Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Antivir-Fund: BOO/Whistler.DB - Objekt:Masterbootsektor HD1 sowie Masterbootsektor der ext. HD (F:)

Antivir-Fund: BOO/Whistler.DB - Objekt:Masterbootsektor HD1 sowie Masterbootsektor der ext. HD (F:)


Log-Analyse und Auswertung: Antivir-Fund: BOO/Whistler.DB - Objekt:Masterbootsektor HD1 sowie Masterbootsektor der ext. HD (F:)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Seite 2 von 2 1 2
Alt 13.09.2012, 14:50   #16
schrauber
/// the machine
/// TB-Ausbilder
 
Antivir-Fund: BOO/Whistler.DB - Objekt:Masterbootsektor HD1 sowie Masterbootsektor der ext. HD (F:) - Standard

Antivir-Fund: BOO/Whistler.DB - Objekt:Masterbootsektor HD1 sowie Masterbootsektor der ext. HD (F:)


Hi,


Scripten mit Combofix

  • Öffne den Editor ( Start -> Zubehör -> Editor ) kopiere nun folgenden Text in das weiße Feld:
Code:
ATTFilter
Driver::
KOBCCEX
KOBCCID
XDva382
XDva383

File::
c:\windows\system32\drivers\KOBCCEX.sys
c:\windows\system32\drivers\KOBCCID.sys
c:\windows\system32\XDva382.sys
c:\windows\system32\XDva383.sys
Speichere diese Datei nun auf dem Desktop unter -> cfscript.txt
  • Nun die Datei cfscript.txt mit der rechten Maustaste auf das Sysmbol von Combofix ziehen!

  • Danach das Combofix nochmal ausführen, das System neu starten und das Log von Combofix posten


Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann




Malwarebytes updaten, quick scan, funde löschen, Log hier posten.




Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.






ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Poste bitte noch ein frisches OTL logfile. Wie läuft der Rechner?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 13.09.2012, 15:24   #17
mifi
 
Antivir-Fund: BOO/Whistler.DB - Objekt:Masterbootsektor HD1 sowie Masterbootsektor der ext. HD (F:) - Standard

Antivir-Fund: BOO/Whistler.DB - Objekt:Masterbootsektor HD1 sowie Masterbootsektor der ext. HD (F:)


hello,

wenn ich die txt.-datei aufs combofix-icon ziehe startet combofix ja gleich wieder und es resultiert ein absturz...
__________________
Alt 13.09.2012, 15:42   #18
schrauber
/// the machine
/// TB-Ausbilder
 
Antivir-Fund: BOO/Whistler.DB - Objekt:Masterbootsektor HD1 sowie Masterbootsektor der ext. HD (F:) - Standard

Antivir-Fund: BOO/Whistler.DB - Objekt:Masterbootsektor HD1 sowie Masterbootsektor der ext. HD (F:)


Ok, dann machen wir jetzt mal was ganz geiles

Combofix und die CFScript.txt müssen beide auf dem desktop sein!

Start > Ausführen:

"%userprofile%\Desktop\ComboFix" /nombr "%userprofile%\Desktop\CFScript.txt"

Achtung!!

Leerzeichen wie gehabt vor /nombr und ein Leerzeichen nach nombr!
__________________
__________________
Alt 14.09.2012, 11:57   #19
mifi
 
Antivir-Fund: BOO/Whistler.DB - Objekt:Masterbootsektor HD1 sowie Masterbootsektor der ext. HD (F:) - Standard

Antivir-Fund: BOO/Whistler.DB - Objekt:Masterbootsektor HD1 sowie Masterbootsektor der ext. HD (F:)


ok hier die logs:

combofix:
Code:
ATTFilter
ComboFix 12-09-13.01 - xx 09/13/2012  16:55:30.2.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3037.1925 [GMT 2:00]
Running from: c:\users\xx\Desktop\ComboFix.exe
Command switches used :: /nombr  c:\users\xx\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\xx\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_COMSysApp
.
.
(((((((((((((((((((((((((   Files Created from 2012-08-13 to 2012-09-13  )))))))))))))))))))))))))))))))
.
.
2012-09-13 15:03 . 2012-09-13 15:03	--------	d-----w-	C:\microsoft
2012-09-13 15:02 . 2012-09-13 15:02	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-09-13 13:45 . 2012-09-13 13:45	--------	d-----w-	c:\program files\Common Files\Java
2012-09-13 13:45 . 2012-09-13 13:45	93672	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2012-09-12 07:27 . 2012-08-22 17:16	712048	----a-w-	c:\windows\system32\drivers\ndis.sys
2012-09-12 07:27 . 2012-07-04 19:45	33280	----a-w-	c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 07:27 . 2012-08-22 17:16	1292144	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-09-12 07:27 . 2012-08-22 17:16	240496	----a-w-	c:\windows\system32\drivers\netio.sys
2012-09-12 07:27 . 2012-08-22 17:16	187760	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 07:27 . 2012-08-02 16:57	490496	----a-w-	c:\windows\system32\d3d10level9.dll
2012-09-11 23:43 . 2012-09-13 15:03	56200	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{8F4F3636-887A-4822-A7E7-C03F73C8E4D8}\offreg.dll
2012-09-11 10:52 . 2012-08-23 07:15	7022536	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{8F4F3636-887A-4822-A7E7-C03F73C8E4D8}\mpengine.dll
2012-09-08 13:39 . 2012-09-11 11:34	--------	d-----w-	C:\TDSSKiller_Quarantine
2012-09-07 21:57 . 2012-09-07 21:57	73696	----a-w-	c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-09-07 12:34 . 2012-09-07 12:34	--------	d-----w-	c:\program files\ESET
2012-09-07 12:21 . 2012-05-04 09:59	514560	----a-w-	c:\windows\system32\qdvd.dll
2012-09-06 23:00 . 2012-09-07 00:28	--------	d-----w-	c:\programdata\SecTaskMan
2012-09-06 23:00 . 2012-09-06 23:00	--------	d-----w-	c:\program files\Security Task Manager
2012-09-06 22:28 . 2012-09-06 22:28	--------	d-----w-	c:\users\xx\AppData\Roaming\Malwarebytes
2012-09-06 22:28 . 2012-09-06 22:28	--------	d-----w-	c:\programdata\Malwarebytes
2012-09-06 22:28 . 2012-09-06 22:28	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-09-06 22:28 . 2012-07-03 11:46	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-09-06 20:07 . 2012-09-06 20:07	--------	d-----w-	C:\bd_logs
2012-09-06 12:15 . 2012-09-07 23:07	--------	d-----w-	c:\programdata\xtffwgbyekmqwbw
2012-08-21 06:52 . 2012-08-21 06:52	565616	----a-w-	c:\program files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor14.dll
2012-08-16 05:27 . 2012-07-18 17:47	2345984	----a-w-	c:\windows\system32\win32k.sys
2012-08-16 05:27 . 2012-05-05 07:46	400896	----a-w-	c:\windows\system32\srcore.dll
2012-08-16 05:27 . 2012-07-04 21:14	41984	----a-w-	c:\windows\system32\browcli.dll
2012-08-16 05:27 . 2012-07-04 21:14	102912	----a-w-	c:\windows\system32\browser.dll
2012-08-16 05:27 . 2012-02-11 05:43	492032	----a-w-	c:\windows\system32\win32spl.dll
2012-08-16 05:27 . 2012-02-11 05:37	317440	----a-w-	c:\windows\system32\spoolsv.exe
2012-08-16 05:27 . 2012-05-14 04:33	769024	----a-w-	c:\windows\system32\localspl.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-13 13:45 . 2012-05-09 16:12	821736	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-09-13 13:45 . 2010-08-22 23:29	746984	----a-w-	c:\windows\system32\deployJava1.dll
2012-08-15 16:24 . 2012-06-14 12:56	426184	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-08-15 16:24 . 2011-05-14 14:22	70344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-17 18:22 . 2011-02-06 00:48	22328	----a-w-	c:\users\xx\AppData\Roaming\PnkBstrK.sys
2012-07-17 18:21 . 2012-02-10 10:13	103736	----a-w-	c:\windows\system32\PnkBstrB.ex0
2012-07-12 15:03 . 2012-07-12 15:03	3262	----a-w-	c:\windows\system32\ealregsnapshot1.reg
2012-09-07 21:57 . 2011-04-23 18:23	266720	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-06-08 21432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-21 476512]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-14 34088]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2009-09-05 385024]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-06-08 3521464]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\xx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\xx\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CardManagementTool.lnk - c:\program files\KOBIL Systems\KOBIL Smart Key\Smart Key\Microsoft CSP\CMT.exe [2010-8-22 1069056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer6"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-20 19:28	59240	----a-w-	c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 03:09	421736	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 KOBCCEX;KOBCCEX;c:\windows\system32\drivers\KOBCCEX.sys [x]
R3 KOBCCID;KOBCCID;c:\windows\system32\drivers\KOBCCID.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [x]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 XDva382;XDva382;c:\windows\system32\XDva382.sys [x]
R3 XDva383;XDva383;c:\windows\system32\XDva383.sys [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [x]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 enecirhid;ENE CIR HID Receiver;c:\windows\system32\DRIVERS\enecirhid.sys [x]
S3 enecirhidma;ENE CIR HIDmini Filter;c:\windows\system32\DRIVERS\enecirhidma.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-14 16:24]
.
2012-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-24 19:25]
.
2012-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-24 19:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.hotspotshield.com/g/?c=h
uInternet Settings,ProxyOverride = *.local
IE: &Citavi Picker... - file://c:\program files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\wd3myjq5.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - chrome://fastdial/content/fastdial.html
FF - prefs.js: keyword.URL - hxxp://utils.babylon.com/abt/index.php?url=
FF - prefs.js: network.proxy.type - 2
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-17185805-2931279960-2750159110-1000\Software\SecuROM\License information*]
"datasecu"=hex:9e,be,b3,9e,6a,11,91,95,53,25,7e,5d,fe,6e,9b,eb,f4,a8,d9,3a,56,
   d0,25,a9,b0,bc,27,16,70,5d,90,18,f3,8f,de,dd,2b,e4,74,c7,5c,0a,db,28,d4,68,\
"rkeysecu"=hex:54,a7,5e,99,73,31,48,81,08,cb,af,ec,2b,7b,90,b1
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\windows\system32\brsvc01a.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
c:\windows\system32\brss01a.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\ThpSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\conhost.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-09-13  17:09:49 - machine was rebooted
ComboFix-quarantined-files.txt  2012-09-13 15:09
ComboFix2.txt  2012-09-13 13:10
.
Pre-Run: 66,808,741,888 bytes free
Post-Run: 66,219,483,136 bytes free
.
- - End Of File - - 398E71B7452B4DE49BE87CB2F76755C4
mbam:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.13.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
xx:: xx PC [Administrator]

