Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Problem im Firefox mit "DirectCPV/LoudMo"-Werbung > Layer Ad ?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 12.11.2010, 13:33   #1
KTV57
 
Problem im Firefox mit "DirectCPV/LoudMo"-Werbung > Layer Ad ? - Standard

Problem im Firefox mit "DirectCPV/LoudMo"-Werbung > Layer Ad ?



Hallo,

habe ein Problem im Firefox. Es legt sich zyklisch eine Seite über die gewollten Seiten. Dabei bleibt die gesamte Seite leer, nur am oberen Rand steht links "advertise here" und rechts "skip this ad". Klick auf "advertise here" führt zu einer Seite namens "DirectPCV" - bringt mich aber nicht wirklich weiter. Klick auf "skip this ad" lässt die leere Seite wieder verschwinden.

Habe ausführlich gegoogelt, das Problem ist nicht unbekannt und offensichtlich auch anderen durch Poker-Sites/ Toolbars etc. unter geschummelt worden. Dann stieß ich auf diese Seite:

h**p://w*w.amnavigator.com/blog/2010/02/05/parasite-alert-directcpv-loudmo-contextual-adware/

Mein Englisch ist nicht das Beste... und eine Lösung fand ich dort auch nicht.
Habe es so verstanden, dass es eine recht neue Art von "adware" oder "Layer Ad" etc ist. Bin nach Schlagwörtern wie "verseuchtes System" usw ratlos..., bitte um Hilfe !

Habe Vista, 32Bit, SP 2 auf einem HP-Notebook. Eset / Spybot / Anti-Malwarebyte´s finden nichts.

Habe eure Anweisungen zur "load.exe" abgearbeitet:

tcf.exe: gelaufen

erunt.exe: BackUp der Registry gemacht

Anti-Malwarebytes Logfile:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5098

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

12.11.2010 13:58:00
mbam-log-2010-11-12 (13-58-00).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 150651
Laufzeit: 7 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:

defogger.exe:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:33 on 12/11/2010 (HP)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-

Gmer.exe:

Scan brach nach kurzer Zeit ab. Windows Fehlermeldung: >>Gmer.exe funktioniert nicht mehr.<<

Beim 2. Scanversuch dann BlueScreen mit Problemmeldung: >>0x0000008E<<

3. und 4. Scanversuch mit gleichem BlueScreen-Ergebnis.

Nach Neustart dann Windows Fehlerbericht:

Problemsignatur:
Problemereignisname: BlueScreen
Betriebsystemversion: 6.0.6002.2.2.0.768.3
Gebietsschema-ID: 1031

Zusatzinformationen zum Problem:
BCCode: 1000008e
BCP1: C0000005
BCP2: 8225BD95
BCP3: A9370A34
BCP4: 00000000
OS Version: 6_0_6002
Service Pack: 2_0
Product: 768_1

Dateien, die bei der Beschreibung des Problems hilfreich sind:
C:\Windows\Minidump\Mini111210-03.dmp
C:\Users\HP\AppData\Local\Temp\WER-141804-0.sysdata.xml
C:\Users\HP\AppData\Local\Temp\WER81BC.tmp.version.txt


OTL-ScanOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 12.11.2010 13:19:55 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Public\Desktop\MFtools
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 59,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,76 Gb Total Space | 24,02 Gb Free Space | 16,83% Space Free | Partition Type: NTFS
Drive D: | 6,29 Gb Total Space | 1,12 Gb Free Space | 17,80% Space Free | Partition Type: NTFS
 
Computer Name: HP-PC | User Name: HP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010.11.12 12:16:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Public\Desktop\MFtools\OTL.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.03.19 10:44:50 | 000,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.12.02 20:34:40 | 000,070,144 | ---- | M] (AlcaTech) -- C:\Windows\System32\mmrtkrnl.exe
PRC - [2008.05.02 01:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\SetPoint\SetPoint.exe
PRC - [2008.05.02 01:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2007.09.04 18:25:44 | 000,131,072 | ---- | M] (NVIDIA) -- C:\Data\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2007.04.24 02:11:42 | 000,262,243 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
PRC - [2006.11.02 20:40:12 | 000,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.11.12 12:16:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Public\Desktop\MFtools\OTL.exe
MOD - [2010.08.31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010.05.04 20:13:07 | 000,231,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
MOD - [2009.11.02 00:20:51 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll
MOD - [2009.09.25 03:10:10 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
MOD - [2009.04.11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
MOD - [2009.04.11 07:28:19 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll
MOD - [2009.04.11 07:28:18 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
MOD - [2009.04.11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
MOD - [2008.12.15 12:24:12 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c\ATL80.dll
MOD - [2008.01.19 08:36:40 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\thumbcache.dll
MOD - [2008.01.19 08:34:07 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\duser.dll
MOD - [2008.01.19 08:33:42 | 000,326,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SQL Server-Agent (SQLEXPRESS)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE -- (MSSQLServerADHelper100)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.03.18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.09.25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.03.19 10:48:08 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009.03.19 10:44:50 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008.09.24 14:32:48 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008.05.02 01:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.09.04 18:25:44 | 000,131,072 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Data\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2007.04.24 02:11:44 | 000,106,593 | ---- | M] () [Auto | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2007.04.24 02:11:42 | 000,262,243 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2007.02.05 09:11:18 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007.02.05 09:11:16 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2007.01.26 10:39:06 | 000,075,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe -- (ICScsiSV)
SRV - [2007.01.26 10:38:48 | 000,067,760 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe -- (IcVzMonLauncher)
SRV - [2007.01.26 10:38:48 | 000,043,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe -- (Image Converter video recording monitor for VAIO Entertainment)
SRV - [2007.01.09 22:55:34 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2006.12.14 01:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006.12.14 01:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006.12.14 00:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006.11.02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2009.10.03 05:02:06 | 009,905,096 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.03.30 02:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2009.03.19 10:45:38 | 000,038,240 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
DRV - [2009.03.19 10:45:34 | 000,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2009.03.19 10:45:32 | 000,131,976 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
DRV - [2009.03.19 10:44:34 | 000,107,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009.03.19 10:41:38 | 000,113,960 | ---- | M] (ESET) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\eamon.sys -- (eamon)
DRV - [2008.12.02 20:34:54 | 000,094,624 | ---- | M] (AlcaTech) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mmrtkrnl.sys -- (MMRTKRNL)
DRV - [2008.10.19 21:05:08 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008.03.28 02:06:00 | 000,199,472 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008.03.03 11:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008.02.29 02:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008.02.29 02:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008.02.29 02:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008.01.25 14:06:42 | 000,010,624 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\archlp.sys -- (archlp)
DRV - [2008.01.19 06:53:23 | 000,073,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM)
DRV - [2008.01.09 12:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2007.09.04 18:26:32 | 000,029,696 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\Windows\nvoclock.sys -- (NVR0Dev)
DRV - [2007.07.10 06:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007.06.20 03:29:56 | 000,984,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007.06.20 03:28:34 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007.06.20 03:28:22 | 000,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007.06.01 15:59:36 | 001,310,208 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CM108.sys -- (USBPNPA)
DRV - [2007.04.12 03:30:52 | 000,160,768 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007.03.07 05:15:58 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007.02.24 15:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.02.17 00:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007.01.23 18:03:28 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.01.23 17:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.01.03 16:43:12 | 000,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2007.01.03 16:43:12 | 000,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2007.01.03 15:25:18 | 000,027,536 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\frmupgr.sys -- (DFUBTUSB)
DRV - [2006.11.30 18:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006.11.02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006.11.02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006.11.02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006.11.02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006.11.02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 08:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006.10.19 03:10:57 | 001,380,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2006.06.28 17:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005.04.21 12:40:36 | 000,010,624 | ---- | M] (Elaborate Bytes AG) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2004.09.02 14:45:13 | 000,022,656 | ---- | M] (Elaborate Bytes AG) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\VClone.sys -- (VClone)
DRV - [2004.02.12 18:11:28 | 000,003,968 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyDelay.sys -- (ElbyDelay)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=laptop
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Live TV Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.de/search?q="
FF - prefs.js..browser.search.selectedEngine: "Amazon.de"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.1
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.1
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: {446c03e0-2c35-11db-a98b-0800200c9a66}:0.6.1.14
FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.5.7
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.87
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.11
FF - prefs.js..extensions.enabledItems: {aff87fa2-a58e-4edd-b852-0a20203c1e17}:0.8
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8
FF - prefs.js..extensions.enabledItems: {9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}:6.0.4
FF - prefs.js..extensions.enabledItems: nasatabs@sonco.com:1.4.0
FF - prefs.js..extensions.enabledItems: netvideohunter@netvideohunter.com:1.4
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2c}:0.6.4
FF - prefs.js..extensions.enabledItems: CompactMenuCE@Merci.chao:4.3.2
FF - prefs.js..extensions.enabledItems: {5e594888-3e8e-47da-b2c6-b0b545112f84}:1.3.1
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.11
FF - prefs.js..extensions.enabledItems: tabutils@ithinc.cn:0.9.9.8.3
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {582195F5-92E7-40a0-A127-DB71295901D7}:0.6
FF - prefs.js..extensions.enabledItems: {44d0a1b4-9c90-4f86-ac92-8680b5d6549e}:0.6.4.3.privateBuild1
FF - prefs.js..extensions.enabledItems: sxipper@sxip.com:2.3.4
FF - prefs.js..extensions.enabledItems: {5F590AA2-1221-4113-A6F4-A4BB62414FAC}:0.45.6.20100202.1
FF - prefs.js..extensions.enabledItems: {EDA7B1D7-F793-4e03-B074-E6F303317FB0}:1.2.6
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:4.9.2
FF - prefs.js..extensions.enabledItems: {9f089c3d-0671-1313-bb9c-dd06c4417bfd}:4.6.6.9
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.4
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20101009
FF - prefs.js..keyword.URL: "hxxp://www.google.de/search?q="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.11.11 17:36:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.11.11 17:36:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010.04.29 23:23:09 | 000,000,000 | ---D | M]
 
