| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Pc langsam, überall WerbungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
27.12.2012, 16:48
| #1 | |
 |  Pc langsam, überall Werbung Guten Tag. Da mein eigener Laptop befallen war bzw ist , bin ich momentan am alten Laptop meines Bruders (Vista). Mir ist beim Arbeiten aufgefallen, dass er für alles immer sehr lange braucht und im Internet vermehrt Werbung zu sehen ist. Ich spreche nicht von diesen Werbeanzeigen am Rande von Facebook und co, sondern, dass auf allen Internetseiten irgendwelche Wörter 'markiert' sind und wenn man mit der Maus darüber faehrt, erscheinen eigenartige Werbungen. Ich habe bis jetzt nur Malwarebytes Anti-Malware heruntergeladen und einen Vollscan durchgeführt. Momentan laeuft dieser noch (seit ca zwei Stunden) und hat bisher 9 infizierte auf ca 180000 Datein gefunden. Es waere nett wenn mir Jemand beim weiteren Verfahren helfen könnte, da ich was sowas angeht nicht gerade begabt bin. Mit freundlichen Grüssen Es wurden 13 infizierte Objekte gefunden: Zitat:
|
|
27.12.2012, 18:06
| #2 |
| /// Malware-holic   | Pc langsam, überall Werbung Hi
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
27.12.2012, 19:05
| #3 |
| | Pc langsam, überall Werbung OTL.Txt
__________________OTL Logfile: Code:
ATTFilter OTL logfile created on: 27.12.2012 18:21:10 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\vince\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 61,35% Memory free 6,20 Gb Paging File | 4,82 Gb Available in Paging File | 77,81% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 100,25 Gb Total Space | 30,21 Gb Free Space | 30,14% Space Free | Partition Type: NTFS Drive D: | 187,83 Gb Total Space | 167,29 Gb Free Space | 89,06% Space Free | Partition Type: NTFS Computer Name: VINCE-PC | User Name: vince | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.27 18:19:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\vince\Desktop\OTL.exe PRC - [2012.10.19 14:51:08 | 000,395,200 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe PRC - [2012.10.15 11:58:22 | 000,779,200 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.08.08 17:47:07 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.06.20 12:18:08 | 001,568,976 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe PRC - [2012.05.02 00:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.01 23:55:24 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2012.05.01 23:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012.04.26 17:33:17 | 001,064,960 | ---- | M] () -- C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe PRC - [2012.04.24 01:11:59 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.09.30 16:08:16 | 000,018,432 | ---- | M] () -- C:\Users\vince\AppData\LocalLow\FileZilla\IE\FileZillaUpdater.exe PRC - [2010.09.02 15:23:28 | 001,638,400 | ---- | M] (Eastman Kodak Company) -- C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.10.08 01:19:12 | 000,565,248 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe PRC - [2008.10.06 10:07:26 | 000,679,936 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2008.08.26 01:59:54 | 000,045,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe PRC - [2008.08.07 03:55:38 | 000,352,256 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe PRC - [2008.07.10 12:42:14 | 000,819,200 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe PRC - [2008.07.10 12:12:40 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe PRC - [2008.05.13 01:13:28 | 000,085,672 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SLUTrayNotifier.exe PRC - [2008.04.17 03:50:00 | 006,111,232 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.02.12 05:19:52 | 000,723,496 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe ========== Modules (No Company Name) ========== MOD - [2012.04.26 17:33:17 | 001,064,960 | ---- | M] () -- C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe MOD - [2008.05.13 01:13:28 | 000,085,672 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SLUTrayNotifier.exe MOD - [2007.08.14 05:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll MOD - [2007.07.12 05:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2007.07.12 05:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll MOD - [2006.08.12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Samsung Magic Doctor\HookDllPS2.dll MOD - [2006.08.12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\EasySpeedUpManager\HookDllPS2.dll MOD - [2006.08.12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll ========== Services (SafeList) ========== SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.10.19 14:51:08 | 000,395,200 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service) SRV - [2012.10.15 11:58:22 | 000,779,200 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service) SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.05.02 00:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.01 23:55:24 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2012.05.01 23:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.12.24 23:39:17 | 000,114,000 | ---- | M] (Joosoft.com GmbH) [Auto | Running] -- C:\Windows\System32\UpdSvc.dll -- (Update-Service) SRV - [2011.09.30 16:08:16 | 000,018,432 | ---- | M] () [Auto | Running] -- C:\Users\vince\AppData\LocalLow\FileZilla\IE\FileZillaUpdater.exe -- (FileZillaUpdater) SRV - [2008.07.10 12:42:14 | 000,819,200 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2008.07.10 12:12:40 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2008.05.13 00:47:20 | 000,077,480 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva397.sys -- (XDva397) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva394.sys -- (XDva394) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_juextctrl.sys -- (huawei_ext_ctrl) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jubusenum.sys -- (huawei_enumerator) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jucdcecm.sys -- (huawei_cdcecm) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jucdcacm.sys -- (huawei_cdcacm) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_usbenumfilter.sys -- (ew_usbenumfilter) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_hwusbdev.sys -- (ew_hwusbdev) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt) DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.04.27 09:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.04.24 23:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.16 20:18:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.10.22 15:12:39 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2011.10.22 15:12:39 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010.08.06 16:52:54 | 000,016,896 | ---- | M] (Siliten) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\InputFilter_FlexDef2c.sys -- (InputFilter_Hid_FlexDef2c) DRV - [2010.07.01 14:21:14 | 000,034,896 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER) DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.03.18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2008.09.03 17:05:34 | 000,238,464 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMC326.sys -- (VMC326) DRV - [2008.08.05 19:29:26 | 000,044,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2008.07.26 20:24:00 | 007,548,000 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.06.05 08:30:28 | 000,242,048 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmc302.sys -- (VMC302) DRV - [2008.04.27 03:07:00 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.01.21 03:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) DRV - [2007.05.23 09:13:10 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO) DRV - [2006.11.28 08:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006.11.02 08:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\SAMSUNG NOTEBOOK PC IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\SAMSUNG NOTEBOOK PC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Upgrade to Google Chrome IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredibar.com/mb139?a=6R8s06YBR4&i=26 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Upgrade to Google Chrome IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome IE - HKCU\..