| |
| |||||||
Log-Analyse und Auswertung: Internetexplorer öffnet sich permanent mit Werbung...Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
09.04.2010, 16:18
| #1 |
 |  Internetexplorer öffnet sich permanent mit Werbung... Hallo an das Forum, nachdem ich - den hier erwähnten Rat - alles "abgegoogelt" habe, mir diverse Tools heruntergeladen habe, z.B. Trojan Remover, hijackthis, einen Virusscan durchgeführt, einen weiteren Onlinescan bei Panda durchgeführt habe, bleibt mir nur noch die Möglichkeit... mich der am häufigsten gefundenen Antwort hinzugeben... ich bin hier gelandet! Mich plagt seit heute der Internetexplorer der mir ständig Seiten mit irgendwelchen Werbungen öffnet... ich nutze aber ausschließlich Firefox... Hier mein hoffentlich nicht hoffnungsloses hijackfile... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:40:52, on 09.04.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\WindowsMobile\wmdc.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\VMware\VMware Workstation\vmware-tray.exe C:\Windows\ehome\ehtray.exe C:\Windows\System32\mobsync.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE C:\Users\JRGCLS~1\AppData\Local\Temp\RtkBtMnt.exe C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE C:\Windows\system32\wbem\unsecapp.exe C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE C:\Acer\Empowering Technology\eAudio\eAudio.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Windows\system32\conime.exe C:\Windows\system32\taskeng.exe C:\Program Files\My Mobile\MyMobiler\MyMobiler.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroTray.exe C:\Windows\system32\rundll32.exe C:\Users\JRGCLS~1\AppData\Local\Temp\Hfk.exe C:\Program Files\Internet Explorer\IEUser.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.orbitdownloader.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/su/*hxxp://de.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SparweltGutscheinAlarm.Sparwelt_Gutschein_Tool - {10945114-b19f-4614-8450-b25e444a1020} - mscoree.dll (file missing) O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\COMMON~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files\VMware\VMware Workstation\vmware-tray.exe" O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe O4 - HKCU\..\Run: [EPSON Stylus DX5000 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\Windows\TEMP\E_S390A.tmp" /EF "HKCU" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Canaveral] rundll32.exe C:\Users\JRGCLS~1\AppData\Local\Temp\sshnas21.dll,BackupReadW O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Startup: Microsoft Office OneNote 2003 Schnellstart.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Global Startup: Adobe Acrobat - Schnellstart.lnk = ? O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Eintrag öffnen - C:\Program Files\PRMT8\PRMTIE\addentry.htm O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Seite übersetzen - C:\Program Files\PRMT8\PRMTIE\page.htm O8 - Extra context menu item: Themenvorlage automatisch bestimmen - C:\Program Files\PRMT8\PRMTIE\aot.htm O8 - Extra context menu item: Unbekannte Wörter - C:\Program Files\PRMT8\PRMTIE\infopanel.htm O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Übersetzen - C:\Program Files\PRMT8\PRMTIE\translat.htm O8 - Extra context menu item: Übersetzungsoptionen anpassen - C:\Program Files\PRMT8\PRMTIE\options.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {4034D172-4C52-49de-A6A1-E75F8F591FEC} - C:\Program Files\PRMT8\PRMTIE\options.htm (file missing) O9 - Extra 'Tools' menuitem: Übersetzungsoptionen anpassen - {4034D172-4C52-49de-A6A1-E75F8F591FEC} - C:\Program Files\PRMT8\PRMTIE\options.htm (file missing) O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {A2DA13D5-AC77-43b7-963B-40445EBCB8E0} - C:\Program Files\PRMT8\PRMTIE\prmtie5.htm (file missing) O9 - Extra 'Tools' menuitem: Übersetzen - {A2DA13D5-AC77-43b7-963B-40445EBCB8E0} - C:\Program Files\PRMT8\PRMTIE\prmtie5.htm (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll O13 - Gopher Prefix: O16 - DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} (O2C-Player (ELECO Software GmbH)) - hxxp://www.o2c.de/cms/de/uploads/_files/O2CSetupOCX.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: AVM FRITZ!web Routing Service (de_serv) - Unknown owner - C:\Program Files\Common Files\AVM\de_serv.exe (file missing) O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe O23 - Service: vtigercrmApache510 - Apache Software Foundation - C:\Program Files\vtigercrm-5.1.0\apache\bin\Apache.exe O23 - Service: vtigercrmMysql510 - Unknown owner - C:\Program.exe (file missing) O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- End of file - 15995 bytes Ist da noch was zu machen, oder gehört meinem Notebook der Gnadenschuss??? Beste Grüße aus dem Dorf an der Düssel |
|
09.04.2010, 18:32
| #2 | |
| | Internetexplorer öffnet sich permanent mit Werbung... 1. Deinstalliere Spybot. Das Teil wird versuchen, Systemänderungen rückgängig zu machen, was bei einer Bereinigung problematisch ist. Kannst ihn später wieder installieren, wobei das Programm heutzutage relativ nutzlos ist.
__________________Alle Progs mit Rechtsklick "Als Administrator ausführen" starten. 2. http://www.trojaner-board.de/51187-a...i-malware.html Log posten. 3. http://www.trojaner-board.de/74908-a...t-scanner.html Log posten. 4. Hol dir OTL Starte OTL Kopiere unten in das Skript-Feld rein: Zitat:
Schließe alle anderen Programme. Klicke auf Quick Scan. Poste die beiden Logs - OTL.txt und Extras.txt |
|
09.04.2010, 19:05
| #3 |
| | Internetexplorer öffnet sich permanent mit Werbung... Hallo Sion,
__________________erst Mal vorab: Danke für die schnelle Hilfe... Ich habe den ersten Schritt vollzogen, Spybot ist nicht mehr auf dem System. der 2. Schritt läuft gerade - Logfile folgt wenn fertig, somit ist es aber schon einmal ein Dialog... Bis gleich Jörg Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Datenbank Version: 3972 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 09.04.2010 19:53:11 mbam-log-2010-04-09 (19-53-11).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 109118 Laufzeit: 7 Minute(n), 4 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 4 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken. HKEY_CURRENT_USER\Software\WEK9EMDHI9 (Trojan.Agent) -> No action taken. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\canaveral (Trojan.Downloader) -> No action taken. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Users\Jörg Cölsmann\AppData\Local\Temp\Hfj.exe (Trojan.FraudPack) -> No action taken. C:\Users\Jörg Cölsmann\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> No action taken. Geändert von coelsmann (09.04.2010 um 19:11 Uhr) Grund: Schritt 2 ist gelaufen |
|
09.04.2010, 20:35
| #4 |
| | Internetexplorer öffnet sich permanent mit Werbung... ... und hier der 2. Teil... GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover Rootkit scan 2010-04-09 20:36:02 Windows 6.0.6002 Service Pack 2 Running: w0ncch14.exe; Driver: C:\Users\JRGCLS~1\AppData\Local\Temp\fgkyykog.sys ---- Kernel code sections - GMER 1.0.15 ---- ? System32\drivers\emmj.sys Das System kann den angegebenen Pfad nicht finden. ! ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[1688] ntdll.dll!LdrLoadDll 77A39390 5 Bytes JMP 002013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[4884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74667817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[4884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [746BA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[4884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7466BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[4884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7465F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[4884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [746675E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[4884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7465E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[4884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74698395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[4884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7466DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[4884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7465FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[4884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7465FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[4884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [746571CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[4884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [746ECAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[4884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7468C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[4884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7465D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[4884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74656853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[4884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7465687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[4884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74662AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 VMkbd.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 VMkbd.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) Device \Driver\usbuhci \Device\USBPDO-0 hcmon.sys Device \Driver\usbuhci \Device\USBPDO-1 hcmon.sys Device \Driver\usbehci \Device\USBPDO-2 hcmon.sys Device \Driver\usbuhci \Device\USBPDO-3 hcmon.sys Device \Driver\usbuhci \Device\USBPDO-4 hcmon.sys Device \Driver\usbuhci \Device\USBPDO-5 hcmon.sys Device \Driver\usbehci \Device\USBPDO-6 hcmon.sys Device \Driver\usbhub \Device\00000064 hcmon.sys Device \Driver\usbhub \Device\USBPDO-8 hcmon.sys Device \Driver\usbhub \Device\00000065 hcmon.sys Device \Driver\usbhub \Device\00000066 hcmon.sys Device \Driver\usbhub \Device\00000067 hcmon.sys Device \Driver\usbhub \Device\00000068 hcmon.sys Device \Driver\usbhub \Device\00000069 hcmon.sys Device \Driver\usbhub \Device\0000006a hcmon.sys Device \Driver\usbuhci \Device\USBFDO-0 hcmon.sys Device \Driver\usbuhci \Device\USBFDO-1 hcmon.sys Device \Driver\usbehci \Device\USBFDO-2 hcmon.sys Device \Driver\usbuhci \Device\USBFDO-3 hcmon.sys Device \Driver\usbuhci \Device\USBFDO-4 hcmon.sys Device \Driver\usbuhci \Device\USBFDO-5 hcmon.sys Device \Driver\usbehci \Device\USBFDO-6 hcmon.sys AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation) ---- EOF - GMER 1.0.15 ---- |