[2008.09.10 20:41:09 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\mozilla\Extensions
[2010.11.11 18:40:18 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\ol2xg7vx.default\extensions
[2010.11.06 14:07:42 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\ol2xg7vx.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2010.11.09 17:41:06 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\ol2xg7vx.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010.02.24 01:40:40 | 000,000,000 | ---D | M] (Linkification) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\ol2xg7vx.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2009.11.19 20:28:33 | 000,000,000 | ---D | M] (Organize Status Bar) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\ol2xg7vx.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2c}
[2010.01.29 20:31:32 | 000,000,000 | ---D | M] (Favicon Picker 2) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\ol2xg7vx.default\extensions\{446c03e0-2c35-11db-a98b-0800200c9a66}
[2010.11.09 17:43:42 | 000,000,000 | ---D | M] (Gmail Notifier) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\ol2xg7vx.default\extensions\{44d0a1b4-9c90-4f86-ac92-8680b5d6549e}
[2010.08.19 19:40:01 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\ol2xg7vx.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2008.11.28 08:40:10 | 000,000,000 | ---D | M] (Stylish [de]) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\ol2xg7vx.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}(8)
[2010.03.07 20:10:15 | 000,000,000 | ---D | M] (Gmail Manager) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\ol2xg7vx.default\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}
[2010.02.08 21:01:34 | 000,000,000 | ---D | M] (Save Image in Folder) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\ol2xg7vx.default\extensions\{5e594888-3e8e-47da-b2c6-b0b545112f84}
[2010.03.07 22:11:44 | 000,000,000 | ---D | M] (SmoothWheel (mozdev.org)) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\ol2xg7vx.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}
[2010.11.05 12:24:41 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\ol2xg7vx.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009.12.12 17:16:43 | 000,000,000 | ---D | M] (MR Tech Toolkit) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\ol2xg7vx.default\extensions\{9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}
[2010.09.10 07:09:09 | 000,000,000 | ---D | M] (WOT) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\ol2xg7vx.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010.08.30 07:32:17 | 000,000,000 | ---D | M] (gTranslate) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\ol2xg7vx.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}
[2010.11.06 14:07:45 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\ol2xg7vx.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.10.12 16:47:21 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\ol2xg7vx.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010.04.02 18:06:04 | 000,000,000 | ---D | M] (Menu Editor) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\ol2xg7vx.default\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}
[2010.11.03 10:05:29 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\ol2xg7vx.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2010.03.31 18:44:58 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\ol2xg7vx.default\extensions\CompactMenuCE@Merci.chao
[2010.02.24 01:40:40 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\ol2xg7vx.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2010.11.06 14:07:41 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\ol2xg7vx.default\extensions\elemhidehelper@adblockplus.org
[2010.05.09 10:06:24 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\ol2xg7vx.default\extensions\firegestures@xuldev.org
[2010.03.07 18:51:05 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\ol2xg7vx.default\extensions\hidemenubar@moztw.org
[2010.10.12 16:47:21 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\ol2xg7vx.default\extensions\nasanightlaunch@example.com
[2010.08.04 18:46:20 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\ol2xg7vx.default\extensions\nasatabs@sonco.com
[2010.11.06 14:07:44 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\ol2xg7vx.default\extensions\netvideohunter@netvideohunter.com
[2010.03.06 10:21:27 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\ol2xg7vx.default\extensions\sxipper@sxip(34).com
[2010.06.13 17:36:49 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\ol2xg7vx.default\extensions\sxipper@sxip.com
[2010.10.12 16:47:21 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\ol2xg7vx.default\extensions\tabutils@ithinc.cn
[2010.03.06 10:21:26 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\ol2xg7vx.default\extensions\yetanothersmoothscrolling@kataho(35)
[2009.08.29 10:51:56 | 000,002,391 | ---- | M] () -- C:\Users\HP\AppData\Roaming\Mozilla\FireFox\Profiles\ol2xg7vx.default\searchplugins\aviary.xml
[2010.01.29 21:16:42 | 000,000,541 | ---- | M] () -- C:\Users\HP\AppData\Roaming\Mozilla\FireFox\Profiles\ol2xg7vx.default\searchplugins\bing--google.xml
[2010.01.29 21:14:04 | 000,002,172 | ---- | M] () -- C:\Users\HP\AppData\Roaming\Mozilla\FireFox\Profiles\ol2xg7vx.default\searchplugins\bing.xml
[2010.02.11 20:31:55 | 000,004,540 | ---- | M] () -- C:\Users\HP\AppData\Roaming\Mozilla\FireFox\Profiles\ol2xg7vx.default\searchplugins\fireball.xml
[2009.02.25 01:20:01 | 000,001,898 | ---- | M] () -- C:\Users\HP\AppData\Roaming\Mozilla\FireFox\Profiles\ol2xg7vx.default\searchplugins\surf-canyon.xml
[2010.01.29 21:15:02 | 000,004,153 | ---- | M] () -- C:\Users\HP\AppData\Roaming\Mozilla\FireFox\Profiles\ol2xg7vx.default\searchplugins\youtube.xml
[2010.06.08 17:06:34 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.06.08 17:06:34 | 000,000,000 | ---D | M] (z) -- C:\Program Files\Mozilla Firefox\extensions\{9f089c3d-0671-1313-bb9c-dd06c4417bfd}
[2010.08.02 20:20:37 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.08.02 20:20:37 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.08.02 20:20:37 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.08.02 20:20:37 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.08.02 20:20:37 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.11.03 11:26:18 | 000,424,544 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100sexlinks.com
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    www.10sek.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.123topsearch.com
O1 - Hosts: 127.0.0.1    123topsearch.com
O1 - Hosts: 127.0.0.1    www.132.com
O1 - Hosts: 127.0.0.1    132.com
O1 - Hosts: 127.0.0.1    www.136136.net
O1 - Hosts: 127.0.0.1    136136.net
O1 - Hosts: 127.0.0.1    www.163ns.com
O1 - Hosts: 14633 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Cm108Sound] File not found
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Realtime Audio Engine] C:\Windows\System32\mmrtkrnl.exe (AlcaTech)
O4 - HKCU..\Run: [NVIDIA nTune] C:\Data\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Mit Image Converter 3 übertragen - C:\Program Files\Sony\IMAGE CONVERTER 3\menu.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Data\ICQ6.5\ICQ.exe File not found
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Data\ICQ6.5\ICQ.exe File not found
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.185.161 83.169.185.225
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\HP\Pictures\Wallpaper\Earth Gas Giant.jpg
O24 - Desktop BackupWallPaper: C:\Users\HP\Pictures\Wallpaper\Earth Gas Giant.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.09.11 16:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{e1117033-d438-11dd-ba75-001b2479ef24}\Shell - "" = AutoRun
O33 - MountPoints2\{e1117033-d438-11dd-ba75-001b2479ef24}\Shell\AutoRun\command - "" = H:\SETUP.EXE -- File not found
O33 - MountPoints2\{e1117033-d438-11dd-ba75-001b2479ef24}\Shell\configure\command - "" = H:\SETUP.EXE -- File not found
O33 - MountPoints2\{e1117033-d438-11dd-ba75-001b2479ef24}\Shell\install\command - "" = H:\SETUP.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (OODBS) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
 
