Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Interseiten öffnen sich automatisch

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 08.07.2010, 10:43   #1
Alex Frei
 
Interseiten öffnen sich automatisch - Standard

Interseiten öffnen sich automatisch



Wenn ich mit Firefox im Internet bin öffnet sich manchmal einfach eine Seite automatisch. Die beginnt meist mit:

hxxp://adserving.favorit-network.com/

Ich habe mal Spybot Search & Destroy durchlaufen lassen und nun wird die Werbung immerhin nicht mehr angezeigt sondern es kommt nur noch ein Seiten-Ladefehler. Hier ist mal mein HiJackThis-LogFile:

Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:27:56, on 08.07.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18470)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\XXX\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\ehome\ehtray.exe
C:\Users\XXX\AppData\Local\treeig.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\XXX\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/skins7/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) -  - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE Systemboot
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [treeig] "c:\users\dennis\appdata\local\treeig.exe" treeig
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Windows System Updates] C:\Users\Public\winvsrnc.exe
O4 - HKCU\..\Run: [QNB2EB90WX] C:\Users\Dennis\AppData\Local\Temp\Ebv.exe
O4 - HKCU\..\Run: [WinSysControls] \Users\Dennis\winrsncd.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix: 
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{82131D18-0A32-4582-8C62-3809AAB7DDBA}: NameServer = 192.168.0.1
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12126 bytes
         

Alt 08.07.2010, 10:49   #2
Breedfight
 
Interseiten öffnen sich automatisch - Standard

Interseiten öffnen sich automatisch



1. einfach: firefox add-on adblock plus
2. normal: malwarebytes antimalware einen systemscan machen lassen und hier posten
3.normal: lad dir a-squared free herunter und lass es/ihn (XD) einen scan machen und poste das ergebnis
4. normal: lade dir CCleaner runter und lösch deine registry sowie deinen internet-cache und die temporären dateien

ein schritt nach dem anderen
dann klappts bestimmt


und fix mit HijackThis diesen eintrag:

O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
__________________


Geändert von Breedfight (08.07.2010 um 10:55 Uhr)

Alt 08.07.2010, 10:58   #3
markusg
/// Malware-holic
 
Interseiten öffnen sich automatisch - Standard

Interseiten öffnen sich automatisch



1. deinstaliere vorläufig spybot, der teatimer könnte sonst für probleme sorgen.
2. starte neu.
3. deinstaliere die ask toolbar, starte neu.
4.
ootl:
Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
poste bitte den inhalt beider.
__________________

Alt 08.07.2010, 11:51   #4
Alex Frei
 
Interseiten öffnen sich automatisch - Standard

Interseiten öffnen sich automatisch



Habe nun den Scan mit OTL gemacht.

OTL.txt:

Code:
ATTFilter
OTL logfile created on: 08.07.2010 12:21:32 - Run 1
OTL by OldTimer - Version 3.2.8.1     Folder = C:\Users\Dennis\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 47,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,44 Gb Total Space | 44,41 Gb Free Space | 39,85% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 232,14 Gb Free Space | 99,68% Space Free | Partition Type: NTFS
Drive E: | 111,44 Gb Total Space | 111,35 Gb Free Space | 99,92% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: DENNIS-PC
Current User Name: Dennis
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Dennis\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Dennis\AppData\Local\treeig.exe (revelatory)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
PRC - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
PRC - C:\Program Files\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Users\Dennis\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
PRC - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
PRC - C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
PRC - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe ()
PRC - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()
PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
PRC - C:\ACER\Mobility Center\MobilityService.exe ()
PRC - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Dennis\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
MOD - C:\Windows\System32\SysHook.dll ()
MOD - C:\Windows\System32\powrprof.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wtsapi32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Stardock\ObjectDock\DockShellHook.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (ICQ Service) -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (eDataSecurity Service) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (NTIBackupSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
SRV - (NTISchedulerSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe ()
SRV - (ETService) -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (BUNAgentSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (CLHNService) -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (ZTEusbnet) -- C:\Windows\System32\drivers\ZTEusbnet.sys (ZTE Corporation)
DRV - (ZTEusbvoice) -- C:\Windows\System32\drivers\zteusbvoice.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (psdvdisk) -- C:\Windows\System32\drivers\PSDVdisk.sys (Egis Incorporated)
DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (Egis Incorporated)
DRV - (PSDNServ) -- C:\Windows\System32\drivers\PSDNServ.sys (Egis Incorporated)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl (Cyberlink Corp.)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (Ltn_stk7070P) -- C:\Windows\System32\drivers\Ltn_stk7070P.sys (LiteOn)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (UBHelper) -- C:\Windows\System32\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (NTIPPKernel) -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys (Cyberlink Corp.)
DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation)
DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2259126044-174994911-749800222-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKU\S-1-5-21-2259126044-174994911-749800222-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKU\S-1-5-21-2259126044-174994911-749800222-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/skins7/
IE - HKU\S-1-5-21-2259126044-174994911-749800222-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2259126044-174994911-749800222-1000\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2259126044-174994911-749800222-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-2259126044-174994911-749800222-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2259126044-174994911-749800222-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "toolbartv Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT694331&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {8b86149f-01fb-4842-9dd8-4d7eb02fd055}:0.21.1
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.11
FF - prefs.js..extensions.enabledItems: autopager@mozilla.org:0.6.1.18
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.1
FF - prefs.js..extensions.enabledItems: fmscene@sozone.de:4.3.0
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.7
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.3
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.0.6
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:4.4
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: tabscope@xuldev.org:0.3.2
FF - prefs.js..extensions.enabledItems: {7762a897-2a75-4e3f-a3a7-55bd098b9879}:2.5.6.0
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=skins7&tb_ver=2.0.0.2&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.06.25 19:16:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.06.25 19:16:28 | 000,000,000 | ---D | M]
 