9/13/2012 5:26:56 PM
mbam-log-2012-09-13 (17-26-56).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 205272
Laufzeit: 5 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
aswmbr:

Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-13 17:33:55
-----------------------------
17:33:55.129    OS Version: Windows 6.1.7601 Service Pack 1
17:33:55.129    Number of processors: 2 586 0x170A
17:33:55.129    ComputerName: xx-PC  UserName: xx
17:33:56.205    Initialize success
17:36:14.158    AVAST engine defs: 12091300
17:52:13.433    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
17:52:13.433    Disk 0 Vendor: Hitachi_HTS545050B9A300 PB4OC64G Size: 476940MB BusType: 11
17:52:13.473    Disk 0 MBR read successfully
17:52:13.473    Disk 0 MBR scan
17:52:13.473    Disk 0 unknown MBR code
17:52:13.493    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS         1500 MB offset 2048
17:52:13.503    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       238470 MB offset 3074048
17:52:13.533    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       236969 MB offset 491460608
17:52:13.543    Disk 0 scanning sectors +976773120
17:52:13.853    Disk 0 scanning C:\Windows\system32\drivers
17:52:27.466    Service scanning
17:53:13.947    Modules scanning
17:53:31.089    Disk 0 trace - called modules:
17:53:31.448    ntkrnlpa.exe CLASSPNP.SYS disk.sys thpdrv.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys 
17:53:31.454    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x865b5030]
17:53:31.459    3 CLASSPNP.SYS[8b40459e] -> nt!IofCallDriver -> \Device\THPDRV1[0x865b3030]
17:53:31.465    5 thpdrv.sys[8b7e7bd9] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x864ab338]
17:53:32.296    AVAST engine scan C:\Windows
17:53:35.719    AVAST engine scan C:\Windows\system32
17:57:57.885    AVAST engine scan C:\Windows\system32\drivers
17:58:14.240    AVAST engine scan C:\Users\xx
18:12:14.342    AVAST engine scan C:\ProgramData
18:13:56.262    Scan finished successfully
18:15:24.078    Disk 0 MBR has been saved successfully to "C:\Users\xx\Desktop\MBR.dat"
18:15:24.078    The log file has been saved successfully to "C:\Users\xx\Desktop\aswMBR.txt"
beim eset scan hab ich vergessen eine logfile zu erstellen, es wurde aber auch nichts gefunden.

allerdings hat antivir gestern und vorgestern jeweils (automatisch) einen trojaner endeckt:

am 12.09: C:\Users\xx\AppData\Local\Temp\resoancwmx.exe [TR\Kazy.92382.1]

am 13.09: C:\ProgramData\ubbitbtlgtfzhom.exe [TR\Weelsof.LE.6]

ansonsten läuft das system stabil, keinerlei störungen o.ä.

hier auch noch mal die OTL-logfile:


[/CODE]

OTL:

Code:
ATTFilter
OTL logfile created on: 9/14/2012 12:20:39 PM - Run 1
OTL by OldTimer - Version 3.2.61.3     Folder = C:\Users\xx\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.97 Gb Total Physical Memory | 1.68 Gb Available Physical Memory | 56.81% Memory free
5.93 Gb Paging File | 4.34 Gb Available in Paging File | 73.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 60.73 Gb Free Space | 26.08% Space Free | Partition Type: NTFS
Drive D: | 231.42 Gb Total Space | 216.86 Gb Free Space | 93.71% Space Free | Partition Type: NTFS
Drive F: | 465.65 Gb Total Space | 304.97 Gb Free Space | 65.49% Space Free | Partition Type: FAT32
 
Computer Name: XX-PC | User Name: xx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\xx\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Users\xx\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Hotspot Shield\bin\openvpntray.exe ()
PRC - C:\Program Files\Hotspot Shield\bin\openvpnas.exe ()
PRC - C:\Program Files\Hotspot Shield\bin\hsswd.exe ()
PRC - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Microsoft Office\Office14\WINWORD.EXE (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Windows\System32\ThpSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\KOBIL Systems\KOBIL Smart Key\Smart Key\Microsoft CSP\CMT.exe (KOBIL Systems GmbH)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\xx\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\31fab24c51c0cfe8b8115f24545f169f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files\Hotspot Shield\bin\lang\gui-eng.dll ()
MOD - C:\Program Files\Hotspot Shield\bin\openvpntray.exe ()
MOD - C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll ()
MOD - C:\Windows\assembly\GAC\Interop.SHDocVw\1.1.0.0__4b827ebe229d539f\Interop.SHDocVw.dll ()
MOD - C:\Windows\assembly\GAC_32\Asz.Citavi.IEPicker\1.0.0.0__f59eabe05cc67589\Asz.Citavi.IEPicker.dll ()
MOD - C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\Toshiba\TBS\NotifyTBS.dll ()
MOD - C:\Program Files\Toshiba\FlashCards\Hotkey\FnZ.dll ()
MOD - C:\Program Files\Toshiba\FlashCards\BlackPng.dll ()
MOD - C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (HssTrayService) -- C:\Program Files\Hotspot Shield\bin\HSSTrayService.exe ()
SRV - (hshld) -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe ()
SRV - (HssWd) -- C:\Program Files\Hotspot Shield\bin\hsswd.exe ()
SRV - (HssSrv) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (Thpsrv) -- C:\Windows\System32\ThpSrv.exe (TOSHIBA Corporation)
SRV - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (XDva383) -- C:\Windows\system32\XDva383.sys File not found
DRV - (XDva382) -- C:\Windows\system32\XDva382.sys File not found
DRV - (Tosrfcom) --  File not found
DRV - (catchme) -- C:\Users\xx\AppData\Local\Temp\catchmeirbk.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (DrvAgent32) -- C:\Windows\System32\drivers\DrvAgent32.sys (Phoenix Technologies)
DRV - (HssDrv) -- C:\Windows\System32\drivers\HssDrv.sys (AnchorFree Inc.)
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdbus) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (androidusb) -- C:\Windows\System32\drivers\ssadadb.sys (Google Inc)
DRV - (ssadmdfl) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (MSHUSBVideo) -- C:\Windows\System32\drivers\nx6000.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (KOBCCEX) -- C:\Windows\System32\drivers\KOBCCEX.sys (KOBIL Systems GmbH)
DRV - (KOBCCID) -- C:\Windows\System32\drivers\KOBCCID.sys (KOBIL Systems GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (NETw5s32) -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (Thpdrv) -- C:\Windows\System32\drivers\thpdrv.sys (TOSHIBA Corporation)
DRV - (Thpevm) -- C:\Windows\System32\drivers\Thpevm.sys (TOSHIBA Corporation)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation)
DRV - (mod7700) -- C:\Windows\System32\drivers\dvb7700all.sys (DiBcom)
DRV - (LPCFilter) -- C:\Windows\System32\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV - (enecirhid) -- C:\Windows\System32\drivers\enecirhid.sys (ENE TECHNOLOGY INC.)
DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (enecirhidma) -- C:\Windows\System32\drivers\enecirhidma.sys (ENE TECHNOLOGY INC.)
DRV - (AmdLLD) -- C:\Windows\System32\drivers\AmdLLD.sys (AMD, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-17185805-2931279960-2750159110-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.hotspotshield.com/g/?c=h
IE - HKU\S-1-5-21-17185805-2931279960-2750159110-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-17185805-2931279960-2750159110-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 18 AF 58 21 66 41 CB 01  [binary data]
IE - HKU\S-1-5-21-17185805-2931279960-2750159110-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-17185805-2931279960-2750159110-1000\..\SearchScopes,DefaultScope = {BFB62D3D-B24A-4403-A3BC-7F075DD7A79B}
IE - HKU\S-1-5-21-17185805-2931279960-2750159110-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-17185805-2931279960-2750159110-1000\..\SearchScopes\{3FB8C5C1-D76B-4E1D-9602-4636BEE0069A}: "URL" = hxxp://search.microsoft.com/results.aspx?mkt=en-US&setlang=en-US&q={searchTerms}
IE - HKU\S-1-5-21-17185805-2931279960-2750159110-1000\..\SearchScopes\{5E87B477-2069-478D-8A97-60039D605D61}: "URL" = hxxp://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
IE - HKU\S-1-5-21-17185805-2931279960-2750159110-1000\..\SearchScopes\{AD02027D-CEB1-4E22-9439-D6781B5FFFFA}: "URL" = hxxp://www.amazon.com/gp/search?ie=UTF8&tag=ie8search-20&index=blended&linkCode=qs&camp=1789&creative=9325&keywords={searchTerms}
IE - HKU\S-1-5-21-17185805-2931279960-2750159110-1000\..\SearchScopes\{BFB62D3D-B24A-4403-A3BC-7F075DD7A79B}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-17185805-2931279960-2750159110-1000\..\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}: "URL" = hxxp://search.hotspotshield.com/g/results.php?c=s&q={searchTerms}
IE - HKU\S-1-5-21-17185805-2931279960-2750159110-1000\..\SearchScopes\{F2412434-27C6-4541-AC06-42EC6AEFD8C4}: "URL" = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-17185805-2931279960-2750159110-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-17185805-2931279960-2750159110-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}:5.0.13
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/07 23:57:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/28 04:07:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/09/15 17:16:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/09/07 14:36:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/07 23:57:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/28 04:07:17 | 000,000,000 | ---D | M]
 
