| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Problem im Firefox mit "DirectCPV/LoudMo"-Werbung > Layer Ad ?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.11.2010, 14:33
| #1 |
 |  Problem im Firefox mit "DirectCPV/LoudMo"-Werbung > Layer Ad ? Hallo, habe ein Problem im Firefox. Es legt sich zyklisch eine Seite über die gewollten Seiten. Dabei bleibt die gesamte Seite leer, nur am oberen Rand steht links "advertise here" und rechts "skip this ad". Klick auf "advertise here" führt zu einer Seite namens "DirectPCV" - bringt mich aber nicht wirklich weiter. Klick auf "skip this ad" lässt die leere Seite wieder verschwinden. Habe ausführlich gegoogelt, das Problem ist nicht unbekannt und offensichtlich auch anderen durch Poker-Sites/ Toolbars etc. unter geschummelt worden. Dann stieß ich auf diese Seite: h**p://w*w.amnavigator.com/blog/2010/02/05/parasite-alert-directcpv-loudmo-contextual-adware/ Mein Englisch ist nicht das Beste... und eine Lösung fand ich dort auch nicht. Habe es so verstanden, dass es eine recht neue Art von "adware" oder "Layer Ad" etc ist. Bin nach Schlagwörtern wie "verseuchtes System" usw ratlos..., bitte um Hilfe ! Habe Vista, 32Bit, SP 2 auf einem HP-Notebook. Eset / Spybot / Anti-Malwarebyte´s finden nichts. Habe eure Anweisungen zur "load.exe" abgearbeitet: tcf.exe: gelaufen erunt.exe: BackUp der Registry gemacht Anti-Malwarebytes Logfile: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 5098 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18975 12.11.2010 13:58:00 mbam-log-2010-11-12 (13-58-00).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 150651 Laufzeit: 7 Minute(n), 28 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: defogger.exe: defogger_disable by jpshortstuff (23.02.10.1) Log created at 12:33 on 12/11/2010 (HP) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... Unable to read sptd.sys SPTD -> Disabled (Service running -> reboot required) -=E.O.F=- Gmer.exe: Scan brach nach kurzer Zeit ab. Windows Fehlermeldung: >>Gmer.exe funktioniert nicht mehr.<< Beim 2. Scanversuch dann BlueScreen mit Problemmeldung: >>0x0000008E<< 3. und 4. Scanversuch mit gleichem BlueScreen-Ergebnis. Nach Neustart dann Windows Fehlerbericht: Problemsignatur: Problemereignisname: BlueScreen Betriebsystemversion: 6.0.6002.2.2.0.768.3 Gebietsschema-ID: 1031 Zusatzinformationen zum Problem: BCCode: 1000008e BCP1: C0000005 BCP2: 8225BD95 BCP3: A9370A34 BCP4: 00000000 OS Version: 6_0_6002 Service Pack: 2_0 Product: 768_1 Dateien, die bei der Beschreibung des Problems hilfreich sind: C:\Windows\Minidump\Mini111210-03.dmp C:\Users\HP\AppData\Local\Temp\WER-141804-0.sysdata.xml C:\Users\HP\AppData\Local\Temp\WER81BC.tmp.version.txt OTL-ScanOTL Logfile: Code:
ATTFilter OTL logfile created on: 12.11.2010 13:19:55 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Public\Desktop\MFtools Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18975) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 59,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 142,76 Gb Total Space | 24,02 Gb Free Space | 16,83% Space Free | Partition Type: NTFS Drive D: | 6,29 Gb Total Space | 1,12 Gb Free Space | 17,80% Space Free | Partition Type: NTFS Computer Name: HP-PC | User Name: HP | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2010.11.12 12:16:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Public\Desktop\MFtools\OTL.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.03.19 10:44:50 | 000,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008.12.02 20:34:40 | 000,070,144 | ---- | M] (AlcaTech) -- C:\Windows\System32\mmrtkrnl.exe PRC - [2008.05.02 01:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\SetPoint\SetPoint.exe PRC - [2008.05.02 01:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe PRC - [2007.09.04 18:25:44 | 000,131,072 | ---- | M] (NVIDIA) -- C:\Data\NVIDIA Corporation\nTune\nTuneService.exe PRC - [2007.04.24 02:11:42 | 000,262,243 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe PRC - [2006.11.02 20:40:12 | 000,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe ========== Modules (SafeList) ========== MOD - [2010.11.12 12:16:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Public\Desktop\MFtools\OTL.exe MOD - [2010.08.31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll MOD - [2010.05.04 20:13:07 | 000,231,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll MOD - [2009.11.02 00:20:51 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll MOD - [2009.09.25 03:10:10 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll MOD - [2009.04.11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll MOD - [2009.04.11 07:28:19 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll MOD - [2009.04.11 07:28:18 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll MOD - [2009.04.11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll MOD - [2008.12.15 12:24:12 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c\ATL80.dll MOD - [2008.01.19 08:36:40 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\thumbcache.dll MOD - [2008.01.19 08:34:07 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\duser.dll MOD - [2008.01.19 08:33:42 | 000,326,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SQL Server-Agent (SQLEXPRESS) SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService) SRV - File not found [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE -- (MSSQLServerADHelper100) SRV - File not found [Auto | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2010.03.18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.09.25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009.03.19 10:48:08 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv) SRV - [2009.03.19 10:44:50 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn) SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) SRV - [2008.09.24 14:32:48 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2008.05.02 01:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.09.04 18:25:44 | 000,131,072 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Data\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService) SRV - [2007.04.24 02:11:44 | 000,106,593 | ---- | M] () [Auto | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS) SRV - [2007.04.24 02:11:42 | 000,262,243 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS) SRV - [2007.02.05 09:11:18 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV) SRV - [2007.02.05 09:11:16 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service) SRV - [2007.01.26 10:39:06 | 000,075,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe -- (ICScsiSV) SRV - [2007.01.26 10:38:48 | 000,067,760 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe -- (IcVzMonLauncher) SRV - [2007.01.26 10:38:48 | 000,043,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe -- (Image Converter video recording monitor for VAIO Entertainment) SRV - [2007.01.09 22:55:34 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb) SRV - [2006.12.14 01:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV) SRV - [2006.12.14 01:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV) SRV - [2006.12.14 00:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR) SRV - [2006.11.02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive) DRV - [2009.10.03 05:02:06 | 009,905,096 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.03.30 02:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103) DRV - [2009.03.19 10:45:38 | 000,038,240 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp) DRV - [2009.03.19 10:45:34 | 000,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\epfwndis.sys -- (Epfwndis) DRV - [2009.03.19 10:45:32 | 000,131,976 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw) DRV - [2009.03.19 10:44:34 | 000,107,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv) DRV - [2009.03.19 10:41:38 | 000,113,960 | ---- | M] (ESET) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\eamon.sys -- (eamon) DRV - [2008.12.02 20:34:54 | 000,094,624 | ---- | M] (AlcaTech) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mmrtkrnl.sys -- (MMRTKRNL) DRV - [2008.10.19 21:05:08 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2008.03.28 02:06:00 | 000,199,472 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP) DRV - [2008.03.03 11:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService) DRV - [2008.02.29 02:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt) DRV - [2008.02.29 02:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2008.02.29 02:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2008.01.25 14:06:42 | 000,010,624 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\archlp.sys -- (archlp) DRV - [2008.01.19 06:53:23 | 000,073,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM) DRV - [2008.01.09 12:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri) DRV - [2007.09.04 18:26:32 | 000,029,696 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\Windows\nvoclock.sys -- (NVR0Dev) DRV - [2007.07.10 06:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007.06.20 03:29:56 | 000,984,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV) DRV - [2007.06.20 03:28:34 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL) DRV - [2007.06.20 03:28:22 | 000,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf) DRV - [2007.06.01 15:59:36 | 001,310,208 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CM108.sys -- (USBPNPA) DRV - [2007.04.12 03:30:52 | 000,160,768 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService) DRV - [2007.03.07 05:15:58 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2007.02.24 15:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007.02.17 00:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2007.01.23 18:03:28 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007.01.23 17:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2007.01.03 16:43:12 | 000,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX) DRV - [2007.01.03 16:43:12 | 000,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV) DRV - [2007.01.03 15:25:18 | 000,027,536 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\frmupgr.sys -- (DFUBTUSB) DRV - [2006.11.30 18:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr) DRV - [2006.11.02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2006.11.02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2006.11.02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2006.11.02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2006.11.02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2006.11.02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2006.11.02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2006.11.02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2006.11.02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006.11.02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006.11.02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2006.11.02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2006.11.02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2) DRV - [2006.11.02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2006.11.02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006.11.02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006.11.02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006.11.02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2006.11.02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2006.11.02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2006.11.02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006.11.02 08:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL) DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006.11.02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2006.10.19 03:10:57 | 001,380,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm) DRV - [2006.06.28 17:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey) DRV - [2005.04.21 12:40:36 | 000,010,624 | ---- | M] (Elaborate Bytes AG) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV - [2004.09.02 14:45:13 | 000,022,656 | ---- | M] (Elaborate Bytes AG) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\VClone.sys -- (VClone) DRV - [2004.02.12 18:11:28 | 000,003,968 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyDelay.sys -- (ElbyDelay) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=laptop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=laptop IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "Live TV Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.de/search?q=" FF - prefs.js..browser.search.selectedEngine: "Amazon.de" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1 FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.1 FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.1 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2 FF - prefs.js..extensions.enabledItems: {446c03e0-2c35-11db-a98b-0800200c9a66}:0.6.1.14 FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.5.7 FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.87 FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.11 FF - prefs.js..extensions.enabledItems: {aff87fa2-a58e-4edd-b852-0a20203c1e17}:0.8 FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8 FF - prefs.js..extensions.enabledItems: {9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}:6.0.4 FF - prefs.js..extensions.enabledItems: nasatabs@sonco.com:1.4.0 FF - prefs.js..extensions.enabledItems: netvideohunter@netvideohunter.com:1.4 FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2c}:0.6.4 FF - prefs.js..extensions.enabledItems: CompactMenuCE@Merci.chao:4.3.2 FF - prefs.js..extensions.enabledItems: {5e594888-3e8e-47da-b2c6-b0b545112f84}:1.3.1 FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.11 FF - prefs.js..extensions.enabledItems: tabutils@ithinc.cn:0.9.9.8.3 FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908 FF - prefs.js..extensions.enabledItems: {582195F5-92E7-40a0-A127-DB71295901D7}:0.6 FF - prefs.js..extensions.enabledItems: {44d0a1b4-9c90-4f86-ac92-8680b5d6549e}:0.6.4.3.privateBuild1 FF - prefs.js..extensions.enabledItems: sxipper@sxip.com:2.3.4 FF - prefs.js..extensions.enabledItems: {5F590AA2-1221-4113-A6F4-A4BB62414FAC}:0.45.6.20100202.1 FF - prefs.js..extensions.enabledItems: {EDA7B1D7-F793-4e03-B074-E6F303317FB0}:1.2.6 FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:4.9.2 FF - prefs.js..extensions.enabledItems: {9f089c3d-0671-1313-bb9c-dd06c4417bfd}:4.6.6.9 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.4 FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20101009 FF - prefs.js..keyword.URL: "hxxp://www.google.de/search?q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.11.11 17:36:19 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.11.11 17:36:19 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010.04.29 23:23:09 | 000,000,000 | ---D | M] [2008.09.10 20:41:09 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\mozilla\Extensions [2010.11.11 18:40:18 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\ol2xg7vx.default\extensions [2010.11.06 14:07:42 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\ol2xg7vx.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2010.11.09 17:41:06 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\ol2xg7vx.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2010.02.24 01:40:40 | 000,000,000 | ---D | M] (Linkification) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\ol2xg7vx.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a} [2009.11.19 20:28:33 | 000,000,000 | ---D | M] (Organize Status Bar) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\ol2xg7vx.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2c} [2010.01.29 20:31:32 | 000,000,000 | ---D | M] (Favicon Picker 2) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\ol2xg7vx.default\extensions\{446c03e0-2c35-11db-a98b-0800200c9a66} [2010.11.09 17:43:42 | 000,000,000 | ---D | M] (Gmail Notifier) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\ol2xg7vx.default\extensions\{44d0a1b4-9c90-4f86-ac92-8680b5d6549e} [2010.08.19 19:40:01 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\ol2xg7vx.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} [2008.11.28 08:40:10 | 000,000,000 | ---D | M] (Stylish [de]) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\ol2xg7vx.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}(8) [2010.03.07 20:10:15 | 000,000,000 | ---D | M] (Gmail Manager) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\ol2xg7vx.default\extensions\{582195F5-92E7-40a0-A127-DB71295901D7} [2010.02.08 21:01:34 | 000,000,000 | ---D | M] (Save Image in Folder) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\ol2xg7vx.default\extensions\{5e594888-3e8e-47da-b2c6-b0b545112f84} [2010.03.07 22:11:44 | 000,000,000 | ---D | M] (SmoothWheel (mozdev.org)) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\ol2xg7vx.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC} [2010.11.05 12:24:41 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\ol2xg7vx.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2009.12.12 17:16:43 | 000,000,000 | ---D | M] (MR Tech Toolkit) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\ol2xg7vx.default\extensions\{9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC} [2010.09.10 07:09:09 | 000,000,000 | ---D | M] (WOT) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\ol2xg7vx.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2010.08.30 07:32:17 | 000,000,000 | ---D | M] (gTranslate) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\ol2xg7vx.