[2008.11.07 21:02:49 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\mozilla\Extensions
[2010.07.08 11:52:36 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\3dx3g72g.default\extensions
[2010.01.21 17:39:45 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\3dx3g72g.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2010.07.07 18:56:13 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\3dx3g72g.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010.04.28 18:58:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\3dx3g72g.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.01.26 22:44:34 | 000,000,000 | ---D | M] (toolbartv Toolbar) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\3dx3g72g.default\extensions\{7762a897-2a75-4e3f-a3a7-55bd098b9879}
[2010.06.20 19:06:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\3dx3g72g.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.04.13 19:06:14 | 000,000,000 | ---D | M] (All-in-One Gestures) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\3dx3g72g.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
[2010.07.08 11:52:27 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\3dx3g72g.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.01.26 22:44:34 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\3dx3g72g.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010.06.23 18:36:43 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\3dx3g72g.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2010.06.23 18:36:12 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\3dx3g72g.default\extensions\autopager@mozilla.org
[2010.02.12 23:52:44 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\3dx3g72g.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2009.11.11 20:22:51 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\3dx3g72g.default\extensions\firefox@tvunetworks.com
[2009.07.20 22:59:25 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\3dx3g72g.default\extensions\fmscene@sozone.de
[2010.04.06 20:43:26 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\3dx3g72g.default\extensions\isreaditlater@ideashower.com
[2010.04.13 19:06:15 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\3dx3g72g.default\extensions\personas@christopher.beard
[2010.04.17 12:44:34 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\3dx3g72g.default\extensions\tabscope@xuldev.org
[2009.03.25 09:20:46 | 000,000,878 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\FireFox\Profiles\3dx3g72g.default\searchplugins\conduit.xml
[2010.07.07 17:37:12 | 000,000,961 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\FireFox\Profiles\3dx3g72g.default\searchplugins\icqplugin-1.xml
[2009.07.23 18:50:51 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\FireFox\Profiles\3dx3g72g.default\searchplugins\icqplugin-10.xml
[2009.08.06 22:56:32 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\FireFox\Profiles\3dx3g72g.default\searchplugins\icqplugin-11.xml
[2009.09.12 16:15:21 | 000,000,961 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\FireFox\Profiles\3dx3g72g.default\searchplugins\icqplugin-12.xml
[2010.02.19 16:42:42 | 000,000,961 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\FireFox\Profiles\3dx3g72g.default\searchplugins\icqplugin-13.xml
[2010.04.01 11:22:41 | 000,000,961 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\FireFox\Profiles\3dx3g72g.default\searchplugins\icqplugin-14.xml
[2010.06.20 19:08:49 | 000,000,961 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\FireFox\Profiles\3dx3g72g.default\searchplugins\icqplugin-15.xml
[2008.11.15 16:05:11 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\FireFox\Profiles\3dx3g72g.default\searchplugins\icqplugin-2.xml
[2008.12.17 22:27:37 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\FireFox\Profiles\3dx3g72g.default\searchplugins\icqplugin-3.xml
[2009.02.05 17:03:17 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\FireFox\Profiles\3dx3g72g.default\searchplugins\icqplugin-4.xml
[2009.03.09 16:15:32 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\FireFox\Profiles\3dx3g72g.default\searchplugins\icqplugin-5.xml
[2009.03.30 18:53:00 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\FireFox\Profiles\3dx3g72g.default\searchplugins\icqplugin-6.xml
[2009.04.26 18:49:52 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\FireFox\Profiles\3dx3g72g.default\searchplugins\icqplugin-7.xml
[2009.04.30 20:39:40 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\FireFox\Profiles\3dx3g72g.default\searchplugins\icqplugin-8.xml
[2009.06.13 18:57:09 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\FireFox\Profiles\3dx3g72g.default\searchplugins\icqplugin-9.xml
[2010.06.20 19:06:50 | 000,000,168 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\FireFox\Profiles\3dx3g72g.default\searchplugins\icqplugin.gif
[2010.06.20 19:06:50 | 000,000,618 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\FireFox\Profiles\3dx3g72g.default\searchplugins\icqplugin.src
[2010.04.22 13:33:22 | 000,000,945 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\FireFox\Profiles\3dx3g72g.default\searchplugins\icqplugin.xml
[2010.07.08 11:52:36 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.01.19 20:23:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.07.31 00:59:14 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.07.31 00:59:14 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.07.31 00:59:14 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.09.12 16:14:59 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.07.31 00:59:14 | 000,000,801 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.07.07 18:55:35 | 000,411,917 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 14236 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKU\S-1-5-21-2259126044-174994911-749800222-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-2259126044-174994911-749800222-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2259126044-174994911-749800222-1000..\Run: [QNB2EB90WX] C:\Users\Dennis\AppData\Local\Temp\Ebv.exe File not found
O4 - HKU\S-1-5-21-2259126044-174994911-749800222-1000..\Run: [treeig] c:\users\dennis\appdata\local\treeig.exe (revelatory)
O4 - HKU\S-1-5-21-2259126044-174994911-749800222-1000..\Run: [Windows System Updates] C:\Users\Public\winvsrnc.exe File not found
O4 - HKU\S-1-5-21-2259126044-174994911-749800222-1000..\Run: [WinSysControls]  File not found
O4 - Startup: C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Dennis\Desktop\Meine Dateien\BVB\BVB Bilder\barrioskopie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Dennis\Desktop\Meine Dateien\BVB\BVB Bilder\barrioskopie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{a02377c1-bd74-11de-911e-00a0c6000000}\Shell - "" = AutoRun
O33 - MountPoints2\{a02377c1-bd74-11de-911e-00a0c6000000}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.07.08 12:18:28 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Dennis\Desktop\OTL.exe
[2010.07.08 11:55:18 | 083,704,128 | ---- | C] (Emsi Software GmbH                                          ) -- C:\Users\Dennis\Desktop\a2FreeSetup27.exe
[2010.07.08 11:54:26 | 006,153,352 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Dennis\Desktop\mbam146-setup.exe
[2010.07.08 11:23:23 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\Dennis\Desktop\HiJackThis.exe
[2010.07.08 11:23:05 | 000,000,000 | ---D | C] -- C:\Program Files\HiJackThis
[2010.06.27 19:52:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.06.27 19:52:32 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010.06.24 18:43:12 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010.06.24 18:43:12 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010.06.24 18:43:02 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010.06.24 18:42:44 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2010.06.24 18:42:43 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2010.06.24 18:42:06 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010.06.24 18:42:06 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010.06.24 18:42:05 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010.06.23 22:31:31 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010.06.23 22:31:30 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010.06.21 19:12:56 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010.06.21 19:05:46 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010.06.17 18:42:12 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Malwarebytes
[2010.06.17 18:41:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.06.16 18:54:42 | 000,548,864 | ---- | C] (revelatory) -- C:\Users\Dennis\AppData\Local\treeig.exe
[2010.06.10 23:18:18 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010.06.10 23:18:16 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.06.10 23:18:16 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.06.10 23:18:15 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010.06.10 23:18:10 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.06.10 23:18:09 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.06.10 23:18:09 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.06.10 23:18:09 | 000,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.06.10 23:18:09 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.06.10 23:18:09 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.06.10 23:18:09 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010.06.10 23:18:09 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.06.10 23:18:09 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010.06.10 23:18:09 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.06.10 23:18:09 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.06.10 23:18:04 | 002,036,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
 