[2010/08/22 05:25:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xx\AppData\Roaming\Mozilla\Extensions
[2010/08/22 05:25:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xx\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/02/05 00:52:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\iivaumjc.Default User_22.8.10\extensions
[2010/08/22 18:14:25 | 000,000,000 | ---D | M] (Foxit Toolbar) -- C:\Users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\iivaumjc.Default User_22.8.10\extensions\toolbar@ask.com
[2011/04/29 07:45:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\v8noktwa.S3c, chipkarte\extensions
[2011/04/29 07:45:39 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\v8noktwa.S3c, chipkarte\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012/09/06 14:31:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\wd3myjq5.default\extensions
[2012/03/31 17:56:06 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\wd3myjq5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/09/06 14:31:37 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\wd3myjq5.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2012/05/11 23:30:40 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\wd3myjq5.default\extensions\battlefieldplay4free@ea.com
[2012/06/05 16:30:36 | 000,000,000 | ---D | M] (Fast Dial) -- C:\Users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\wd3myjq5.default\extensions\fastdial@telega.phpnet.us
[2010/08/22 04:06:25 | 000,000,000 | ---D | M] (FoxStocks) -- C:\Users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\wd3myjq5.default\extensions\foxstocks@ilan.cohen
[2012/05/18 14:16:10 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\wd3myjq5.default\extensions\ich@maltegoetz.de
[2012/07/31 10:17:20 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\wd3myjq5.default\extensions\DivXWebPlayer@divx.com.xpi
[2012/06/27 23:47:38 | 000,827,050 | ---- | M] () (No name found) -- C:\Users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\wd3myjq5.default\extensions\ffe_ff3aeroff4@game-point.net.xpi
[2012/06/27 23:47:39 | 000,811,915 | ---- | M] () (No name found) -- C:\Users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\wd3myjq5.default\extensions\ffe_ff3ff4@game-point.net.xpi
[2012/04/03 16:58:16 | 000,140,964 | ---- | M] () (No name found) -- C:\Users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\wd3myjq5.default\extensions\firegestures@xuldev.org.xpi
[2012/06/15 13:20:29 | 000,007,834 | ---- | M] () (No name found) -- C:\Users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\wd3myjq5.default\extensions\last-tab-close-button@victor.sacharin.xpi
[2011/09/09 15:03:36 | 000,514,913 | ---- | M] () (No name found) -- C:\Users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\wd3myjq5.default\extensions\menuiconsplus@codedawn.com.xpi
[2011/12/10 12:57:01 | 000,005,909 | ---- | M] () (No name found) -- C:\Users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\wd3myjq5.default\extensions\openbookmarkintab@piro.sakura.ne.jp.xpi
[2012/07/10 01:18:16 | 000,163,080 | ---- | M] () (No name found) -- C:\Users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\wd3myjq5.default\extensions\status4evar@caligonstudios.com.xpi
[2012/09/06 14:31:27 | 000,031,748 | ---- | M] () (No name found) -- C:\Users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\wd3myjq5.default\extensions\webmaster@keep-tube.com.xpi
[2011/08/26 14:21:57 | 000,011,510 | ---- | M] () (No name found) -- C:\Users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\wd3myjq5.default\extensions\youtube2mp3@mondayx.de.xpi
[2011/06/19 02:59:33 | 000,022,819 | ---- | M] () (No name found) -- C:\Users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\wd3myjq5.default\extensions\{21e48e29-f574-4619-b65d-0f00eea92e5b}.xpi
[2011/06/19 02:28:12 | 000,009,833 | ---- | M] () (No name found) -- C:\Users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\wd3myjq5.default\extensions\{42975993-6fa0-46f5-a45f-706915f18ebf}.xpi
[2012/08/30 18:29:47 | 000,199,396 | ---- | M] () (No name found) -- C:\Users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\wd3myjq5.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2012/07/25 18:20:32 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\wd3myjq5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/01/30 17:30:45 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\wd3myjq5.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2011/11/03 14:26:32 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\wd3myjq5.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2012/03/29 00:48:04 | 000,685,019 | ---- | M] () (No name found) -- C:\Users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\wd3myjq5.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
[2012/08/15 16:47:18 | 000,045,226 | ---- | M] () (No name found) -- C:\Users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\wd3myjq5.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}.xpi
[2011/06/24 21:02:53 | 000,742,707 | ---- | M] () (No name found) -- C:\Users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\wd3myjq5.default\extensions\{f36c6cd1-da73-491d-b290-8fc9115bfa55}.xpi
[2012/02/22 02:02:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/05/28 20:21:59 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/11/02 23:07:40 | 000,000,000 | ---D | M] ("Citavi Picker") -- C:\Program Files\Mozilla Firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}
[2012/02/22 02:02:08 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
[2011/02/11 22:58:23 | 000,000,000 | ---D | M] (Babylon) -- C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@babylon.com
[2010/08/22 01:57:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\Back-up profiles\wd3myjq5.default\extensions
[2010/08/22 01:57:37 | 000,000,000 | ---D | M] (All-in-One Gestures) -- C:\Program Files\Mozilla Firefox\Back-up profiles\wd3myjq5.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
[2010/08/22 01:57:37 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Program Files\Mozilla Firefox\Back-up profiles\wd3myjq5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/08/22 01:57:37 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Program Files\Mozilla Firefox\Back-up profiles\wd3myjq5.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2010/08/22 01:57:37 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Program Files\Mozilla Firefox\Back-up profiles\wd3myjq5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/08/22 01:57:37 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Program Files\Mozilla Firefox\Back-up profiles\wd3myjq5.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/08/22 01:57:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\Back-up profiles\wd3myjq5.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/08/22 01:57:37 | 000,000,000 | ---D | M] (FoxTab) -- C:\Program Files\Mozilla Firefox\Back-up profiles\wd3myjq5.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010/08/22 01:57:36 | 000,000,000 | ---D | M] (Fast Dial) -- C:\Program Files\Mozilla Firefox\Back-up profiles\wd3myjq5.default\extensions\fastdial@telega.phpnet.us
[2010/08/22 01:57:36 | 000,000,000 | ---D | M] (Last tab close button) -- C:\Program Files\Mozilla Firefox\Back-up profiles\wd3myjq5.default\extensions\last-tab-close-button@victor.sacharin
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}
[2012/09/07 23:57:36 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/28 17:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012/09/07 23:57:33 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/29 01:57:34 | 000,001,847 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\privatesearch.xml
[2012/09/07 23:57:33 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
O1 HOSTS File: ([2012/09/13 17:02:50 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [KeNotify] C:\Program Files\Toshiba\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ThpSrv] C:\Windows\System32\thpsrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-21-17185805-2931279960-2750159110-1000..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - Startup: C:\Users\xx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\xx\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-17185805-2931279960-2750159110-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-17185805-2931279960-2750159110-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Citavi Picker... - C:\Program Files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html ()
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{178892E8-C5C1-4E26-86F3-43F45F1C0D19}: DhcpNameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D321DC8-BA04-4FFF-9DE7-B8E0F39616D5}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/09/13 17:04:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/09/13 17:03:16 | 000,000,000 | ---D | C] -- C:\microsoft
[2012/09/13 16:09:10 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\xx\Desktop\OTL.exe
[2012/09/13 16:07:31 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\xx\Desktop\aswMBR.exe
[2012/09/13 15:45:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/09/13 15:45:19 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/09/13 15:45:08 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012/09/13 15:10:59 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/09/12 09:27:50 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2012/09/12 09:27:49 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2012/09/12 09:27:49 | 000,187,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2012/09/12 09:27:48 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2012/09/11 15:07:41 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/09/11 15:07:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/09/11 15:07:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/09/11 15:07:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/11 15:07:11 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/09/11 14:46:03 | 004,750,981 | R--- | C] (Swearware) -- C:\Users\xx\Desktop\ComboFix.exe
[2012/09/08 15:39:26 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/09/08 14:23:30 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\xx\Desktop\tdsskiller.exe
[2012/09/07 14:34:56 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/09/07 14:21:03 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012/09/07 02:51:31 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/09/07 02:51:31 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/09/07 02:51:31 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/09/07 02:51:30 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/09/07 02:51:30 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/09/07 02:51:30 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/09/07 02:51:30 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/09/07 02:51:30 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/09/07 02:51:30 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/09/07 02:51:30 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/09/07 02:51:30 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/09/07 02:51:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/09/07 02:51:30 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/09/07 02:51:30 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/09/07 02:51:30 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/09/07 02:51:30 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/09/07 02:51:30 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/09/07 02:51:30 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/09/07 02:51:30 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/09/07 02:51:30 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/09/07 02:51:30 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/09/07 02:51:30 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/09/07 02:51:30 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/09/07 02:51:29 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/09/07 02:51:29 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/09/07 02:51:29 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/09/07 02:51:29 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/09/07 02:51:29 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/09/07 02:51:28 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/09/07 02:51:28 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/09/07 02:51:28 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/09/07 02:51:28 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/09/07 02:51:28 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/09/07 02:51:28 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/09/07 02:51:28 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/09/07 02:51:28 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/09/07 02:51:28 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/09/07 01:00:56 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2012/09/07 01:00:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2012/09/07 01:00:53 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2012/09/07 00:28:16 | 000,000,000 | ---D | C] -- C:\Users\xx\AppData\Roaming\Malwarebytes
[2012/09/07 00:28:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/07 00:28:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/07 00:28:07 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/09/07 00:28:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/09/06 22:07:00 | 000,000,000 | ---D | C] -- C:\bd_logs
[2012/09/06 14:15:04 | 000,000,000 | ---D | C] -- C:\ProgramData\xtffwgbyekmqwbw
[2012/08/16 07:27:42 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/08/16 07:27:40 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2012/08/16 07:27:19 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/09/14 12:24:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/14 12:11:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/13 20:53:08 | 000,016,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/13 20:53:08 | 000,016,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/13 20:50:07 | 000,633,180 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/09/13 20:50:07 | 000,110,782 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/09/13 20:45:56 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/13 20:45:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/13 20:45:38 | 2388,283,392 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/13 18:15:24 | 000,000,512 | ---- | M] () -- C:\Users\xx\Desktop\MBR.dat
[2012/09/13 17:26:16 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/09/13 17:02:50 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/09/13 16:11:04 | 004,750,981 | R--- | M] (Swearware) -- C:\Users\xx\Desktop\ComboFix.exe
[2012/09/13 16:09:12 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\xx\Desktop\OTL.exe
[2012/09/13 16:07:53 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\xx\Desktop\aswMBR.exe
[2012/09/13 15:45:03 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/09/13 15:45:03 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/09/13 15:45:03 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/09/13 15:45:03 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012/09/13 15:45:02 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/09/13 15:45:02 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012/09/13 13:51:41 | 000,002,924 | ---- | M] () -- C:\Users\xx\AppData\Roaming\benibelawordCount.usage
[2012/09/11 18:00:54 | 000,002,061 | ---- | M] () -- C:\Users\xx\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012/09/08 14:23:53 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\xx\Desktop\tdsskiller.exe
[2012/09/07 23:58:07 | 000,001,995 | ---- | M] () -- C:\Users\xx\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/09/07 13:40:15 | 000,001,416 | ---- | M] () -- C:\Users\xx\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/09/07 02:51:31 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/09/07 02:51:31 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/09/07 02:51:31 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/09/07 02:51:30 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/09/07 02:51:30 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/09/07 02:51:30 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/09/07 02:51:30 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/09/07 02:51:30 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/09/07 02:51:30 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/09/07 02:51:30 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/09/07 02:51:30 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/09/07 02:51:30 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/09/07 02:51:30 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/09/07 02:51:30 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/09/07 02:51:30 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/09/07 02:51:30 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/09/07 02:51:30 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/09/07 02:51:30 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/09/07 02:51:30 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/09/07 02:51:30 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012/09/07 02:51:30 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/09/07 02:51:30 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/09/07 02:51:30 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/09/07 02:51:30 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/09/07 02:51:29 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/09/07 02:51:29 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/09/07 02:51:29 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/09/07 02:51:29 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/09/07 02:51:29 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/09/07 02:51:28 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/09/07 02:51:28 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/09/07 02:51:28 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/09/07 02:51:28 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/09/07 02:51:28 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/09/07 02:51:28 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/09/07 02:51:28 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/09/07 02:51:28 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/09/07 02:51:28 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/09/07 02:04:08 | 000,000,000 | ---- | M] () -- C:\ProgramData\E23VeBLen.dat
[2012/09/07 02:03:53 | 000,000,001 | ---- | M] () -- C:\ProgramData\NkH7rLHY.exe_.b
[2012/09/07 02:03:53 | 000,000,001 | ---- | M] () -- C:\ProgramData\NkH7rLHY.exe.b
[2012/08/22 19:16:46 | 000,240,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2012/08/22 19:16:36 | 000,187,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2012/08/17 10:31:00 | 000,410,472 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/08/15 18:24:43 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/08/15 18:24:43 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/09/13 18:15:24 | 000,000,512 | ---- | C] () -- C:\Users\xx\Desktop\MBR.dat
[2012/09/11 15:07:41 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/11 15:07:41 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/11 15:07:41 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/11 15:07:41 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/11 15:07:41 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/09/07 02:51:30 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012/09/07 02:04:08 | 000,000,000 | ---- | C] () -- C:\ProgramData\E23VeBLen.dat
[2012/09/07 02:03:53 | 000,000,001 | ---- | C] () -- C:\ProgramData\NkH7rLHY.exe_.b
[2012/09/07 02:03:53 | 000,000,001 | ---- | C] () -- C:\ProgramData\NkH7rLHY.exe.b
[2012/09/07 00:28:08 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/08/01 17:47:46 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
[2012/05/22 06:05:51 | 000,000,030 | ---- | C] () -- C:\Windows\System32\brss01a.ini
[2012/05/22 06:05:50 | 000,000,462 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012/05/22 06:05:50 | 000,000,026 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012/05/22 06:04:45 | 000,000,145 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2012/05/22 06:04:45 | 000,000,023 | ---- | C] () -- C:\Windows\Brownie.ini
[2012/05/22 06:04:45 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2012/05/22 06:04:44 | 000,011,567 | ---- | C] () -- C:\Windows\HL-1230.INI
[2012/05/22 06:04:44 | 000,000,114 | ---- | C] () -- C:\Windows\System32\brlmw03a.ini
[2012/02/20 13:46:34 | 000,327,306 | ---- | C] () -- C:\Users\xx\Clipboard01222.jpg
[2012/02/10 12:13:19 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012/01/31 01:15:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/01/31 01:15:42 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012/01/31 01:15:42 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012/01/31 01:15:42 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012/01/31 01:15:42 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/09/23 15:33:00 | 000,002,924 | ---- | C] () -- C:\Users\xx\AppData\Roaming\benibelawordCount.usage
[2011/08/26 15:36:45 | 000,094,577 | ---- | C] () -- C:\Users\xx\Clipboard01.jpg
[2011/05/10 07:57:53 | 000,000,000 | ---- | C] () -- C:\Users\xx\AppData\Local\{18C331F9-0108-418F-90FD-1801DA41CE86}
[2011/04/29 07:22:10 | 000,626,688 | ---- | C] () -- C:\Windows\System32\opensc.dll
[2011/04/29 07:22:10 | 000,147,456 | ---- | C] () -- C:\Windows\System32\pkcs15init.dll
[2011/04/29 07:22:10 | 000,098,304 | ---- | C] () -- C:\Windows\System32\opensc-pkcs11.dll
[2011/04/29 07:22:10 | 000,061,440 | ---- | C] () -- C:\Windows\System32\pkcs11-spy.dll
[2011/04/29 07:22:10 | 000,059,904 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2011/04/29 07:22:10 | 000,023,552 | ---- | C] () -- C:\Windows\System32\libp11.dll
[2011/04/16 19:47:48 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/04/13 04:55:31 | 000,001,182 | ---- | C] () -- C:\Users\xx\AppData\Roaming\evmanage.prf
[2011/02/06 04:53:35 | 000,000,096 | ---- | C] () -- C:\Users\xx\AppData\Local\fusioncache.dat
[2011/02/06 02:48:36 | 000,022,328 | ---- | C] () -- C:\Users\xx\AppData\Roaming\PnkBstrK.sys
[2011/02/04 01:31:27 | 000,000,324 | ---- | C] () -- C:\Windows\game.ini
[2011/01/24 04:36:27 | 000,005,632 | ---- | C] () -- C:\Users\xx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/24 01:10:25 | 000,000,094 | ---- | C] () -- C:\Users\xx\AppData\Roaming\TexPoint.ini
[2010/11/24 01:10:25 | 000,000,033 | ---- | C] () -- C:\Users\xx\AppData\Roaming\TexPoint.lic
[2010/08/29 00:15:45 | 000,003,712 | ---- | C] () -- C:\Users\xx\AppData\Roaming\evpro32.prf
[2010/08/22 18:19:38 | 000,011,264 | ---- | C] () -- C:\Users\xx\gsview32.ini
[2010/08/21 21:37:51 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== LOP Check ==========
 