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17} [2010.11.06 14:07:45 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\ol2xg7vx.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.10.12 16:47:21 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\ol2xg7vx.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2010.04.02 18:06:04 | 000,000,000 | ---D | M] (Menu Editor) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\ol2xg7vx.default\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0} [2010.11.03 10:05:29 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\ol2xg7vx.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6} [2010.03.31 18:44:58 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\ol2xg7vx.default\extensions\CompactMenuCE@Merci.chao [2010.02.24 01:40:40 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\ol2xg7vx.default\extensions\de-DE@dictionaries.addons.mozilla.org [2010.11.06 14:07:41 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\ol2xg7vx.default\extensions\elemhidehelper@adblockplus.org [2010.05.09 10:06:24 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\ol2xg7vx.default\extensions\firegestures@xuldev.org [2010.03.07 18:51:05 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\ol2xg7vx.default\extensions\hidemenubar@moztw.org [2010.10.12 16:47:21 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\ol2xg7vx.default\extensions\nasanightlaunch@example.com [2010.08.04 18:46:20 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\ol2xg7vx.default\extensions\nasatabs@sonco.com [2010.11.06 14:07:44 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\ol2xg7vx.default\extensions\netvideohunter@netvideohunter.com [2010.03.06 10:21:27 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\ol2xg7vx.default\extensions\sxipper@sxip(34).com [2010.06.13 17:36:49 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\ol2xg7vx.default\extensions\sxipper@sxip.com [2010.10.12 16:47:21 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\ol2xg7vx.default\extensions\tabutils@ithinc.cn [2010.03.06 10:21:26 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\ol2xg7vx.default\extensions\yetanothersmoothscrolling@kataho(35) [2009.08.29 10:51:56 | 000,002,391 | ---- | M] () -- C:\Users\HP\AppData\Roaming\Mozilla\FireFox\Profiles\ol2xg7vx.default\searchplugins\aviary.xml [2010.01.29 21:16:42 | 000,000,541 | ---- | M] () -- C:\Users\HP\AppData\Roaming\Mozilla\FireFox\Profiles\ol2xg7vx.default\searchplugins\bing--google.xml [2010.01.29 21:14:04 | 000,002,172 | ---- | M] () -- C:\Users\HP\AppData\Roaming\Mozilla\FireFox\Profiles\ol2xg7vx.default\searchplugins\bing.xml [2010.02.11 20:31:55 | 000,004,540 | ---- | M] () -- C:\Users\HP\AppData\Roaming\Mozilla\FireFox\Profiles\ol2xg7vx.default\searchplugins\fireball.xml [2009.02.25 01:20:01 | 000,001,898 | ---- | M] () -- C:\Users\HP\AppData\Roaming\Mozilla\FireFox\Profiles\ol2xg7vx.default\searchplugins\surf-canyon.xml [2010.01.29 21:15:02 | 000,004,153 | ---- | M] () -- C:\Users\HP\AppData\Roaming\Mozilla\FireFox\Profiles\ol2xg7vx.default\searchplugins\youtube.xml [2010.06.08 17:06:34 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010.06.08 17:06:34 | 000,000,000 | ---D | M] (z) -- C:\Program Files\Mozilla Firefox\extensions\{9f089c3d-0671-1313-bb9c-dd06c4417bfd} [2010.08.02 20:20:37 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.08.02 20:20:37 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.08.02 20:20:37 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.08.02 20:20:37 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.08.02 20:20:37 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.11.03 11:26:18 | 000,424,544 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.123topsearch.com O1 - Hosts: 127.0.0.1 123topsearch.com O1 - Hosts: 127.0.0.1 www.132.com O1 - Hosts: 127.0.0.1 132.com O1 - Hosts: 127.0.0.1 www.136136.net O1 - Hosts: 127.0.0.1 136136.net O1 - Hosts: 127.0.0.1 www.163ns.com O1 - Hosts: 14633 more lines... O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Cm108Sound] File not found O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET) O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [Realtime Audio Engine] C:\Windows\System32\mmrtkrnl.exe (AlcaTech) O4 - HKCU..