========== Files - Modified Within 30 Days ==========
 
[2010.07.08 12:25:06 | 000,004,176 | ---- | M] () -- C:\Users\Dennis\AppData\Local\treeig_navps.dat
[2010.07.08 12:24:30 | 000,003,372 | ---- | M] () -- C:\Users\Dennis\AppData\Local\treeig.dat
[2010.07.08 12:21:10 | 006,553,600 | -HS- | M] () -- C:\Users\Dennis\NTUSER.DAT
[2010.07.08 12:18:33 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Dennis\Desktop\OTL.exe
[2010.07.08 12:15:10 | 000,027,934 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.07.08 12:15:03 | 000,000,090 | ---- | M] () -- C:\Users\Dennis\AppData\Local\treeig.bat
[2010.07.08 12:14:44 | 000,000,434 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2010.07.08 12:14:41 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.07.08 12:14:22 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.07.08 12:14:22 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.07.08 12:14:17 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.07.08 12:14:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.07.08 12:14:09 | 2682,679,296 | -HS- | M] () -- C:\hiberfil.sys
[2010.07.08 12:13:19 | 000,524,288 | -HS- | M] () -- C:\Users\Dennis\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010.07.08 12:13:19 | 000,065,536 | -HS- | M] () -- C:\Users\Dennis\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.07.08 12:13:13 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.07.08 12:13:04 | 002,968,132 | -H-- | M] () -- C:\Users\Dennis\AppData\Local\IconCache.db
[2010.07.08 11:58:05 | 083,704,128 | ---- | M] (Emsi Software GmbH                                          ) -- C:\Users\Dennis\Desktop\a2FreeSetup27.exe
[2010.07.08 11:54:43 | 006,153,352 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Dennis\Desktop\mbam146-setup.exe
[2010.07.08 11:52:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.07.08 11:23:26 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\Dennis\Desktop\HiJackThis.exe
[2010.07.07 18:55:35 | 000,411,917 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.07.07 17:26:07 | 000,027,934 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.06.29 12:26:02 | 001,418,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.06.29 12:26:02 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.06.29 12:26:02 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.06.29 12:26:02 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.06.29 12:26:02 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.06.28 14:54:53 | 000,008,268 | ---- | M] () -- C:\Users\Dennis\AppData\Local\d3d9caps.dat
[2010.06.27 20:39:19 | 000,000,095 | ---- | M] () -- C:\Windows\wininit.ini
[2010.06.27 20:05:59 | 000,408,580 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100707-185535.backup
[2010.06.27 13:39:46 | 000,000,090 | ---- | M] () -- C:\Users\Dennis\AppData\Local\wkqks.bat
[2010.06.27 13:38:28 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2010.06.23 19:27:19 | 003,714,435 | ---- | M] () -- C:\Users\Dennis\Desktop\Flo Rida feat. David Guetta - Club Can't Handle Me.mp3
[2010.06.23 19:16:31 | 004,962,578 | ---- | M] () -- C:\Users\Dennis\Desktop\Bushido feat. Kay One - Fackeln im Wind.mp3
[2010.06.23 18:34:52 | 000,243,057 | ---- | M] () -- C:\Users\Dennis\AppData\Local\treeig_nav.dat
[2010.06.20 22:00:46 | 004,642,304 | ---- | M] () -- C:\Users\Dennis\Desktop\B.o.B feat. Hayley Williams & Eminem - Airplanes.mp3
[2010.06.20 19:06:47 | 000,032,768 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\chrtmp
[2010.06.19 21:00:46 | 003,602,422 | ---- | M] () -- C:\Users\Dennis\Desktop\Die Atzen - Das geht ab (WM Song).mp3
[2010.06.17 20:46:50 | 000,016,091 | ---- | M] () -- C:\Users\Dennis\Desktop\Vorberichte.docx
[2010.06.16 18:54:42 | 000,548,864 | ---- | M] (revelatory) -- C:\Users\Dennis\AppData\Local\treeig.exe
[2010.06.12 14:29:01 | 002,233,192 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2010.06.27 20:39:19 | 000,000,095 | ---- | C] () -- C:\Windows\wininit.ini
[2010.06.27 14:58:48 | 000,000,090 | ---- | C] () -- C:\Users\Dennis\AppData\Local\treeig.bat
[2010.06.26 12:40:32 | 000,032,768 | ---- | C] () -- C:\Users\Dennis\AppData\Roaming\chrtmp
[2010.06.23 19:27:15 | 003,714,435 | ---- | C] () -- C:\Users\Dennis\Desktop\Flo Rida feat. David Guetta - Club Can't Handle Me.mp3
[2010.06.23 19:15:47 | 004,962,578 | ---- | C] () -- C:\Users\Dennis\Desktop\Bushido feat. Kay One - Fackeln im Wind.mp3
[2010.06.20 22:00:39 | 004,642,304 | ---- | C] () -- C:\Users\Dennis\Desktop\B.o.B feat. Hayley Williams & Eminem - Airplanes.mp3
[2010.06.19 21:00:41 | 003,602,422 | ---- | C] () -- C:\Users\Dennis\Desktop\Die Atzen - Das geht ab (WM Song).mp3
[2010.06.16 18:54:44 | 000,004,166 | ---- | C] () -- C:\Users\Dennis\AppData\Local\treeig_navps.dat
[2010.06.16 18:54:43 | 000,243,057 | ---- | C] () -- C:\Users\Dennis\AppData\Local\treeig_nav.dat
[2010.06.16 18:54:43 | 000,003,458 | ---- | C] () -- C:\Users\Dennis\AppData\Local\treeig.dat
[2010.05.26 21:12:54 | 000,006,393 | ---- | C] () -- C:\Windows\hpdj5600.ini
[2009.02.07 23:16:17 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2008.12.19 20:35:58 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2008.12.19 20:34:38 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2008.08.21 02:07:35 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2008.08.21 02:07:35 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2008.05.16 04:24:58 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.04.01 10:39:14 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008.04.01 10:39:14 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008.04.01 10:14:24 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2008.04.01 10:09:50 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008.04.01 09:59:39 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
 