[2010/11/02 23:09:05 | 000,000,000 | ---D | M] -- C:\Users\xx\AppData\Roaming\Academic Software Zurich
[2011/09/20 22:43:06 | 000,000,000 | ---D | M] -- C:\Users\xx\AppData\Roaming\Activision
[2011/09/16 01:27:00 | 000,000,000 | ---D | M] -- C:\Users\xx\AppData\Roaming\benibela
[2012/08/05 19:23:56 | 000,000,000 | ---D | M] -- C:\Users\xx\AppData\Roaming\Broken Sword 2.5
[2012/09/14 12:18:33 | 000,000,000 | ---D | M] -- C:\Users\xx\AppData\Roaming\Dropbox
[2011/09/14 14:57:52 | 000,000,000 | ---D | M] -- C:\Users\xx\AppData\Roaming\Foxit Software
[2012/09/07 13:36:13 | 000,000,000 | ---D | M] -- C:\Users\xx\AppData\Roaming\Free Download Manager
[2010/09/05 23:39:28 | 000,000,000 | ---D | M] -- C:\Users\xx\AppData\Roaming\FreeAudioPack
[2010/12/05 06:36:05 | 000,000,000 | ---D | M] -- C:\Users\xx\AppData\Roaming\GetRightToGo
[2011/06/20 01:39:09 | 000,000,000 | ---D | M] -- C:\Users\xx\AppData\Roaming\go
[2010/08/28 19:55:26 | 000,000,000 | ---D | M] -- C:\Users\xx\AppData\Roaming\ICQ
[2010/09/30 02:00:52 | 000,000,000 | ---D | M] -- C:\Users\xx\AppData\Roaming\IrfanView
[2011/12/23 11:41:15 | 000,000,000 | ---D | M] -- C:\Users\xx\AppData\Roaming\l2rshell
[2012/04/29 20:35:18 | 000,000,000 | ---D | M] -- C:\Users\xx\AppData\Roaming\OpenCandy
[2012/04/14 14:15:10 | 000,000,000 | ---D | M] -- C:\Users\xx\AppData\Roaming\Opera
[2012/08/20 10:21:50 | 000,000,000 | ---D | M] -- C:\Users\xx\AppData\Roaming\Origin
[2012/04/02 15:38:30 | 000,000,000 | ---D | M] -- C:\Users\xx\AppData\Roaming\Samsung
[2010/09/30 23:13:56 | 000,000,000 | ---D | M] -- C:\Users\xx\AppData\Roaming\Stata10
[2011/09/22 14:23:37 | 000,000,000 | ---D | M] -- C:\Users\xx\AppData\Roaming\SumatraPDF
[2012/04/29 22:25:03 | 000,000,000 | ---D | M] -- C:\Users\xx\AppData\Roaming\SynthMaker
[2012/07/12 15:12:18 | 000,000,000 | ---D | M] -- C:\Users\xx\AppData\Roaming\SystemRequirementsLab
[2012/06/27 23:41:52 | 000,000,000 | ---D | M] -- C:\Users\xx\AppData\Roaming\Temp
[2010/08/22 05:25:55 | 000,000,000 | ---D | M] -- C:\Users\xx\AppData\Roaming\Thunderbird
[2010/08/22 05:39:45 | 000,000,000 | ---D | M] -- C:\Users\xx\AppData\Roaming\toshiba
[2010/08/22 05:36:40 | 000,000,000 | ---D | M] -- C:\Users\xx\AppData\Roaming\WinBatch
[2010/08/22 19:25:21 | 000,000,000 | ---D | M] -- C:\Users\xx\AppData\Roaming\xm1
[2012/07/19 06:50:13 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