MsConfig - StartUpFolder: C:^Users^HP^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: BrMfcWnd - hkey= - key= - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
MsConfig - StartUpReg: ControlCenter3 - hkey= - key= - C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\HP\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
MsConfig - StartUpReg:  Malwarebytes Anti-Malware  (reboot) - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found
MsConfig - StartUpReg: NvMediaCenter - hkey= - key= - File not found
MsConfig - StartUpReg: QPService - hkey= - key= - C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
MsConfig - StartUpReg: VirtualCloneDrive - hkey= - key= - C:\Data\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
MsConfig - StartUpReg: WindowsWelcomeCenter - hkey= - key= - File not found
MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2
 
Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - File not found
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.dvsd - C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation)
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.11.12 12:17:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.11.12 12:17:05 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.11.12 12:06:18 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.11.12 12:05:32 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010.11.12 11:41:41 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\MFtools
[2010.11.11 19:03:51 | 000,501,760 | ---- | C] (www.sw4you.de Siegfried Weckmann) -- C:\Windows\SwSetupu.exe
[2010.11.10 19:53:06 | 000,000,000 | ---D | C] -- C:\Windows\TEMP
[2010.11.09 19:07:40 | 000,000,000 | ---D | C] -- C:\Users\HP\Desktop\Neuer Ordner
[2010.11.08 16:01:28 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010.10.29 17:23:03 | 000,000,000 | ---D | C] -- C:\Users\HP\Desktop\WakeUpSound
[2010.10.24 22:27:56 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010.10.20 16:10:35 | 000,000,000 | ---D | C] -- C:\Users\HP\Desktop\Garten
 
========== Files - Modified Within 30 Days ==========
 
[2010.11.12 13:05:55 | 000,000,432 | ---- | M] () -- C:\Windows\tasks\1-Click Maintenance.job
[2010.11.12 13:05:53 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.11.12 13:05:53 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.11.12 13:05:52 | 000,138,074 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.11.12 13:05:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.11.12 13:05:35 | 225,789,962 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.11.12 12:34:22 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.11.12 12:33:41 | 000,000,020 | ---- | M] () -- C:\Users\HP\defogger_reenable
[2010.11.12 12:32:07 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1627852074-908911158-2618229892-1000UA.job
[2010.11.12 12:22:55 | 000,043,008 | ---- | M] () -- C:\Users\HP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.12 12:17:11 | 000,000,778 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.12 12:15:42 | 000,288,107 | ---- | M] () -- C:\Users\HP\Desktop\Gmer.zip
[2010.11.12 12:15:42 | 000,050,477 | ---- | M] () -- C:\Users\HP\Desktop\defogger.exe
[2010.11.12 12:07:38 | 000,694,054 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.11.12 12:07:38 | 000,657,616 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.11.12 12:07:38 | 000,150,662 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.11.12 12:07:38 | 000,124,780 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.11.12 12:05:32 | 000,000,693 | ---- | M] () -- C:\Users\HP\Desktop\NTREGOPT.lnk
[2010.11.12 12:05:32 | 000,000,674 | ---- | M] () -- C:\Users\HP\Desktop\ERUNT.lnk
[2010.11.12 11:32:04 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1627852074-908911158-2618229892-1000Core.job
[2010.11.12 11:00:52 | 000,471,642 | ---- | M] () -- C:\Users\HP\Desktop\Load.exe
[2010.11.12 10:51:31 | 000,066,296 | ---- | M] () -- C:\Users\HP\Desktop\DirectPCV2.jpg
[2010.11.12 09:42:28 | 000,017,055 | ---- | M] () -- C:\Users\HP\Desktop\DirectPCV1.jpg
[2010.11.12 09:29:37 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1627852074-908911158-2618229892-1000.job
[2010.11.11 21:57:59 | 000,000,412 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B740FC0F-03EC-4652-A1D3-6A160FC1FFD7}.job
[2010.11.11 18:55:01 | 000,470,784 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.11.08 17:31:58 | 000,000,188 | ---- | M] () -- C:\Users\HP\Desktop\L A C I E (G) - Verknüpfung (2).lnk
[2010.11.08 10:32:38 | 000,296,448 | ---- | M] () -- C:\Users\HP\Desktop\gmer.exe
[2010.11.03 11:26:18 | 000,424,544 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.10.29 10:59:35 | 001,928,476 | ---- | M] () -- C:\Users\HP\Desktop\Nathan TV Bank.jpg
[2010.10.24 12:27:33 | 000,008,865 | -HS- | M] () -- C:\Users\HP\Desktop\Folder.jpg
[2010.10.24 12:27:33 | 000,002,402 | -HS- | M] () -- C:\Users\HP\Desktop\AlbumArtSmall.jpg
 