\URLSearchHook: - SOFTWARE\Classes\CLSID\\InprocServer32 File not found IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://mp3tubetoolbarsearch.com/?tmp=nemo_results_removelink2&keywords={searchTerms} IE - HKCU\..\SearchScopes\{0F8CDE9C-1C05-4CAA-B2F2-6586DC38E4F7}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=sm IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searcphp?q={searchTerms}&ch_id=sm IE - HKCU\..\SearchScopes\{87D921EA-63F4-4F70-AC02-E1D89D58DD2A}: "URL" = hxxp://mp3tubetoolbar.com/?tmp=toolbar_sb_results&prt=pinballtbfour01ie&Keywords={searchTerms}&clid=dbc2f538af104f8a8bad604044780659 IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms} IE - HKCU\..\SearchScopes\{B496EDFD-B4CA-4983-8543-BFDF124C8F0E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=bf35e7c3-508a-4e47-bf2a-de3282ed138e&apn_sauid=C1A3E496-2E94-4D0B-9C72-C7C98401ABDE IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb139/?search={searchTerms}&loc=IB_DS&a=6R8s06YBR4&i=26 IE - HKCU\..\SearchScopes\{D0CECDFE-A150-4927-95C8-7A7C70A8C07B}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=685749&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://search.iminent.com/?appId=f86d5f18-d600-4714-97da-ea91a67622d9&lcid=1031&ref=homepage" FF - prefs.js..extensions.enabledAddons: ciuvo-extension@icq.de:1.2.663 FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.3.8.20110919032113 FF - prefs.js..extensions.enabledAddons: client@filezilla.org:3.5.1 FF - prefs.js..extensions.enabledAddons: battlefieldheroespatcher@ea.com:5.0.127.0 FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=bf35e7c3-508a-4e47-bf2a-de3282ed138e&apn_ptnrs=%5EABT&apn_sauid=C1A3E496-2E94-4D0B-9C72-C7C98401ABDE&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=685749&ilc=12" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\vince\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\vince\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\4fa25cd2ec967@4fa25cd2ec969.info: C:\Users\vince\AppData\Roaming\Mozilla\Firefox\Profiles\tip0h44n.default\extensions\4fa25cd2ec967@4fa25cd2ec969.info [2012.05.05 17:12:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Protector by IB\Firefox [2011.03.28 22:34:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\vince\AppData\Roaming\mozilla\Extensions [2012.06.27 20:18:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\vince\AppData\Roaming\mozilla\Firefox\Profiles\tip0h44n.default\extensions [2011.09.30 10:45:28 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\vince\AppData\Roaming\mozilla\Firefox\Profiles\tip0h44n.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011.10.07 01:56:10 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\vince\AppData\Roaming\mozilla\Firefox\Profiles\tip0h44n.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.08.13 19:52:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\vince\AppData\Roaming\mozilla\Firefox\Profiles\tip0h44n.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}8132011205157 [2012.05.05 19:09:23 | 000,000,000 | ---D | M] (uTorrentBar_DE Community Toolbar) -- C:\Users\vince\AppData\Roaming\mozilla\Firefox\Profiles\tip0h44n.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} [2012.05.05 17:12:50 | 000,000,000 | ---D | M] (Bcool) -- C:\Users\vince\AppData\Roaming\mozilla\Firefox\Profiles\tip0h44n.default\extensions\4fa25cd2ec967@4fa25cd2ec969.info [2011.10.06 18:14:05 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\vince\AppData\Roaming\mozilla\Firefox\Profiles\tip0h44n.default\extensions\battlefieldheroespatcher@ea.com [2011.10.07 01:56:15 | 000,000,000 | ---D | M] (ICQ Sparberater) -- C:\Users\vince\AppData\Roaming\mozilla\Firefox\Profiles\tip0h44n.default\extensions\ciuvo-extension@icq.de [2011.10.05 15:45:26 | 000,000,000 | ---D | M] (FileZilla) -- C:\Users\vince\AppData\Roaming\mozilla\Firefox\Profiles\tip0h44n.default\extensions\client@filezilla.org [2012.05.05 19:09:03 | 000,000,000 | ---D | M] ("Vid-Saver") -- C:\Users\vince\AppData\Roaming\mozilla\Firefox\Profiles\tip0h44n.default\extensions\crossriderapp3491@crossrider.com [2012.04.29 21:21:01 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\vince\AppData\Roaming\mozilla\Firefox\Profiles\tip0h44n.default\extensions\ffxtlbr@babylon.com [2012.05.05 17:14:18 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\vince\AppData\Roaming\mozilla\Firefox\Profiles\tip0h44n.default\extensions\ffxtlbr@incredibar.com [2012.05.05 17:25:39 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\vince\AppData\Roaming\mozilla\Firefox\Profiles\tip0h44n.default\extensions\plugin@yontoo.com [2012.06.27 20:18:49 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\vince\AppData\Roaming\mozilla\Firefox\Profiles\tip0h44n.default\extensions\toolbar@ask.com [2011.10.07 01:56:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\vince\AppData\Roaming\mozilla\Firefox\Profiles\tip0h44n.default\extensions\ciuvo-extension@icq.de\chrome [2011.09.25 19:51:37 | 000,090,427 | ---- | M] () (No name found) -- C:\Users\vince\AppData\Roaming\mozilla\firefox\profiles\tip0h44n.default\extensions\ciuvo-extension@icq.de.xpi [2012.05.05 17:27:04 | 000,086,809 | ---- | M] () (No name found) -- C:\Users\vince\AppData\Roaming\mozilla\firefox\profiles\tip0h44n.default\extensions\OneClickDownloader@OneClickDownloader.com.xpi [2012.06.27 20:18:48 | 000,002,344 | ---- | M] () -- C:\Users\vince\AppData\Roaming\mozilla\firefox\profiles\tip0h44n.default\searchplugins\askcom.xml [2011.10.05 15:36:12 | 000,000,950 | ---- | M] () -- C:\Users\vince\AppData\Roaming\mozilla\firefox\profiles\tip0h44n.default\searchplugins\icqplugin-1.xml [2011.08.15 16:07:14 | 000,000,950 | ---- | M] () -- C:\Users\vince\AppData\Roaming\mozilla\firefox\profiles\tip0h44n.default\searchplugins\icqplugin-2.xml [2011.08.23 18:42:02 | 000,000,950 | ---- | M] () -- C:\Users\vince\AppData\Roaming\mozilla\firefox\profiles\tip0h44n.default\searchplugins\icqplugin-3.xml [2011.09.01 10:31:25 | 000,000,950 | ---- | M] () -- C:\Users\vince\AppData\Roaming\mozilla\firefox\profiles\tip0h44n.default\searchplugins\icqplugin-4.xml [2011.09.08 15:21:06 | 000,000,950 | ---- | M] () -- C:\Users\vince\AppData\Roaming\mozilla\firefox\profiles\tip0h44n.default\searchplugins\icqplugin-5.xml [2011.09.18 16:03:05 | 000,000,950 | ---- | M] () -- C:\Users\vince\AppData\Roaming\mozilla\firefox\profiles\tip0h44n.default\searchplugins\icqplugin-6.xml [2011.09.30 19:23:26 | 000,000,950 | ---- | M] () -- C:\Users\vince\AppData\Roaming\mozilla\firefox\profiles\tip0h44n.default\searchplugins\icqplugin-7.xml [2011.10.03 00:40:51 | 000,000,950 | ---- | M] () -- C:\Users\vince\AppData\Roaming\mozilla\firefox\profiles\tip0h44n.default\searchplugins\icqplugin-8.xml [2011.03.30 14:13:16 | 000,001,033 | ---- | M] () -- C:\Users\vince\AppData\Roaming\mozilla\firefox\profiles\tip0h44n.default\searchplugins\icqplugin.xml [2012.05.05 17:27:51 | 000,002,270 | ---- | M] () -- C:\Users\vince\AppData\Roaming\mozilla\firefox\profiles\tip0h44n.default\searchplugins\SearchTheWeb.xml File not found (No name found) -- C:\PROGRAM FILES\SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION [2011.04.02 08:38:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\vince\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\vince\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\vince\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: registryAccess (Enabled) = C:\Users\vince\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj\7.15.4.0_0\background/registryAccess.