========== LOP Check ==========
 
[2008.04.01 10:35:21 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console
[2008.04.01 10:35:21 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console
[2008.12.17 16:50:08 | 000,000,000 | -HSD | M] -- C:\Users\Dennis\AppData\Roaming\.#
[2008.04.01 10:35:21 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Acer GameZone Console
[2008.12.19 20:36:11 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Atari
[2009.07.20 23:29:05 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\FileZilla
[2010.07.07 19:44:00 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\ICQ
[2008.11.08 20:02:53 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\IrfanView
[2008.11.14 21:12:35 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Nettalk
[2010.05.31 19:53:38 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\temp
[2009.03.22 21:16:41 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Thunderbird
[2009.10.20 14:45:16 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Vodafone
[2010.07.08 12:13:13 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2008.12.17 16:50:08 | 000,000,000 | -HSD | M] -- C:\Users\Dennis\AppData\Roaming\.#
[2008.04.01 10:35:21 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Acer GameZone Console
[2010.02.23 22:17:19 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Adobe
[2010.06.06 14:13:48 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Apple Computer
[2008.12.19 20:36:11 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Atari
[2008.11.07 19:58:09 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\CyberLink
[2009.12.29 16:46:13 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\DivX
[2009.12.29 16:50:14 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\FastStone
[2009.07.20 23:29:05 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\FileZilla
[2009.10.20 14:58:27 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\FLEXnet
[2010.07.07 19:44:00 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\ICQ
[2008.11.07 17:51:30 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Identities
[2008.11.08 20:02:53 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\IrfanView
[2008.11.07 17:52:32 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Macromedia
[2010.06.17 18:42:12 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Media Center Programs
[2009.12.05 15:37:32 | 000,000,000 | --SD | M] -- C:\Users\Dennis\AppData\Roaming\Microsoft
[2009.03.22 21:16:42 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Mozilla
[2008.11.14 21:12:35 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Nettalk
[2008.11.07 23:06:21 | 000,000,000 | RH-D | M] -- C:\Users\Dennis\AppData\Roaming\SecuROM
[2010.05.31 19:53:38 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\temp
[2009.03.22 21:16:41 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Thunderbird
[2010.06.29 13:08:41 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\vlc
[2009.10.20 14:45:16 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Vodafone
[2008.11.08 20:03:45 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\WinRAR
[2008.11.07 19:36:47 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Yahoo!
 
< %APPDATA%\*.exe /s >
[2009.01.23 21:29:17 | 000,003,584 | R--- | M] () -- C:\Users\Dennis\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
[2009.07.04 23:36:11 | 000,040,960 | R--- | M] (Acresso Software Inc.) -- C:\Users\Dennis\AppData\Roaming\Microsoft\Installer\{CF2D9590-457B-4842-912D-8D16A69ECC43}\ARPPRODUCTICON.exe
[2009.07.04 23:36:11 | 000,040,960 | R--- | M] (Acresso Software Inc.) -- C:\Users\Dennis\AppData\Roaming\Microsoft\Installer\{CF2D9590-457B-4842-912D-8D16A69ECC43}\powerteacher1_F3ECF7C00EB742CBA846CD9C2B5791B4.exe
[2009.07.04 23:36:11 | 000,040,960 | R--- | M] (Acresso Software Inc.) -- C:\Users\Dennis\AppData\Roaming\Microsoft\Installer\{CF2D9590-457B-4842-912D-8D16A69ECC43}\powerteacher_C16DA77BBBB04A698406A46901D42736.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\agp440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\ACER\Preload\Acer\Recovery\HPartition\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\ACER\Preload\Acer\Recovery\HPartition\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\ACER\Preload\Acer\Recovery\HPartition\Windows\System32\drivers\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\ACER\Preload\Acer\Recovery\HPartition\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\ACER\Preload\Acer\Recovery\HPartition\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\ACER\Preload\Acer\Recovery\HPartition\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.01.12 22:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\Cyberlink\PowerDirector\EventLog.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\ACER\Preload\Acer\Recovery\HPartition\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\ACER\Preload\Acer\Recovery\HPartition\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\ACER\Preload\Acer\Recovery\HPartition\Windows\System32\netlogon.dll
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\ACER\Preload\Acer\Recovery\HPartition\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\ACER\Preload\Acer\Recovery\HPartition\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\ACER\Preload\Acer\Recovery\HPartition\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: NVSTOR32.SYS  >
[2008.05.26 15:13:00 | 000,140,832 | ---- | M] (NVIDIA Corporation) MD5=7DF63192BCF9C20EC2F7492E7F7544F9 -- C:\ACER\Preload\Autorun\DRV\nVidia NB Chipset NVMCP77MH\IDE\WinVista\sataraid\nvstor32.sys
[2008.05.26 15:13:00 | 000,140,832 | ---- | M] (NVIDIA Corporation) MD5=FA7B8ECA6E845B244B7E30A9DCD82C6C -- C:\ACER\Preload\Autorun\DRV\nVidia NB Chipset NVMCP77MH\IDE\WinVista\sata_ide\nvstor32.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\ACER\Preload\Acer\Recovery\HPartition\Windows\System32\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\ACER\Preload\Acer\Recovery\HPartition\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\ACER\Preload\Acer\Recovery\HPartition\Windows\System32\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\ACER\Preload\Acer\Recovery\HPartition\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\ACER\Preload\Acer\Recovery\HPartition\Windows\System32\drivers\ws2ifsl.sys
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\ACER\Preload\Acer\Recovery\HPartition\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2008.01.21 04:24:26 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2008.01.21 04:24:26 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2008.01.21 04:24:42 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008.01.21 04:24:38 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:A9662AE0
< End of report >
         

Alt 08.07.2010, 11:52   #5
Alex Frei
 
Interseiten öffnen sich automatisch - Standard

Interseiten öffnen sich automatisch



Extras.txt:

Code:
ATTFilter
OTL Extras logfile created on: 08.07.2010 12:21:32 - Run 1
OTL by OldTimer - Version 3.2.8.1     Folder = C:\Users\Dennis\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 47,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,44 Gb Total Space | 44,41 Gb Free Space | 39,85% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 232,14 Gb Free Space | 99,68% Space Free | Partition Type: NTFS
Drive E: | 111,44 Gb Total Space | 111,35 Gb Free Space | 99,92% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: DENNIS-PC
Current User Name: Dennis
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.js [@ = JSFile] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-2259126044-174994911-749800222-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Public\winvsrnc.exe" = C:\Users\Public\winvsrnc.exe:*:Enabled:Windows System Updates -- File not found
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{102D0F5A-15C1-4C82-8598-9A8DD4842AA8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{13A03CAF-CE2F-4694-ACBA-A954BFB6B854}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{17754248-5A9F-4D44-B1A8-B5A06A320A2D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1B0AA8C6-5C6B-4ACF-B95B-381CED44FDE1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{35834865-036A-47F0-AE89-F0F7958352D6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{398F9FBD-0A1D-4CC0-B228-3D5C5324EE7B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3B2DA517-1B38-4BF6-A66B-AF68C5D02D65}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{44F14FF9-522B-4A5F-8C54-30D3FA9707BA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{46ACD958-7CB0-46D5-BBCD-F675F017E59B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{47862B8E-B01D-4AC3-8348-A8B32282B6C8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4D525C2B-4E28-4DDF-B81C-8E8624231A1B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4D80B09D-BC4E-4E10-90D0-E73BE41DA36E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{4DB6C6CB-3207-4FE9-92DC-609E8C4EA7CA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5B6F7433-5D36-4386-BE16-9AFDB05DB52D}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | 
"{5FE19A6C-2F0F-432E-A510-C4BEA4A90A03}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{628B83FA-1C0F-4E35-A1D1-BD5933CC8A08}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{62D124E8-B4D0-4B1D-A79B-9AB49106F1FD}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{6338DE8B-069A-42A7-B723-DCD1F8FC419B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{644F7A56-939E-4E7D-A4DB-407BEC8A5407}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{64B6A80C-7121-40DA-AD51-BFF00BE5A551}" = lport=3390 | protocol=6 | dir=in | app=system | 
"{683C106F-D83D-4525-B3E4-A677E6833196}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6CCD7146-DB12-48C2-95B6-C6B7CF5E9D51}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6FC08CA4-F0FD-4CD0-BB2C-FCADD0147F57}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{714DF8E1-8267-4CFF-B370-844B49C1BB28}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{72D95D91-765F-4D40-8C18-93C36AF7F20F}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{781E9523-0750-42C8-B8A1-2C6482A49FBB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7B7DF0B5-7B95-4A74-B5BD-A598D3255DDC}" = rport=10244 | protocol=6 | dir=out | app=system | 
"{7BF9F25D-F874-42E8-8342-CA18B5ADE38D}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{99B74A78-B545-4C55-B5BD-A201CD874E80}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9C600F34-B5D2-43B6-A8D1-B58BCC2B0FA2}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{B23DCAD1-C1E9-43AD-BA33-4C69972004C1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CA200D5F-030B-4A98-94D0-BAC1779472E8}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{CB2FEFBC-01C9-4855-A97C-C22E92DB681A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CCF42B35-EF02-4401-BB83-BF5CBDD6A5E1}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{D4BA998A-E4B7-498F-8C30-56FA58859AA3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D87CA9BE-0C9C-40F2-A98A-630522D52129}" = lport=10244 | protocol=6 | dir=in | app=system | 
"{D97041FF-266E-4729-BC46-E5C0E002A6DB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{DB921D52-F67D-410B-8101-ADD1F59D7CB4}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{DC2A0D78-8725-4B76-BE42-EA075452D61C}" = lport=10244 | protocol=6 | dir=in | app=system | 
"{DE421FEC-013E-4D04-939E-333B05977863}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{E4968C65-35E3-4C5B-BA6A-360B9EB4312A}" = rport=10244 | protocol=6 | dir=out | app=system | 
"{ED862BA9-E2DB-46DF-B520-FDAB5590471F}" = lport=3390 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1B6B66C3-975B-4F31-8FDE-2156F079B714}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{230B3936-A5F0-41D5-95B2-7D8E8A08ACEF}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{2889DCB8-68B9-4B57-9060-BBDBD2AD642F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{2DBB4D3A-FDA8-463C-A663-05AB747D10FF}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{2DD17C57-B3FC-4E46-9641-9350F6B2A3BC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{2E95EE66-2A46-4DB5-86F6-30B0B48D6753}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2EB5A4F7-2E6D-4A99-83E4-9B1C008DD3F6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{388DFBA2-F5DA-4B0A-A85A-F82FCCE97223}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{3A5E2B85-761B-4068-82E5-629C82AC0BC6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{3ECC8D88-7B43-400F-8166-CB8A6A6FDF5B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5BAD03CE-FEBF-40E3-9D3D-253117CDAC9F}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{5BFEADFF-4E9B-4D9D-945B-67B10E725382}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{5C6611D7-9CC4-4BEB-A707-261D9BAE05C6}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{5F29BF08-443F-4F79-9E8C-142290702BDE}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{611D27E6-38A5-4668-B9E8-644F19268587}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7279CA3A-33DE-4DD6-86B6-36F4F431D38C}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | 
"{732D98B5-658B-45BD-BDE2-65345664786E}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{738FFAEF-FF43-4E51-A90B-494BB7DE2FE3}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{768A5488-0E37-40DC-8ECD-6E433355E928}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{7BED6096-0406-4187-873B-150C28B9B5C4}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | 
"{7D63ED19-6D5E-41CE-BE93-9A92AE8EEAD3}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{800FB58C-B5A7-46C2-80C8-48823BFCB8F9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{82C01BDA-7027-4AF0-95B7-B1523CC2402A}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{8508037C-ABA3-478C-8EE9-FDDDD52358F0}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{88D50DA0-F8EF-42C2-BD9D-2515B34F600A}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{8A6F2F23-ACFC-4361-BA59-F0F93EA4C7F6}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{8D6C1D5D-6D67-48D8-88DD-6525294C7F1A}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{9359BE8D-47CB-45E1-8C04-EC1B4EEDFFD6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{95E68FA7-7048-4B5A-98E1-A9DB9DC15528}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{99D70FE4-7DC4-42BA-85CE-56C7B0ACB03E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A16CC7A0-A379-4AB1-829A-E11AB35FC9D0}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{A2C2B696-599F-4616-B7A3-189C20B34C0A}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{A2D83693-8B1E-46A8-A084-DB0E2DCD6595}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{A875B24A-41DD-418F-B109-16C9E7568013}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{A9A93441-E3F1-4DD1-AA9B-CD7D21248783}" = protocol=6 | dir=out | app=system | 
"{AE70899C-90CE-4525-B4FD-3016DB3B1D0B}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{AEFA4D21-DFF3-4F8B-B8BC-5E5D2BF004BF}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{B2E07B66-652C-495F-8183-B9EDC7FBDEB1}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{BC49553C-3B2C-45B8-BCD4-BB80B0FDB3AE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{BFBB0C67-3191-4912-B30C-DE8F68805101}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C0167C73-06A6-4B1F-9968-0E1BC76D1876}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{C6F5CDB9-127B-4F90-A3BC-ABC723629BC6}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{C9CF7FFE-E0FF-459A-ABEA-64C61FF41038}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{CB681403-74CC-4452-A944-AAC83CCC6AA6}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | 
"{CC8F1DA4-9A50-4F91-B095-D18787D5B7E7}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{CD8FBF0E-4CE3-41D7-A92C-3F6F6790BF53}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | 
"{CF0049C8-20FD-4161-A21D-B66ED4EA6F57}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | 
"{D34C6108-DFE6-4AAD-88BD-E36D4E89B1BE}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | 
"{D6AA8252-32D6-49CE-BEF4-88B601C06324}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe | 
"{D98861E1-7A13-4FFE-B4EC-F1E0CE8D184A}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{DED1C8D3-BB74-4570-A197-49C7795AB562}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E1B09E4A-DC39-4934-8DE0-3676D12BCFE8}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{E5389A15-F0EE-497A-86BA-FDD963AA229D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F6B88DB2-68E2-4C26-B08F-27B813346269}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{FAEF9054-37B6-439D-874B-81F606B4765A}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe | 
"{FC3F67B8-71E5-4AB7-8784-EFBBB2C56C66}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{FD708D3B-B3D5-405D-950E-FE2A15C42F1B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"TCP Query User{0AC33DB8-1B30-4095-8A0E-DAAC2D99E9AA}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{21A32BC8-65EA-489F-8CD8-44CF9713503F}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{3A094121-7097-4529-9199-D7ACEE19D99C}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"TCP Query User{480C6B29-2155-4CCA-BA80-52DB291E070D}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{62D1F5E1-18EB-4D38-80D7-AFF11A0242CF}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{6C053565-298B-4639-9DFA-274ECD0C63F1}C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe | 
"TCP Query User{FCFF91E5-217B-451D-AF09-ECCF8C4658A8}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{1AF05DAA-4774-4955-B56B-619401E13A2B}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{2B017F90-F29A-4830-9612-CF5E10BA0C46}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{68DBE0B4-39D3-42B2-ADC7-BA97668E1591}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{691FF6CA-AD9F-4BD2-A6CB-6B967D7CA809}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{9FC2214D-263F-42EA-BE11-47EA6CCEBD6D}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{A4968C63-DB85-4B37-8516-A41DC11B2B3A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{B847AF55-0E93-4F3B-84FF-81B3591AF983}C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 13
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{52210D57-0B1F-4681-90DD-8659DF4BCC40}" = Moorhuhn Remake
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91C82FED-477B-4AF1-88FB-F967BB0D7F10}" = Winbond CIR Device Drivers
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{961034C0-58DF-11DF-97FD-005056806466}" = Google Earth Plug-in
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.8.3
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{CF2D9590-457B-4842-912D-8D16A69ECC43}" = PowerTeacher GL
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3B99F3D-9856-482A-9048-305E28E2510C}" = Vodafone Mobile Connect Lite
"{EA926717-CE5A-4CB4-AB21-9E6E9565A458}" = RCT3 Soaked
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"FastStone Image Viewer" = FastStone Image Viewer 4.0
"FileZilla Client" = FileZilla Client 3.2.4.1
"FUSSBALL MANAGER 09" = FUSSBALL MANAGER 09
"FUSSBALL MANAGER 10 DEMO" = FUSSBALL MANAGER 10 DEMO
"GridVista" = Acer GridVista
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"IrfanView" = IrfanView (remove only)
"LManager" = Launch Manager
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.5.10)" = Mozilla Firefox (3.5.10)
"Nettalk_is1" = Nettalk 6.5
"NVIDIA Drivers" = NVIDIA Drivers
"ObjectDock" = ObjectDock
"RollerCoaster Tycoon Setup" = Roll
"SopCast" = SopCast 3.2.9
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"treeig" = Favorit
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.17
"VLC media player" = VLC media player 1.0.3
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2259126044-174994911-749800222-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Städtebilder Eredivisie" = Städtebilder Eredivisie
"Städtebilder LFP 1ª División" = Städtebilder LFP 1ª División
"TV Sponsoren Deutschland" = TV Sponsoren Deutschland
"UnityWebPlayer" = Unity Web Player
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 27.06.2010 08:58:33 | Computer Name = Dennis-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 27.06.2010 08:59:47 | Computer Name = Dennis-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung 54984.exe, Version 0.0.0.0, Zeitstempel 0x49d28ea1,
 fehlerhaftes Modul 54984.exe, Version 0.0.0.0, Zeitstempel 0x49d28ea1, Ausnahmecode
 0xc0000005, Fehleroffset 0x00006d1a,  Prozess-ID 0xe68, Anwendungsstartzeit 01cb15f89d48974d.
 