========== Files Created - No Company Name ==========
 
[2010.11.12 12:48:33 | 225,789,962 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.11.12 12:40:19 | 000,296,448 | ---- | C] () -- C:\Users\HP\Desktop\gmer.exe
[2010.11.12 12:33:25 | 000,000,020 | ---- | C] () -- C:\Users\HP\defogger_reenable
[2010.11.12 12:17:11 | 000,000,778 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.12 12:05:32 | 000,000,693 | ---- | C] () -- C:\Users\HP\Desktop\NTREGOPT.lnk
[2010.11.12 12:05:32 | 000,000,674 | ---- | C] () -- C:\Users\HP\Desktop\ERUNT.lnk
[2010.11.12 11:41:50 | 000,050,477 | ---- | C] () -- C:\Users\HP\Desktop\defogger.exe
[2010.11.12 11:41:48 | 000,288,107 | ---- | C] () -- C:\Users\HP\Desktop\Gmer.zip
[2010.11.12 11:00:44 | 000,471,642 | ---- | C] () -- C:\Users\HP\Desktop\Load.exe
[2010.11.12 09:42:28 | 000,017,055 | ---- | C] () -- C:\Users\HP\Desktop\DirectPCV1.jpg
[2010.11.12 09:35:55 | 000,066,296 | ---- | C] () -- C:\Users\HP\Desktop\DirectPCV2.jpg
[2010.11.08 17:31:58 | 000,000,188 | ---- | C] () -- C:\Users\HP\Desktop\L A C I E (G) - Verknüpfung (2).lnk
[2010.10.29 10:59:31 | 001,928,476 | ---- | C] () -- C:\Users\HP\Desktop\Nathan TV Bank.jpg
[2010.10.22 20:35:01 | 000,008,865 | -HS- | C] () -- C:\Users\HP\Desktop\Folder.jpg
[2010.04.28 11:08:05 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.04.02 16:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.03.24 15:42:21 | 000,000,000 | ---- | C] () -- C:\Users\HP\AppData\Local\FnF4.txt
[2010.03.17 17:12:57 | 000,010,624 | ---- | C] () -- C:\Windows\System32\drivers\archlp.sys
[2010.03.16 18:13:08 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.03.14 18:25:07 | 000,000,000 | ---- | C] () -- C:\Windows\Channel Editor 3.1.INI
[2010.03.08 02:53:38 | 000,000,266 | ---- | C] () -- C:\Windows\SettingsEditor + UpdateTool HD V2.11.INI
[2010.03.05 10:53:38 | 000,000,000 | ---- | C] () -- C:\Windows\new_db_app_17.INI
[2010.03.05 10:51:04 | 000,000,000 | ---- | C] () -- C:\Windows\Cheditor_HD_ver1.6.INI
[2009.12.16 14:57:00 | 000,000,760 | ---- | C] () -- C:\Users\HP\AppData\Roaming\setup_ldm.iss
[2009.11.02 00:01:06 | 000,012,800 | ---- | C] () -- C:\Windows\System32\DeskHack.dll
[2009.10.23 23:48:27 | 000,000,000 | ---- | C] () -- C:\Windows\galaxy.ini
[2009.10.13 19:52:17 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.10.13 19:43:02 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.10.13 00:01:18 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009.09.02 19:21:42 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.08.19 22:59:44 | 000,045,056 | ---- | C] () -- C:\Windows\System32\CM108rm.dll
[2009.08.19 22:59:44 | 000,000,161 | ---- | C] () -- C:\Windows\Cm108.ini.cfl
[2009.08.19 22:59:05 | 000,065,536 | ---- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
[2009.08.19 22:59:05 | 000,004,143 | ---- | C] () -- C:\Windows\Cm108.ini.cfg
[2009.08.19 22:59:05 | 000,000,694 | ---- | C] () -- C:\Windows\Cm108.ini.imi
[2009.08.19 22:59:04 | 000,106,496 | ---- | C] () -- C:\Windows\VMix.dll
[2009.08.19 22:59:04 | 000,005,197 | ---- | C] () -- C:\Windows\cm108.ini
[2009.08.04 10:29:03 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
[2009.01.24 21:39:08 | 000,000,038 | ---- | C] () -- C:\Users\HP\AppData\Local\Index_4E29823E.dat
[2009.01.24 20:31:27 | 000,000,952 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2009.01.24 17:02:26 | 000,002,181 | ---- | C] () -- C:\Windows\Helicon Debug Window.ini
[2009.01.07 18:27:35 | 000,000,194 | ---- | C] () -- C:\Users\HP\AppData\Roaming\default.rss
[2009.01.01 23:40:42 | 000,138,074 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.01.01 23:40:42 | 000,138,074 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008.12.27 06:04:27 | 000,010,752 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2008.12.27 03:52:05 | 000,000,000 | ---- | C] () -- C:\Windows\oodcnt.INI
[2008.12.19 16:43:33 | 000,065,738 | ---- | C] () -- C:\Users\HP\AppData\Roaming\nvModes.001
[2008.12.19 16:43:30 | 000,065,738 | ---- | C] () -- C:\Users\HP\AppData\Roaming\nvModes.dat
[2008.12.16 09:56:27 | 000,000,196 | ---- | C] () -- C:\Windows\ulead32.ini
[2008.12.15 22:45:14 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2008.12.15 22:45:14 | 000,000,088 | RHS- | C] () -- C:\ProgramData\2ECB35277A.sys
[2008.11.26 11:23:29 | 000,000,155 | ---- | C] () -- C:\Windows\DesktopSchneeFree.ini
[2008.11.06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.10.29 00:20:56 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.07.02 00:37:34 | 000,000,000 | ---- | C] () -- C:\Users\HP\AppData\Roaming\wklnhst.dat
[2008.06.25 00:14:33 | 000,532,480 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Sony.dll
[2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.06.11 09:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.06.11 09:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.06.11 09:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.06.05 08:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.05.02 08:42:34 | 000,000,680 | ---- | C] () -- C:\Users\HP\AppData\Local\d3d9caps.dat
[2008.04.17 08:34:39 | 000,043,008 | ---- | C] () -- C:\Users\HP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.04.12 20:30:38 | 000,000,320 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008.04.12 13:16:48 | 000,000,000 | ---- | C] () -- C:\Users\HP\AppData\Local\QSwitch.txt
[2008.04.12 13:16:48 | 000,000,000 | ---- | C] () -- C:\Users\HP\AppData\Local\DSwitch.txt
[2008.04.12 13:16:48 | 000,000,000 | ---- | C] () -- C:\Users\HP\AppData\Local\AtStart.txt
[2007.03.12 11:01:30 | 000,217,088 | ---- | C] () -- C:\Windows\NVGfxOgl.dll
[2007.02.27 21:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006.12.14 07:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006.12.14 07:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.03.10 01:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005.09.11 20:08:36 | 000,548,352 | ---- | C] () -- C:\Windows\System32\imgdecoder.dll
[2005.05.07 13:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2004.10.07 12:50:50 | 000,072,704 | ---- | C] () -- C:\Windows\System32\zlibwapi.dll
[2002.03.17 01:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000011.DLL
[2001.09.13 19:25:00 | 000,005,120 | ---- | C] () -- C:\Windows\System32\geOTraySpy.dll
 
========== LOP Check ==========
 
[2010.11.12 13:05:55 | 000,000,432 | ---- | M] () -- C:\Windows\Tasks\1-Click Maintenance.job
[2010.11.12 12:34:25 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.11.11 21:57:59 | 000,000,412 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{B740FC0F-03EC-4652-A1D3-6A160FC1FFD7}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2006.09.18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009.04.11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2006.09.18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008.10.02 21:34:23 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008.10.02 21:34:23 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010.11.12 13:05:35 | 2460,205,056 | -HS- | M] () -- C:\pagefile.sys
[2008.04.12 21:02:18 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2008.04.12 21:02:18 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009.10.14 12:28:53 | 000,000,909 | ---- | M] () -- C:\updatedatfix.log
 
< %systemroot%\system32\*.wt >
 
< %systemroot%\system32\*.ruy >
 
< %systemroot%\Fonts\*.com >
[2006.11.02 13:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006.11.02 13:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006.11.02 13:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009.10.13 20:05:24 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2006.09.18 22:37:34 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006.11.02 10:46:03 | 000,070,144 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNBPP3.DLL
[2006.11.02 13:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006.10.27 03:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.scr >
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2008.11.27 19:58:35 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.04.11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009.04.11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\user32.dll /md5 >
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2008.01.19 08:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll
 
< %systemroot%\system32\ws2help.dll /md5 >
[2006.11.02 10:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll
 
 
< MD5 for: EXPLORER.EXE >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008.04.26 02:27:27 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008.04.26 02:27:25 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: WININIT.EXE >
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-11-11 23:42:01
 
< End of report >
         
--- --- ---

OTL-Extra:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 12.11.2010 13:19:55 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Public\Desktop\MFtools
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 59,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,76 Gb Total Space | 24,02 Gb Free Space | 16,83% Space Free | Partition Type: NTFS
Drive D: | 6,29 Gb Total Space | 1,12 Gb Free Space | 17,80% Space Free | Partition Type: NTFS
 