|
09.04.2010, 20:44
| #5 |
| | Internetexplorer öffnet sich permanent mit Werbung... Hast du die Funde von Malwarebytes entfernen lassen? |
|
09.04.2010, 21:17
| #6 |
| | Internetexplorer öffnet sich permanent mit Werbung... ... und hier das OLT Logfile OTL logfile created on: 09.04.2010 20:38:28 - Run 1 OTL by OldTimer - Version 3.2.1.1 Folder = D:\ Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 52,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 69,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 69,77 Gb Total Space | 18,70 Gb Free Space | 26,80% Space Free | Partition Type: NTFS Drive D: | 66,27 Gb Total Space | 49,25 Gb Free Space | 74,31% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded Drive G: | 298,05 Gb Total Space | 249,80 Gb Free Space | 83,81% Space Free | Partition Type: FAT32 H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: JÖRGCÖLSMANN-PC Current User Name: Jörg Cölsmann Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010.04.09 20:38:15 | 000,561,664 | ---- | M] (OldTimer Tools) -- D:\OTL.exe PRC - [2010.03.16 16:36:29 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2010.03.02 11:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2010.01.22 23:13:24 | 000,395,824 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe PRC - [2010.01.22 23:13:08 | 000,129,584 | ---- | M] (VMware, Inc.) -- C:\Programme\VMware\VMware Workstation\vmware-tray.exe PRC - [2010.01.22 23:13:02 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe PRC - [2010.01.22 23:12:46 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Programme\VMware\VMware Workstation\vmware-authd.exe PRC - [2010.01.22 22:00:48 | 000,563,760 | ---- | M] (VMware, Inc.) -- C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.05.19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2009.05.08 16:41:34 | 005,750,784 | ---- | M] () -- C:\Programme\vtigercrm-5.1.0\mysql\bin\mysqld-nt.exe PRC - [2009.05.08 16:41:34 | 000,020,541 | ---- | M] (Apache Software Foundation) -- C:\Programme\vtigercrm-5.1.0\apache\bin\Apache.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.03.30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.03.30 17:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.01.06 10:42:03 | 000,603,904 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TUProgSt.exe PRC - [2008.10.16 17:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe PRC - [2008.10.16 16:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe PRC - [2008.04.25 22:15:57 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\JRGCLS~1\AppData\Local\Temp\RtkBtMnt.exe PRC - [2007.08.29 11:35:38 | 000,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe PRC - [2007.07.24 11:21:26 | 000,450,560 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe PRC - [2007.07.03 10:40:10 | 000,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe PRC - [2007.06.28 18:50:52 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe PRC - [2007.06.13 16:56:18 | 000,765,952 | R--- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNMTray.exe PRC - [2007.06.13 16:54:36 | 000,135,168 | R--- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe PRC - [2007.06.13 11:23:54 | 000,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe PRC - [2007.06.11 14:54:58 | 001,286,144 | ---- | M] (CyberLink) -- C:\Acer\Empowering Technology\eAudio\eAudio.exe PRC - [2007.05.10 11:10:00 | 004,468,736 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.04.25 16:34:30 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe PRC - [2007.04.23 09:53:48 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe PRC - [2007.04.19 14:49:52 | 000,064,864 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\OFFICE11\ONENOTEM.EXE PRC - [2007.02.12 15:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007.02.09 06:35:54 | 000,397,312 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe PRC - [2007.01.26 14:24:42 | 000,050,688 | ---- | M] () -- C:\Acer\ALaunch\ALaunchSvc.exe PRC - [2006.11.24 12:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe ========== Modules (SafeList) ========== MOD - [2010.04.09 20:38:15 | 000,561,664 | ---- | M] (OldTimer Tools) -- D:\OTL.exe MOD - [2009.04.11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- -- (de_serv) SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService) SRV - [2010.03.16 16:36:29 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.01.22 23:13:24 | 000,395,824 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service) SRV - [2010.01.22 23:13:02 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP) SRV - [2010.01.22 23:12:46 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService) SRV - [2010.01.22 22:00:48 | 000,563,760 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService) SRV - [2009.10.12 15:32:24 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60) SRV - [2009.09.25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009.08.05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2009.05.19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2009.05.08 16:41:34 | 005,750,784 | ---- | M] () [Auto | Running] -- C:\Program Files\vtigercrm-5.1.0\mysql\bin\mysqld-nt.exe -- (vtigercrmMysql510) SRV - [2009.05.08 16:41:34 | 000,020,541 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\vtigercrm-5.1.0\apache\bin\Apache.exe -- (vtigercrmApache510) SRV - [2009.03.30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.01.06 10:42:03 | 000,603,904 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc) SRV - [2009.01.06 10:41:59 | 000,362,240 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2008.10.16 17:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2008.10.16 16:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.04 20:20:58 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2007.07.03 10:40:10 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService) SRV - [2007.06.28 18:50:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService) SRV - [2007.06.13 16:54:36 | 000,135,168 | R--- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service) SRV - [2007.06.13 11:23:54 | 000,167,936 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService) SRV - [2007.05.31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2007.04.25 16:34:30 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service) SRV - [2007.04.23 09:53:48 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService) SRV - [2007.02.12 15:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2007.01.26 14:24:42 | 000,050,688 | ---- | M] () [Auto | Running] -- C:\Acer\ALaunch\ALaunchSvc.exe -- (ALaunchService) SRV - [2006.11.24 12:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! Deutschland IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Deutschland IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = Yahoo! Deutschland IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Orbit Downloader Start IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local 127.0.0.1 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT65619&SearchSource=3&q=" FF - prefs.js..browser.search.selectedEngine: "Web Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig?hl=de" FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.1 FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19 FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:4.0.0 FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.5.10 FF - prefs.js..extensions.enabledItems: sipgateffx@michael.rotmanov:0.6.7 FF - prefs.js..extensions.enabledItems: {3160baf9-cf68-48ec-9076-faed7ce49467}:2.5.6.0 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.7 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9 FF - HKLM\software\mozilla\Firefox\Extensions\\{400F0BDB-6C49-43A4-BE1F-76D7327A604D}: C:\Program Files\Common Files\fluxDVD\Download Manager\Mozilla [2008.01.05 15:54:42 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.02 20:12:14 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.02 20:12:14 | 000,000,000 | ---D | M] [2008.07.11 08:53:14 | 000,000,000 | ---D | M] -- C:\Users\Jörg Cölsmann\AppData\Roaming\mozilla\Extensions [2010.04.08 08:48:40 | 000,000,000 | ---D | M] -- C:\Users\Jörg Cölsmann\AppData\Roaming\mozilla\Firefox\Profiles\n6lye8di.default\extensions [2009.07.15 21:56:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jörg Cölsmann\AppData\Roaming\mozilla\Firefox\Profiles\n6lye8di.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.02.07 11:09:53 | 000,000,000 | ---D | M] (dict.cc Toolbar) -- C:\Users\Jörg Cölsmann\AppData\Roaming\mozilla\Firefox\Profiles\n6lye8di.default\extensions\{3160baf9-cf68-48ec-9076-faed7ce49467} [2010.01.08 13:49:37 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Jörg Cölsmann\AppData\Roaming\mozilla\Firefox\Profiles\n6lye8di.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.02.07 11:09:59 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Jörg Cölsmann\AppData\Roaming\mozilla\Firefox\Profiles\n6lye8di.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2010.03.27 09:59:17 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Jörg Cölsmann\AppData\Roaming\mozilla\Firefox\Profiles\n6lye8di.