000,000 | ---D | C] -- C:\Users\Flieger\AppData\Roaming\PC Tools [2010.06.18 13:21:04 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2010.06.18 13:21:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools [2010.06.18 13:20:49 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2010.06.17 15:05:15 | 000,000,000 | ---D | C] -- C:\Users\Flieger\AppData\Roaming\Foxit Software [2010.06.12 09:49:22 | 000,000,000 | ---D | C] -- C:\Users\Flieger\AppData\Roaming\Foxit [2010.06.12 09:49:08 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com [2010.06.12 09:49:03 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software [2010.06.11 16:43:17 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2010.06.11 16:43:17 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll [2010.06.11 16:43:16 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2010.06.11 16:43:13 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.06.11 16:43:13 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.06.11 16:43:13 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2010.06.11 16:43:12 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2010.06.11 16:43:06 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.05.26 09:18:06 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010.05.25 17:00:02 | 000,000,000 | ---D | C] -- C:\celtic_md ========== Files - Modified Within 30 Days ========== [2010.06.21 17:26:49 | 003,932,160 | -HS- | M] () -- C:\Users\Flieger\NTUSER.DAT [2010.06.21 17:03:58 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.06.21 17:03:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.06.21 14:47:04 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.06.21 14:47:04 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.06.21 12:52:34 | 001,442,856 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.06.21 12:52:34 | 000,626,530 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.06.21 12:52:34 | 000,595,306 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.06.21 12:52:34 | 000,126,026 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.06.21 12:52:34 | 000,104,442 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.06.21 12:49:45 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2010.06.21 12:47:08 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.06.21 12:47:06 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.06.21 12:46:58 | 3219,312,640 | -HS- | M] () -- C:\hiberfil.sys [2010.06.21 12:46:05 | 000,524,288 | -HS- | M] () -- C:\Users\Flieger\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.06.21 12:46:05 | 000,065,536 | -HS- | M] () -- C:\Users\Flieger\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.06.21 12:45:46 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.06.21 12:45:40 | 002,624,567 | -H-- | M] () -- C:\Users\Flieger\AppData\Local\IconCache.db [2010.06.20 16:52:17 | 000,000,782 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.06.19 18:34:30 | 000,002,597 | ---- | M] () -- C:\Users\Flieger\Desktop\Microsoft Office Word 2003.lnk [2010.06.19 14:53:35 | 001,714,320 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.06.19 12:36:32 | 000,101,872 | ---- | M] () -- C:\Users\Flieger\AppData\Local\GDIPFONTCACHEV1.DAT [2010.06.19 11:29:58 | 000,027,136 | ---- | M] () -- C:\Users\Flieger\Desktop\Rittermahles.doc [2010.06.18 15:28:29 | 003,649,536 | ---- | M] () -- C:\Users\Flieger\s-1-5-21-3457977028-191445282-2813071779-1001.rrr [2010.06.18 14:31:05 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\Registry Mechanic.lnk [2010.06.18 13:21:15 | 000,001,709 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk [2010.06.15 18:10:06 | 000,002,339 | ---- | M] () -- C:\Users\Flieger\Desktop\Skype.lnk [2010.06.12 09:49:14 | 000,000,987 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2010.06.12 03:08:15 | 000,000,290 | ---- | M] () -- C:\Windows\win.ini [2010.06.08 04:16:01 | 000,763,832 | ---- | M] () -- C:\Windows\BDTSupport.dll [2010.06.08 02:21:02 | 001,652,664 | ---- | M] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll [2010.06.06 17:53:21 | 000,025,088 | ---- | M] () -- C:\Users\Flieger\Desktop\Angebot eines Rittermahles.doc [2010.05.26 19:06:41 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2010.05.26 16:47:41 | 000,289,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll ========== Files Created - No Company Name ========== [2010.06.19 18:18:00 | 000,000,782 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.06.19 11:29:58 | 000,027,136 | ---- | C] () -- C:\Users\Flieger\Desktop\Rittermahles.doc [2010.06.18 15:28:28 | 003,649,536 | ---- | C] () -- C:\Users\Flieger\s-1-5-21-3457977028-191445282-2813071779-1001.rrr [2010.06.18 14:31:05 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\Registry Mechanic.lnk [2010.06.18 13:23:17 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll.old [2010.06.18 13:23:17 | 000,763,832 | ---- | C] () -- C:\Windows\BDTSupport.dll [2010.06.18 13:23:16 