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonEU\NGM\npNxGameeu.dll CHR - plugin: Google Update (Enabled) = C:\Users\vince\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: Avira Toolbar = C:\Users\vince\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj\7.15.4.24169_0\ CHR - Extension: YouTube = C:\Users\vince\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\vince\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: FileZilla = C:\Users\vince\AppData\Local\Google\Chrome\User Data\Default\Extensions\gedcafmnbhjoenmgefkpiecngeheonjn\3.5.1_0\ CHR - Extension: uTorrentBar_DE = C:\Users\vince\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\2.3.18.20_0\ CHR - Extension: Bcool = C:\Users\vince\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhmkojkhiojminenihlhibohhdleghaa\1.0_0\ CHR - Extension: Yontoo = C:\Users\vince\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.2_0\ CHR - Extension: Google Mail = C:\Users\vince\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (FileZilla) - {7AAB1838-349A-4AAE-A039-8023951AF399} - C:\Users\vince\AppData\LocalLow\FileZilla\IE\FileZilla.dll (Tim Kosse) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll File not found O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [4StoryPrePatch] D:\4Story1\4Story_DE\PrePatch.exe (Zemi Interactive Inc.) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Conime] C:\Windows\System32\conime.exe (Microsoft Corporation) O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company) O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe (NEXON Inc.) O4 - HKCU..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED File not found O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\system32\d3dygni9j.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{10BEEBFF-2850-4E41-8E84-07B3D78420F0}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{37FBAEDD-AAAA-4F86-8391-1917F8367B32}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{4668c7fc-2e76-11e1-9adb-001377ac99a8}\Shell - "" = AutoRun O33 - MountPoints2\{4668c7fc-2e76-11e1-9adb-001377ac99a8}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{4668c80a-2e76-11e1-9adb-001377ac99a8}\Shell - "" = AutoRun O33 - MountPoints2\{4668c80a-2e76-11e1-9adb-001377ac99a8}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{e0f22c96-31ad-11e1-a0d2-001377ac99a8}\Shell - "" = AutoRun O33 - MountPoints2\{e0f22c96-31ad-11e1-a0d2-001377ac99a8}\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {8F736E10-8E5C-4399-A532-D0C00A406227} - Microsoft .NET Framework 1.1 Security Update (KB2698023) ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT System Restore Service not available. ========== Files/Folders - Created Within 30 Days ========== [2012.12.27 18:19:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\vince\Desktop\OTL.exe [2012.12.27 15:08:53 | 000,000,000 | ---D | C] -- C:\Users\vince\AppData\Roaming\Malwarebytes [2012.12.27 15:08:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.12.27 15:08:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.12.27 15:08:50 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.12.27 15:08:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.12.27 15:06:11 | 010,669,952 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\vince\Desktop\mbam-setup-1.65.1.1000.exe [2012.12.25 17:10:35 | 000,000,000 | ---D | C] -- C:\Users\vince\DCIM [2012.12.14 11:17:05 | 000,000,000 | ---D | C] -- C:\Users\vince\Desktop\Laura [2012.12.14 11:17:05 | 000,000,000 | ---D | C] -- C:\Users\vince\Desktop\Henrike [2012.12.14 11:17:05 | 000,000,000 | ---D | C] -- C:\Users\vince\Desktop\Hendrik [2012.12.14 11:17:05 | 000,000,000 | ---D | C] -- C:\Users\vince\Desktop\Alicia [2012.12.12 19:43:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3 [2012.12.11 19:31:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintProjects [2012.12.11 19:31:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Visan [2012.12.11 19:31:12 | 000,000,000 | ---D | C] -- C:\ProgramData\PrintProjects [2012.12.11 19:31:12 | 000,000,000 | ---D | C] -- C:\Program Files\PrintProjects [2012.12.11 19:30:34 | 000,000,000 | ---D | C] -- C:\Users\vince\AppData\Local\Eastman_Kodak_Company [2012.12.11 19:27:23 | 000,000,000 | ---D | C] -- C:\Users\vince\AppData\Local\Eastman Kodak Company [2012.12.11 19:26:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak [2012.12.11 19:21:12 | 000,000,000 | ---D | C] -- C:\Program Files\Kodak [2012.12.11 19:19:39 | 000,000,000 | ---D | C] -- C:\Users\vince\AppData\Roaming\Temp [2012.12.11 19:18:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Kodak [2012.12.11 19:16:30 | 010,000,984 | ---- | C] (Eastman Kodak Company) -- C:\Users\vince\Desktop\aio_install.exe [2012.12.11 19:15:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\kodak [2012.12.10 21:48:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.12.10 21:48:24 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2012.12.10 04:54:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.12.10 04:54:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012.12.10 04:54:39 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.12.27 18:19:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\vince\Desktop\OTL.exe [2012.12.27 17:51:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-586206976-2465041360-4002502863-1003UA.job [2012.12.27 16:58:20 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.27 16:58:20 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.27 15:08:51 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.27 15:06:45 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\vince\Desktop\mbam-setup-1.65.1.1000.exe [2012.12.27 15:04:34 | 000,731,802 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.12.27 15:04:34 | 000,681,358 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.12.27 15:04:34 | 000,170,010 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.12.27 15:04:34 | 000,137,736 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.12.27 14:59:28 | 000,052,659 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.12.27 14:58:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.27 14:58:13 | 3215,572,992 | -HS- | M] () -- C:\hiberfil.sys [2012.12.26 21:20:01 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.12.25 22:51:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-586206976-2465041360-4002502863-1003Core.job [2012.12.25 17:03:36 | 000,028,672 | ---- | M] () -- C:\Users\vince\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.12.22 16:02:30 | 000,376,960 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.12.11 22:57:04 | 000,003,555 | ---- | M] () -- C:\Users\vince\Documents\Dokument.rtf [2012.12.11 19:31:14 | 000,001,703 | ---- | M] () -- C:\Users\Public\Desktop\PrintProjects.lnk [2012.12.11 19:30:22 | 000,001,977 | ---- | M] () -- C:\Users\Public\Desktop\KODAK