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2010.02.13 18:06:25 | 000,000,000 | ---D | M] -- C:\Users\Jörg Cölsmann\AppData\Roaming\mozilla\Firefox\Profiles\n6lye8di.default\extensions\de-DE@dictionaries.addons.mozilla.org [2008.07.11 11:06:28 | 000,000,000 | ---D | M] -- C:\Users\Jörg Cölsmann\AppData\Roaming\mozilla\Firefox\Profiles\n6lye8di.default\extensions\en-GB@dictionaries.addons.mozilla.org [2009.10.03 15:20:47 | 000,000,000 | ---D | M] -- C:\Users\Jörg Cölsmann\AppData\Roaming\mozilla\Firefox\Profiles\n6lye8di.default\extensions\en-US@dictionaries.addons.mozilla.org [2010.03.03 16:09:51 | 000,000,000 | ---D | M] -- C:\Users\Jörg Cölsmann\AppData\Roaming\mozilla\Firefox\Profiles\n6lye8di.default\extensions\foxmarks@kei.com [2010.01.28 14:53:44 | 000,000,000 | ---D | M] -- C:\Users\Jörg Cölsmann\AppData\Roaming\mozilla\Firefox\Profiles\n6lye8di.default\extensions\sipgateffx@michael.rotmanov [2008.07.13 11:10:22 | 000,001,459 | ---- | M] () -- C:\Users\Jörg Cölsmann\AppData\Roaming\Mozilla\FireFox\Profiles\n6lye8di.default\searchplugins\dictcc-ende.xml [2008.01.05 23:11:30 | 000,001,998 | ---- | M] () -- C:\Users\Jörg Cölsmann\AppData\Roaming\Mozilla\FireFox\Profiles\n6lye8di.default\searchplugins\xing.xml [2010.03.27 09:59:26 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2007.03.02 15:17:24 | 000,095,200 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPAPIX.dll [2007.01.17 13:18:04 | 000,095,200 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPFluxBrowserHelper.dll [2007.07.02 17:42:20 | 000,103,064 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPMPDRM.dll [2010.03.12 10:21:51 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.12 10:21:51 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.12 10:21:51 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.03.12 10:21:51 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.12 10:21:51 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Download Manager Browser Helper Object) - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\Programme\Common Files\fluxDVD\Download Manager\XEBDLHelper.dll (Protect Software GmbH) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PLFSet] C:\Windows\PLFSet.DLL ( ) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKLM..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.) O4 - HKCU..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.) O4 - HKCU..\Run: [EPSON Stylus DX5000 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE (SEIKO EPSON CORPORATION) O4 - Startup: C:\Users\Jörg Cölsmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Schnellstart.lnk = C:\Programme\Microsoft Office\OFFICE11\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Übersetzungsoptionen anpassen - {4034D172-4C52-49de-A6A1-E75F8F591FEC} - C:\Program Files\PRMT8\PRMTIE\options.htm File not found O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Übersetzen - {A2DA13D5-AC77-43b7-963B-40445EBCB8E0} - C:\Program Files\PRMT8\PRMTIE\prmtie5.htm File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O13 - gopher Prefix: missing O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} hxxp://www.o2c.de/cms/de/uploads/_files/O2CSetupOCX.exe (O2C-Player (ELECO Software GmbH)) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\BG\bg1.jpg O24 - Desktop BackupWallPaper: C:\BG\bg1.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{7a6fd39b-cdbe-11dd-8f50-c83fbc4e0fb8}\Shell\AutoRun\command - "" = E:\StartPortableApps.exe -- File not found O33 - MountPoints2\{b5e14dd8-94af-11dd-a854-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{b5e14dd8-94af-11dd-a854-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{ccbac159-4be3-11de-ad88-c9e7e1d93e0c}\Shell\AutoRun\command - "" = E:\setupSNK.exe -- File not found O33 - MountPoints2\{d71f7fd8-8c0d-11dd-8f7c-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{d71f7fd8-8c0d-11dd-8f7c-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{d71f802a-8c0d-11dd-8f7c-9fc4030657cb}\Shell - "" = AutoRun O33 - MountPoints2\{d71f802a-8c0d-11dd-8f7c-9fc4030657cb}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{d71f8034-8c0d-11dd-8f7c-db220417fba3}\Shell - "" = AutoRun O33 - MountPoints2\{d71f8034-8c0d-11dd-8f7c-db220417fba3}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{fab45032-027a-11de-8f7a-c5c9fc00d2da}\Shell - "" = AutoRun O33 - MountPoints2\{fab45032-027a-11de-8f7a-c5c9fc00d2da}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias [2008.04.25 22:04:57 | 000,000,000 | ---D | M] NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found OTL cannot create restorepoints on Vista OSs! ========== Files/Folders - Created Within 14 Days ========== [2010.04.09 19:43:37 | 000,000,000 | ---D | C] -- C:\Users\Jörg Cölsmann\AppData\Roaming\Malwarebytes [2010.04.09 19:43:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.04.09 19:43:23 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.04.09 19:43:23 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.04.09 19:43:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.04.09 15:28:45 | 000,000,000 | ---D | C] -- D:\Eigene Dokumente\Simply Super Software [2010.04.09 15:28:31 | 000,000,000 | ---D | C] -- C:\Programme\Trojan Remover [2010.04.09 15:28:31 | 000,000,000 | ---D | C] -- C:\Users\Jörg Cölsmann\AppData\Roaming\Simply Super Software [2010.04.09 15:28:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2010.04.09 15:06:14 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys [2010.04.09 15:05:41 | 000,000,000 | ---D | C] -- C:\Programme\Panda Security [2010.04.09 14:51:41 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro [2010.04.08 20:35:07 | 000,000,000 | ---D | C] -- C:\Programme\PocketRAR [2010.04.08 09:39:19 | 000,000,000 | ---D | C] -- D:\Eigene Dokumente\Dokumente auf Jörg Cölsmanns Smartphone [2010.04.07 11:16:17 | 000,000,000 | ---D | C] -- C:\Users\Jörg Cölsmann\AppData\Local\Microsoft Corporation [2010.04.07 11:14:37 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Windows 7 Upgrade Advisor [2010.03.30 14:13:41 | 000,000,000 | ---D | C] -- C:\Programme\FRITZ!DSL [2010.03.30 13:38:26 | 000,131,072 | ---- | C] (AVM Berlin) -- C:\Windows\_detmp.2 [2010.03.29 08:45:59 | 000,000,000 | ---D | C] -- C:\Users\Jörg Cölsmann\AppData\Roaming\MySQL [2010.03.29 08:44:50 | 000,000,000 | ---D | C] -- C:\Programme\MySQL [2010.03.27 00:29:06 | 000,000,000 | ---D | C] -- C:\Users\Jörg Cölsmann\AppData\Roaming\Avira [2010.03.26 22:38:13 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys [2010.03.26 22:38:13 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys [2009.09.11 11:17:35 | 003,315,954 | ---- | C] (Marx Softwareentwicklung ) -- C:\Users\Jörg Cölsmann\AppData\Local\TempRCSetup2k8_upd.exe [2008.06.11 16:25:09 | 000,380,928 | ---- | C] ( ) -- C:\Windows\System32\LMUD06BC.dll [2008.06.11 16:25:09 | 000,380,928 | ---- | C] ( ) -- C:\Windows\System32\LMUD05BC.dll [2008.06.11 16:25:09 | 000,360,448 | ---- | C] ( ) -- C:\Windows\System32\lexlog.dll [2007.09.17 06:31:37 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll [2007.09.17 06:31:37 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll [2007.08.14 14:51:31 | 000,045,056 | ---- | C] ( ) -- C:\Windows\PLFSet.dll [2007.08.14 07:11:40 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] ========== Files - Modified Within 14 Days ========== [2010.04.09 20:42:59 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.04.09 20:42:51 | 000,524,288 | -HS- | M] () -- C:\Users\Jörg Cölsmann\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.04.09 20:42:51 | 000,065,536 | -HS- | M] () -- C:\Users\Jörg Cölsmann\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.04.09 20:42:47 | 005,265,738 | -H-- | M] () -- C:\Users\Jörg Cölsmann\AppData\Local\IconCache.db [2010.04.09 20:38:35 | 005,767,168 | -HS- | M] () -- C:\Users\Jörg Cölsmann\NTUSER.DAT [2010.04.09 20:35:43 | 001,462,502 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.04.09 20:35:43 | 000,634,632 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.04.09 20:35:43 | 000,598,958 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.04.09 20:35:43 | 000,129,284 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.04.09 20:35:43 | 000,104,858 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.04.09 20:31:31 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.04.09 20:31:30 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.04.09 20:31:17 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.04.09 20:31:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.04.09 20:31:12 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys [2010.04.09 19:43:29 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.04.09 14:51:41 | 000,001,878 | ---- | M] () -- C:\Users\Jörg Cölsmann\Desktop\HijackThis.lnk [2010.04.07 11:14:41 | 000,001,988 | ---- | M] () -- C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk [2010.04.06 11:39:43 | 000,072,520 | ---- | M] () -- C:\Users\Jörg Cölsmann\AppData\Local\GDIPFONTCACHEV1.DAT [2010.04.06 10:50:34 | 001,645,824 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.03.30 14:14:06 | 000,076,368 | ---- | M] () -- C:\Windows\_detmp.1 [2010.03.29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.03.29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.04.09 19:43:29 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.04.09 15:28:35 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll [2010.04.09 15:28:35 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll [2010.04.09 15:28:35 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll [2010.04.09 15:28:35 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll [2010.04.09 14:51:41 | 000,001,878 | ---- | C] () -- C:\Users\Jörg Cölsmann\Desktop\HijackThis.lnk [2010.04.07 11:14:41 | 000,001,988 | ---- | C] () -- C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk [2010.03.30 13:48:33 | 000,000,312 | ---- | C] () -- C:\Users\Jörg Cölsmann\DesktopStCenter.txt [2010.03.30 13:38:26 | 000,076,368 | ---- | C] () -- C:\Windows\_detmp.1 [2009.09.13 18:05:08 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.11 11:57:07 | 000,003,072 | ---- | C] () -- C:\Windows\System32\CNCFLaNL.DLL [2009.06.17 20:29:48 | 000,038,434 | ---- | C] () -- C:\Users\Jörg Cölsmann\AppData\Roaming\Microsoft Access.ADR [2009.06.16 08:51:19 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009.06.10 17:37:43 | 000,000,373 | ---- | C] () -- C:\Windows\WebAng32.INI [2009.01.28 14:26:58 | 000,016,404 | ---- | C] () -- C:\Windows\System32\msdx92.dll [2008.12.06 10:59:39 | 000,000,009 | ---- | C] () -- C:\Windows\Brfaxrx.ini [2008.11.20 14:44:55 | 000,000,887 | ---- | C] () -- C:\Windows\uninst.ini [2008.10.29 13:09:57 | 000,223,875 | ---- | C] () -- C:\Users\Jörg Cölsmann\Krankenkasse_BKK.pdf [2008.09.30 12:24:02 | 000,000,532 | ---- | C] () -- C:\Windows\BRWMARK.INI [2008.09.30 12:24:02 | 000,000,026 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2008.09.30 12:23:16 | 000,000,904 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2008.09.30 12:23:16 | 000,000,168 | ---- | C] () -- C:\Windows\brpcfx.ini [2008.09.30 12:19:40 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL [2008.09.30 12:19:40 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI [2008.09.30 12:19:39 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll [2008.09.04 11:40:08 | 000,058,880 | ---- | C] () -- C:\Users\Jörg Cölsmann\Fax_britta_Bausparvertrag.doc [2008.09.04 10:54:46 | 000,020,365 | ---- | C] () -- C:\Users\Jörg Cölsmann\Bausparvertrag_kündigung.pdf [2008.09.04 10:07:19 | 000,924,674 | ---- | C] () -- C:\Users\Jörg Cölsmann\Ueberweisung_Mobilkom_03_09_08.pdf [2008.09.04 09:43:50 | 000,060,065 | ---- | C] () -- C:\Users\Jörg Cölsmann\Fax_Mobilcom_04_09_08.pdf [2008.08.29 09:26:38 | 000,053,069 | ---- | C] () -- C:\Users\Jörg Cölsmann\M818949937_08_2008.pdf [2008.05.16 13:38:24 | 000,088,632 | ---- | C] () -- C:\Windows\System32\drivers\snsntfy.dll [2008.05.04 18:08:55 | 000,020,480 | ---- | C] () -- C:\Windows\System32\CPUINFO2.DLL [2008.03.18 11:39:56 | 000,464,142 | ---- | C] () -- C:\Users\Jörg Cölsmann\misslungene_kinder.mp3 [2008.03.07 01:29:00 | 000,466,944 | ---- | C] () -- C:\Windows\System32\softcoin.dll [2008.03.07 01:29:00 | 000,344,064 | ---- | C] () -- C:\Windows\System32\gencoin.dll [2008.03.05 11:27:19 | 000,015,639 | ---- | C] () -- C:\Windows\AGVIP5.INI [2008.03.05 11:27:19 | 000,000,047 | ---- | C] () -- C:\Windows\BTI.INI [2008.02.11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll [2008.01.22 02:20:07 | 000,001,359 | ---- | C] () -- C:\Users\Jörg Cölsmann\AppData\Roaming\XING-Plugin Update Log.txt [2008.01.19 22:51:12 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat [2008.01.10 16:15:49 | 000,004,096 | -H-- | C] () -- C:\Users\Jörg Cölsmann\AppData\Local\keyfile3.drm [2008.01.06 04:34:11 | 000,000,101 | ---- | C] () -- C:\Users\Jörg Cölsmann\AppData\Local\fusioncache.dat [2008.01.05 19:53:43 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2008.01.05 10:34:45 | 000,000,039 | ---- | C] () -- C:\Windows\MB.ini [2008.01.05 01:06:40 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll [2008.01.05 00:23:13 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2008.01.04 16:06:45 | 000,023,552 | ---- | C] () -- C:\Users\Jörg Cölsmann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.01.04 13:17:22 | 005,767,168 | -HS- | C] () -- C:\Users\Jörg Cölsmann\NTUSER.DAT [2008.01.04 13:17:22 | 000,524,288 | -HS- | C] () -- C:\Users\Jörg Cölsmann\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2008.01.04 13:17:22 | 000,524,288 | -HS- | C] () -- C:\Users\Jörg Cölsmann\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2008.01.04 13:17:22 | 000,262,144 | -H-- | C] () -- C:\Users\Jörg Cölsmann\ntuser.dat.LOG1 [2008.01.04 13:17:22 | 000,065,536 | -HS- | C] () -- C:\Users\Jörg Cölsmann\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2008.01.04 13:17:22 | 000,000,020 | -HS- | C] () -- C:\Users\Jörg Cölsmann\ntuser.ini [2008.01.04 13:17:22 | 000,000,000 | -H-- | C] () -- C:\Users\Jörg Cölsmann\ntuser.dat.LOG2 [2008.01.02 16:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll [2008.01.02 16:47:22 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll [2008.01.02 16:47:22 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll [2007.10.18 10:12:20 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1350.dll [2007.10.18 10:03:58 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll [2007.09.17 16:27:13 | 000,000,030 | ---- | C] () -- C:\Windows\SetPanel.ini [2007.09.17 16:26:58 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI [2007.09.17 06:31:01 | 000,001,132 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2007.08.14 17:19:28 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll [2007.08.14 14:51:39 | 000,910,720 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll [2007.08.14 14:51:39 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1280.dll [2007.08.14 14:51:31 | 001,729,152 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2007.08.14 14:49:11 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2007.08.14 07:17:30 | 000,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys [2007.08.14 07:17:30 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys [2007.08.14 07:16:50 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll [2007.08.14 07:11:35 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll [2007.08.14 06:19:33 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2007.04.25 16:33:22 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll [2007.04.25 16:32:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll [2007.04.25 16:32:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll [2007.04.25 16:31:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll [2007.04.25 16:30:52 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll [2007.04.25 16:30:44 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll [2006.12.25 15:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:25:25 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscld.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.10.16 08:58:14 | 000,086,016 | ---- | C] () -- C:\Windows\System32\aspolyzt.dll [2005.07.06 12:59:58 | 000,028,672 | ---- | C] () -- C:\Windows\System32\asdrawli.dll [2005.07.04 15:17:30 | 000,069,632 | ---- | C] () -- C:\Windows\System32\ASDRAWMA.DLL [2004.08.17 17:34:52 | 000,036,864 | ---- | C] () -- C:\Windows\System32\AS_SORT.DLL [2003.05.22 12:31:44 | 000,033,792 | ---- | C] () -- C:\Windows\System32\ASDRAW32.DLL [2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI [2002.07.12 16:29:28 | 000,073,728 | ---- | C] () -- C:\Windows\System32\AS_MDB32.DLL [2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== LOP Check ========== [2008.01.04 13:23:29 | 000,000,000 | ---D | M] -- C:\Users\Jörg Cölsmann\AppData\Roaming\Acer [2008.07.11 12:36:28 | 000,000,000 | ---D | M] -- C:\Users\Jörg Cölsmann\AppData\Roaming\ASCON Installer [2008.07.11 12:45:27 | 000,000,000 | ---D | M] -- C:\Users\Jörg Cölsmann\AppData\Roaming\ASCON Programme [2009.02.07 15:26:18 | 000,000,000 | ---D | M] -- C:\Users\Jörg Cölsmann\AppData\Roaming\Canon [2008.01.17 12:34:45 | 000,000,000 | ---D | M] -- C:\Users\Jörg Cölsmann\AppData\Roaming\eDocPrintPro [2009.08.27 20:05:50 | 000,000,000 | ---D | M] -- C:\Users\Jörg Cölsmann\AppData\Roaming\EPSON [2010.04.08 23:12:31 | 000,000,000 | ---D | M] -- C:\Users\Jörg Cölsmann\AppData\Roaming\FileZilla [2010.01.06 16:48:10 | 000,000,000 | ---D | M] -- C:\Users\Jörg Cölsmann\AppData\Roaming\GrabPro [2009.02.01 10:24:35 | 000,000,000 | ---D | M] -- C:\Users\Jörg Cölsmann\AppData\Roaming\KWorld Multimedia [2008.06.11 15:55:31 | 000,000,000 | ---D | M] -- C:\Users\Jörg Cölsmann\AppData\Roaming\Monotype Imaging Inc [2010.04.06 10:53:27 | 000,000,000 | ---D | M] -- C:\Users\Jörg Cölsmann\AppData\Roaming\MySQL [2010.02.20 12:00:22 | 000,000,000 | ---D | M] -- C:\Users\Jörg Cölsmann\AppData\Roaming\Orbit [2008.02.06 21:51:31 | 000,000,000 | ---D | M] -- C:\Users\Jörg Cölsmann\AppData\Roaming\Password Guard [2008.10.30 10:44:01 | 000,000,000 | ---D | M] -- C:\Users\Jörg Cölsmann\AppData\Roaming\PC-FAX TX [2008.09.30 12:25:39 | 000,000,000 | ---D | M] -- C:\Users\Jörg Cölsmann\AppData\Roaming\PhonerLite [2008.08.15 08:20:43 | 000,000,000 | ---D | M] -- C:\Users\Jörg Cölsmann\AppData\Roaming\PROject MT [2009.10.10 13:25:30 | 000,000,000 | ---D | M] -- C:\Users\Jörg Cölsmann\AppData\Roaming\ROUTE 66 Sync [2010.04.09 15:28:31 | 000,000,000 | ---D | M] -- C:\Users\Jörg Cölsmann\AppData\Roaming\Simply Super Software [2009.01.28 14:26:56 | 000,000,000 | ---D | M] -- C:\Users\Jörg Cölsmann\AppData\Roaming\Software4u [2009.04.02 08:09:40 | 000,000,000 | ---D | M] -- C:\Users\Jörg Cölsmann\AppData\Roaming\SPAMfighter [2009.01.19 10:15:32 | 000,000,000 | ---D | M] -- C:\Users\Jörg Cölsmann\AppData\Roaming\Teleca [2008.01.06 14:28:29 | 000,000,000 | ---D | M] -- C:\Users\Jörg Cölsmann\AppData\Roaming\TuneUp Software [2010.01.31 23:27:19 | 000,000,000 | ---D | M] -- C:\Users\Jörg Cölsmann\AppData\Roaming\Zukunftscheck [2010.04.09 20:43:05 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.03.22 12:32:20 | 000,000,714 | ---- | M] () -- C:\Windows\Tasks\vtigerCRM Email Reminder.job [2010.03.22 12:32:20 | 000,000,580 | ---- | M] () -- C:\Windows\Tasks\vtigerCRM Notification Scheduler.job [2010.03.22 12:32:20 | 000,000,614 | ---- | M] () -- C:\Windows\Tasks\vtigerCRM Recurring Invoice.job [2010.03.22 12:32:20 | 000,000,586 | ---- | M] () -- C:\Windows\Tasks\vtigerCRM WorkFlow.job [2009.06.28 22:08:45 | 000,000,186 | ---- | M] () -- C:\Windows\Tasks\{DF987E38-EEA4-4D2E-BAC3-16B8B844B2FB}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.01.19 07:06:48 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008.01.19 07:06:48 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008.01.19 06:33:23 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: ENETHOOK.DLL > [2007.06.13 16:53:50 | 000,090,112 | R--- | M] (acer) MD5=B6A1D439109F7294C1BE14D5DC0C41AC -- C:\Acer\Empowering Technology\eNet\eNetHook.dll [2007.06.13 16:53:50 | 000,090,112 | R--- | M] (acer) MD5=B6A1D439109F7294C1BE14D5DC0C41AC -- C:\Windows\System32\eNetHook.dll < MD5 for: IASTOR.SYS > [2007.02.12 15:37:22 | 000,537,368 | ---- | M] (Intel Corporation) MD5=2EE127D5407DA3957EE54711C9AED6EC -- C:\Programme\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2007.02.12 07:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Acer\Empowering Technology\eRecovery\Autorun\SW1\SATA\iastor.sys [2007.02.12 07:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\DRV\SATA\iastor.sys [2007.02.12 15:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Programme\Intel\Intel