Alt 14.09.2012, 12:56   #20
schrauber
/// the machine
/// TB-Ausbilder
 
Antivir-Fund: BOO/Whistler.DB - Objekt:Masterbootsektor HD1 sowie Masterbootsektor der ext. HD (F:) - Standard

Antivir-Fund: BOO/Whistler.DB - Objekt:Masterbootsektor HD1 sowie Masterbootsektor der ext. HD (F:)


Schau mal ob Du noch die Extras.txt von OTL findest.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 14.09.2012, 13:06   #21
mifi
 
Antivir-Fund: BOO/Whistler.DB - Objekt:Masterbootsektor HD1 sowie Masterbootsektor der ext. HD (F:) - Standard

Antivir-Fund: BOO/Whistler.DB - Objekt:Masterbootsektor HD1 sowie Masterbootsektor der ext. HD (F:)


Hi, ja hier ist sie:

Code:
ATTFilter
OTL Extras logfile created on: 9/14/2012 12:20:39 PM - Run 1
OTL by OldTimer - Version 3.2.61.3     Folder = C:\Users\xx\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.97 Gb Total Physical Memory | 1.68 Gb Available Physical Memory | 56.81% Memory free
5.93 Gb Paging File | 4.34 Gb Available in Paging File | 73.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 60.73 Gb Free Space | 26.08% Space Free | Partition Type: NTFS
Drive D: | 231.42 Gb Total Space | 216.86 Gb Free Space | 93.71% Space Free | Partition Type: NTFS
Drive F: | 465.65 Gb Total Space | 304.97 Gb Free Space | 65.49% Space Free | Partition Type: FAT32
 