AiO Home Center.lnk [2012.12.11 19:17:49 | 010,000,984 | ---- | M] (Eastman Kodak Company) -- C:\Users\vince\Desktop\aio_install.exe [2012.12.10 04:54:40 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.27 15:08:51 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.12 06:27:28 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.12.12 06:27:28 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.12.11 21:24:22 | 000,003,555 | ---- | C] () -- C:\Users\vince\Documents\Dokument.rtf [2012.12.11 19:31:14 | 000,001,703 | ---- | C] () -- C:\Users\Public\Desktop\PrintProjects.lnk [2012.12.11 19:30:22 | 000,001,977 | ---- | C] () -- C:\Users\Public\Desktop\KODAK AiO Home Center.lnk [2012.12.10 04:54:40 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2012.01.26 19:03:34 | 000,000,000 | ---- | C] () -- C:\ProgramData\ecf63a2c271ad8f0ca5d67be4ff9cf19_c [2011.12.25 14:58:11 | 000,139,424 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011.12.25 14:57:53 | 000,282,104 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2011.12.25 14:57:43 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2011.12.25 03:14:52 | 000,000,285 | ---- | C] () -- C:\Windows\System32\MRT.INI [2011.10.22 15:12:39 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2011.10.22 15:12:39 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2011.06.09 16:44:27 | 000,000,680 | ---- | C] () -- C:\Users\vince\AppData\Local\d3d9caps.dat [2011.04.27 23:13:20 | 000,000,093 | ---- | C] () -- C:\Users\vince\AppData\Local\fusioncache.dat [2011.04.01 18:12:48 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.04.01 13:30:21 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011.04.01 13:30:21 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011.03.29 17:18:46 | 000,138,056 | ---- | C] () -- C:\Users\vince\AppData\Roaming\PnkBstrK.sys [2011.03.29 14:31:04 | 000,052,659 | ---- | C] () -- C:\ProgramData\nvModes.001 [2011.03.29 14:30:12 | 000,052,659 | ---- | C] () -- C:\ProgramData\nvModes.dat [2011.03.29 06:16:26 | 000,028,672 | ---- | C] () -- C:\Users\vince\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.06.12 12:50:19 | 000,000,000 | ---D | M] -- C:\Users\vince\AppData\Roaming\.minecraft [2012.05.25 18:57:20 | 000,000,000 | ---D | M] -- C:\Users\vince\AppData\Roaming\Audacity [2012.04.29 21:20:24 | 000,000,000 | ---D | M] -- C:\Users\vince\AppData\Roaming\Babylon [2011.07.08 19:39:15 | 000,000,000 | ---D | M] -- C:\Users\vince\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2011.10.05 17:19:12 | 000,000,000 | ---D | M] -- C:\Users\vince\AppData\Roaming\Hi-Rez Studios [2011.10.07 03:31:37 | 000,000,000 | ---D | M] -- C:\Users\vince\AppData\Roaming\ICQ [2011.06.06 18:53:25 | 000,000,000 | ---D | M] -- C:\Users\vince\AppData\Roaming\IObit [2012.01.09 22:45:29 | 000,000,000 | ---D | M] -- C:\Users\vince\AppData\Roaming\PhotoScape [2012.03.18 00:09:11 | 000,000,000 | ---D | M] -- C:\Users\vince\AppData\Roaming\Screaming Bee [2011.12.24 22:43:31 | 000,000,000 | ---D | M] -- C:\Users\vince\AppData\Roaming\T-Mobile [2012.02.08 18:25:30 | 000,000,000 | ---D | M] -- C:\Users\vince\AppData\Roaming\TeamViewer [2012.12.11 19:19:39 | 000,000,000 | ---D | M] -- C:\Users\vince\AppData\Roaming\Temp [2012.05.13 16:26:29 | 000,000,000 | ---D | M] -- C:\Users\vince\AppData\Roaming\TS3Client [2012.05.11 23:54:32 | 000,000,000 | ---D | M] -- C:\Users\vince\AppData\Roaming\ts3overlay [2012.05.05 21:17:27 | 000,000,000 | ---D | M] -- C:\Users\vince\AppData\Roaming\uTorrent ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.08.20 20:54:21 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2011.10.02 15:08:37 | 000,000,000 | -HSD | M] -- C:\Boot [2012.04.13 17:03:43 | 000,000,000 | ---D | M] -- C:\CFLog [2012.12.11 19:31:11 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010.08.20 20:48:23 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.06.23 16:40:15 | 000,000,000 | ---D | M] -- C:\Download [2011.06.09 12:01:51 | 000,000,000 | -HSD | M] -- C:\found.000 [2008.10.09 11:53:38 | 000,000,000 | ---D | M] -- C:\Intel [2008.10.09 12:24:18 | 000,000,000 | RH-D | M] -- C:\MSOCache [2008.10.09 12:11:45 | 000,000,000 | ---D | M] -- C:\MyWorks [2012.04.26 17:33:12 | 000,000,000 | ---D | M] -- C:\Nexon [2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.12.27 15:08:50 | 000,000,000 | ---D | M] -- C:\Program Files [2012.12.27 15:08:51 | 000,000,000 | -H-D | M] -- C:\ProgramData [2010.08.20 20:48:23 | 000,000,000 | -HSD | M] -- C:\Programme [2011.12.25 03:14:52 | 000,000,000 | -H-D | M] -- C:\Recycle.Bin [2012.12.26 15:17:05 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.05.11 23:56:28 | 000,000,000 | ---D | M] -- C:\ts3overlay [2010.08.20 20:52:31 | 000,000,000 | R--D | M] -- C:\Users [2010.08.11 01:52:30 | 000,000,000 | ---D | M] -- C:\windiag [2012.12.12 06:45:37 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2006.11.02 10:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2006.11.02 10:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2006.11.02 10:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2006.11.02 10:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2009.04.11 07:27:17 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2006.11.02 14:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2006.11.02 14:01:49 | 000,032,534 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.06.27 21:13:37 | 000,001,068 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-586206976-2465041360-4002502863-1003Core.job [2012.06.27 21:13:37 | 000,001,120 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-586206976-2465041360-4002502863-1003UA.job < MD5 for: AGP440.SYS > [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2004.08.04 04:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\$Recycle.Bin\S-1-5-21-586206976-2465041360-4002502863-1003\$R9GOUV5\OTLPE_New_Std\I386\SYSTEM32\DRIVERS\AGP440.SYS [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2004.08.04 02:07:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\$Recycle.Bin\S-1-5-21-586206976-2465041360-4002502863-1003\$R9GOUV5\OTLPE_New_Std\I386\SYSTEM32\DRIVERS\ATAPI.SYS < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2004.08.04 02:07:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\$Recycle.Bin\S-1-5-21-586206976-2465041360-4002502863-1003\$R9GOUV5\OTLPE_New_Std\I386\SYSTEM32\EVENTLOG.DLL < MD5 for: EXPLORER.EXE > [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2004.08.04 02:07:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\$Recycle.Bin\S-1-5-21-586206976-2465041360-4002502863-1003\$R9GOUV5\OTLPE_New_Std\I386\EXPLORER.EXE [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTOR.SYS > [2008.07.22 07:33:26 | 000,396,312 | ---- | M] (Intel Corporation) MD5=5C62352AFF7F1FB36B2C19329F7C949D -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2008.07.22 07:33:02 | 000,319,000 | ---- | M] (Intel Corporation) MD5=ABFEBC5F846C71AFEBD7F8F6BA740C03 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys [2008.07.22 07:33:02 | 000,319,000 | ---- | M] (Intel Corporation) MD5=ABFEBC5F846C71AFEBD7F8F6BA740C03 -- C:\Windows\System32\drivers\iaStor.sys [2008.07.22 07:33:02 | 000,319,000 | ---- | M] (Intel Corporation) MD5=ABFEBC5F846C71AFEBD7F8F6BA740C03 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_783fb8da\iaStor.sys < MD5 for: IASTORV.SYS > [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2004.08.04 02:07:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\$Recycle.Bin\S-1-5-21-586206976-2465041360-4002502863-1003\$R9GOUV5\OTLPE_New_Std\I386\SYSTEM32\NETLOGON.DLL [2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2004.08.04 02:07:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\$Recycle.Bin\S-1-5-21-586206976-2465041360-4002502863-1003\$R9GOUV5\OTLPE_New_Std\I386\SYSTEM32\SCECLI.DLL [2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2004.08.04 02:07:00 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=C72661F8552ACE7C5C85E16A3CF505C4 -- C:\$Recycle.Bin\S-1-5-21-586206976-2465041360-4002502863-1003\$R9GOUV5\OTLPE_New_Std\I386\SYSTEM32\USER32.DLL [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2004.08.04 02:07:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\$Recycle.Bin\S-1-5-21-586206976-2465041360-4002502863-1003\$R9GOUV5\OTLPE_New_Std\I386\SYSTEM32\USERINIT.EXE < MD5 for: WINLOGON.EXE > [2004.08.04 02:07:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\$Recycle.Bin\S-1-5-21-586206976-2465041360-4002502863-1003\$R9GOUV5\OTLPE_New_Std\I386\SYSTEM32\WINLOGON.EXE [2012.09.29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2004.08.04 02:07:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\$Recycle.Bin\S-1-5-21-586206976-2465041360-4002502863-1003\$R9GOUV5\OTLPE_New_Std\I386\SYSTEM32\DRIVERS\WS2IFSL.SYS [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2012.12.27 18:57:34 | 084,672,512 | -HS- | M] () -- C:\Users\vince\NTUSER.DAT [2012.12.27 18:57:34 | 000,262,144 | -H-- | M] () -- C:\Users\vince\ntuser.dat.LOG1 [2010.08.20 20:52:31 | 000,000,000 | -H-- | M] () -- C:\Users\vince\ntuser.dat.LOG2 [2011.09.06 19:28:10 | 082,051,072 | -HS- | M] () -- C:\Users\vince\ntuser.dat_previous [2012.12.26 21:20:19 | 000,065,536 | -HS- | M] () -- C:\Users\vince\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2012.12.26 21:20:19 | 000,524,288 | -HS- | M] () -- C:\Users\vince\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.08.20 20:55:11 | 000,524,288 | -HS- | M] () -- C:\Users\vince\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2010.08.20 20:52:32 | 000,000,020 | -HS- | M] () -- C:\Users\vince\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < End of report > Extras.Txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 27.12.2012 18:21:10 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\vince\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 61,35% Memory free
6,20 Gb Paging File | 4,82 Gb Available in Paging File | 77,81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,25 Gb Total Space | 30,21 Gb Free Space | 30,14% Space Free | Partition Type: NTFS
Drive D: | 187,83 Gb Total Space | 167,29 Gb Free Space | 89,06% Space Free | Partition Type: NTFS
Computer Name: VINCE-PC | User Name: vince | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06233E31-EE11-47AC-8835-A5E086BCA8ED}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{1416EA46-F2EC-4C77-87D0-93BC2A801385}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{1B2497C2-9244-4CE8-A7C7-51FE7E92B2A5}" = rport=139 | protocol=6 | dir=out | app=system |
"{1E897145-71A1-44BD-93E2-E9E9D817DEB2}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{254B4D81-6995-4D5C-8EB6-BE0220B380DA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4A2B3146-08CE-40B8-BDF4-85836A8148BB}" = rport=445 | protocol=6 | dir=out | app=system |
"{4C3E515A-D46E-4D91-90D2-BE67788C0A36}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{50C73B9D-C87F-49A7-8C66-51513B24B85A}" = rport=138 | protocol=17 | dir=out | app=system |
"{5E182C44-84CC-4D3C-BF28-EE7C73C7B247}" = lport=139 | protocol=6 | dir=in | app=system |
"{663AC32B-516A-418A-B91D-030082CDB9ED}" = rport=137 | protocol=17 | dir=out | app=system |
"{68121BFD-7B52-43F1-B027-08CB466590EA}" = lport=138 | protocol=17 | dir=in | app=system |
"{6E5482CE-125D-431C-9807-70503F2F7628}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7602E6F3-3FA1-4A49-95F0-B7356C6FE12A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{77F9C8D6-8731-4178-9F50-1D16ABF5BAA1}" = lport=445 | protocol=6 | dir=in | app=system |
"{8B71D5B5-9945-407B-93A6-2666FF0AB2A3}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{AB8A0AF9-A2F0-45A1-918D-876154EE2847}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{CA4D91D8-216F-4946-85B5-257FDD493B98}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{D64A21C9-2513-4E67-9A63-A5F5D9D3DF05}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F09ACBD6-A8A7-4FE8-881F-F24D647B4812}" = lport=137 | protocol=17 | dir=in | app=system |
"{F5CE86DB-92AC-454A-A9BB-C6B96FCB778E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F760D1E4-0B50-4E51-B7A6-EB686E3976EF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04189DC6-714B-41DE-8482-81812D9A0A31}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{14020945-DA2D-4453-8890-C83F7C53F1F7}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{179F2B60-85B9-4098-9F67-196B9C4E0A47}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{240916A3-C567-4DC8-B2A0-4D1A05C1A0FF}" = protocol=6 | dir=in | app=d:\combat arms\combat arms eu\nmservice.exe |
"{27A430A7-6D84-44ED-8E05-916E30882C24}" = protocol=17 | dir=in | app=d:\steam\steam.exe |
"{2DEC3C41-76EB-48D0-A0DF-9687F8ECE6CE}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\kodak.statistics.exe |
"{32A97DD4-E55B-44B9-8472-94DB8CE4EDB6}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\kodak.statistics.exe |
"{39C3A882-2EDD-4D76-9299-C7CAA9486F02}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{39E533DC-D819-46C1-B658-01CF5E3BFC36}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{3E740CEA-7484-441D-A42B-E8D40E8BF3DA}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{53793F32-45D2-41E5-967F-7B5920D6BA79}" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe |
"{5A1FFC7F-7D9C-4671-AA81-6141AF8F4DD5}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{5ABED6D7-B0BF-4484-807D-752B72AA4B2B}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{6FB30F14-7C76-4EB3-AFAC-4BECC9A9A17C}" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe |
"{741F02D0-D3F7-4782-8C54-4604265125A2}" = protocol=17 | dir=in | app=d:\combat arms neu\combat arms eu\nmservice.exe |
"{7B942282-C231-4B4E-B8FC-FF173651B04E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7D8C58EB-B4B8-4669-AB2B-80F56E9B14FB}" = protocol=17 | dir=in | app=d:\combat arms\combat arms eu\nmservice.exe |
"{7FD7BCBB-744A-444D-BBA9-961DF7DFE8F7}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{83833908-CC33-4DFA-9A31-A54BC9BB5110}" = protocol=6 | dir=in | app=d:\combat arms neu\combat arms eu\nmservice.exe |
"{84519269-F2DD-4F79-AB97-F27E9EE0EE95}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8A52EAB3-A9EE-4872-81B4-6A9CA76E3844}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{8B659924-98D6-4CBE-9DA8-09B90700C3F6}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\aiohomecenter.exe |
"{A4C74502-E346-4892-A39B-566542AF904C}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\firmware\kodakaioupdater.exe |
"{A637B926-25A2-47D8-9986-20C18FE3BE64}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{A686BEE6-3D65-4D39-BE75-900CF88AF32A}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{AB088373-4987-4535-86EE-4DC7B1C2686C}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\networkprinterdiscovery.exe |
"{AB833FAF-F7CE-4E33-8B6A-3A614CBAB345}" = protocol=17 | dir=in | app=d:\combat arms\combat arms eu\nmservice.exe |