Matrix Storage Manager\driver\iaStor.sys [2007.02.12 07:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\drivers\iaStor.sys [2007.02.12 15:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1cb29a96\iaStor.sys [2007.02.12 07:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_8f0cb06b\iaStor.sys < MD5 for: IASTORV.SYS > [2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVRAID.SYS > [2008.01.19 09:43:01 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvraid.sys [2008.01.19 09:43:01 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvraid.sys [2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\drivers\nvraid.sys [2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvraid.sys < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.04.11 08:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll [2009.04.11 08:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > [1 C:\Windows\system32\drivers\*.tmp files -> C:\Windows\system32\drivers\*.tmp -> ] < %systemroot%\System32\config\*.sav > [2007.08.14 14:52:33 | 006,664,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2007.08.14 14:52:31 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2007.08.14 14:52:33 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2007.08.14 14:52:42 | 015,720,448 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2007.08.14 14:52:44 | 006,012,928 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV ========== Alternate Data Streams ========== @Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:8FF81EB0 < End of report > |
|
09.04.2010, 21:20
| #7 |
| | Internetexplorer öffnet sich permanent mit Werbung... last but not least - the OLT Extras logfile OTL Extras logfile created on: 09.04.2010 20:38:28 - Run 1 OTL by OldTimer - Version 3.2.1.1 Folder = D:\ Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 52,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 69,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 69,77 Gb Total Space | 18,70 Gb Free Space | 26,80% Space Free | Partition Type: NTFS Drive D: | 66,27 Gb Total Space | 49,25 Gb Free Space | 74,31% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded Drive G: | 298,05 Gb Total Space | 249,80 Gb Free Space | 83,81% Space Free | Partition Type: FAT32 H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: JÖRGCÖLSMANN-PC Current User Name: Jörg Cölsmann Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 "AutoUpdateDisableNotify" = 0 "AntiVirusDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu -- (Acer Inc.) "C:\Acer\Empowering Technology\eDataSecurity\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption -- (HiTRUST) "C:\Acer\Empowering Technology\eDataSecurity\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption -- (HiTRUST) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{06225B20-ABD0-451B-A4C3-35BBA6B47F1E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{06FF827C-45E8-4529-8DD8-A3107290AF22}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{2ADA8332-1BF8-4F3F-824A-7D2B38382392}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2F2429F9-2D51-454F-8149-F6A66490CDDE}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{3AB4FDA5-D84E-4C24-97C5-CA94874731EC}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{4266A43C-7F9D-4E47-9E44-51CFE6E301FB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{508767C8-1009-41FC-A737-E5DBB72C76F7}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{5383E02D-923F-487C-8781-28BFFDBB008C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{59788C4A-ABA4-4CD8-84EA-60EB782745EE}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{5B16DAFA-4FF6-4C88-BC64-A0FC9EF7EB25}" = lport=10243 | protocol=6 | dir=in | app=system | "{6200F753-59CF-4588-9FFF-6283755F70E0}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{621CAFEE-7A33-4020-8A6C-8D1974CEAD77}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{68B1FB29-C546-42E7-90B6-39E169BE62EA}" = lport=2869 | protocol=6 | dir=in | app=system | "{6FA3C2F7-0C3F-42E1-8A1F-DB8ACDADFBE5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{750165A6-D99B-4E6F-BCB3-D1ECE055A7C9}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{7A74C507-D587-4095-80B8-60B165C91B36}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{7DBC0B42-D954-4579-A4CE-84A532F5D0CC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{807A483E-69B4-4774-AF0E-9779D332A811}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{884274D5-1AAE-4EE8-A9B7-BCD95C03B04D}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{89709111-6568-4983-A265-974A51D0F481}" = rport=10243 | protocol=6 | dir=out | app=system | "{91AB4FD2-7E37-4196-8EBD-1D5E00B6C5F3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{957BED44-EB74-470A-BEEF-A91030AD3487}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{A7FE289D-B0E8-455A-8976-3C32FE9FE31C}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{ABF1E576-CA8F-4F79-A0D5-C9879460C95D}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{B78EDD97-C80A-45A2-B2BC-54C9BD303D4F}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{CF0C11D2-8358-4776-B205-02A13F26EBD3}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{CF77C955-5C0F-41D6-B97C-26BD22F2F0F3}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{D527B4FA-FE84-44CE-857B-5398525046F7}" = lport=3306 | protocol=6 | dir=in | name=sql | "{D742607D-0CA2-48FB-8220-8E792F58FC04}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{D8B701D3-92E0-4089-8A4C-719B6B6E4E8F}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{DB85E179-6CA0-4F0D-8344-C8C24A25B7D2}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{E1A0971E-C683-45E2-875E-F08F1946A295}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{E37B2271-7DFB-4029-A429-1E580E9C0AA9}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{F95F6344-3870-4052-9CA7-8F92420D7AC0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{FF0453D6-615E-481F-93E4-6EA3637E7B37}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{FF99D05A-E1EB-4327-8616-AF61AB0A2D59}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0083FBD9-ABB8-49C7-B362-8B57896E5A41}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{01D93850-9A76-4E3C-A83F-828D1C9DDAEF}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{043FE377-B634-4611-991B-8F9E908A4A01}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{05CD6DBC-23A1-4141-B897-92833E687D1F}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{08C01C15-965C-477B-82CC-B2AB60FDAF35}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{0C498448-3AE2-44A7-95CA-7ED5D4D609D8}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{0D73F2A6-210E-4654-A216-D4C77B5FE7E9}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{0FE0B9DF-4075-4192-A55B-ED4B3F6EF6B9}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{13AA7CA9-7FAB-4058-AF86-96252276C99B}" = protocol=6 | dir=in | app=c:\program files\network stumbler\netstumbler.exe | "{13DED48A-35A6-4FA1-84F8-D0E0062F06E7}" = protocol=6 | dir=in | app=c:\program files\mysql\mysql tools for 5.0\mysqlsystemtraymonitor.exe | "{13F19559-8D0D-402E-900D-A0F4949670CB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{15CC9BB7-CE47-4D34-A407-74E97D832336}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{175583FE-6A3A-4191-9B40-1FF1CC7FF070}" = protocol=17 | dir=in | app=c:\program files\mysql\mysql tools for 5.0\mysqladministrator.exe | "{1C907B15-66CE-4CF3-B631-17FE4B5EFBBB}" = protocol=6 | dir=in | app=c:\program files\mysql\mysql tools for 5.0\mysqladministrator.exe | "{1E12CFE3-704E-4FCE-9D65-293FD197C3F1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{20AE549F-57F7-4B26-B10F-CA5FE555BDC6}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{211590FB-5876-42E8-9176-32A554819DDE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{25BC50C9-8672-4929-AB14-384CCEDEA0C4}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{279605B2-0F32-41B0-BF6C-7C814A633321}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{2809475B-2A89-4A3B-A42A-2A471614C72C}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{2A4FD413-595F-4321-A32C-1E4F6A9A5AF7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{2D782DE4-D203-4762-A873-03E71644B9FB}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{34B4A5C5-2AC7-4211-9788-DE684C4EA2A1}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{3E1A22C5-1531-427E-B14C-E54C2E63A8DB}" = protocol=17 | dir=in | app=c:\program files\mysql\mysql tools for 5.0\mysqlsystemtraymonitor.exe | "{40138ADE-47ED-4B6F-B99D-D0B6DCCAF594}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{47246E00-C672-4A6D-BF11-6D73B0BD512C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{524412A4-0D8D-4E5A-91D0-603FB2A6522D}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{55B54BEC-C57C-4420-B3D5-061A8563BB58}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{58B06A9A-4BE4-4C77-A131-E14CB06A5566}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware workstation\vmware-authd.exe | "{686F6251-34D7-4403-A31D-2C425DFBEC14}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{69D39B3C-18AD-468D-A83B-DD506D2125AA}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{6C41FD63-4671-44C0-B9F6-E41465B46783}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{6EC2194E-86E8-4BCD-819D-A23B9BA0C1C8}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{6FF7844C-E740-42E5-B362-5D42E15CEFDD}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{730894C3-44DD-496F-B90B-016156C3CFCB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{749190DA-239F-4E8B-ABD9-FECD338F270B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{7B471D37-FF56-4BE4-B92D-E12814D35022}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{7BDE5D79-2E02-4A18-97C1-ACADCC554224}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{821249B5-C149-4582-AAC4-6722482B46DA}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware workstation\vmware-authd.exe | "{86850D70-1A2A-48E5-8E63-75B8565B2E98}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{8A99DA74-04AD-4B56-B8D3-CFD044C59104}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{940C5545-FC76-409D-8275-9F713F323F26}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{95714331-7AAD-464F-9ACB-9BAC4320AC63}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{9682460E-66CF-4580-BCF7-0894F94DD243}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{98441B64-C8CC-4868-98E4-C29E99C2511A}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{98821BB3-92A2-42B7-9668-E09A7D1A1574}" = protocol=6 | dir=in | app=c:\program files\mysql\mysql tools for 5.0\mysqlquerybrowser.exe | "{9B4A5B77-602B-4B4D-B61A-1F8AE8984783}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{9BC487ED-52E5-4F9C-8458-E2A34EF73A95}" = protocol=17 | dir=in | app=c:\program files\mysql\mysql tools for 5.0\mysqlquerybrowser.exe | "{A086EECE-517D-4373-99B0-CFD90824C21D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{AD228070-501E-409E-94C1-790D400D824F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{ADC9BE8E-64E5-4AAA-AF39-3D62F668715C}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{AF425D0D-7D2D-4324-8303-BE8871EE67F8}" = protocol=6 | dir=out | app=system | "{B3FDA212-4F8E-44D6-A3D6-DAFCD6A11A90}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B69D2394-4D81-4A3B-80CF-2AFD94262B56}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{B7B60855-22AA-4029-93D5-23213456F2DB}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{B81FEA86-3D6E-4DD3-8080-5719A5614553}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{BB1A84BD-C55D-4518-917D-C426EBE024CF}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{BBB482F0-5AFE-4A66-9773-100B7F096B9D}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{BD70A6BA-8959-4E04-8786-184890CE9293}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{BFC9C2C9-8573-495A-B074-82A7C375B77D}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware workstation\vmware-authd.exe | "{C501AB15-17E4-4505-8C84-AC8EDB558583}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{C5E1D401-428F-400E-95B7-442E9AD06D74}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{CB73A828-844E-4B40-8158-C4D034E3842F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{CC512354-AA1C-4E4D-BD3C-F994111B18B2}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{CC61654A-402C-4141-8E23-98FF5246E080}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware workstation\vmware-authd.exe | "{CE1B7D07-0F6F-4FB8-B4A8-D8A79961B74D}" = protocol=17 | dir=in | app=c:\program files\network stumbler\netstumbler.exe | "{D4C9E2D7-B586-4EF6-8D58-22E86DF1E8D2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{D9AB4A62-1221-48DC-95D7-4DF8C1F670EC}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{DED17252-E892-4D6A-88B4-CC8618CAA773}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{E0E2562F-DDDD-4E73-A481-9233471A4365}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{E5798044-4B78-413A-BEE8-7CE1C93D9D99}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{E61CC44D-7A4C-4BA0-9BD5-0C995AC5C4B6}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{E723DC0C-BD9C-4164-AA63-832E902D47C9}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{E8AE5FF1-F48F-42A7-8A67-1DDFD78AD472}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{F00DD4EF-99C6-478E-A358-C8838E79EE3C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{F23927D3-BDA8-4EC5-9B50-5501868DBDCA}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{F2ACE5B0-ECCA-4EBA-8826-204208902638}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{F8B06521-B4BC-4676-A23A-C4BAAF361E99}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{FA93B8DF-65B2-495E-A7F1-7C5F84DB08DA}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{FB154475-75D6-4458-AA68-A9381678A6B5}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{FB512D42-8C8B-41D4-9BB6-82782857423D}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{FE587AEC-B3E0-4D58-8D50-F6104B9372F1}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{FF159794-81B0-4E87-B4FB-7242A344D531}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{FFD8AF3B-6EA8-4F16-8095-50A6AE30973E}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe | "TCP Query User{092ED76C-358F-4C7B-A368-B8C3CDC92629}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{1DD1124B-F3D4-4C02-92ED-0253E6D08D59}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | "TCP Query User{509D8606-B52A-42FE-B171-67D24DEAC2B8}C:\program files\my mobile\mymobiler\mymobiler.exe" = protocol=6 | dir=in | app=c:\program files\my mobile\mymobiler\mymobiler.exe | "TCP Query User{5912ECC9-5379-4BE9-9FB6-632D1AB86E7E}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{616601B9-6337-4B04-8A99-9B8E77E2C2E8}C:\xampplite\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampplite\mysql\bin\mysqld.exe | "TCP Query User{64BB8E54-A5C8-4775-809C-D5D4F3169AAE}C:\program files\phonerlite\phonerlite.exe" = protocol=6 | dir=in | app=c:\program files\phonerlite\phonerlite.exe | "TCP Query User{7014636D-2684-49B1-9DF4-1BC4C66BA2A2}C:\program files\my mobile\mymobiler\mexplorer.exe" = protocol=6 | dir=in | app=c:\program files\my mobile\mymobiler\mexplorer.exe | "TCP Query User{9622DAC5-DEC3-496D-A572-12BE06D97E3C}C:\xampplite\apache\bin\apache.exe" = protocol=6 | dir=in | app=c:\xampplite\apache\bin\apache.exe | "TCP Query User{96C4D517-A2E9-48AA-8D1B-1E6A859AF65D}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | "TCP Query User{9A20332B-8428-481F-BF92-4797C43A9FB7}C:\program files\vtigercrm-5.1.0\apache\bin\apache.exe" = protocol=6 | dir=in | app=c:\program files\vtigercrm-5.1.0\apache\bin\apache.exe | "TCP Query User{A06CC374-BF49-4C06-89F4-C6FB6B6EC273}C:\program files\kworld multimedia\liveupdate\liveupdate.exe" = protocol=6 | dir=in | app=c:\program files\kworld multimedia\liveupdate\liveupdate.exe | "TCP Query User{A20266BC-2A79-446A-BC1C-7C99BEF3BD62}C:\program files\vtigercrm-5.1.0\apache\bin\apache.exe" = protocol=6 | dir=in | app=c:\program files\vtigercrm-5.1.0\apache\bin\apache.exe | "TCP Query User{A4B96700-7E56-402F-B645-A4BB5C2BC471}C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe | "TCP Query User{A4EBA697-AA6F-44D7-893A-5B6EC95D5BA3}C:\program files\my mobile\mymobiler\mymobiler.exe" = protocol=6 | dir=in | app=c:\program files\my mobile\mymobiler\mymobiler.exe | "TCP Query User{AF433AA2-DB42-4C45-B96C-932C08F56A44}C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe | "TCP Query User{B7635359-115C-40CC-AC2A-1FAF7EBCF29A}C:\xampplite\apache\bin\apache.exe" = protocol=6 | dir=in | app=c:\xampplite\apache\bin\apache.exe | "TCP Query User{BBBBFD5B-22C1-4BCA-A1A0-016F3D03DCDC}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | "TCP Query User{BF4D81A1-36EA-4978-A55A-923B4A2B0CC5}C:\program files\route 66\route 66 sync\route66sync.exe" = protocol=6 | dir=in | app=c:\program files\route 66\route 66 sync\route66sync.exe | "TCP Query User{D7518DAF-8D68-4F3C-8B99-F0AD9C0B57E4}C:\xampplite\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampplite\mysql\bin\mysqld.exe | "TCP Query User{ED405F84-DC97-4276-8259-FEE1D3786777}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{FF0DF9F9-6CCD-49AE-AEE3-DABB545F271A}C:\program files\my mobile\mymobiler\mexplorer.exe" = protocol=6 | dir=in | app=c:\program files\my mobile\mymobiler\mexplorer.exe | "UDP Query User{05199BC5-1EBE-4A69-85C6-A0581FFF0BEF}C:\xampplite\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampplite\mysql\bin\mysqld.exe | "UDP Query User{0E505E76-5520-462B-9A24-99262C529079}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{189EB48A-9D1B-408D-A529-9D48B4445360}C:\program files\kworld multimedia\liveupdate\liveupdate.exe" = protocol=17 | dir=in | app=c:\program files\kworld multimedia\liveupdate\liveupdate.exe | "UDP Query User{26413F70-605E-4268-995F-0377D4BBADF7}C:\program files\my mobile\mymobiler\mymobiler.exe" = protocol=17 | dir=in | app=c:\program files\my mobile\mymobiler\mymobiler.exe | "UDP Query User{280D9E5F-D507-4438-8B0C-366AD7F07E27}C:\program files\vtigercrm-5.1.0\apache\bin\apache.exe" = protocol=17 | dir=in | app=c:\program files\vtigercrm-5.1.0\apache\bin\apache.exe | "UDP Query User{3D9FCF47-DFD6-4F34-9571-ED48BA90EF85}C:\program files\vtigercrm-5.1.0\apache\bin\apache.exe" = protocol=17 | dir=in | app=c:\program files\vtigercrm-5.1.0\apache\bin\apache.exe | "UDP Query User{415E4E89-A8B1-4952-885B-84AD56B5B93D}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | "UDP Query User{4852C383-9918-404E-88D4-2AD049300980}C:\xampplite\apache\bin\apache.exe" = protocol=17 | dir=in | app=c:\xampplite\apache\bin\apache.exe | "UDP Query User{4F3DB012-C60C-44CB-AABC-4ACC3BA277BB}C:\program files\route 66\route 66 sync\route66sync.exe" = protocol=17 | dir=in | app=c:\program files\route 66\route 66 sync\route66sync.exe | "UDP Query User{7444D2E1-D2E4-416B-9958-A3FA66D72D7C}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | "UDP Query User{74656602-E2A4-4A24-8E48-3E3110267266}C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe | "UDP Query User{74B20FEC-976A-430E-9DFA-0EC90B051A2E}C:\program files\my mobile\mymobiler\mexplorer.exe" = protocol=17 | dir=in | app=c:\program files\my mobile\mymobiler\mexplorer.exe | "UDP Query User{80DBCBD1-1F0A-4AC5-8732-BAE54C5BCBF9}C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe | "UDP Query User{871EDD7E-F753-4645-B8EC-DDD01C053764}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | "UDP Query User{8CFB3C0D-70FA-4754-B1B2-37D149A30DFC}C:\program files\my mobile\mymobiler\mymobiler.exe" = protocol=17 | dir=in | app=c:\program files\my mobile\mymobiler\mymobiler.exe | "UDP Query User{90BF4C35-9798-48D1-B59B-9868CE339D04}C:\xampplite\apache\bin\apache.exe" = protocol=17 | dir=in | app=c:\xampplite\apache\bin\apache.exe | "UDP Query User{9624B742-F989-4C83-BA33-712F35CBB6D2}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{980DCF1E-882D-479F-B251-7C223A114431}C:\program files\phonerlite\phonerlite.exe" = protocol=17 | dir=in | app=c:\program files\phonerlite\phonerlite.exe | "UDP Query User{B3515F40-F535-4A2B-9A04-F9B4C835B8A9}C:\program files\my mobile\mymobiler\mexplorer.exe" = protocol=17 | dir=in | app=c:\program files\my mobile\mymobiler\mexplorer.exe | "UDP Query User{C4992376-BB01-43C2-BE16-2911F7F7AAA5}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{F2596165-5050-40F8-B8F7-9D724409BC35}C:\xampplite\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampplite\mysql\bin\mysqld.