Error - 27.06.2010 13:15:30 | Computer Name = Dennis-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 27.06.2010 13:15:41 | Computer Name = Dennis-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 27.06.2010 13:55:00 | Computer Name = Dennis-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 27.06.2010 13:55:09 | Computer Name = Dennis-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 27.06.2010 13:57:22 | Computer Name = Dennis-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung firefox.exe, Version 1.9.1.3776, Zeitstempel
 0x4be05389, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x03272899,  Prozess-ID 0xa30, Anwendungsstartzeit
 01cb16222765e26b.
 
Error - 27.06.2010 14:41:27 | Computer Name = Dennis-PC | Source = Application Hang | ID = 1002
Description = Programm SpybotSD.exe, Version 1.6.2.46 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 1724  Anfangszeit: 01cb16284cbba08b  Zeitpunkt der Beendigung:
 11
 
Error - 27.06.2010 14:45:33 | Computer Name = Dennis-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 27.06.2010 14:45:33 | Computer Name = Dennis-PC | Source = Windows Search Service | ID = 3013
Description = 
 
[ Media Center Events ]
Error - 20.03.2010 12:10:02 | Computer Name = Dennis-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.SqmFlushSession failed;
 Win32 GetLastError returned 0D  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 20.03.2010 12:19:25 | Computer Name = Dennis-PC | Source = Mcx2Dvcs | ID = 401
Description = 
 
Error - 20.03.2010 12:19:44 | Computer Name = Dennis-PC | Source = Mcx2Dvcs | ID = 401
Description = 
 
Error - 20.03.2010 12:20:01 | Computer Name = Dennis-PC | Source = Mcx2Dvcs | ID = 401
Description = 
 
Error - 20.03.2010 12:25:58 | Computer Name = Dennis-PC | Source = Mcx2Dvcs | ID = 405
Description = 
 
Error - 20.03.2010 12:28:21 | Computer Name = Dennis-PC | Source = Mcx2Dvcs | ID = 405
Description = 
 
Error - 20.03.2010 12:31:14 | Computer Name = Dennis-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
[ System Events ]
Error - 07.07.2010 16:55:24 | Computer Name = Dennis-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 07.07.2010 16:55:55 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 08.07.2010 04:57:06 | Computer Name = Dennis-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 08.07.2010 04:57:38 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 08.07.2010 06:05:26 | Computer Name = Dennis-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 08.07.2010 06:05:53 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 08.07.2010 06:10:25 | Computer Name = Dennis-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 08.07.2010 06:11:02 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 08.07.2010 06:14:17 | Computer Name = Dennis-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 08.07.2010 06:14:42 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         
Hat nicht in einen Beitrag gepasst.