"{B48A66D2-FC0B-4F1B-A130-227C8B9BD017}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B961D874-DF8B-495A-89BC-F573D7C6FC7B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BA7A9EDA-9D0E-4FFC-A9E8-2FE4DA8AFBA5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{BDF3704F-9035-42CD-B28C-81A2BB64CA7A}" = protocol=6 | dir=in | app=d:\steam\steam.exe |
"{C835F971-D97C-4DD5-BAF8-0FC9CF38C620}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{CED464CC-7B4F-4217-8D87-8FCDF489ABC0}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\networkprinterdiscovery.exe |
"{D3EB0D19-01EB-4EB0-9BB8-FC73629909A5}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{D52AEECD-5EB2-4865-AB16-AF3974826629}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{DA7DD00D-18C6-4240-807B-D844DB8BA9C1}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{DB360478-B161-4EDD-9E43-87E9E4F26B0C}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{DF866294-167B-4BDA-8BB3-B44BE4510AD2}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\firmware\kodakaioupdater.exe |
"{DFCB8DF2-7AE7-452D-A2CF-2463FA15B080}" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe |
"{E492734E-2B93-4421-A194-50AE8BAF0B38}" = protocol=6 | dir=in | app=d:\combat arms\combat arms eu\nmservice.exe |
"{F1841CC9-564B-4AC6-A913-062687B7259D}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{F1B42F10-B8E4-4800-A05F-7B9D02F58A17}" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe |
"{F916AB5A-8434-4604-91D0-7CB4E16E1850}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{FCB0603A-2110-457C-A1BD-8211A5672207}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\aiohomecenter.exe |
"TCP Query User{16AFD962-3F8A-4CC4-BB8D-723E494DE522}D:\play4freee\bfp4f.exe" = protocol=6 | dir=in | app=d:\play4freee\bfp4f.exe |
"TCP Query User{19394225-8611-433B-B02B-3D311A0140CA}C:\users\vince\desktop\gta - san andreas\gta_sa.exe" = protocol=6 | dir=in | app=c:\users\vince\desktop\gta - san andreas\gta_sa.exe |
"TCP Query User{2D86BE77-3721-4B1D-BAEC-80CA52E4146B}C:\program files\codemasters\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files\codemasters\der herr der ringe online\lotroclient.exe |
"TCP Query User{412BCD08-2BCF-47FF-A81E-EC804192C711}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"TCP Query User{44277C11-3EB6-43FD-AADB-C962A65CFB53}C:\program files\rockstar games\gta san andreas\gta_sa.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\gta san andreas\gta_sa.exe |
"TCP Query User{6EED36FF-6B39-4124-B728-3551DBD18FB3}F:\cs 1.6 2\hltv.exe" = protocol=6 | dir=in | app=f:\cs 1.6 2\hltv.exe |
"TCP Query User{6F53A90F-C564-4E2A-A34D-103804582453}D:\gta-sanandreas\gta-sanandreas\gta_sa.exe" = protocol=6 | dir=in | app=d:\gta-sanandreas\gta-sanandreas\gta_sa.exe |
"TCP Query User{7D4753B6-7659-4938-80C3-808CD5984FBA}C:\nexon\combat arms eu\engine.exe" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\engine.exe |
"TCP Query User{99DE9F68-0C79-469C-9BFF-1573124D77CD}C:\program files\1clickdownload\1clickdownloader.exe" = protocol=6 | dir=in | app=c:\program files\1clickdownload\1clickdownloader.exe |
"TCP Query User{A5483134-CDB5-44D1-A164-2BB3CD5E1536}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"TCP Query User{A6C393D9-14CF-43C0-B233-D0C7D743EE89}C:\program files\steam\steamapps\common\global agenda live\binaries\globalagenda.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\global agenda live\binaries\globalagenda.exe |
"TCP Query User{EFD8D5A2-5054-4FD1-B778-78A53CE1DF6A}D:\steam\steamapps\vinceline5\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\vinceline5\team fortress 2\hl2.exe |
"TCP Query User{F2D8F19B-2028-46DF-88B5-F75CA4B5B9D6}C:\users\vince\desktop\gta san\gta_sa.exe" = protocol=6 | dir=in | app=c:\users\vince\desktop\gta san\gta_sa.exe |
"UDP Query User{09E6A3DA-0B86-4C5B-8581-729644DE8965}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"UDP Query User{2CD012CC-D43B-4427-9745-879982E3FF49}C:\nexon\combat arms eu\engine.exe" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\engine.exe |
"UDP Query User{3E18D30D-B500-45D2-943A-EF987746A139}C:\program files\1clickdownload\1clickdownloader.exe" = protocol=17 | dir=in | app=c:\program files\1clickdownload\1clickdownloader.exe |
"UDP Query User{4A42DEF9-4AEB-48D5-BA58-EE7EABCFC098}C:\program files\steam\steamapps\common\global agenda live\binaries\globalagenda.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\global agenda live\binaries\globalagenda.exe |
"UDP Query User{58602BF5-9390-421E-A1A1-8EEBC9D32E74}F:\cs 1.6 2\hltv.exe" = protocol=17 | dir=in | app=f:\cs 1.6 2\hltv.exe |
"UDP Query User{6978CB44-DE4E-4148-9712-CF0007DEC836}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"UDP Query User{77596DCC-79A7-46B1-AB50-27D1806DC870}D:\play4freee\bfp4f.exe" = protocol=17 | dir=in | app=d:\play4freee\bfp4f.exe |
"UDP Query User{813814C8-F459-4C55-8C20-F1FBF16C3245}C:\users\vince\desktop\gta - san andreas\gta_sa.exe" = protocol=17 | dir=in | app=c:\users\vince\desktop\gta - san andreas\gta_sa.exe |
"UDP Query User{8807663C-AA83-40B4-9E3C-FD80E455D185}D:\steam\steamapps\vinceline5\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\vinceline5\team fortress 2\hl2.exe |
"UDP Query User{A0C67312-6A8F-4BB6-A048-799BB18766FF}C:\program files\codemasters\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files\codemasters\der herr der ringe online\lotroclient.exe |
"UDP Query User{A65A969D-EDF6-4E8E-9FDD-09E1A4C1A856}C:\program files\rockstar games\gta san andreas\gta_sa.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\gta san andreas\gta_sa.exe |
"UDP Query User{EC09A4A3-04C8-46FC-8710-BE0346D55217}C:\users\vince\desktop\gta san\gta_sa.exe" = protocol=17 | dir=in | app=c:\users\vince\desktop\gta san\gta_sa.exe |
"UDP Query User{ECCBB8D7-B932-484F-ADF6-8B02D8EEA96D}D:\gta-sanandreas\gta-sanandreas\gta_sa.exe" = protocol=17 | dir=in | app=d:\gta-sanandreas\gta-sanandreas\gta_sa.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6300
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager
"{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{376348C2-E372-48BC-A138-E896757BD86A}" = aioscnnr
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007
"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera
"{71A51B59-E7D3-11DB-A386-005056C00008}" = Namuga 1.3M Webcam
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{8E106A57-A17E-431D-B48F-175E42EB9F74}" = imagine digital freedom - Samsung
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{AED53CDF-1046-4C6B-B5E2-C195125ECDA0}" = Intel(R) PROSet/Wireless WiFi-Software
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK All-in-One Software
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"4Story_DE_is1" = 4Story DE 3.6.142
"7-Zip" = 7-Zip 9.20
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira Free Antivirus
"Business Contact Manager für Outlook 2007" = Business Contact Manager für Outlook 2007
"Combat Arms EU" = Combat Arms EU
"Crossfire Europe" = Crossfire Europe
"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MTA:SA 1.3" = MTA:SA v1.3
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"PrintProjects" = PrintProjects
"PROHYBRIDR" = 2007 Microsoft Office system
"ProInst" = Intel PROSet Wireless
"PunkBusterSvc" = PunkBuster Services
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 06.01.2012 15:38:04 | Computer Name = vince-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung NEXON_EU_Downloader_Engine.exe, Version 2.5.9.0,
Zeitstempel 0x4cb59d35, fehlerhaftes Modul NEXON_EU_Downloader_Engine.exe, Version
2.5.9.0, Zeitstempel 0x4cb59d35, Ausnahmecode 0xc0000005, Fehleroffset 0x0000bf95,
Prozess-ID
0xdb0, Anwendungsstartzeit 01ccccaaadf97d7a.