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip [2010.06.18 13:23:16 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml [2010.06.18 13:23:16 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml [2010.06.18 13:23:16 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip [2010.06.18 13:21:17 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat [2010.06.18 13:21:16 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat [2010.06.18 13:21:16 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat [2010.06.18 13:21:15 | 000,001,709 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk [2010.06.18 13:21:13 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat [2010.06.12 09:49:14 | 000,000,987 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2010.06.06 17:53:21 | 000,025,088 | ---- | C] () -- C:\Users\Flieger\Desktop\Angebot eines Rittermahles.doc [2010.05.27 08:55:53 | 000,280,952 | ---- | C] () -- C:\UngerFrakturZierbuchstaben.ttf [2010.05.27 08:55:53 | 000,117,628 | ---- | C] () -- C:\Jugend.ttf [2010.05.27 08:55:53 | 000,055,404 | ---- | C] () -- C:\CHC.TTF [2009.12.20 15:36:45 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2009.10.21 07:51:37 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.06.16 16:42:13 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2009.06.16 16:41:41 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2009.03.05 17:24:09 | 000,000,008 | ---- | C] () -- C:\Windows\odbcddp.ini [2009.03.05 17:24:09 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI [2009.03.05 17:24:08 | 000,000,034 | ---- | C] () -- C:\Windows\odbcisam.ini [2008.12.21 17:36:36 | 000,015,360 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll [2008.12.06 20:18:38 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2008.11.10 07:56:09 | 000,000,510 | ---- | C] () -- C:\Windows\Siemens.INI [2008.11.06 18:32:43 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IPPCPUID.DLL [2008.11.06 18:32:31 | 000,011,776 | ---- | C] () -- C:\Windows\System32\pmsbfn32.dll [2008.11.06 18:30:48 | 000,000,419 | ---- | C] () -- C:\Windows\MAXLINK.INI [2008.11.02 12:36:21 | 000,000,427 | ---- | C] () -- C:\Windows\ODBC.INI [2008.11.02 11:15:29 | 000,000,189 | ---- | C] () -- C:\Windows\OPHC.INI [2008.08.08 15:49:44 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2005.01.31 09:37:58 | 000,009,255 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI ========== Alternate Data Streams ========== @Alternate Data Stream - 72 bytes -> C:\Windows:70EECF74D560B183 @Alternate Data Stream - 170 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D1B5B4F1 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8 < End of report > |
|
21.06.2010, 18:54
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | IE öffnet selbstständig bei laufenden Firefox Ok, ich würde aber noch einen Durchgang mit CF empfehlen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.07.2010, 15:53
| #11 |
| | IE öffnet selbstständig bei laufenden Firefox Hallo Arne, war einige Tage weg, deshalb erst jetzt die Zusendung der Auswertung: Combofix Logfile: Code:
ATTFilter ComboFix 10-07-01.02 - Flieger 03.07.2010 15:46:01.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3069.1825 [GMT 2:00]
ausgeführt von:: c:\users\Flieger\Desktop\cofi.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 72 bytes in 1 streams.
((((((((((((((((((((((( Dateien erstellt von 2010-06-03 bis 2010-07-03 ))))))))))))))))))))))))))))))
.
2010-07-03 13:53 . 2010-07-03 13:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-03 13:39 . 2010-07-03 13:39 -------- d-----w- c:\program files\CCleaner
2010-06-30 06:18 . 2010-06-21 19:00 501936 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb8350.tmp.exe
2010-06-29 06:14 . 2010-06-29 07:03 -------- d-----w- C:\8a772b7f6e7cf71159c506
2010-06-25 01:01 . 2009-11-08 08:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-25 01:01 . 2009-11-08 08:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-25 01:01 . 2009-11-08 08:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-25 01:01 . 2009-11-08 08:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-25 01:01 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-24 06:49 . 2010-04-16 16:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-24 06:49 . 2010-04-16 14:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-19 16:18 . 2010-06-19 16:18 -------- d-----w- c:\users\Flieger\AppData\Roaming\Malwarebytes
2010-06-19 16:17 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-19 16:17 . 2010-06-19 16:17 -------- d-----w- c:\programdata\Malwarebytes
2010-06-19 16:17 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-19 16:17 . 2010-06-21 15:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-18 14:54 . 2010-06-18 14:54 -------- d-----w- c:\programdata\WindowsSearch
2010-06-18 12:31 . 2004-08-04 05:00 506368 ----a-w- c:\windows\system32\msxml.dll
2010-06-18 12:27 . 2010-06-18 12:27 -------- d-----w- c:\users\Flieger\AppData\Local\Threat Expert