\Run: [NVIDIA nTune] C:\Data\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Mit Image Converter 3 übertragen - C:\Program Files\Sony\IMAGE CONVERTER 3\menu.htm () O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Data\ICQ6.5\ICQ.exe File not found O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Data\ICQ6.5\ICQ.exe File not found O13 - gopher Prefix: missing O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.185.161 83.169.185.225 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\HP\Pictures\Wallpaper\Earth Gas Giant.jpg O24 - Desktop BackupWallPaper: C:\Users\HP\Pictures\Wallpaper\Earth Gas Giant.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2005.09.11 16:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ] O33 - MountPoints2\{e1117033-d438-11dd-ba75-001b2479ef24}\Shell - "" = AutoRun O33 - MountPoints2\{e1117033-d438-11dd-ba75-001b2479ef24}\Shell\AutoRun\command - "" = H:\SETUP.EXE -- File not found O33 - MountPoints2\{e1117033-d438-11dd-ba75-001b2479ef24}\Shell\configure\command - "" = H:\SETUP.EXE -- File not found O33 - MountPoints2\{e1117033-d438-11dd-ba75-001b2479ef24}\Shell\install\command - "" = H:\SETUP.EXE -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (OODBS) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^Users^HP^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - Reg Error: Value error. File not found MsConfig - StartUpReg: BrMfcWnd - hkey= - key= - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) MsConfig - StartUpReg: ControlCenter3 - hkey= - key= - C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\HP\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) MsConfig - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company) MsConfig - StartUpReg: Malwarebytes Anti-Malware (reboot) - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found MsConfig - StartUpReg: NvMediaCenter - hkey= - key= - File not found MsConfig - StartUpReg: QPService - hkey= - key= - C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.) MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) MsConfig - StartUpReg: VirtualCloneDrive - hkey= - key= - C:\Data\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG) MsConfig - StartUpReg: WindowsWelcomeCenter - hkey= - key= - File not found MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) MsConfig - State: "startup" - 2 MsConfig - State: "services" - 2 Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation) Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation) Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codecp - File not found Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation) Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation) Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation) Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.dvsd - C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation) Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org) Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation) Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation) Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation) Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2010.11.12 12:17:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.11.12 12:17:05 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.11.12 12:06:18 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010.11.12 12:05:32 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT [2010.11.12 11:41:41 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\MFtools [2010.11.11 19:03:51 | 000,501,760 | ---- | C] (www.sw4you.de Siegfried Weckmann) -- C:\Windows\SwSetupu.exe [2010.11.10 19:53:06 | 000,000,000 | ---D | C] -- C:\Windows\TEMP [2010.11.09 19:07:40 | 000,000,000 | ---D | C] -- C:\Users\HP\Desktop\Neuer Ordner [2010.11.08 16:01:28 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch [2010.10.29 17:23:03 | 000,000,000 | ---D | C] -- C:\Users\HP\Desktop\WakeUpSound [2010.10.24 22:27:56 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2010.10.20 16:10:35 | 000,000,000 | ---D | C] -- C:\Users\HP\Desktop\Garten ========== Files - Modified Within 30 Days ========== [2010.11.12 13:05:55 | 000,000,432 | ---- | M] () -- C:\Windows\tasks\1-Click Maintenance.job [2010.11.12 13:05:53 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.11.12 13:05:53 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.11.12 13:05:52 | 000,138,074 | ---- | M] () -- C:\ProgramData\nvModes.001 [2010.11.12 