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd "{008F9A3A-24A0-408B-AD7F-95C414219A00}" = Adobe Setup "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{07E78C07-ECEF-4AEF-9581-2C31A5BDA6C0}" = sipgate Faxdrucker "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent "{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In "{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management "{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7 "{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter "{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{194D92D9-8A52-4C0D-8C3F-0D12B0DE28D7}" = vtiger CRM Office Plug-in 5.0.4 "{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware "{1C43709D-713C-46C3-97CC-5B31F09ACA5E}_is1" = Deutschland Patente PDF Downloader Trial 1.5 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3 "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3 "{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel(R) PROSet/Wireless WiFi-Software "{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime "{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye webcam "{3FF55F91-4296-46D0-B045-1429CD46AF99}" = Adobe Setup "{411E0CC3-587A-468C-B461-95FAFD05E4DE}" = Adobe InDesign CS3 "{427967BF-09F8-46D5-9275-37001CCBBA5D}" = Winbond CIR Drivers "{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support "{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour "{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}" = Adobe Dreamweaver CS3 "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies "{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management "{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 "{5C474A83-A45F-470C-9AC8-2BD1C251BF9A}" = Skype™ 4.1 "{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77D2A9D3-5800-43E3-B274-87841BC87DB2}" = Adobe ExtendScript Toolkit 2 "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver "{7D386596-0E80-4808-8AAE-C1DDA8212F7F}" = Adobe Setup "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}" = Adobe Setup "{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2 "{8C640345-AF96-4ABA-A697-97D2A0B8C6DB}" = Adobe Flash CS3 "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager "{91110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{913B0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003 "{91510407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003 "{91A10407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003 "{9252E63C-2BFF-415B-97D6-8507E8648F64}" = ROUTE 66 Sync "{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A4D182C-35C7-4791-8484-4304EBC9101A}" = Windows 7 Upgrade Advisor "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation "{AA047D7C-5E7C-4878-B75C-77589151B563}" = Acer Crystal Eye webcam "{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 8.0 Professional Edition "{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris "{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings "{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch "{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.1 - Deutsch "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8 "{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k "{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4 "{AE585DDE-7230-4B57-926B-428C94AA5850}" = Adobe Setup "{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3 "{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer 3.72 "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{B9FA0B1B-4136-4159-BD7B-17E62738F388}" = Sydatec Datashredder "{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX "{BCEDD813-269C-4D8F-A4BA-01FDC66254D3}" = Adobe Flash Video Encoder "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3 "{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management "{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management "{C9D456FD-C25B-49DE-AA71-6B76D6550B23}" = Adobe Fireworks CS3 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CB489CA9-7546-4D4A-8064-E560D824B34D}" = Password Guard "{CE26F10F-C80F-4377-908B-1B7882AE2CE3}" = Crystal Reports Basic Runtime for Visual Studio 2008 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management "{CF23AFD7-3078-4134-8823-EBF6D1FE6FAD}" = Canon MP450 "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E358634B-F124-46FD-8618-C00D0E92B0D3}" = BMWi-Softwarepaket 9.3 "{E3DC29BB-8F6F-4034-89B2-E317391F804F}" = BMWi Zukunftscheck Mittelstand "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler "{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{F9745BC1-93BD-49B9-A6C8-C005E7E92F3C}" = NTI CD & DVD-Maker "{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings "{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows "964DE571-3F1E-45CB-829D-648AACF33A52_is1" = Registry CleanUP 2008 "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "ActiveScan 2.0" = Panda ActiveScan 2.0 "Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.2.1 Professional "Adobe Acrobat 8 Professional - English, Français, Deutsch_821" = Adobe Acrobat 8.2.1 - CPSID_50570 "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe_2225677e524ae91efb80c700be972bf" = Adobe Flash CS3 Professional "Adobe_25db75244653b42cb93dc27939d1c0e" = Adobe Dreamweaver CS3 "Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2 "Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3 "Adobe_6c7ed6c08f4acf68bf0512885eec384" = Adobe Fireworks CS3 "Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings "Adobe_8fbf74eb27c84640370f87306e8981b" = Adobe InDesign CS3 "AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CCleaner" = CCleaner "eDocPrintPro" = eDocPrintPro "EPSON Printer and Utilities" = EPSON-Drucker-Software "EPSON Scanner" = EPSON Scan "FileZilla Client" = FileZilla Client 3.3.2.1 "fring" = fring "HDMI" = Intel(R) Graphics Media Accelerator Driver "HijackThis" = HijackThis 2.0.2 "HyperMedia_is1" = HyperMedia Software "HyperMediaCenter 3.5_is1" = HyperMediaCenter 3.5 "InstallShield_{9252E63C-2BFF-415B-97D6-8507E8648F64}" = ROUTE 66 Sync "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Mein Büro_is1" = Mein Büro "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3) "PocketRAR" = Pocket RAR documentation "ProInst" = Intel PROSet Wireless "ShockwaveFlash" = Adobe Flash Player 9 ActiveX "Skype™ for Windows Mobile_is1" = Skype™ for Windows Mobile 2.5 "Spb Mobile Shell" = Spb Mobile Shell "Streamripper.Plugin" = Streamripper Plugin 1.62.1 (Remove only) "SynTPDeinstKey" = Synaptics Pointing Device Driver "Trojan Remover_is1" = Trojan Remover 6.8.1 "TweakVI" = TweakVI "Uninstall_is1" = Uninstall 1.0.0.0 "VLC media player" = VLC media player 1.0.3 "VMware_Workstation" = VMware Workstation "Winamp" = Winamp "Winamp Essentials Pack" = Winamp Essentials Pack v5.35 "Windows Mobile Device Handbook" = Windows Mobile®-Gerätehandbuch "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "XJ!_is1" = XJ! Version 1.0 [Aralon] "xp-AntiSpy" = xp-AntiSpy 3.97-2 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "CRM Outlook Plugin" = CRM Outlook Plugin "vtigercrm-5.1.0" = vtigercrm-5.1.0 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 19.05.2009 08:14:14 | Computer Name = JörgCölsmann-PC | Source = RapiMgr | ID = 8 Description = Windows Mobile-based device failed to connect due to communication (0x8007274a) failure (see data for failure code). Error - 20.05.2009 07:43:55 | Computer Name = JörgCölsmann-PC | Source = RapiMgr | ID = 8 Description = Windows Mobile-based device failed to connect due to communication (0x8007274a) failure (see data for failure code). Error - 20.05.2009 10:00:20 | Computer Name = JörgCölsmann-PC | Source = RapiMgr | ID = 8 Description = Windows Mobile-based device failed to connect due to communication (0x8007274a) failure (see data for failure code). Error - 21.05.2009 07:24:45 | Computer Name = JörgCölsmann-PC | Source = RapiMgr | ID = 8 Description = Windows Mobile-based device failed to connect due to communication (0x8007274a) failure (see data for failure code). Error - 22.05.2009 05:12:21 | Computer Name = JörgCölsmann-PC | Source = RapiMgr | ID = 8 Description = Windows Mobile-based device failed to connect due to communication (0x8007274a) failure (see data for failure code). Error - 22.05.2009 07:38:00 | Computer Name = JörgCölsmann-PC | Source = RapiMgr | ID = 8 Description = Windows Mobile-based device failed to connect due to communication (0x8007274a) failure (see data for failure code). Error - 25.04.2007 18:02:51 | Computer Name = JörgCölsmann-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 26.05.2009 06:10:20 | Computer Name = JörgCölsmann-PC | Source = Windows Search Service | ID = 3013 Description = Error - 26.05.2009 06:10:20 | Computer Name = JörgCölsmann-PC | Source = Windows Search Service | ID = 3013 Description = Error - 26.05.2009 06:44:01 | Computer Name = JörgCölsmann-PC | Source = RapiMgr | ID = 8 Description = Windows Mobile-based device failed to connect due to communication (0x8007274a) failure (see data for failure code). [ System Events ] Error - 07.04.2010 23:04:19 | Computer Name = JörgCölsmann-PC | Source = Service Control Manager | ID = 7000 Description = Error - 08.04.2010 01:44:34 | Computer Name = JörgCölsmann-PC | Source = WMPNetworkSvc | ID = 866287 Description = Error - 08.04.2010 09:44:38 | Computer Name = JörgCölsmann-PC | Source = Service Control Manager | ID = 7011 Description = Error - 09.04.2010 02:22:46 | Computer Name = JörgCölsmann-PC | Source = Service Control Manager | ID = 7011 Description = Error - 09.04.2010 02:44:24 | Computer Name = JörgCölsmann-PC | Source = Dhcp | ID = 1000 Description = Die Lease dieses Computers zu der IP-Adresse 192.168.2.103 über die Netzwerkkarte mit der Netzwerkadresse 001B7776D68B ist verloren gegangen. Error - 09.04.2010 13:24:27 | Computer Name = JörgCölsmann-PC | Source = DCOM | ID = 10010 Description = Error - 09.04.2010 13:26:42 | Computer Name = JörgCölsmann-PC | Source = Service Control Manager | ID = 7000 Description = Error - 09.04.2010 13:28:48 | Computer Name = JörgCölsmann-PC | Source = WMPNetworkSvc | ID = 866287 Description = Error - 09.04.2010 14:31:34 | Computer Name = JörgCölsmann-PC | Source = Service Control Manager | ID = 7000 Description = Error - 09.04.2010 14:33:36 | Computer Name = JörgCölsmann-PC | Source = WMPNetworkSvc | ID = 866287 Description = [ TuneUp Events ] Error - 09.04.2010 02:29:32 | Computer Name = JörgCölsmann-PC | Source = TuneUp Program Statistics | ID = 131840 Description = SQL Error: file is encrypted or is not a database; when executing SQL: INSERT INTO MemApplications (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, '2010-04-09 08:29:32', 0, Resumed FROM ActiveApps WHERE ProcID=='7404';DELETE FROM ActiveApps WHERE ProcID=='7404'; Error - 09.04.2010 02:31:07 | Computer Name = JörgCölsmann-PC | Source = TuneUp Program Statistics | ID = 131840 Description = SQL Error: file is encrypted or is not a database; when executing SQL: INSERT INTO MemApplications (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, '2010-04-09 08:31:07', 0, Resumed FROM ActiveApps WHERE ProcID=='2400';DELETE FROM ActiveApps WHERE ProcID=='2400'; Error - 09.04.2010 02:41:08 | Computer Name = JörgCölsmann-PC | Source = TuneUp Program Statistics | ID = 131840 Description = SQL Error: file is encrypted or is not a database; when executing SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-04-09 08:41:08', '\device\harddiskvolume2\windows\system32\control.exe','7012',0) Error - 09.04.2010 02:41:08 | Computer Name = JörgCölsmann-PC | Source = TuneUp Program Statistics | ID = 131840 Description = SQL Error: file is encrypted or is not a database; when executing SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-04-09 08:41:08', '\device\harddiskvolume2\windows\system32\rundll32.exe','7592',0) Error - 09.04.2010 02:41:13 | Computer Name = JörgCölsmann-PC | Source = TuneUp Program Statistics | ID = 131840 Description = SQL Error: file is encrypted or is not a database; when executing SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-04-09 08:41:13', '\device\harddiskvolume2\windows\system32\consent.exe','7780',0) Error - 09.04.2010 02:41:13 | Computer Name = JörgCölsmann-PC | Source = TuneUp Program Statistics | ID = 131840 Description = SQL Error: file is encrypted or is not a database; when executing SQL: INSERT INTO MemApplications (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, '2010-04-09 08:41:13', 0, Resumed FROM ActiveApps WHERE ProcID=='7012';DELETE FROM ActiveApps WHERE ProcID=='7012'; Error - 09.04.2010 03:29:55 | Computer Name = JörgCölsmann-PC | Source = TuneUp Program Statistics | ID = 131840 Description = SQL Error: file is encrypted or is not a database; when executing SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-04-09 09:29:55', '\device\harddiskvolume2\windows\system32\dllhost.exe','7628',0) Error - 09.04.2010 03:29:55 | Computer Name = JörgCölsmann-PC | Source = TuneUp Program Statistics | ID = 131840 Description = SQL Error: file is encrypted or is not a database; when executing SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-04-09 09:29:55', '\device\harddiskvolume2\windows\system32\dllhost.exe','6172',0) Error - 09.04.2010 03:29:55 | Computer Name = JörgCölsmann-PC | Source = TuneUp Program Statistics | ID = 131840 Description = SQL Error: file is encrypted or is not a database; when executing SQL: INSERT INTO MemApplications (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, '2010-04-09 09:29:55', 0, Resumed FROM ActiveApps WHERE ProcID=='7780';DELETE FROM ActiveApps WHERE ProcID=='7780'; Error - 09.04.2010 03:29:58 | Computer Name = JörgCölsmann-PC | Source = TuneUp Program Statistics | ID = 131840 Description = SQL Error: file is encrypted or is not a database; when executing SQL: INSERT INTO Applications (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, Ended, State, Resumed FROM MemApplications;DELETE FROM MemApplications;INSERT INTO Applications (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, '2010-04-09 09:29:58', 1, Resumed FROM ActiveApps;DELETE FROM ActiveApps < End of report > |
|
09.04.2010, 22:17
| #8 | |
| | Internetexplorer öffnet sich permanent mit Werbung... 1. Starte OTL. Kopiere unten in das Skript-Feld rein: Zitat:
Neustart zulassen, wenn gefragt. Poste das Fix Log. Zu finden unter c:\_OTL 2. http://www.trojaner-board.de/51871-a...tispyware.html 3. http://www.trojaner-board.de/59299-a...eb-cureit.html |
|
10.04.2010, 09:19
| #9 |
| | Internetexplorer öffnet sich permanent mit Werbung... Hallo Sion, Hier das Logfile, welches OLT produziert hat... ich werde jetzt die 2 Programme installieren und hoffe dann auf RUHE;-) All processes killed ========== OTL ========== Service de_serv stopped successfully! Service de_serv deleted successfully! Service CLTNetCnService stopped successfully! Service CLTNetCnService deleted successfully! Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4034D172-4C52-49de-A6A1-E75F8F591FEC}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4034D172-4C52-49de-A6A1-E75F8F591FEC}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A2DA13D5-AC77-43b7-963B-40445EBCB8E0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A2DA13D5-AC77-43b7-963B-40445EBCB8E0}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a6fd39b-cdbe-11dd-8f50-c83fbc4e0fb8}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a6fd39b-cdbe-11dd-8f50-c83fbc4e0fb8}\ not found. File E:\StartPortableApps.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5e14dd8-94af-11dd-a854-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b5e14dd8-94af-11dd-a854-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5e14dd8-94af-11dd-a854-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b5e14dd8-94af-11dd-a854-806e6f6e6963}\ not found. File E:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ccbac159-4be3-11de-ad88-c9e7e1d93e0c}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ccbac159-4be3-11de-ad88-c9e7e1d93e0c}\ not found. File E:\setupSNK.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d71f7fd8-8c0d-11dd-8f7c-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d71f7fd8-8c0d-11dd-8f7c-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d71f7fd8-8c0d-11dd-8f7c-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d71f7fd8-8c0d-11dd-8f7c-806e6f6e6963}\ not found. File E:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d71f802a-8c0d-11dd-8f7c-9fc4030657cb}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d71f802a-8c0d-11dd-8f7c-9fc4030657cb}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d71f802a-8c0d-11dd-8f7c-9fc4030657cb}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d71f802a-8c0d-11dd-8f7c-9fc4030657cb}\ not found. File E:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d71f8034-8c0d-11dd-8f7c-db220417fba3}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d71f8034-8c0d-11dd-8f7c-db220417fba3}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d71f8034-8c0d-11dd-8f7c-db220417fba3}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d71f8034-8c0d-11dd-8f7c-db220417fba3}\ not found. File E:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fab45032-027a-11de-8f7a-c5c9fc00d2da}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fab45032-027a-11de-8f7a-c5c9fc00d2da}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fab45032-027a-11de-8f7a-c5c9fc00d2da}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fab45032-027a-11de-8f7a-c5c9fc00d2da}\ not found. File G:\LaunchU3.exe not found. C:\Windows\Tasks\{DF987E38-EEA4-4D2E-BAC3-16B8B844B2FB}.job moved successfully. ========== REGISTRY ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\"DisableMonitoring" | dword:0x00 /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\"DisableMonitoring" | dword:0x00 /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\"DisableMonitoring" | dword:0x00 /E : value set successfully! ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Jörg Cölsmann ->Temp folder emptied: 39510666 bytes ->Temporary Internet Files folder emptied: 2143706 bytes ->Java cache emptied: 17685956 bytes ->FireFox cache emptied: 54883773 bytes ->Google Chrome cache emptied: 26044929 bytes ->Flash cache emptied: 5767 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 279440 bytes Windows Temp folder emptied: 1114066 bytes RecycleBin emptied: 49744724 bytes Total Files Cleaned = 183,00 mb OTL by OldTimer - Version 3.2.1.1 log created on 04102010_095944 Files\Folders moved on Reboot... C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-2488.log moved successfully. Registry entries deleted on Reboot... |
|
10.04.2010, 10:21
| #10 |
| | Internetexplorer öffnet sich permanent mit Werbung... Nicht nur installieren - auch scannen lassen und Logs posten, falls was gefunden wird  |
|
10.04.2010, 10:33
| #11 | |
| | Internetexplorer öffnet sich permanent mit Werbung...Zitat:
und hat auch schon was gefunden....AdwareTraking Cookie Bis gleich |
|
10.04.2010, 10:37
| #12 |
| | Internetexplorer öffnet sich permanent mit Werbung... Cookies sind nicht so schlimm. |
|
10.04.2010, 10:44
| #13 | |
| | Internetexplorer öffnet sich permanent mit Werbung...Zitat:
see U |
|
10.04.2010, 16:54
| #14 | |
| | Internetexplorer öffnet sich permanent mit Werbung...Zitat:
 nur so als Zwischenbericht, mittlerweile 40 AdwareTraking Cookie's und 1 Rogue.Agent/Gen-Nullo[DLL] Logfile folgt dann wenn fertig Bit für Bit |
|
10.04.2010, 17:04
| #15 |
| | Internetexplorer öffnet sich permanent mit Werbung... Dr.Web wird wohl auch dauern. Dafür wird's gründlich.  |
|
| Themen zu Internetexplorer öffnet sich permanent mit Werbung... |
| adobe, antivir, antivir guard, avg, avira, bho, browser, desktop, excel, hijack, hijackthis, internet explorer, internetexploer, local\temp, monitor, mozilla, object, pdf-datei, pop-up-blocker, registry, rundll, safer networking, skype.exe, software, symantec, system, temp, trojan, usb, vista, werbung internet explorer, windows, wörter |
Linear-Darstellung