Computer Name: xx-PC | User Name: xx| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
[HKEY_USERS\S-1-5-21-17185805-2931279960-2750159110-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C135E97-0B2B-48BB-89E9-710468E59C72}" = rport=139 | protocol=6 | dir=out | app=system | 
"{22F0D69C-5C52-4A7D-BC75-0D0FE8086D81}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{276A503D-723C-4993-8413-0BD7C103725A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3008E2E0-E463-41EC-A0E9-13C2EBBA7A07}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{5C143F7A-6F72-4EAA-A967-984A28A085A4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{600966A6-3465-4D2B-962D-E58D63184C07}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6A5F5DDB-C608-4104-8240-C6149E4D86DC}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{6C27188D-1FC9-469F-9F4D-F1CFC99CF383}" = lport=137 | protocol=17 | dir=in | app=system | 
"{6CBD520F-A397-48C0-BDF8-15E3812EF89C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7B27ABE3-B984-41A4-8851-04387EECDB5C}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{7FEA84DB-F82B-48D1-8430-3C53782BAA66}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{89D21110-AD7D-47C1-AAA2-35FE4317D4EB}" = rport=137 | protocol=17 | dir=out | app=system | 
"{A670A2C6-696F-4743-BD9C-1B4EE91EF79E}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B465AB8F-F4D5-4BF3-8D39-CDCF3C9E9187}" = rport=138 | protocol=17 | dir=out | app=system | 
"{BAEFD342-AC01-4C93-87BC-A3ED7CE5C424}" = rport=445 | protocol=6 | dir=out | app=system | 
"{BCAF709C-7CC8-4C1E-9B5C-2E94596A7DF8}" = lport=445 | protocol=6 | dir=in | app=system | 
"{BE2E07B0-467E-4901-AE89-4D0D7CF0FD3A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C0AA573E-8F05-4962-B035-239004EB3F5B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{CDEB92B4-536B-47AD-932A-B9921F158EA5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{DA0E69F7-D330-4E09-B3F6-8B248F0126EF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DF70C204-71EC-4E2B-9B28-C648A635DBF2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F80C09AC-0740-4596-ADCE-3C9A43839BA9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03B25C47-8D9D-4668-B2CA-0BA693E54D39}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\crysis wars\bin32\crysis.exe | 
"{051A66A5-4B19-4227-BB8A-444FECA0EB06}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{0998AA81-BBA3-4690-93A1-992BD68618BE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0E3C71FC-39DA-444B-A275-056EA6C56839}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0EA38457-632E-4528-B2DE-E415A13F537F}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe | 
"{0FEC4381-6A58-4F09-9DF0-9A8F76AFF7F4}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{12EDB156-D01F-4AD7-A429-5172323174F4}" = protocol=6 | dir=in | app=c:\program files\mass effect 2\binaries\masseffect2.exe | 
"{146D084C-53CD-40F3-9F43-488A20E57E85}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\mafia ii - public demo\launcher.exe | 
"{16C841E2-AF31-427E-A9EE-A5DC2750C758}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis 2 demo\bin32\crysis2launcher.exe | 
"{16D77813-7CA8-453D-BF58-9096CAFF3AF1}" = protocol=17 | dir=in | app=c:\program files\origin games\fifa 12\game\fifa.exe | 
"{18A8791B-736E-42D9-B753-4DD01F589134}" = protocol=6 | dir=in | app=c:\program files\electronic arts\burnout(tm) paradise the ultimate box\burnoutlauncher.exe | 
"{1CFDACCF-37F5-48D8-A1D5-22005EA3EED3}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{1EC3B760-E625-420A-BE91-481E886336A1}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{1EFFEEA1-C9B3-4D5F-92E4-AADC0D98CC76}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{1F37AEF7-A701-473B-BDAF-67609DC7A375}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{2254F542-7666-4E60-A7DB-859A3DB8DFCA}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{231D000D-63D3-4E11-A9B3-6AFE5532C353}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{2362039E-CDDA-44FF-A382-047F0252E66A}" = protocol=6 | dir=out | app=system | 
"{2A1E7F14-BC62-4579-AF05-B59F982324D1}" = protocol=17 | dir=in | app=c:\program files\electronic arts\burnout(tm) paradise the ultimate box\burnoutparadise.exe | 
"{2CBE5108-BE4A-4105-B378-B4F38CB3DCAA}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\crysis warhead\bin32\crysis.exe | 
"{2E85E9A4-09CD-4C27-920F-666B6153C207}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{372D3963-CB9F-4B49-86E8-EB5A885E38A1}" = protocol=6 | dir=in | app=c:\program files\electronic arts\burnout(tm) paradise the ultimate box\burnoutconfigtool.exe | 
"{3885A38C-6379-47D9-91C8-2726C54845ED}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\crysis warhead\bin32\crysis.exe | 
"{3A77F114-F154-47F0-9C35-F57B403F1AAC}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{3F69E235-491A-43E0-A879-F3DB77AABF36}" = protocol=17 | dir=in | app=c:\program files\mass effect 2\masseffect2launcher.exe | 
"{410987C0-8506-4D25-99B3-228D35D9AFB7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{45C675E8-0589-42F0-92CA-0A54A5AACCBD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{5306BFE3-1B99-4BF4-96D5-F89798855FDA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5493E464-F15D-4B91-AAC3-B3B20D802342}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5A77DB1D-1471-4CE6-BE61-8E41747AA542}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{5B012E9B-1554-4F23-B81A-1F9BA3726DE1}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{5C1B1ABC-67F0-4437-B984-B988315AC379}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{60C7343E-711A-4585-8109-3EE9D62D6351}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{622BD44E-698B-4BB5-A2D8-3D9136C2EDF9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{64924745-23AD-4016-AE56-DBCC6C46ED44}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe | 
"{64E2A7A8-6C1F-4BF0-82AB-2623AD4B4662}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{66DB0CB7-B3D3-46E8-BD06-401720695B8C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{6A76F39F-3101-40CE-8B2C-D0B78E77509B}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe | 
"{6C1200E6-68C6-45A1-97FB-13348AC20F36}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis 2 demo\bin32\crysis2launcher.exe | 
"{6CFA9D66-E9E6-4B62-BE53-5212EBF8F920}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{77D454B6-78EC-4615-BB3D-8342608560FE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{79E6158C-7DC7-4DF0-962C-1EEBB853367C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{7DF8C8CE-C722-4C4F-8332-3F96819E300E}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe | 
"{83E3AA2B-08AD-43FB-ABE6-DA8F49628714}" = protocol=17 | dir=in | app=c:\program files\mass effect 2\binaries\masseffect2.exe | 
"{8E17C6DC-0FC3-44D3-A113-BFC30A2584EE}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{96635178-8EFF-4BE3-B8F0-C963E03BC294}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{97BE5431-2059-4133-970C-2F55FA0C36AB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{9E167B1A-CD79-4455-A4D2-B9E363B72923}" = protocol=17 | dir=in | app=c:\program files\electronic arts\burnout(tm) paradise the ultimate box\burnoutlauncher.exe | 
"{9FF47893-9CCC-45D2-A466-AB815E81DCE3}" = protocol=6 | dir=in | app=c:\program files\origin games\fifa 12\game\fifa.exe | 
"{A101D372-0599-4F1F-901F-D0BE0B6D3518}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe | 
"{A1284C3C-FA9E-4683-9361-37C9C89202DF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A1711A56-D354-480E-A67B-B350AC9E0552}" = protocol=17 | dir=in | app=c:\program files\electronic arts\burnout(tm) paradise the ultimate box\burnoutconfigtool.exe | 
"{A46E929A-07CD-40A3-9005-C18834B97988}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{AD3813E5-317B-446F-8F87-5A71EC78A822}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{ADE664A3-403B-4C2A-AE1E-0848C5BA77C9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AF04B9C1-C4FB-4718-8800-7BA635C1DBFD}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{AF225AE9-00DB-4920-8362-2AEF19E88A50}" = protocol=6 | dir=in | app=c:\program files\electronic arts\burnout(tm) paradise the ultimate box\burnoutparadise.exe | 
"{B43165BF-016A-4371-A879-55AABF848246}" = protocol=6 | dir=in | app=c:\program files\mass effect 2\masseffect2launcher.exe | 
"{B7FD1613-35C8-4179-BAA6-F543930091FB}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{BCD7FBB6-1A65-411B-B5D8-A4796B9C05DD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BD334C8F-52DF-4D5F-8619-D9643EDCA249}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C65D1346-D85A-480C-AB3A-253DF8C5759A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C67D2C79-C3AA-4C9A-A0AE-DFD004450D43}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{C825653C-C79B-4827-B776-6D4AD41C3920}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{CB2D1F8F-1073-4790-9F9C-960206A4097C}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{CBA3D59F-337E-4A3D-8C96-FBB76919040A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{CECD15B4-D765-4A1D-B616-E5DDD988C3B2}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe | 
"{CF10BDE9-B92B-4FCF-A124-6E3F64733788}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{D4A6D93F-2B20-40EF-BC22-4A5BA9BF2030}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{DCCAA9A8-D5E6-4E9A-A720-D0CD7B11FDE3}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{DE13A1C1-4ED6-4059-81C2-09F42B264D02}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\mafia ii - public demo\launcher.exe | 
"{E2999DDC-C2E4-4E08-B2BC-40F3B15FFC73}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{E7062C5B-9CEB-4A50-9FDF-FFF4168CE644}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\crysis wars\bin32\crysis.exe | 
"{F0967A83-4C51-4FCD-A3D5-21D27A9A946C}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{F0C85833-B813-45F8-8D67-F013651CD93A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{F1D839BB-D53C-4653-8935-75BD98328307}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FAEA6B91-9EF3-4C0D-A073-C66362BDFE83}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{FBFDEF94-D892-4FCF-93FE-5446CE351F61}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe | 
"{FD592EEC-E129-43A0-A5B5-6F9370C313FC}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe | 
"TCP Query User{05F668C5-758D-4E9A-90EC-5AD266386370}C:\program files\electronic arts\crytek\crysis 2 demo\bin32\crysis2demo.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis 2 demo\bin32\crysis2demo.exe | 
"TCP Query User{100CCD2E-FE55-4C83-A9B8-4625DD1ED3F1}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{17678645-A562-46BE-ABCB-F3DE9C7BE3BE}C:\program files\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis 2\bin32\crysis2.exe | 
"TCP Query User{26AE0731-87E7-4331-88C9-6D6C024290D8}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{28315D03-52B4-4124-9CE8-7D2256EB07A5}C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"TCP Query User{30B4D25D-ED0C-477A-8D06-F4F564A8B0BD}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{33B8DE4E-EC25-424E-8EC4-8E261ADDF1AF}C:\program files\ea games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield play4free\bfp4f.exe | 
"TCP Query User{400D538C-2BF3-49C9-8C1C-7BEAA7D9E934}C:\users\xx\appdata\local\temp\7zipsfx.001\cf_downloader.exe" = protocol=6 | dir=in | app=c:\users\xx\appdata\local\temp\7zipsfx.001\cf_downloader.exe | 
"TCP Query User{4E5846EB-315A-4CB8-BB34-CF2F673700DD}C:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe | 
"TCP Query User{5B1895E0-5CCC-482A-A544-8ABF48AAF744}C:\program files\steam\steamapps\common\dirt 2\dirt2_game.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dirt 2\dirt2_game.exe | 
"TCP Query User{727BD3EB-4AC0-4269-A7B8-14DED140CFD1}C:\users\xx\appdata\local\temp\7zipsfx.000\cf_downloader.exe" = protocol=6 | dir=in | app=c:\users\xx\appdata\local\temp\7zipsfx.000\cf_downloader.exe | 
"TCP Query User{818E4089-73FD-417F-8955-AE47868ECE8C}C:\users\xx\downloads\sardu_2.0.5\sardu.exe" = protocol=6 | dir=in | app=c:\users\xx\downloads\sardu_2.0.5\sardu.exe | 
"TCP Query User{8B4DFDBA-85BC-47A2-A581-ECA255124853}C:\program files\sierra\fearcombat\fearserver.exe" = protocol=6 | dir=in | app=c:\program files\sierra\fearcombat\fearserver.exe | 
"TCP Query User{9AFC7D9B-546D-4069-B4B7-05411AA1693D}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{C1320AC2-F493-4111-B2AE-E6729FED252E}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{C1723DA9-A0E1-44EB-9713-085CE17F5CA7}C:\program files\steam\steamapps\common\portal 2\portal2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe | 
"TCP Query User{C99F0DA6-FB8F-4CE0-A218-64C68B16F7CA}C:\program files\mass effect 2\binaries\eacoreserver.exe" = protocol=6 | dir=in | app=c:\program files\mass effect 2\binaries\eacoreserver.exe | 
"TCP Query User{CB183DBB-A1FB-4506-9577-46379BFDA568}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{E02EDE26-6080-4B19-B129-70BA53F264F8}C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"TCP Query User{F9E8E645-138A-4B22-BAC2-943D5FA9A897}C:\program files\rockstar games\gta2\gta2.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\gta2\gta2.exe | 
"UDP Query User{025F4F6E-196D-4064-A704-DC5D90003009}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{12064DF2-A8AD-40A4-A07C-AC909880ACD9}C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"UDP Query User{16C038C7-0C1B-4D07-94A5-4675A64B27C8}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{2A5D4F20-3F4E-4F54-9CA0-5AA6F58DFDC1}C:\program files\steam\steamapps\common\dirt 2\dirt2_game.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dirt 2\dirt2_game.exe | 
"UDP Query User{2A8B72FB-2B96-4269-BBEB-17586C88DE62}C:\users\xx\downloads\sardu_2.0.5\sardu.exe" = protocol=17 | dir=in | app=c:\users\xx\downloads\sardu_2.0.5\sardu.exe | 
"UDP Query User{33BD268F-AAF9-4A08-911D-07AAF4D1A944}C:\program files\mass effect 2\binaries\eacoreserver.exe" = protocol=17 | dir=in | app=c:\program files\mass effect 2\binaries\eacoreserver.exe | 
"UDP Query User{38A12405-C3B9-4838-BD68-FF4715B9B335}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{465AAF11-7718-49A9-BB0E-4D8B0360EAEE}C:\program files\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis 2\bin32\crysis2.exe | 
"UDP Query User{56A65037-DDE6-4E47-AF2C-8EE0D9A40A45}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{6810D44A-AE78-4BAD-9771-0C115EE3E919}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{79431374-6E72-4BE3-BE5A-B0054499674B}C:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe | 
"UDP Query User{7A7CEC38-0EA7-4143-918B-DE7845C9FCE9}C:\program files\ea games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield play4free\bfp4f.exe | 
"UDP Query User{8504C6FE-8879-4198-9042-1E8C2D2E9A43}C:\program files\sierra\fearcombat\fearserver.exe" = protocol=17 | dir=in | app=c:\program files\sierra\fearcombat\fearserver.exe | 
"UDP Query User{992B8BA0-8309-470D-9471-9CAAB3BD3365}C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"UDP Query User{B7DF78D9-DF9D-4690-8A4A-66C950F8E292}C:\program files\electronic arts\crytek\crysis 2 demo\bin32\crysis2demo.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis 2 demo\bin32\crysis2demo.exe | 
"UDP Query User{CF98DCA8-108F-4B60-A77C-25BE9CD4F48B}C:\program files\rockstar games\gta2\gta2.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\gta2\gta2.exe | 
"UDP Query User{D2D2BA39-B9F9-45B7-B2F9-917715DDC4F4}C:\program files\steam\steamapps\common\portal 2\portal2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe | 
"UDP Query User{D3DA6591-D0B8-4AAC-AAA8-A12513EEDDDD}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{E2261555-B0E0-42D5-9FFC-CF33441D05DC}C:\users\xx\appdata\local\temp\7zipsfx.000\cf_downloader.exe" = protocol=17 | dir=in | app=c:\users\xx\appdata\local\temp\7zipsfx.000\cf_downloader.exe | 
"UDP Query User{E254DDD3-72BD-460E-9210-36DB083A625F}C:\users\xx\appdata\local\temp\7zipsfx.001\cf_downloader.exe" = protocol=17 | dir=in | app=c:\users\xx\appdata\local\temp\7zipsfx.001\cf_downloader.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2222706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 SDK
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0170050}" = Java SE Development Kit 7 Update 5
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3ECA0079-088F-4E69-B66A-65D5E687B092}" = KOBIL smartcard terminal driver V2.2.11s  Build: 20100615.1
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{41299100-2BA3-4CC5-8A03-399F152CEE21}" = Brother HL-1230
"{43EF7CA8-0439-4677-BE6B-749B4562BBB6}" = KOBIL drivers x64x86 installation
"{45410935-B52C-468A-A836-0D1000058201}" = BulletStorm
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{6395D480-9F3B-4930-8204-B91C8882F967}" = Stata 10
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A996B6A-846E-4A89-B9C4-17546B7BE49F}" = Burnout(TM) Paradise The Ultimate Box
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BA65F189-47EC-4490-984B-6F3987D65F47}" = KOBIL Smart Key V3.00  Build: 20060821.1
"{BD71B413-9FEE-49BB-A6D1-2C0BFB99BDFE}" = Microsoft LifeCam
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D08A5DFE-F0C2-74FC-DD56-A3B371E9344D}" = EA Shared Game Component: Activation
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.26 Game
"{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}" = FIFA 12
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5D38134BF8A10D640B30E6B014EECDBC5F881E3D" = Windows Driver Package - ENE (enecir) HIDClass  (04/29/2008 2.5.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ASIO4ALL" = ASIO4ALL
"Avira AntiVir Desktop" = Avira Free Antivirus
"Broken Sword 2.5_is1" = Broken Sword 2.5
"Citavi" = Citavi 2.5
"com.ea.Activation.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Shared Game Component: Activation
"DriverAgent.exe" = DriverAgent by eSupport.com
"EA Installer.-1401120959" = EA Installer
"ESET Online Scanner" = ESET Online Scanner v3
"Everything" = Everything 1.2.1.371
"ExamView Pro" = ExamView Assessment Suite
"Fliqlo" = Fliqlo Screen Saver
"Foxit Reader_is1" = Foxit Reader 5.1
"Free Download Manager_is1" = Free Download Manager 3.0
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.9
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"GPL Ghostscript 9.04" = GPL Ghostscript
"GSview 4.9" = GSview 4.9
"HotspotShield" = Hotspot Shield 2.53
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"IrfanView" = IrfanView (remove only)
"latex2rtf" = LaTeX2RTF
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MiKTeX 2.9" = MiKTeX 2.9
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"Mozilla Thunderbird 15.0.1 (x86 en-US)" = Mozilla Thunderbird 15.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"Opera 12.02.1578" = Opera 12.02
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Security Task Manager" = Security Task Manager 1.8d
"Smart card bundle_is1" = Smart card bundle 0.10
"SpywareBlaster_is1" = SpywareBlaster 4.4
"SumatraPDF" = SumatraPDF
"TeXstudio_is1" = TeXstudio 2.2
"Winamp" = Winamp
"WinRAR archiver" = WinRAR archiver
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-17185805-2931279960-2750159110-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Winamp Detect" = Winamp Detector Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 1/31/2012 7:15:32 AM | Computer Name = xx-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot 
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
 - search & destroy\DelZip179.dll" on line 8.  The value "*" of attribute "language"
 in element "assemblyIdentity" is invalid.
 