Computer Name: HP-PC | User Name: HP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mp3tag] -- "C:\Data\DivX\Mp3tag\Mp3tag.exe" "/fp:%1" (Florian Heidenreich)
Directory [OpenNew] -- cmd.exe /k cd %1 (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- Reg Error: Key error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"mW[íµˆÖ¾`=µú¾˜v%S8’ÿÙêé>grl>*Ý\†Ð=ŸàÛ±Þ" = 
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{046BA6D2-C0C4-4764-AC72-9916E611D8F7}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe | 
"{0AA425B5-CF62-44EE-92C3-2E74E29C8258}" = lport=rpc | protocol=6 | dir=in | svc=ktmrm | app=c:\windows\system32\svchost.exe | 
"{0F6091DB-F7F2-44E4-90C3-02E88880D298}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\p2phost.exe | 
"{18ED6843-D6D7-420E-887C-671F1C03F96C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{1BA3C470-A52E-4D4F-9882-2C846D4AC4D8}" = lport=5357 | protocol=6 | dir=in | app=system | 
"{2732E3AA-867E-4A77-A727-5697648138FD}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | 
"{284C94FD-BA73-42CD-A180-57E308835DF2}" = lport=6649 | protocol=17 | dir=in | name=udp emule | 
"{2B04FBAB-ED80-44BD-AD82-230F66A2AB3C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{332E6BEE-0C2E-4356-B061-0802C6647B63}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | 
"{34CA7194-48FF-496B-90A4-F9F6E3E9593B}" = lport=5358 | protocol=6 | dir=in | app=system | 
"{38F904AF-D95C-45D0-99B6-157232295971}" = rport=2178 | protocol=6 | dir=out | app=system | 
"{3FE4B157-CC1C-42E5-B418-51251A497F80}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{43E9C5AA-22E9-47EE-89BB-79E222DD4CB8}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe | 
"{53AA6A3D-80FE-41E6-A21E-0C1FBABB56F8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{5B96508A-015A-483C-8E3F-A273121D507D}" = lport=2178 | protocol=6 | dir=in | app=system | 
"{5C9BDFCE-FDE2-44B5-ABEE-E19075B8688C}" = lport=1723 | protocol=6 | dir=in | app=system | 
"{6676A886-7972-4701-8012-55C08873E27C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{761CD6FE-C831-4B2D-98E5-3A84D766351D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{7D9DA317-75C8-45B8-BD2C-1FCD0FF19513}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{7E44C975-1F76-44C6-A9C0-E79037E0730C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{7EEE7AB9-5DE7-4235-B966-289AD37B2AD9}" = lport=rpc | protocol=6 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe | 
"{84CB362B-9F5B-4652-A9BF-181999C75798}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{953C9555-B934-4A4B-A1FF-6F6E720B28D1}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{97A3F110-79BD-4179-BF89-D94EF1AF6C61}" = lport=59553 | protocol=6 | dir=in | name=tcp emule | 
"{AADE849C-D114-4855-9C14-79995AB4EF8D}" = rport=5357 | protocol=6 | dir=out | app=system | 
"{B0039986-789E-4D78-9D12-62B18AA7827E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{B824BAE7-FF5F-4C87-9CE0-9050A96040C3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{BC1D48EA-CE9F-46AD-8307-D08CCB5F98F3}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\netproj.exe | 
"{BC5ADC96-093A-4660-A3AB-B58C5A7BDC5D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C15393C0-C950-4617-A217-F4A3ED880DF9}" = rport=5358 | protocol=6 | dir=out | app=system | 
"{C8328147-B24D-40A7-B74A-5335367AC4C2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{CEFFF2BF-E6F6-41CB-974C-0B02C49E5DAC}" = lport=1701 | protocol=17 | dir=in | app=system | 
"{D0874F20-7A91-4C19-91EE-24FF590DD644}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{D3E11691-DB40-4996-89A8-53B8CBE3B687}" = rport=1723 | protocol=6 | dir=out | app=system | 
"{D8EB18A6-4C34-4FA7-8596-E9E53E768CBD}" = rport=1701 | protocol=17 | dir=out | app=system | 
"{DDAB040A-F734-46EB-B436-DB7BF7174289}" = lport=3702 | protocol=17 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe | 
"{E712C752-5EB8-4B22-9234-5FC82B0754B1}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\netproj.exe | 
"{E9A4F65F-F6C1-417F-87C7-3AF01B88FDFA}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\p2phost.exe | 
"{E9CC1CD6-E3F0-4EA6-A5AA-C7D739DB60DD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{EAC8CBE4-204C-429B-8171-28F7FC7AF925}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{F077B8E1-ED0A-4A54-9C29-AAF4E468795D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{F24A426E-9113-437F-8FA0-EA1D0F6336B7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | 
"{FABC9986-55DA-4962-B3FB-2ABC17E53EC0}" = rport=3702 | protocol=17 | dir=out | svc=bits | app=c:\windows\system32\svchost.exe | 
"{FAD4E0C3-92B4-4105-A44B-F0FCC36B5771}" = rport=10243 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0931E48F-19D5-4D31-AB70-1087B96B3F24}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe | 
"{0B6DDC3D-BA5A-4A31-B9E2-B79134C65CAB}" = protocol=6 | dir=out | app=c:\windows\system32\p2phost.exe | 
"{10A1E355-E353-4195-8BFA-4DA7EF6D1BEE}" = protocol=6 | dir=in | app=c:\windows\system32\msdtc.exe | 
"{13C0D5A2-EBB3-4F19-BF83-4F0F897291E3}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | 
"{16336478-D8F2-4FC4-8B9E-5595A02764EA}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{1AF6988B-7BCB-4751-992C-3DC940FEF229}" = protocol=6 | dir=out | app=system | 
"{20B7BF96-2153-4F7F-91E8-DC91BF05C43D}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe | 
"{426D7F36-A79D-4C25-AF30-15EFD21628DA}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{43798DC5-65D6-4065-B250-EDDEC85D5399}" = protocol=6 | dir=out | app=c:\windows\system32\netproj.exe | 
"{45129504-75AE-4EF4-9E8F-56AB0A26254B}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe | 
"{45C9EFB3-F196-45D1-B27D-36B17ACB6423}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{4EDD32CA-B22E-44BF-9B3B-0536DAEE2FB6}" = protocol=6 | dir=in | app=c:\windows\system32\netproj.exe | 
"{50B4B8CF-965E-46DC-A843-F7414F3E17CA}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{50B5A8F6-DC80-4AB5-B230-99797B41D4F7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{5871113A-E7D0-4E9E-9576-F5F4D3DFE9A8}" = protocol=6 | dir=in | svc=msiscsi | app=c:\windows\system32\svchost.exe | 
"{58F114AF-AB66-41C2-9172-A0814D74D5BA}" = protocol=6 | dir=out | app=c:\windows\system32\msdtc.exe | 
"{5C786B3C-B3E7-4934-80BD-C085E2DA96E0}" = protocol=6 | dir=out | svc=msiscsi | app=c:\windows\system32\svchost.exe | 
"{5E575797-40C6-4191-A497-8A6DE6350B2F}" = protocol=17 | dir=in | app=c:\data\emule\emule.exe | 
"{6238767D-679F-4F37-B572-CC3E7C0B5CA7}" = protocol=6 | dir=out | app=system | 
"{66F55A84-3B0B-49CC-996B-6BA3249BD98A}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{76E8B8E5-4330-43C4-9275-ABBE9D1972A1}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe | 
"{817841D5-5394-4C59-A851-7A70EA7940FD}" = dir=in | app=c:\program files\hp\quickplay\qp.exe | 
"{870695B6-1AEF-47F0-9281-6E85344A812F}" = protocol=6 | dir=in | app=c:\windows\system32\plasrv.exe | 
"{893A8DE8-053A-498E-802C-A2530523AC4E}" = dir=in | app=c:\program files\msn messenger\livecall.exe | 
"{8A5ECD2A-72B9-4A88-AD19-CA26E8537D75}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{96BE35D5-0E9F-4D01-952C-D1DD15B3BF3C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{A0E3E205-FFBD-4A27-92E2-B190667CADB2}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe | 
"{A4677D01-B480-4192-BA68-2A0908F8B159}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{AA75F5DF-A1CA-465E-BB9D-A33C49D9FDC8}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{BC92F97A-D5E7-4B49-AE3F-B297C1DB0B6D}" = protocol=6 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe | 
"{BF177D75-D879-43C0-A6AB-D99F932F9CE0}" = protocol=6 | dir=in | app=c:\data\emule\emule.exe | 
"{C3750147-F128-44C4-9C48-ED0DAF129B6F}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe | 
"{C66BB7E5-8F90-475A-979F-AB7C99BF067F}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe | 
"{C8E271E1-3630-42F3-A333-2109A8F1DC78}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{CFA14975-10B7-4A54-9BF3-FA0041507A32}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{D7C2090E-D2A8-4EC2-8FAE-477AF97AF5BA}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | 
"{E5201261-C314-48A1-9B9E-688564875E48}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe | 
"{FF77150C-CB6D-4B57-9549-C97243FE1D6D}" = protocol=6 | dir=in | app=c:\windows\system32\p2phost.exe | 
"TCP Query User{0E5D7DFC-D81F-4C50-A9DA-93DDCDEE5DF7}C:\data\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\data\vlc\vlc.exe | 
"TCP Query User{14953F9C-CFE7-4B3E-AD14-380ED611DE12}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{1A77AF62-3BE3-4534-AD06-E4A25DACC41B}C:\users\hp\desktop\storage\emule0.48a-stullemule_v5.3-bin\emule.exe" = protocol=6 | dir=in | app=c:\users\hp\desktop\storage\emule0.48a-stullemule_v5.3-bin\emule.exe | 