2010-06-18 11:23 . 2010-06-08 02:16 763832 ----a-w- c:\windows\BDTSupport.dll
2010-06-18 11:23 . 2010-06-08 00:21 1652664 ----a-w- c:\windows\PCTBDCore.dll
2010-06-18 11:23 . 2010-01-22 06:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-06-18 11:23 . 2010-01-22 06:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-06-18 11:23 . 2009-10-27 22:36 1152444 ----a-w- c:\windows\UDB.zip
2010-06-18 11:23 . 2008-11-26 09:08 131 ----a-w- c:\windows\IDB.zip
2010-06-18 11:21 . 2010-02-05 07:18 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-06-18 11:21 . 2010-02-05 07:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-06-18 11:21 . 2010-03-29 08:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-06-18 11:21 . 2009-11-23 11:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-06-18 11:21 . 2010-04-08 12:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-06-18 11:21 . 2010-07-03 13:44 -------- d-----w- c:\program files\Spyware Doctor
2010-06-18 11:21 . 2010-06-18 12:31 -------- d-----w- c:\program files\Common Files\PC Tools
2010-06-18 11:21 . 2010-06-18 11:21 -------- d-----w- c:\users\Flieger\AppData\Roaming\PC Tools
2010-06-18 11:21 . 2010-06-18 11:21 -------- d-----w- c:\programdata\PC Tools
2010-06-17 13:05 . 2010-06-17 13:05 -------- d-----w- c:\users\Flieger\AppData\Roaming\Foxit Software
2010-06-12 07:49 . 2010-06-12 07:49 -------- d-----w- c:\users\Flieger\AppData\Roaming\Foxit
2010-06-12 07:49 . 2010-06-19 11:08 -------- d-----w- c:\program files\Ask.com
2010-06-12 07:49 . 2010-06-12 07:49 -------- d-----w- c:\program files\Foxit Software
2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\22260\AdobeARM.exe
2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\22260\AdobeExtractFiles.dll
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\22260\ReaderUpdater.exe
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\22260\AcrobatUpdater.exe
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-03 13:28 . 2008-01-21 07:15 636830 ----a-w- c:\windows\system32\perfh007.dat
2010-07-03 13:28 . 2008-01-21 07:15 129638 ----a-w- c:\windows\system32\perfc007.dat
2010-07-03 13:25 . 2008-10-21 15:57 101872 ----a-w- c:\users\Flieger\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-03 13:22 . 2009-09-14 13:48 12 ----a-w- c:\windows\bthservsdp.dat
2010-07-03 07:14 . 2008-08-04 11:59 -------- d-----w- c:\programdata\Microsoft Help
2010-07-02 14:16 . 2008-11-22 09:33 -------- d-----w- c:\programdata\Google Updater
2010-06-29 06:16 . 2008-08-04 12:00 -------- d-----w- c:\program files\Microsoft.NET
2010-06-25 01:19 . 2009-03-24 16:51 -------- d-----w- c:\users\Flieger\AppData\Roaming\Skype
2010-06-25 01:00 . 2008-11-02 16:12 -------- d-----w- c:\users\Flieger\AppData\Roaming\skypePM
2010-06-12 01:24 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-11 06:18 . 2008-08-04 09:13 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-30 06:42 . 2010-03-12 18:47 443912 ----a-w- c:\users\Flieger\AppData\Roaming\Real\Update\setup3.10\setup.exe
2010-05-27 09:26 . 2009-01-26 09:31 -------- d-----w- c:\program files\Okidata
2010-05-26 17:06 . 2010-06-11 14:43 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-11 14:43 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 12:14 . 2009-10-03 06:01 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 10:17 . 2008-12-06 18:20 -------- d-----w- c:\program files\free-downloads.net
2010-05-05 18:02 . 2010-04-23 08:49 -------- d-----w- c:\program files\Opera
2010-05-04 19:15 . 2010-06-11 14:43 834048 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 18:37 . 2010-06-11 14:43 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-01 14:13 . 2010-06-11 14:43 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-04-23 14:13 . 2010-05-26 07:18 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-20 19:28 . 2010-04-20 19:28 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb8D29.tmp.exe
2010-04-16 16:43 . 2010-06-24 06:49 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-04-16 16:43 . 2010-06-24 06:49 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-04-16 16:43 . 2010-06-24 06:49 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-04-16 16:43 . 2010-06-24 06:49 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-04-12 15:29 . 2010-04-15 17:16 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-05 17:01 . 2010-06-11 14:43 67072 ----a-w- c:\windows\system32\asycfilt.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfre1.dll" [2010-05-18 2515552]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2010-05-18 10:17 2515552 ----a-w- c:\program files\free-downloads.net\tbfre1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfre1.dll" [2010-05-18 2515552]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfre1.dll" [2010-05-18 2515552]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"SparVoip"="c:\program files\SparVoip\sparvoip.exe" [2009-11-16 9167144]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-11-23 203720]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2008-01-21 49664]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-22 39408]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"RegistryMechanic"="c:\program files\Registry Mechanic\RMTray.exe" [2010-04-08 292824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-09 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-09 92704]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-10-21 220160]