Alt 08.07.2010, 12:38   #6
markusg
/// Malware-holic
 
Interseiten öffnen sich automatisch - Standard

Interseiten öffnen sich automatisch



Fixen mit OTL

• Starte bitte die OTL.exe.
Vista-User mit Rechtsklick "als Administrator starten"
• Kopiere nun das Folgende in die Textbox.

:OTL
PRC - C:\Users\Dennis\AppData\Local\treeig.exe (revelatory)
O4 - HKU\S-1-5-21-2259126044-174994911-749800222-1000..\Run: [QNB2EB90WX] C:\Users\Dennis\AppData\Local\Temp\Ebv.exe File not found
O4 - HKU\S-1-5-21-2259126044-174994911-749800222-1000..\Run: [treeig] c:\users\dennis\appdata\local\treeig.exe (revelatory)
O4 - HKU\S-1-5-21-2259126044-174994911-749800222-1000..\Run: [Windows System Updates] C:\Users\Public\winvsrnc.exe File not found
O4 - HKU\S-1-5-21-2259126044-174994911-749800222-1000..\Run: [WinSysControls] File not found
[2010.06.27 13:39:46 | 000,000,090 | ---- | M] () -- C:\Users\Dennis\AppData\Local\wkqks.bat
[2010.07.08 12:24:30 | 000,003,372 | ---- | M] () -- C:\Users\Dennis\AppData\Local\treeig.dat
[2010.07.08 12:15:03 | 000,000,090 | ---- | M] () -- C:\Users\Dennis\AppData\Local\treeig.bat
:Files
c:\users\dennis\appdata\local\treeig.exe
C:\Users\Dennis\AppData\Local\treeig.exe
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMPFC5A2B2
• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument dieses posten

nutze den ccleaner, bereinige dateien + registry:
http://www.trojaner-board.de/51464-a...-ccleaner.html

nutze navilog:
Navilog
wähle erst e für englisch und dann den automatic mode. poste das ergebniss.
öffne arbeitsplatz, c:
dort gibts nen ordner _otl rechtsklick, zu _otl.rar oder zip hinzufügen, das archiv an uns senden:
http://www.trojaner-board.de/54791-a...ner-board.html
wie unter punkt2. gib bescheid, wenn das erledigt ist.
download malwarebytes:
Malwarebytes
instalieren, öffnen, registerkarte aktualisierung, und das programm updaten.
nun schalte alle laufenden programme ab, auch den avira guard, durch rechtsklick auf den schirm, dann deaktiviren. trenne außerdem die internetverbindung durch das ziehen des netzwerkkabels, bzw durch deaktiviren von wlan.
starte nun mit Malwarebytes einen komplett scan, bei dem du nicht am pc arbeiten darfst, lösche die funde, poste das log. berichte, wie der pc läuft.

Alt 08.07.2010, 14:11   #7
Alex Frei
 
Interseiten öffnen sich automatisch - Standard

Interseiten öffnen sich automatisch



OTL:

Code:
ATTFilter
All processes killed
========== OTL ==========
No active process named treeig.exe was found!
Registry value HKEY_USERS\S-1-5-21-2259126044-174994911-749800222-1000\Software\Microsoft\Windows\CurrentVersion\Run\\QNB2EB90WX deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2259126044-174994911-749800222-1000\Software\Microsoft\Windows\CurrentVersion\Run\\treeig deleted successfully.
c:\users\dennis\appdata\local\treeig.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-2259126044-174994911-749800222-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Windows System Updates deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2259126044-174994911-749800222-1000\Software\Microsoft\Windows\CurrentVersion\Run\\WinSysControls deleted successfully.
C:\Users\Dennis\AppData\Local\wkqks.bat moved successfully.
C:\Users\Dennis\AppData\Local\treeig.dat moved successfully.
C:\Users\Dennis\AppData\Local\treeig.bat moved successfully.
========== FILES ==========
File\Folder c:\users\dennis\appdata\local\treeig.exe not found.
File\Folder C:\Users\Dennis\AppData\Local\treeig.exe not found.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Dennis
->Flash cache emptied: 1298 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Dennis
->Temp folder emptied: 4298182 bytes
->Temporary Internet Files folder emptied: 17816896 bytes
->Java cache emptied: 100831330 bytes
->FireFox cache emptied: 38606270 bytes
->Google Chrome cache emptied: 6276723 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 1403662 bytes
 
Total Files Cleaned = 161,00 mb
 
Error: Unable to interpret <@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2> in the current context!
 
OTL by OldTimer - Version 3.2.8.1 log created on 07082010_144058

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         
Dann habe ich CCleaner nach Anleitung laufen lassen.

Navilog:

Code:
ATTFilter
Fix Navipromo version 4.0.9 began on 08.07.2010 14:55:52,35

!!! Warning, this report may include legitimate files/programs!!!
!!! Post this report on the forum you are being helped !!!

Fix running from C:\navilog1

Updated on 21.06.2010 at 18h00 by IL-MAFIOSO

Microsoft® Windows Vista™ Home Premium  ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : AMD Turion(tm) X2 Dual-Core Mobile RM-70 )
BIOS : v1.3344
USER : Dennis ( Administrator )
BOOT : Normal boot




C:\ (Local Disk) - NTFS - Total:111 Go (Free:44 Go)
D:\ (Local Disk) - NTFS - Total:232 Go (Free:232 Go)
E:\ (Local Disk) - NTFS - Total:111 Go (Free:111 Go)
F:\ (CD or DVD)


Search done in normal mode 

Cleanning stage done on Reboot


C:\Users\Dennis\AppData\Local\treeig_nav.dat deleted !
C:\Users\Dennis\AppData\Local\treeig_navps.dat deleted !


Cleaning of C:\Windows\Temp done !
Cleaning of C:\Users\Dennis\AppData\Local\Temp done !


*** Copy Registry to Safebackup folder ***

Backing up Registry done !