Error - 06.01.2012 15:39:01 | Computer Name = vince-PC | Source = WinMgmt | ID = 10
Description =
Error - 07.01.2012 07:50:11 | Computer Name = vince-PC | Source = WinMgmt | ID = 10
Description =
Error - 07.01.2012 15:11:36 | Computer Name = vince-PC | Source = WinMgmt | ID = 10
Description =
Error - 08.01.2012 09:25:28 | Computer Name = vince-PC | Source = WinMgmt | ID = 10
Description =
Error - 08.01.2012 09:33:05 | Computer Name = vince-PC | Source = Google Update | ID = 20
Description =
Error - 08.01.2012 12:33:05 | Computer Name = vince-PC | Source = Google Update | ID = 20
Description =
Error - 09.01.2012 02:54:07 | Computer Name = vince-PC | Source = WinMgmt | ID = 10
Description =
Error - 09.01.2012 11:44:06 | Computer Name = vince-PC | Source = WinMgmt | ID = 10
Description =
Error - 10.01.2012 02:45:48 | Computer Name = vince-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 25.12.2012 10:01:06 | Computer Name = vince-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 25.12.2012 10:01:06 | Computer Name = vince-PC | Source = Service Control Manager | ID = 7023
Description =
Error - 25.12.2012 10:01:06 | Computer Name = vince-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 25.12.2012 10:03:17 | Computer Name = vince-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 27.12.2012 09:59:53 | Computer Name = vince-PC | Source = Service Control Manager | ID = 7023
Description =
Error - 27.12.2012 09:59:53 | Computer Name = vince-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 27.12.2012 09:59:53 | Computer Name = vince-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 27.12.2012 09:59:53 | Computer Name = vince-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 27.12.2012 09:59:53 | Computer Name = vince-PC | Source = Service Control Manager | ID = 7023
Description =
Error - 27.12.2012 10:01:48 | Computer Name = vince-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
< End of report >
|
|
27.12.2012, 19:37
| #4 |
| /// Malware-holic | Pc langsam, überall Werbung hi dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED File not found
:Files
:Commands
[EMPTYFLASH]
[emptytemp]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
27.12.2012, 22:02
| #5 | |
| | Pc langsam, überall Werbung Danke erstmal, dass du mir hilfst Zitat:
|
|
28.12.2012, 15:20
| #6 |
| /// Malware-holic | Pc langsam, überall Werbung Hi, download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ --> Pc langsam, überall Werbung |
|
28.12.2012, 21:21
| #7 |
| | Pc langsam, überall Werbung Ich habe den Scan durchgeführt, und es wurden fünf Threads gefunden, allerdings passiert nichts wenn ich jeweils auf skip klicke |
|
02.01.2013, 21:41
| #8 |
| /// Malware-holic | Pc langsam, überall Werbung öffne c: tdss-killer-version-datum.txt inhalt posten. bei skip soll ja nichts passieren, heißt überspringen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.01.2013, 19:46
| #9 |
| | Pc langsam, überall Werbung Ich schnalls einfach nicht. Die txt-Datei gibt es auf dem PC nicht, selbst wenn ich nur nach tdss suche, fnidet er nur die Anwendung an sich. Also habe ich jetzt nochmal den Scan laufen lassen, wieder fünf Ergebnisse, ich kann nur 'skip', 'delete' oder 'copy to quarantene' waehlen. Wenn ich das Fenster schliesse, kommt das Anfangsdings und bei Report kann ich nichts speichern oder kopieren. |
|
05.01.2013, 16:08
| #10 |
| /// Malware-holic | Pc langsam, überall Werbung die Datei liegt direkt auf c:.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.01.2013, 20:15
| #11 | |
| | Pc langsam, überall Werbung Der ex war zu lang, deshalb zwei Anworten Zitat:
|
|
05.01.2013, 20:16
| #12 | |
| | Pc langsam, überall Werbung der Rest Zitat:
|
|
05.01.2013, 20:18
| #13 | |
| /// Malware-holic | Pc langsam, überall Werbung Hi, combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
06.01.2013, 00:01
| #14 |
| | Pc langsam, überall Werbung Logfile: Combofix Logfile: Code:
ATTFilter ComboFix 13-01-05.01 - vince 05.01.2013 23:46:24.1.2 - x86
ausgeführt von:: c:\users\vince\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\cflog\EPLog.txt
c:\programdata\Bcool
c:\programdata\Bcool\background.html
c:\programdata\Bcool\bhoclass.dll
c:\programdata\Bcool\content.js
c:\programdata\Bcool\nhmkojkhiojminenihlhibohhdleghaa.crx
c:\programdata\Bcool\settings.ini
c:\programdata\ecf63a2c271ad8f0ca5d67be4ff9cf19_c
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\programdata\SPL75C1.tmp
C:\Recycle.Bin
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
D:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-05 bis 2013-01-05 ))))))))))))))))))))))))))))))
.
.