"toolbar_eula_launcher"="c:\program files\GoogleEULA\EULALauncher.exe" [2007-02-09 16896]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 155648]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"ElbyCheckAnyDVD"="c:\program files\SlySoft\AnyDVD\ElbyCheck.exe" [2002-11-02 45056]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVD.exe" [2003-08-22 210432]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-14 198160]
"NokiaMusic FastStart"="c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe" [2009-11-06 2090272]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-05-11 1287120]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-04-08 104408]
" Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):62,24,19,2f,0e,74,ca,01
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca7c8bd23c0a25;Google Update Service (gupdate1ca7c8bd23c0a25);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-14 133104]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 Gigusb;Dect USB Driver;c:\windows\system32\Drivers\Gigusb.sys [2002-10-22 59070]
R3 IUAPIWDM;ISDN USB Interface (Ver. 1.10.0021);c:\windows\system32\DRIVERS\IUAPIWDM.sys [2001-07-20 49344]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-03-19 136704]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-03-19 8320]
R3 siellif;siellif;c:\windows\system32\Drivers\siellif.sys [2002-10-22 115856]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2008-12-06 717296]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-03-29 218592]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-02-03 1155072]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-04-08 632792]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]
--- Andere Dienste/Treiber im Speicher ---
*Deregistered* - PCTSDInjDriver32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
2010-07-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-21 07:51]
2010-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-14 07:05]
2010-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-14 07:05]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.arcor.de/
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4
TCP: {4F1DE4D0-DB2E-4BB7-AEBE-9BA81C9B114A} = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\Flieger\AppData\Roaming\Mozilla\Firefox\Profiles\xpugimxs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FXTV5&o=101699&locale=en_US&q=
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\users\Flieger\AppData\Roaming\Mozilla\Firefox\Profiles\xpugimxs.default\extensions\fb_add_on@avm.de\components\FB_AddOn.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-07-03 15:53
Windows 6.0.6002 Service Pack 2 NTFS
detected NTDLL code modification:
ZwClose
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'Explorer.exe'(5788)
c:\program files\Spyware Doctor\pctgmhk.dll
c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
.
Zeit der Fertigstellung: 2010-07-03 15:57:45
ComboFix-quarantined-files.txt 2010-07-03 13:57
Vor Suchlauf: 15 Verzeichnis(se), 462.804.205.568 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 462.741.671.936 Bytes frei
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 1962DCDB305CAF23379A1A45EC71665E
Vielleicht hast du auch noch eine Idee, wie man den Firefox schneller an den Start bekommt. Grüße aus dem heißen Köln Toni |
|
03.07.2010, 16:01
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | IE öffnet selbstständig bei laufenden Firefox Wie lange braucht der FF zum Starten denn??
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.07.2010, 17:07
| #13 |
| | IE öffnet selbstständig bei laufenden Firefox Habs gerade nochmal probiert: 25 sec., wenn ich ihn aus dem Desktop aufrufe. Toni |
|
04.07.2010, 18:38
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | IE öffnet selbstständig bei laufenden Firefox Nur der Firefox braucht so lange zum Starten? Oder auch andere Programme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.07.2010, 20:05
| #15 |
| | IE öffnet selbstständig bei laufenden Firefox Arne, nur der FF braucht so lange. Alle anderen Programme starten ganz schnell. Toni |
|
| Themen zu IE öffnet selbstständig bei laufenden Firefox |
| antivir, antivir guard, ask toolbar, ask.com, avira, bho, bonjour, browser, browser guard, computer, desktop, ebay, excel, firefox, google, gupdate, hijack, hijackthis, local\temp, logfile, mozilla, plug-in, problem, registry, remote access, security, senden, skype.exe, software, spyware, sshnas21.dll, system, vista, windows |
Linear-Darstellung