"TCP Query User{1B8D2138-0AEB-48AB-9526-A4872563FD37}C:\program files\nero\nero 7\nero showtime\showtime.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero 7\nero showtime\showtime.exe | 
"TCP Query User{1B9BD2DC-75CE-4D98-B2F9-9F984A85A083}C:\alien arena 7_32\crx.exe" = protocol=6 | dir=in | app=c:\alien arena 7_32\crx.exe | 
"TCP Query User{26259421-1192-4AF5-9AB4-A801F929F730}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | 
"TCP Query User{47A90FCB-56DA-4406-8BEE-E26B2B97D89C}C:\data\hl.exe" = protocol=6 | dir=in | app=c:\data\hl.exe | 
"TCP Query User{4FA61CF7-8FEA-488D-9BFD-166C40DC2A62}C:\users\hp\desktop\ablage\emule0.48a-stullemule_v5.3-bin\emule.exe" = protocol=6 | dir=in | app=c:\users\hp\desktop\ablage\emule0.48a-stullemule_v5.3-bin\emule.exe | 
"TCP Query User{62B66E51-8030-4D31-9E1F-9EC17B1E3ED1}C:\users\hp\desktop\ablage\emule0.48a-stullemule_v5.3-bin\emule.exe" = protocol=6 | dir=in | app=c:\users\hp\desktop\ablage\emule0.48a-stullemule_v5.3-bin\emule.exe | 
"TCP Query User{6EFE1804-854E-4904-913D-0EEE66A23F14}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"TCP Query User{70490A01-F387-4F4B-A79B-BEC26FF4B31D}C:\program files\microsoft games\halo\halo.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\halo\halo.exe | 
"TCP Query User{8846CFCC-EC42-40B8-8C41-54D1D192AD01}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{884EA3EE-F75A-42CE-B24B-ADA9D1ACD142}C:\data\veohtv\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\data\veohtv\veoh\veohclient.exe | 
"TCP Query User{968213FC-1139-419C-9F38-9A60B86A2F54}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{9C91A4CE-DF33-41BC-AE4D-602BE2DAAD10}C:\program files\microsoft games\halo\halo.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\halo\halo.exe | 
"TCP Query User{C7091F5F-C457-4269-BA9F-7710B55B54A3}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{EAAAFF30-C329-4079-B05A-8B7DD41FFA8F}C:\users\hp\desktop\emule0.48a-stullemule_v5.3-bin\emule.exe" = protocol=6 | dir=in | app=c:\users\hp\desktop\emule0.48a-stullemule_v5.3-bin\emule.exe | 
"TCP Query User{F0F3E517-A4C5-4538-9611-15A495A62CB0}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{05F6B163-3DC4-476C-97DA-D8FBC6941B6F}C:\program files\nero\nero 7\nero showtime\showtime.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero 7\nero showtime\showtime.exe | 
"UDP Query User{0802A55A-7287-4043-B971-16581A1E8857}C:\users\hp\desktop\ablage\emule0.48a-stullemule_v5.3-bin\emule.exe" = protocol=17 | dir=in | app=c:\users\hp\desktop\ablage\emule0.48a-stullemule_v5.3-bin\emule.exe | 
"UDP Query User{09B1A52E-D626-47D4-AAC5-2A3082559B5B}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{12488953-05DE-4AD2-95CD-456D10186C4C}C:\data\veohtv\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\data\veohtv\veoh\veohclient.exe | 
"UDP Query User{19F60805-CA3C-4D6C-BB32-D2689DED9A15}C:\data\hl.exe" = protocol=17 | dir=in | app=c:\data\hl.exe | 
"UDP Query User{347D47F5-733F-47DB-8A1F-55AA96DCDC57}C:\data\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\data\vlc\vlc.exe | 
"UDP Query User{3FD66CF2-54D3-460F-BE0C-BC8456835E2A}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{4926AAF4-6890-43BE-88FF-9DB634502FB8}C:\program files\microsoft games\halo\halo.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\halo\halo.exe | 
"UDP Query User{652094BC-A8DA-465B-9477-8FEAEFEC2999}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{6FC0DA83-AFE9-475E-93F8-8B446E7655A2}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{74BA6C73-4F8A-4E88-BC76-B3DB1A13A557}C:\users\hp\desktop\storage\emule0.48a-stullemule_v5.3-bin\emule.exe" = protocol=17 | dir=in | app=c:\users\hp\desktop\storage\emule0.48a-stullemule_v5.3-bin\emule.exe | 
"UDP Query User{89E88571-15F2-4EA3-8754-50AF2F61BA1E}C:\program files\microsoft games\halo\halo.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\halo\halo.exe | 
"UDP Query User{AAECAF26-630F-48E3-8A92-89761A015811}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{B170054D-475B-4049-8ADC-FBF7E27416DF}C:\users\hp\desktop\emule0.48a-stullemule_v5.3-bin\emule.exe" = protocol=17 | dir=in | app=c:\users\hp\desktop\emule0.48a-stullemule_v5.3-bin\emule.exe | 
"UDP Query User{CC9DAE27-AEDC-4DFC-B6E3-592DFA60C987}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | 
"UDP Query User{D8E4372C-1891-4532-A4FE-090C5651576B}C:\alien arena 7_32\crx.exe" = protocol=17 | dir=in | app=c:\alien arena 7_32\crx.exe | 
"UDP Query User{F4E82F03-2634-4B9C-83B7-E49F4F7C6343}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{F9C52866-1929-45A1-8C7A-A675D301A372}C:\users\hp\desktop\ablage\emule0.48a-stullemule_v5.3-bin\emule.exe" = protocol=17 | dir=in | app=c:\users\hp\desktop\ablage\emule0.48a-stullemule_v5.3-bin\emule.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{194C14D5-3CB0-4977-8886-A79DFC00E820}" = MSCU for Microsoft Vista
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 19
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34341B15-CA5B-43E0-AADD-3AED44647598}" = ESU for Microsoft Vista
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 B1
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.2
"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E79AC14-1F0A-4044-B069-126EDCD2308F}" = Vista Manager
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
"{A666A477-4C02-415E-9F31-3541FC0CD6B5}" = SipdxDLL
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A7E07C2B-2220-4415-87E3-784D5814BC93}" = NVIDIA PhysX v8.09.04
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{C20B3C31-28CD-4732-AE45-A30F401AF91F}" = WALKMAN Launcher
"{C21C71CB-3E5C-401C-91D2-DEDACDB26BAF}" = ESET Smart Security
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{D83BD5E2-5AF4-49F6-B5C1-484A9760E73D}" = Brother MFL-Pro Suite
"{DA5E6A2D-DEAA-4152-A43A-FDBDE29AA724}" = DAMN NFO Viewer 2.10.0031 RC3
"{DDFD9BA2-8E26-4E49-92AE-882424DAB1BC}" = HP User Guides 0057
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{E89B484C-B913-49A0-959B-89E836001658}" = GEAR 32bit Driver Installer
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1D891A7-2BAF-4033-9A20-DBB78F86BF0C}" = Video Downloader
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"{FE013D72-CF3D-41A8-BC09-C38070FDE2CB}" = Image Converter 3
"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files
"Absolute MP3 Splitter_is1" = Absolute MP3 Splitter version 2.3.0
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Alien Outbreak 2 Invasion" = Alien Outbreak 2 Invasion 2 
"CCleaner" = CCleaner (remove only)
"C-Media CM108 Like Sound Driver" = USB7.1 AUDIO
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"eMule_is1" = stullemuleemuleversion
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"Halo" = Microsoft Halo
"HD Pack" = HD Pack 1.7
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"melon" = melon 3.05
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MixMeister BPM Analyzer_is1" = MixMeister BPM Analyzer 1.0
"mmfsetup_is1" = MixMeister Fusion 7.3.5
"mmssetup_is1" = MixMeister Studio Demo 7.4.4
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Mp3tag" = Mp3tag v2.44
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"Revo Uninstaller" = Revo Uninstaller 1.90
"SmartAudio" = SmartAudio
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"tdxkrxvywejegwk" = Tagging System Revenuebuster
"Video mp3 Extractor_is1" = Video mp3 Extractor
"VirtualCloneDrive" = VirtualCloneDrive
"What's Running_is1" = What's Running 2.2
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"xp-AntiSpy" = xp-AntiSpy 3.97-2
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 03.06.2009 14:45:12 | Computer Name = HP-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 03.06.2009 14:45:12 | Computer Name = HP-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 03.06.2009 14:45:12 | Computer Name = HP-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 03.06.2009 14:45:12 | Computer Name = HP-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 03.06.2009 14:45:13 | Computer Name = HP-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 03.06.2009 14:45:18 | Computer Name = HP-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 03.06.2009 14:45:19 | Computer Name = HP-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 03.06.2009 14:45:32 | Computer Name = HP-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 04.06.2009 04:14:17 | Computer Name = HP-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 04.06.2009 04:30:40 | Computer Name = HP-PC | Source = Google Update | ID = 20
Description = 
 