*** Cleaning Registry ***

Registry cleaned successfully




*** Scan completed 08.07.2010 15:01:31,54 ***
         
Upload habe ich auch gemacht. Werde mich nun an Malwarebytes machen.

Alt 08.07.2010, 14:24   #8
markusg
/// Malware-holic
 
Interseiten öffnen sich automatisch - Standard

Interseiten öffnen sich automatisch



ok, sieht aber schon mal gut aus.

Alt 08.07.2010, 16:01   #9
Alex Frei
 
Interseiten öffnen sich automatisch - Standard

Interseiten öffnen sich automatisch



Der Suchlauf hat jetzt ca. 115.000 Objekte durchsucht. Das in ca. 1 Stunde 45 Minuten. Spybot hat immer so ca. 1,2 mio. Objekte durchsucht. Sind das bei Malwarebytes auch so viel? Weil das dauert ja Tage bis der dann fertig ist. Oeder würde auch der Fix-Scan reichen?

Alt 08.07.2010, 16:04   #10
markusg
/// Malware-holic
 
Interseiten öffnen sich automatisch - Standard

Interseiten öffnen sich automatisch



ich hoffe du hast die internetverbindung getrennt und alle programme ausgeschalten?
und spybot zeigt nicht die menge der files an wenn ich mich recht erinnere sondern nur, nach welcher malware grad gesucht wird. lass den scan also laufen und arbeite, wie gesagt nicht am pc und beende alle programme.

Alt 08.07.2010, 16:07   #11
Alex Frei
 
Interseiten öffnen sich automatisch - Standard

Interseiten öffnen sich automatisch



Bei Spybot steht unten links in der Ecke immer (XXXX/YYYY). Interverbindung ist getrennt und Programme sind auch geschlossen. Dann warte ich einfach mal ab.

Alt 08.07.2010, 17:13   #12
Alex Frei
 
Interseiten öffnen sich automatisch - Standard

Interseiten öffnen sich automatisch



Malwarebytes direkt nach dem Scan:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4291

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

08.07.2010 18:03:35
mbam-log-2010-07-08 (18-03-35).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 288438
Laufzeit: 2 Stunde(n), 26 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\QNB2EB90WX (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\RZDVL2F27W (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Dennis\AppData\Roaming\chrtmp (Malware.Trace) -> No action taken.
         
Und nach entfernen der vier Funde:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4291

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

08.07.2010 18:03:58
mbam-log-2010-07-08 (18-03-58).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 288438
Laufzeit: 2 Stunde(n), 26 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\QNB2EB90WX (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RZDVL2F27W (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Dennis\AppData\Roaming\chrtmp (Malware.Trace) -> Quarantined and deleted successfully.
         

Alt 08.07.2010, 17:16   #13
markusg
/// Malware-holic
 
Interseiten öffnen sich automatisch - Standard

Interseiten öffnen sich automatisch



besuche jetzt die windows update seite, spiele vista servicepack 2 auf und den internet explorer 8, selbst wenn du nen andern browser verwendest.
wenn das erledigt ist, eine neue otl.txt posten, die extras.txt benötige ich nicht.

Alt 08.07.2010, 17:44   #14
Alex Frei
 
Interseiten öffnen sich automatisch - Standard

Interseiten öffnen sich automatisch



Soll ich bei OTL genau die gleichen Angaben machen wie beim ersten Mal? Auch das in der Textbox?

Alt 08.07.2010, 17:45   #15
markusg
/// Malware-holic
 
Interseiten öffnen sich automatisch - Standard

Interseiten öffnen sich automatisch



nein das in der textbox brauchen wir nicht.

Antwort

Themen zu Interseiten öffnen sich automatisch
adobe, antivir, antivir guard, ask toolbar, avg, avira, bho, bonjour, defender, desktop, explorer, firefox, google, gupdate, hijack, internet, internet explorer, launch, local\temp, mozilla, popup, rundll, senden, sich automatisch, software, system, temp, vista, vodafone, werbung, windows, windows system



Ähnliche Themen: Interseiten öffnen sich automatisch


  1. Tabs öffnen sich automatisch
    Plagegeister aller Art und deren Bekämpfung - 02.02.2015 (7)
  2. Tabs öffnen sich automatisch
    Log-Analyse und Auswertung - 15.12.2014 (5)
  3. Tabs öffnen sich automatisch
    Log-Analyse und Auswertung - 02.12.2014 (7)
  4. Tabs öffnen sich automatisch
    Plagegeister aller Art und deren Bekämpfung - 17.09.2014 (31)
  5. Tabs öffnen sich automatisch
    Plagegeister aller Art und deren Bekämpfung - 16.05.2014 (10)
  6. Registerkarten öffnen sich automatisch
    Plagegeister aller Art und deren Bekämpfung - 25.02.2014 (3)
  7. tabs öffnen sich automatisch, reg-Eintrag lässt sich mit mbam nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 29.12.2011 (13)
  8. Links öffnen sich automatisch
    Antiviren-, Firewall- und andere Schutzprogramme - 28.08.2010 (25)
  9. Pop Ups öffnen sich automatisch nach Virenmeldung
    Antiviren-, Firewall- und andere Schutzprogramme - 23.04.2010 (23)
  10. Tabs öffnen sich automatisch
    Plagegeister aller Art und deren Bekämpfung - 10.12.2009 (7)
  11. Browserfenster öffnen sich automatisch
    Plagegeister aller Art und deren Bekämpfung - 03.12.2009 (6)
  12. Tabs öffnen sich automatisch im IE und im Firefox
    Log-Analyse und Auswertung - 11.11.2008 (1)
  13. Fenster öffnen sich automatisch im IE
    Log-Analyse und Auswertung - 21.02.2008 (4)
  14. IE-Werbeseiten öffnen sich automatisch
    Plagegeister aller Art und deren Bekämpfung - 07.08.2006 (6)
  15. Browserfenster öffnen sich automatisch
    Log-Analyse und Auswertung - 24.03.2006 (5)
  16. Pop Ups öffnen sich automatisch
    Plagegeister aller Art und deren Bekämpfung - 20.10.2005 (2)
  17. es öffnen sich automatisch Internetwerbeseiten
    Log-Analyse und Auswertung - 21.02.2005 (1)

Zum Thema Interseiten öffnen sich automatisch - Wenn ich mit Firefox im Internet bin öffnet sich manchmal einfach eine Seite automatisch. Die beginnt meist mit: hxxp://adserving.favorit-network.com/ Ich habe mal Spybot Search & Destroy durchlaufen lassen und nun - Interseiten öffnen sich automatisch...
Archiv
Du betrachtest: Interseiten öffnen sich automatisch auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.