Error - 1/31/2012 8:19:55 AM | Computer Name = xx-PC | Source = Application Error | ID = 1000
Description = Faulting application name: JustCause2.exe, version: 1.0.0.2, time 
stamp: 0x4ba03354  Faulting module name: MSVCR80.dll, version: 8.0.50727.6195, time
 stamp: 0x4dcddbf3  Exception code: 0xc000000d  Fault offset: 0x00008aa0  Faulting process
 id: 0x490  Faulting application start time: 0x01cce00a5d1a6685  Faulting application
 path: c:\program files\steam\steamapps\common\just cause 2 demo\JustCause2.exe  Faulting
 module path: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
Report
 Id: e2146964-4c05-11e1-8c24-0026222f05fd
 
Error - 1/31/2012 12:41:01 PM | Computer Name = xx-PC | Source = Application Error | ID = 1000
Description = Faulting application name: JustCause2.exe, version: 1.0.0.2, time 
stamp: 0x4ba03354  Faulting module name: MSVCR80.dll, version: 8.0.50727.6195, time
 stamp: 0x4dcddbf3  Exception code: 0xc000000d  Fault offset: 0x00008aa0  Faulting process
 id: 0xfb8  Faulting application start time: 0x01cce034496fd32d  Faulting application
 path: c:\program files\steam\steamapps\common\just cause 2 demo\JustCause2.exe  Faulting
 module path: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
Report
 Id: 5b9f5cb0-4c2a-11e1-8c24-0026222f05fd
 
Error - 2/1/2012 2:33:06 PM | Computer Name = xx-PC | Source = Application Error | ID = 1000
Description = Faulting application name: javaw.exe, version: 6.0.290.11, time stamp:
 0x4e897ca0  Faulting module name: java.dll, version: 6.0.290.11, time stamp: 0x4e89b321
Exception
 code: 0xc0000005  Fault offset: 0x00004e0a  Faulting process id: 0x1424  Faulting application
 start time: 0x01cce10fedb7f16d  Faulting application path: C:\Program Files\Java\jre6\bin\javaw.exe
Faulting
 module path: C:\Program Files\Java\jre6\bin\java.dll  Report Id: 2e319926-4d03-11e1-86aa-0026222f05fd
 
Error - 2/1/2012 8:53:14 PM | Computer Name = xx-PC | Source = VSS | ID = 8194
Description = 
 
Error - 2/2/2012 3:25:34 PM | Computer Name = xx-PC | Source = Application Error | ID = 1000
Description = Faulting application name: JustCause2.exe, version: 1.0.0.2, time 
stamp: 0x4c1b5791  Faulting module name: JustCause2.exe, version: 1.0.0.2, time stamp:
 0x4c1b5791  Exception code: 0xc0000005  Fault offset: 0x00778258  Faulting process id:
 0x16f4  Faulting application start time: 0x01cce1c3ba134b3f  Faulting application path:
 C:\Program Files\Steam\steamapps\common\Just Cause 2\JustCause2.exe  Faulting module
 path: C:\Program Files\Steam\steamapps\common\Just Cause 2\JustCause2.exe  Report
 Id: acfea426-4dd3-11e1-872e-0026222f05fd
 
Error - 2/2/2012 4:49:31 PM | Computer Name = xx-PC | Source = Application Error | ID = 1000
Description = Faulting application name: GameOverlayUI.exe, version: 1.28.5.86, 
time stamp: 0x4f024eb7  Faulting module name: ntdll.dll, version: 6.1.7601.17725, 
time stamp: 0x4ec49b60  Exception code: 0xc0000005  Fault offset: 0x0005333f  Faulting
 process id: 0x1670  Faulting application start time: 0x01cce1e0b7fec518  Faulting application
 path: C:\Program Files\Steam\GameOverlayUI.exe  Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
 Id: 67a2a812-4ddf-11e1-872e-0026222f05fd
 
Error - 2/3/2012 4:50:03 AM | Computer Name = xx-PC | Source = SideBySide | ID = 16842827
Description = Activation context generation failed for "C:\Program Files\Skype\Toolbars\Internet
 Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program 
Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.  Multiple
 requestedPrivileges elements are not allowed in manifest.
 
Error - 2/3/2012 4:53:55 AM | Computer Name = xx-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot 
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
 - search & destroy\DelZip179.dll" on line 8.  The value "*" of attribute "language"
 in element "assemblyIdentity" is invalid.
 
Error - 2/3/2012 6:04:45 AM | Computer Name = xx-PC | Source = MsiInstaller | ID = 1013
Description = 
 
[ System Events ]
Error - 9/13/2012 10:19:23 AM | Computer Name = xx-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 9/13/2012 10:54:19 AM | Computer Name = xx-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service.  However,
 the system is configured to not allow interactive services.  This service may not
 function properly.
 
Error - 9/13/2012 11:00:02 AM | Computer Name = xx-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service.  However,
 the system is configured to not allow interactive services.  This service may not
 function properly.
 
Error - 9/13/2012 11:03:54 AM | Computer Name = xx-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:02:12 PM on ?9/?13/?2012 was unexpected.
 
Error - 9/13/2012 11:03:53 AM | Computer Name = xx-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 9/13/2012 11:03:53 AM | Computer Name = xx-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 9/13/2012 2:06:49 PM | Computer Name = xx-PC | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
 timeout period. This may indicate that there is an error in the EC hardware or 
firmware or that the BIOS is accessing the EC incorrectly. You should check with
 your computer manufacturer for an upgraded BIOS. In some situations, this error
 may cause the computer to function incorrectly.
 
Error - 9/13/2012 2:18:55 PM | Computer Name = xx-PC | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
 timeout period. This may indicate that there is an error in the EC hardware or 
firmware or that the BIOS is accessing the EC incorrectly. You should check with
 your computer manufacturer for an upgraded BIOS. In some situations, this error
 may cause the computer to function incorrectly.
 