[ Media Center Events ]
Error - 27.02.2009 16:01:34 | Computer Name = HP-PC | Source = MCX2Filter | ID = 602
Description = 
 
Error - 27.02.2009 16:01:34 | Computer Name = HP-PC | Source = MCX2Filter | ID = 602
Description = 
 
Error - 27.02.2009 16:01:35 | Computer Name = HP-PC | Source = MCX2Filter | ID = 602
Description = 
 
Error - 27.02.2009 16:01:35 | Computer Name = HP-PC | Source = MCX2Filter | ID = 602
Description = 
 
Error - 27.02.2009 16:01:35 | Computer Name = HP-PC | Source = MCX2Filter | ID = 602
Description = 
 
Error - 27.02.2009 16:01:35 | Computer Name = HP-PC | Source = MCX2Filter | ID = 602
Description = 
 
Error - 27.02.2009 16:01:35 | Computer Name = HP-PC | Source = MCX2Filter | ID = 602
Description = 
 
Error - 27.02.2009 16:01:35 | Computer Name = HP-PC | Source = MCX2Filter | ID = 602
Description = 
 
Error - 27.02.2009 16:01:35 | Computer Name = HP-PC | Source = MCX2Filter | ID = 602
Description = 
 
Error - 27.02.2009 16:01:35 | Computer Name = HP-PC | Source = MCX2Filter | ID = 602
Description = 
 
[ System Events ]
Error - 12.11.2010 07:58:51 | Computer Name = HP-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 12.11.2010 07:58:51 | Computer Name = HP-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 12.11.2010 08:00:28 | Computer Name = HP-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 12.11.2010 08:00:28 | Computer Name = HP-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 12.11.2010 08:05:40 | Computer Name = HP-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 12.11.2010 um 13:04:06 unerwartet heruntergefahren.
 
Error - 12.11.2010 08:06:08 | Computer Name = HP-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 12.11.2010 08:06:08 | Computer Name = HP-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 12.11.2010 08:06:08 | Computer Name = HP-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 12.11.2010 08:07:33 | Computer Name = HP-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 12.11.2010 08:07:33 | Computer Name = HP-PC | Source = Service Control Manager | ID = 7001
Description = 
 
 
< End of report >
         
--- --- ---

Alt 12.11.2010, 13:56   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Problem im Firefox mit "DirectCPV/LoudMo"-Werbung > Layer Ad ? - Standard

Problem im Firefox mit "DirectCPV/LoudMo"-Werbung > Layer Ad ?



Zitat:
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 150651
Laufzeit: 7 Minute(n), 28 Sekunde(n)
Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden, bitte auch davon alle posten!
__________________

__________________

Alt 12.11.2010, 15:58   #3
KTV57
 
Problem im Firefox mit "DirectCPV/LoudMo"-Werbung > Layer Ad ? - Standard

Problem im Firefox mit "DirectCPV/LoudMo"-Werbung > Layer Ad ?



Ergebnis des Vollscan mit AntiMalwareBytes:

ältere Log´s habe ich leider nicht mehr...

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5099

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

12.11.2010 16:55:33
mbam-log-2010-11-12 (16-55-33).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 316310
Laufzeit: 1 Stunde(n), 46 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
__________________

Alt 12.11.2010, 16:18   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Problem im Firefox mit "DirectCPV/LoudMo"-Werbung > Layer Ad ? - Standard

Problem im Firefox mit "DirectCPV/LoudMo"-Werbung > Layer Ad ?



Wirklich keine Funde bei MBAM? Oder postest du nur die Logs ohne Funde?

Alt 12.11.2010, 16:36   #5
KTV57
 
Problem im Firefox mit "DirectCPV/LoudMo"-Werbung > Layer Ad ? - Standard

Problem im Firefox mit "DirectCPV/LoudMo"-Werbung > Layer Ad ?



Die eben gepostete ist die aktuelle Log-Datei von vor einer Stunde... alle älteren habe ich leider gelöscht. Hatte heute morgen etwas gefunden und gelöscht, glaube aber nicht dass es sich um den betreffenden DirctCPV/LoudMou handelt. Habe ein Screenshot der Qurantäne von AMWB angehängt... vielleicht hilft der weiter !?

Angehängte Grafiken
Dateityp: jpg Qurantäneshot1.jpg (108,4 KB, 379x aufgerufen)

Alt 12.11.2010, 17:35   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Problem im Firefox mit "DirectCPV/LoudMo"-Werbung > Layer Ad ? - Standard

Problem im Firefox mit "DirectCPV/LoudMo"-Werbung > Layer Ad ?



Wieso löscht du denn sowas?
Das grenzt ja shon fast an Spurenvernichtung um uns das Helfen noch schwieriger zu machen!
Schau mal in den Reiter Logdateien nach, hoffentlich sind da noch alle Logs.
__________________
--> Problem im Firefox mit "DirectCPV/LoudMo"-Werbung > Layer Ad ?

Alt 12.11.2010, 19:06   #7
KTV57
 
Problem im Firefox mit "DirectCPV/LoudMo"-Werbung > Layer Ad ? - Standard

Problem im Firefox mit "DirectCPV/LoudMo"-Werbung > Layer Ad ?



sorry, sind alle weg... (siehe angehängtes PNG) ...wusste nicht dass alte Logs gebraucht werden... war in jedem Fall keine Absicht !!

...ist euch denn evtl. >>LoudMou<< bekannt ? hat der "AdwareAdRotator" vielleicht was damit zu tun ? ...hm... bis jetzt hab ich beim surfen Ruhe... aber das muss nichts heißen, war schon öfter dass ich dachte... aber dann nervt er wieder...
Angehängte Grafiken
Dateityp: png logdateien.png (114,8 KB, 343x aufgerufen)

Alt 12.11.2010, 19:07   #8
KTV57
 
Problem im Firefox mit "DirectCPV/LoudMo"-Werbung > Layer Ad ? - Standard

Problem im Firefox mit "DirectCPV/LoudMo"-Werbung > Layer Ad ?



...hab noch 2 png`s angehängt... von dem nervigen Werbeteil... eins von meinem FF und eines anderen User aus dem Netz...
Angehängte Grafiken
Dateityp: jpg Screenshot aus meinem Firefox.jpg (36,8 KB, 351x aufgerufen)
Dateityp: jpg Screenshot eines anderen User.jpg (76,2 KB, 292x aufgerufen)

Alt 14.11.2010, 07:01   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Problem im Firefox mit "DirectCPV/LoudMo"-Werbung > Layer Ad ? - Standard

Problem im Firefox mit "DirectCPV/LoudMo"-Werbung > Layer Ad ?



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Alt 15.11.2010, 17:36   #10
KTV57
 
Problem im Firefox mit "DirectCPV/LoudMo"-Werbung > Layer Ad ? - Standard

Problem im Firefox mit "DirectCPV/LoudMo"-Werbung > Layer Ad ?



...habe Combofix heruntergeladen, jedoch nicht als .exe gespeichert weil ich nur einen "Speichern"-Button habe und dann läd´die Datei schon herunter. CCCleaner ausgeführt... alle Fenster und Programme einschließlich EsEt Security geschlossen...