2013-01-05 22:55 . 2013-01-05 22:55 -------- d-----w- c:\users\vince\AppData\Local\temp
2013-01-05 22:55 . 2013-01-05 22:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-04 11:10 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BD463698-2EA2-4C8D-B396-05A643DDD111}\mpengine.dll
2013-01-02 19:18 . 2013-01-02 19:19 -------- d-----w- c:\program files\GIMP 2
2012-12-28 20:16 . 2012-12-28 20:16 -------- d-----w- c:\programdata\WoW Worldwide Software LTD
2012-12-28 20:16 . 2012-12-28 20:16 -------- d-----w- c:\program files\SoftQuick
2012-12-28 20:16 . 2012-12-28 20:16 -------- d-----w- c:\program files\ContinueToSave
2012-12-27 20:41 . 2012-12-27 20:41 -------- d-----w- C:\_OTL
2012-12-27 20:30 . 2012-12-28 00:32 -------- d-----w- c:\users\Alicia
2012-12-27 14:08 . 2012-12-27 14:08 -------- d-----w- c:\users\vince\AppData\Roaming\Malwarebytes
2012-12-27 14:08 . 2012-12-27 14:08 -------- d-----w- c:\programdata\Malwarebytes
2012-12-27 14:08 . 2012-12-28 00:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-12-25 16:10 . 2012-12-25 16:10 -------- d---a-w- c:\users\vince\DCIM
2012-12-22 14:45 . 2012-12-16 13:12 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-22 14:45 . 2012-12-16 10:50 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-12-12 05:27 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-12-12 05:27 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-12-12 05:27 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-12-12 05:27 . 2009-07-14 12:12 16896 ----a-w- c:\windows\system32\winusb.dll
2012-12-12 05:27 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-12-12 05:27 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-12-12 05:27 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-12-12 05:27 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-12-12 05:27 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-12-12 05:27 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2012-12-12 05:27 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-12-11 22:22 . 2012-11-13 01:36 2048000 ----a-w- c:\windows\system32\win32k.sys
2012-12-11 22:22 . 2012-11-02 10:18 376320 ----a-w- c:\windows\system32\dpnet.dll
2012-12-11 22:22 . 2012-11-02 08:26 23040 ----a-w- c:\windows\system32\dpnsvr.exe
2012-12-11 22:22 . 2012-08-21 11:47 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys
2012-12-11 22:22 . 2012-11-13 01:29 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-11 18:31 . 2012-12-11 18:31 -------- d-----w- c:\program files\PrintProjects
2012-12-11 18:31 . 2012-12-11 18:31 -------- d-----w- c:\programdata\Visan
2012-12-11 18:31 . 2012-12-11 18:31 -------- d-----w- c:\programdata\PrintProjects
2012-12-11 18:30 . 2012-12-11 18:31 -------- d-----w- c:\users\vince\AppData\Local\Eastman_Kodak_Company
2012-12-11 18:27 . 2012-12-11 18:27 -------- d-----w- c:\users\vince\AppData\Local\Eastman Kodak Company
2012-12-11 18:21 . 2012-12-11 18:22 -------- d-----w- c:\program files\Kodak
2012-12-11 18:18 . 2013-01-05 17:48 -------- d-----w- c:\programdata\Kodak
2012-12-11 18:18 . 2010-09-02 14:17 196608 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\EKIJ5000PPR.dll
2012-12-11 18:15 . 2012-12-11 18:24 -------- d-----w- c:\windows\system32\kodak
2012-12-10 20:48 . 2012-12-10 20:48 -------- d-----w- c:\program files\7-Zip
2012-12-10 03:54 . 2012-12-10 03:54 -------- d-----w- c:\program files\Common Files\Skype
2012-12-10 03:54 . 2012-12-10 03:54 -------- d-----r- c:\program files\Skype
2012-12-09 19:54 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll
2012-12-09 19:46 . 2012-06-02 00:02 985088 ----a-w- c:\windows\system32\crypt32.dll
2012-12-09 19:46 . 2012-06-02 00:02 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-12-09 19:46 . 2012-06-02 00:02 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-12-09 19:46 . 2012-08-24 15:53 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-12-09 19:46 . 2012-08-29 11:27 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-12-09 19:46 . 2012-08-29 11:27 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-20 1519824]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7AAB1838-349A-4AAE-A039-8023951AF399}]
2011-09-30 15:08 269824 ----a-w- c:\users\vince\AppData\LocalLow\FileZilla\IE\FileZilla.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-17 2289664]
"KPeerNexonEU"="c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe" [2012-04-26 438272]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-26 13548064]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-26 92704]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 6111232]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"4StoryPrePatch"="d:\4story1\4Story_DE\PrePatch.exe" [2012-02-25 327680]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-06-20 1568976]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2010-09-02 1638400]
"Conime"="c:\windows\system32\conime.exe" [2009-04-11 69120]
"EKStatusMonitor"="c:\program files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2012-10-15 2844608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\CONTIN~1\sprotector.dll c:\progra~1\SOFTQU~1\sprotector.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - avipbb
*Deregistered* - ssmdrv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Update-Service-Installer-Service REG_MULTI_SZ Update-Service-Installer-Service
Update-Service REG_MULTI_SZ Update-Service
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-17 08:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-05 c:\windows\Tasks\ContinueToSaveUpdaterTask{EBCEE92C-0292-47A8-AFDD-36EBA830ECFE}.job
- c:\programdata\Premium\ContinueToSave\ContinueToSave.exe [2012-12-28 14:50]
.
2013-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-586206976-2465041360-4002502863-1003Core.job
- c:\users\vince\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-27 20:13]
.
2013-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-586206976-2465041360-4002502863-1003UA.job
- c:\users\vince\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-27 20:13]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://websearch.soft-quick.info/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://websearch.soft-quick.info/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{c840e246-6b95-475e-9bd7-caa1c7eca9f2} - (no file)
Toolbar-10 - (no file)
WebBrowser-{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file)
HKCU-Run-uTorrent - c:\program files\uTorrent\uTorrent.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2013-01-05 23:55
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
[0] 0x24048908
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
.
c:\users\vince\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-01-05 23:59:07
ComboFix-quarantined-files.txt 2013-01-05 22:59
.
Vor Suchlauf: 14 Verzeichnis(se), 60.870.754.304 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 61.592.317.952 Bytes frei
.
- - End Of File - - AC48B0C9B29F1226B0E9EAE2441A820E
|
|
06.01.2013, 17:54
| #15 |
| /// Malware-holic | Pc langsam, überall Werbung hi dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
SRV - [2011.12.24 23:39:17 | 000,114,000 | ---- | M] (Joosoft.com GmbH) [Auto | Running] -- C:\Windows\System32\UpdSvc.dll -- (Update-Service)
:Files
:Commands
[EMPTYFLASH]
[emptytemp]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. nutze bitte lspfix: LSPfix - Freeware - DE - Download.CHIP.eu poste ein neues OTL Log.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Pc langsam, überall Werbung |
| alten, anti-malware, arbeiten, befallen, brauch, datei, eigenartige, eigener, guten, infizierte, install.exe, interne, internet, internetseite, lange, langsam, laptop, laptop befallen, malwarebytes, maus, pc langsam, recycle.bin, seite, seiten, tan, vermehrt, vista, werbeanzeigen, werbung, wörter |