Error - 9/13/2012 2:45:47 PM | Computer Name = xx-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 9/13/2012 2:45:47 PM | Computer Name = xx-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
 
< End of report >

Alt 14.09.2012, 13:35   #22
schrauber
/// the machine
/// TB-Ausbilder
 
Antivir-Fund: BOO/Whistler.DB - Objekt:Masterbootsektor HD1 sowie Masterbootsektor der ext. HD (F:) - Standard

Antivir-Fund: BOO/Whistler.DB - Objekt:Masterbootsektor HD1 sowie Masterbootsektor der ext. HD (F:)


Hi,

Bitte die alte Java Version und ASK Toolbar über Systemsteuerung > Software deinstallieren.



Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
ATTFilter
:OTL
DRV - (XDva383) -- C:\Windows\system32\XDva383.sys File not found
DRV - (XDva382) -- C:\Windows\system32\XDva382.sys File not found
DRV - (Tosrfcom) --  File not found
DRV - (catchme) -- C:\Users\xx\AppData\Local\Temp\catchmeirbk.sys File not found
[2012/09/07 02:04:08 | 000,000,000 | ---- | M] () -- C:\ProgramData\E23VeBLen.dat
[2012/09/07 02:03:53 | 000,000,001 | ---- | M] () -- C:\ProgramData\NkH7rLHY.exe_.b
[2012/09/07 02:03:53 | 000,000,001 | ---- | M] () -- C:\ProgramData\NkH7rLHY.exe.b
:Commands
[emptytemp]
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Code-Tags in Deinen Thread.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 14.09.2012, 13:46   #23
mifi
 
Antivir-Fund: BOO/Whistler.DB - Objekt:Masterbootsektor HD1 sowie Masterbootsektor der ext. HD (F:) - Standard

Antivir-Fund: BOO/Whistler.DB - Objekt:Masterbootsektor HD1 sowie Masterbootsektor der ext. HD (F:)


alte javaversionen habe ich deinstalliert;die ask toolbar ist aber nicht in der programmliste der systemsteuerung vorhanden..

Alt 14.09.2012, 13:57   #24
schrauber
/// the machine
/// TB-Ausbilder
 
Antivir-Fund: BOO/Whistler.DB - Objekt:Masterbootsektor HD1 sowie Masterbootsektor der ext. HD (F:) - Standard

Antivir-Fund: BOO/Whistler.DB - Objekt:Masterbootsektor HD1 sowie Masterbootsektor der ext. HD (F:)


Dann lass das weg
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 14.09.2012, 13:59   #25
mifi
 
Antivir-Fund: BOO/Whistler.DB - Objekt:Masterbootsektor HD1 sowie Masterbootsektor der ext. HD (F:) - Standard

Antivir-Fund: BOO/Whistler.DB - Objekt:Masterbootsektor HD1 sowie Masterbootsektor der ext. HD (F:)


ok, hier der log

Code:
ATTFilter
All processes killed
========== OTL ==========
Error: No service named XDva383 was found to stop!
Service\Driver key XDva383 not found.
File  C:\Windows\system32\XDva383.sys File not found not found.
Error: No service named XDva382 was found to stop!
Service\Driver key XDva382 not found.
File  C:\Windows\system32\XDva382.sys File not found not found.
Error: No service named Tosrfcom was found to stop!
Service\Driver key Tosrfcom not found.
File   File not found not found.
Error: No service named catchme was found to stop!
Service\Driver key catchme not found.
File  C:\Users\xx\AppData\Local\Temp\catchmeirbk.sys File not found not found.
File C:\ProgramData\E23VeBLen.dat not found.
File C:\ProgramData\NkH7rLHY.exe_.b not found.
File C:\ProgramData\NkH7rLHY.exe.b not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: xx
->Temp folder emptied: 132450 bytes
->Temporary Internet Files folder emptied: 428792 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 7000229 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 584 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 7.00 mb
 
 
OTL by OldTimer - Version 3.2.61.3 log created on 09142012_145506

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Alt 14.09.2012, 14:04   #26
schrauber
/// the machine
/// TB-Ausbilder
 
Antivir-Fund: BOO/Whistler.DB - Objekt:Masterbootsektor HD1 sowie Masterbootsektor der ext. HD (F:) - Standard

Antivir-Fund: BOO/Whistler.DB - Objekt:Masterbootsektor HD1 sowie Masterbootsektor der ext. HD (F:)


Noch irgendwelche Probleme mit dem Rechner?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 14.09.2012, 14:12   #27
mifi
 
Antivir-Fund: BOO/Whistler.DB - Objekt:Masterbootsektor HD1 sowie Masterbootsektor der ext. HD (F:) - Standard

Antivir-Fund: BOO/Whistler.DB - Objekt:Masterbootsektor HD1 sowie Masterbootsektor der ext. HD (F:)


Nein, läuft alles soweit in Ordnung!

Alt 14.09.2012, 14:44   #28
schrauber
/// the machine
/// TB-Ausbilder
 
Antivir-Fund: BOO/Whistler.DB - Objekt:Masterbootsektor HD1 sowie Masterbootsektor der ext. HD (F:) - Standard

Antivir-Fund: BOO/Whistler.DB - Objekt:Masterbootsektor HD1 sowie Masterbootsektor der ext. HD (F:)


Hi,

Start > Ausführen

Combofix /Uninstall



OTL öffnen, Cleanup Button drücken.



Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort
Seite 2 von 2 1 2

Themen zu Antivir-Fund: BOO/Whistler.DB - Objekt:Masterbootsektor HD1 sowie Masterbootsektor der ext. HD (F:)
administrator, anti-malware, antivir, anwendung, appdata, autostart, bundespolizei-virus, cache, code, dateien, downloader, entfernen, escan, explorer, fund, gelöscht, java, mas, microsoft, neuinstallation, nicht möglich, software, speicher, spyware.zbot.dgen, systemstart, temp, trojan.phex.thagen, trojaner, virus, wgsdgsdgdsgsd.exe, win32/installcore.d


« Trojan.Agent/Gen-Downloader in C:\PROGRAMDATA\NVIDIA\UPDATUS\DOWNLOAD\24479DC7\UPDATUS.10032098_RUNASUSER.EXE und C:\PROGRAMDATA\NVIDIA\UPDA | BKA-Trojaner - ..\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) »


Ähnliche Themen: Antivir-Fund: BOO/Whistler.DB - Objekt:Masterbootsektor HD1 sowie Masterbootsektor der ext. HD (F:)


  1. Avira Fund B00/Whistler.DB im Masterbootsektor HD0 und Bootsektor 'C:\'
    Log-Analyse und Auswertung - 26.09.2013 (15)
  2. BOO/Whistler.DB in 'Masterbootsektor HD1' und 'Bootsektor 'I:\''
    Log-Analyse und Auswertung - 09.04.2013 (12)
  3. Avira findet "BOO/Whistler.A" in Masterbootsektor HD0 Bootsektor 'C:\', lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 16.08.2012 (51)
  4. Virus BOO/Whistler.DB im Masterbootsektor HD1 gefunden(Avira)
    Plagegeister aller Art und deren Bekämpfung - 16.08.2012 (5)
  5. boo/whistler.db im Masterbootsektor gefunden
    Plagegeister aller Art und deren Bekämpfung - 09.08.2012 (33)
  6. Fund: BOO/Whistler.DB - Objekt:Masterbootsektor HD0 (von Antivir)
    Log-Analyse und Auswertung - 12.06.2012 (7)
  7. BOO/Dosump.A in Masterbootsektor
    Plagegeister aller Art und deren Bekämpfung - 04.04.2012 (5)
  8. Boo.Whistler.A im Masterbootsektor
    Plagegeister aller Art und deren Bekämpfung - 29.03.2012 (1)
  9. BOO/Whistler.A in Masterbootsektor HD0, sowie in beiden Partitionen gefunden
    Log-Analyse und Auswertung - 02.01.2012 (27)
  10. BOO/Whistler.A in Masterbootsektor gefunden F und I
    Log-Analyse und Auswertung - 21.11.2011 (22)
  11. BOO/TDss.M im Masterbootsektor gefunden.(Antivir) Auch nach Systemrücksetzung mit Samsung Recovery
    Plagegeister aller Art und deren Bekämpfung - 03.11.2011 (36)
  12. Masterbootsektor Virus "BOO/Whistler"
    Log-Analyse und Auswertung - 30.09.2011 (34)
  13. Boo Whistler im Masterbootsektor
    Log-Analyse und Auswertung - 07.09.2011 (18)
  14. BOO/Whistler.A in Masterbootsektor gefunden,Lfw D: ist verschwunden
    Log-Analyse und Auswertung - 11.08.2011 (25)
  15. BOO/Sinowal.F in Masterbootsektor
    Plagegeister aller Art und deren Bekämpfung - 25.08.2010 (17)
  16. AntiVir Warnung im Masterbootsektor
    Log-Analyse und Auswertung - 12.11.2008 (9)
  17. Masterbootsektor HD5 BOO/Sinowal.A
    Plagegeister aller Art und deren Bekämpfung - 08.09.2008 (24)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Antivir-Fund: BOO/Whistler.DB - Objekt:Masterbootsektor HD1 sowie Masterbootsektor der ext. HD (F:) - Hi, Scripten mit Combofix Öffne den Editor ( Start -> Zubehör -> Editor ) kopiere nun folgenden Text in das weiße Feld: Code: Alles auswählen Aufklappen ATTFilter Driver:: KOBCCEX KOBCCID - Antivir-Fund: BOO/Whistler.DB - Objekt:Masterbootsektor HD1 sowie Masterbootsektor der ext. HD (F:)...
Archiv
Du betrachtest: Antivir-Fund: BOO/Whistler.DB - Objekt:Masterbootsektor HD1 sowie Masterbootsektor der ext. HD (F:) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129