Combofix als Administrator ausgeführt... Gewährleistungsfrage mit ja beantwortet... dann erschien das blaue Fenster mit dem blinkenden Strich und dann passierte gar nichts mehr... habe es 1 Stunde ohne Störung laufen lassen... Combofix ließ sich nicht beenden und der PC ließ sich nicht herunterfahren, nur über die Off-Taste beenden...

Dann 2ter Versuch.... blaues Fenster >> 5 h in Ruhe laufen lassen >> genau das gleiche wie beim ersten Versuch...

versteh nicht was ich falsch gemacht haben könnte !?

>> mein beschriebenes Problem mit der Werbung im Firefox besteht nach wie vor und nervt........ hm... was soll ich machen !?

Alt 15.11.2010, 21:04   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Problem im Firefox mit "DirectCPV/LoudMo"-Werbung > Layer Ad ? - Standard

Problem im Firefox mit "DirectCPV/LoudMo"-Werbung > Layer Ad ?



Zitat:
...habe Combofix heruntergeladen, jedoch nicht als .exe gespeichert weil ich nur einen "Speichern"-Button habe
Deswegen gibt es Rechtsklick Ziel speichern unter!!

Zitat:
versteh nicht was ich falsch gemacht haben könnte !?
CF über die cofi.exe mal ausführen!

Alt 16.11.2010, 13:10   #12
KTV57
 
Problem im Firefox mit "DirectCPV/LoudMo"-Werbung > Layer Ad ? - Standard

Problem im Firefox mit "DirectCPV/LoudMo"-Werbung > Layer Ad ?



Zitat:
Zitat von cosinus Beitrag anzeigen
Deswegen gibt es Rechtsklick Ziel speichern unter!!

hab ich versucht... er bietet jedoch nur die Auswahl: >>alle Dateien<< oder >>Applikation<< an... es lässt sich keine >>cofi.exe<< manuell eintragen !?
(siehe Bild-Anhang)

CF über die cofi.exe mal ausführen!
wie soll ich das machen ? habe ja nur die heruntergeladene Conmofix- datei auf dem Desktop... die kann ich als Administrator starten... aber als exe ?
Angehängte Grafiken
Dateityp: png combofixexe.png (110,5 KB, 168x aufgerufen)

Alt 16.11.2010, 13:43   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Problem im Firefox mit "DirectCPV/LoudMo"-Werbung > Layer Ad ? - Standard

Problem im Firefox mit "DirectCPV/LoudMo"-Werbung > Layer Ad ?



Das .exe wird nur nicht angezeigt! Mach aus combofix einfach ein cofi!

Alt 16.11.2010, 13:50   #14
KTV57
 
Problem im Firefox mit "DirectCPV/LoudMo"-Werbung > Layer Ad ? - Standard

Problem im Firefox mit "DirectCPV/LoudMo"-Werbung > Layer Ad ?



ok... hat funktioniert... schäm... probiers aus und meld mich dann wieder

Alt 28.12.2010, 10:08   #15
KTV57
 
Problem im Firefox mit "DirectCPV/LoudMo"-Werbung > Layer Ad ? - Standard

Problem im Firefox mit "DirectCPV/LoudMo"-Werbung > Layer Ad ?



Hallo... sorry, hatte wenig Zeit...

leider komme ich auch mit der cofi.exe nicht weiter... es erscheint das blaue Fenster mit dem blinkenden Strich und dann passiert nichts mehr... habe es Stunden laufen lassen.... der PC hängt sich dann jedes mal auf, lässt sich nicht mal mehr herunterfahren...

das Problem mit den lästigen Werbefenstern besteht nach wie vor !? Greets

Antwort

Themen zu Problem im Firefox mit "DirectCPV/LoudMo"-Werbung > Layer Ad ?
32 bit, bho, bitte um hilfe, bluescreen, converter, corp./icp, desktop, egui.exe, error, eset smart security, excel, fehlermeldung, firefox, firefox.exe, flash player, hilfreich, home, home premium, install.exe, load.exe, location, logfile, media center, microsoft office word, minidump, monitor, mozilla thunderbird, mp3, nvlddmkm.sys, nvstor.sys, office 2007, oldtimer, otl logfile, otl-scan, plug-in, port, problem, programdata, registry, required, revo uninstaller, rundll, safer networking, saver, searchplugins, security, security update, server, shell32.dll, software, start menu, studio, svchost.exe, system, system restore, udp, vista



Ähnliche Themen: Problem im Firefox mit "DirectCPV/LoudMo"-Werbung > Layer Ad ?


  1. Link Klick öffnet zunächst eine Link Fremde Seite " Casino Werbung " " Siele Werbung " "Erotik Seiten " oder ähnliches!
    Plagegeister aller Art und deren Bekämpfung - 26.08.2015 (17)
  2. Firefox öffnet bei klicken Werbung & und Programm "lomrdjhy" im Hintergrund
    Plagegeister aller Art und deren Bekämpfung - 12.04.2015 (3)
  3. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  4. Firefox-Browser "mit Werbung befallen"
    Alles rund um Mac OSX & Linux - 31.12.2014 (11)
  5. Herzlichen Dank "Schrauber" - "Problem mit der Gruppenrichtlinie" blockiert" gelöst
    Lob, Kritik und Wünsche - 11.12.2014 (0)
  6. Aufpoppende Werbung in Firefox und "bing"- Suche im IE
    Plagegeister aller Art und deren Bekämpfung - 03.12.2014 (5)
  7. Firefox wird von Werbung zugespammt ("Ads by ss8" und jetzt "Ads bei info")
    Log-Analyse und Auswertung - 16.09.2014 (30)
  8. Windows XP, Firefox und Chrom sind voll mit Werbung die mit "Ads By RR" markiert ist
    Plagegeister aller Art und deren Bekämpfung - 10.05.2014 (9)
  9. Firefox...Nach Download ständig Popp-Up mit Werbung und "Warnung vor einem Virus,Update des Players"
    Plagegeister aller Art und deren Bekämpfung - 26.03.2014 (27)
  10. Windows 7: Firefox zeigt Overlay Werbung und schiebt "Ads not by this site" Blöcke ein
    Plagegeister aller Art und deren Bekämpfung - 29.11.2013 (5)
  11. "Antiviren Werbung" "Langsamer PC" "PC stürzt ab" Banner und Popups beim surfen
    Plagegeister aller Art und deren Bekämpfung - 05.11.2013 (28)
  12. Änliches Problem wie im Thread "Antiviren Werbung, Banner und Popups" vom 24.09.2013
    Plagegeister aller Art und deren Bekämpfung - 29.09.2013 (3)
  13. "Falsche" E-Mail von Freund mit Link ins Netz -> Virus oder nur "Werbung"?
    Log-Analyse und Auswertung - 30.07.2012 (1)
  14. Win XP Start " Net Reactor 10 Fenster"danach "Firefox Problem 2 Fenster" danach "Blue Screen"
    Log-Analyse und Auswertung - 09.07.2011 (3)
  15. Firefox: Weiterleitung auf "gostats.com" und Werbung "served by Yourprofitclub"
    Log-Analyse und Auswertung - 10.03.2011 (4)
  16. Firefox: Weiterleitung auf "gostats.com" und Werbung "served by Yourprofitclub"
    Log-Analyse und Auswertung - 05.03.2011 (23)
  17. Problem: Wohlmöglich gefälschtes Firefox Update Popup "CineSmaxx.de"
    Plagegeister aller Art und deren Bekämpfung - 14.12.2010 (3)

Zum Thema Problem im Firefox mit "DirectCPV/LoudMo"-Werbung > Layer Ad ? - Hallo, habe ein Problem im Firefox. Es legt sich zyklisch eine Seite über die gewollten Seiten. Dabei bleibt die gesamte Seite leer, nur am oberen Rand steht links "advertise here" - Problem im Firefox mit "DirectCPV/LoudMo"-Werbung > Layer Ad ?...
Archiv
Du betrachtest: Problem im Firefox mit "DirectCPV/LoudMo"-Werbung > Layer Ad ? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.