13:05:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.11.12 13:05:35 | 225,789,962 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010.11.12 12:34:22 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.11.12 12:33:41 | 000,000,020 | ---- | M] () -- C:\Users\HP\defogger_reenable [2010.11.12 12:32:07 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1627852074-908911158-2618229892-1000UA.job [2010.11.12 12:22:55 | 000,043,008 | ---- | M] () -- C:\Users\HP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.11.12 12:17:11 | 000,000,778 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.11.12 12:15:42 | 000,288,107 | ---- | M] () -- C:\Users\HP\Desktop\Gmer.zip [2010.11.12 12:15:42 | 000,050,477 | ---- | M] () -- C:\Users\HP\Desktop\defogger.exe [2010.11.12 12:07:38 | 000,694,054 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.11.12 12:07:38 | 000,657,616 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.11.12 12:07:38 | 000,150,662 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.11.12 12:07:38 | 000,124,780 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.11.12 12:05:32 | 000,000,693 | ---- | M] () -- C:\Users\HP\Desktop\NTREGOPT.lnk [2010.11.12 12:05:32 | 000,000,674 | ---- | M] () -- C:\Users\HP\Desktop\ERUNT.lnk [2010.11.12 11:32:04 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1627852074-908911158-2618229892-1000Core.job [2010.11.12 11:00:52 | 000,471,642 | ---- | M] () -- C:\Users\HP\Desktop\Load.exe [2010.11.12 10:51:31 | 000,066,296 | ---- | M] () -- C:\Users\HP\Desktop\DirectPCV2.jpg [2010.11.12 09:42:28 | 000,017,055 | ---- | M] () -- C:\Users\HP\Desktop\DirectPCV1.jpg [2010.11.12 09:29:37 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1627852074-908911158-2618229892-1000.job [2010.11.11 21:57:59 | 000,000,412 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B740FC0F-03EC-4652-A1D3-6A160FC1FFD7}.job [2010.11.11 18:55:01 | 000,470,784 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.11.08 17:31:58 | 000,000,188 | ---- | M] () -- C:\Users\HP\Desktop\L A C I E (G) - Verknüpfung (2).lnk [2010.11.08 10:32:38 | 000,296,448 | ---- | M] () -- C:\Users\HP\Desktop\gmer.exe [2010.11.03 11:26:18 | 000,424,544 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts [2010.10.29 10:59:35 | 001,928,476 | ---- | M] () -- C:\Users\HP\Desktop\Nathan TV Bank.jpg [2010.10.24 12:27:33 | 000,008,865 | -HS- | M] () -- C:\Users\HP\Desktop\Folder.jpg [2010.10.24 12:27:33 | 000,002,402 | -HS- | M] () -- C:\Users\HP\Desktop\AlbumArtSmall.jpg ========== Files Created - No Company Name ========== [2010.11.12 12:48:33 | 225,789,962 | ---- | C] () -- C:\Windows\MEMORY.DMP [2010.11.12 12:40:19 | 000,296,448 | ---- | C] () -- C:\Users\HP\Desktop\gmer.exe [2010.11.12 12:33:25 | 000,000,020 | ---- | C] () -- C:\Users\HP\defogger_reenable [2010.11.12 12:17:11 | 000,000,778 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.11.12 12:05:32 | 000,000,693 | ---- | C] () -- C:\Users\HP\Desktop\NTREGOPT.lnk [2010.11.12 12:05:32 | 000,000,674 | ---- | C] () -- C:\Users\HP\Desktop\ERUNT.lnk [2010.11.12 11:41:50 | 000,050,477 | ---- | C] () -- C:\Users\HP\Desktop\defogger.exe [2010.11.12 11:41:48 | 000,288,107 | ---- | C] () -- C:\Users\HP\Desktop\Gmer.zip [2010.11.12 11:00:44 | 000,471,642 | ---- | C] () -- C:\Users\HP\Desktop\Load.exe [2010.11.12 09:42:28 | 000,017,055 | ---- | C] () -- C:\Users\HP\Desktop\DirectPCV1.jpg [2010.11.12 09:35:55 | 000,066,296 | ---- | C] () -- C:\Users\HP\Desktop\DirectPCV2.jpg [2010.11.08 17:31:58 | 000,000,188 | ---- | C] () -- C:\Users\HP\Desktop\L A C I E (G) - Verknüpfung (2).lnk [2010.10.29 10:59:31 | 001,928,476 | ---- | C] () -- C:\Users\HP\Desktop\Nathan TV Bank.jpg [2010.10.22 20:35:01 | 000,008,865 | -HS- | C] () -- C:\Users\HP\Desktop\Folder.jpg [2010.04.28 11:08:05 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI [2010.04.02 16:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2010.03.24 15:42:21 | 000,000,000 | ---- | C] () -- C:\Users\HP\AppData\Local\FnF4.txt [2010.03.17 17:12:57 | 000,010,624 | ---- | C] () -- C:\Windows\System32\drivers\archlp.sys [2010.03.16 18:13:08 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2010.03.14 18:25:07 | 000,000,000 | ---- | C] () -- C:\Windows\Channel Editor 3.1.INI [2010.03.08 02:53:38 | 000,000,266 | ---- | C] () -- C:\Windows\SettingsEditor + UpdateTool HD V2.11.INI [2010.03.05 10:53:38 | 000,000,000 | ---- | C] () -- C:\Windows\new_db_app_17.INI [2010.03.05 10:51:04 | 000,000,000 | ---- | C] () -- C:\Windows\Cheditor_HD_ver1.6.INI [2009.12.16 14:57:00 | 000,000,760 | ---- | C] () -- C:\Users\HP\AppData\Roaming\setup_ldm.iss [2009.11.02 00:01:06 | 000,012,800 | ---- | C] () -- C:\Windows\System32\DeskHack.dll [2009.10.23 23:48:27 | 000,000,000 | ---- | C] () -- C:\Windows\galaxy.ini [2009.10.13 19:52:17 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.10.13 19:43:02 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009.10.13 00:01:18 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [2009.09.02 19:21:42 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009.08.19 22:59:44 | 000,045,056 | ---- | C] () -- C:\Windows\System32\CM108rm.dll [2009.08.19 22:59:44 | 000,000,161 | ---- | C] () -- C:\Windows\Cm108.ini.cfl [2009.08.19 22:59:05 | 000,065,536 | ---- | C] () -- C:\Windows\System32\CmiInstallResAll.dll [2009.08.19 22:59:05 | 000,004,143 | ---- | C] () -- C:\Windows\Cm108.ini.cfg [2009.08.19 22:59:05 | 000,000,694 | ---- | C] () -- C:\Windows\Cm108.ini.imi [2009.08.19 22:59:04 | 000,106,496 | ---- | C] () -- C:\Windows\VMix.dll [2009.08.19 22:59:04 | 000,005,197 | ---- | C] () -- C:\Windows\cm108.ini [2009.08.04 10:29:03 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI [2009.01.24 21:39:08 | 000,000,038 | ---- | C] () -- C:\Users\HP\AppData\Local\Index_4E29823E.dat [2009.01.24 20:31:27 | 000,000,952 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys [2009.01.24 17:02:26 | 000,002,181 | ---- | C] () -- C:\Windows\Helicon Debug Window.ini [2009.01.07 18:27:35 | 000,000,194 | ---- | C] () -- C:\Users\HP\AppData\Roaming\default.rss [2009.01.01 23:40:42 | 000,138,074 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.01.01 23:40:42 | 000,138,074 | ---- | C] () -- C:\ProgramData\nvModes.001 [2008.12.27 06:04:27 | 000,010,752 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll [2008.12.27 03:52:05 | 000,000,000 | ---- | C] () -- C:\Windows\oodcnt.INI [2008.12.19 16:43:33 | 000,065,738 | ---- | C] () -- C:\Users\HP\AppData\Roaming\nvModes.001 [2008.12.19 16:43:30 | 000,065,738 | ---- | C] () -- C:\Users\HP\AppData\Roaming\nvModes.dat [2008.12.16 09:56:27 | 000,000,196 | ---- | C] () -- C:\Windows\ulead32.ini [2008.12.15 22:45:14 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2008.12.15 22:45:14 | 000,000,088 | RHS- | C] () -- C:\ProgramData\2ECB35277A.sys [2008.11.26 11:23:29 | 000,000,155 | ---- | C] () -- C:\Windows\DesktopSchneeFree.ini [2008.11.06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.10.29 00:20:56 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.07.02 00:37:34 | 000,000,000 | ---- | C] () -- C:\Users\HP\AppData\Roaming\wklnhst.dat [2008.06.25 00:14:33 | 000,532,480 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Sony.dll [2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.06.11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.06.11 09:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.06.11 09:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.06.11 09:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008.06.05 08:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.05.02 08:42:34 | 000,000,680 | ---- | C] () -- C:\Users\HP\AppData\Local\d3d9caps.dat [2008.04.17 08:34:39 | 000,043,008 | ---- | C] () -- C:\Users\HP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.04.12 20:30:38 | 000,000,320 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2008.04.12 13:16:48 | 000,000,000 | ---- | C] () -- C:\Users\HP\AppData\Local\QSwitch.txt [2008.04.12 13:16:48 | 000,000,000 | ---- | C] () -- C:\Users\HP\AppData\Local\DSwitch.txt [2008.04.12 13:16:48 | 000,000,000 | ---- | C] () -- C:\Users\HP\AppData\Local\AtStart.txt [2007.03.12 11:01:30 | 000,217,088 | ---- | C] () -- C:\Windows\NVGfxOgl.dll [2007.02.27 21:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini [2006.12.14 07:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll [2006.12.14 07:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.03.10 01:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2005.09.11 20:08:36 | 000,548,352 | ---- | C] () -- C:\Windows\System32\imgdecoder.dll [2005.05.07 13:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2004.10.07 12:50:50 | 000,072,704 | ---- | C] () -- C:\Windows\System32\zlibwapi.dll [2002.03.17 01:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000011.DLL [2001.09.13 19:25:00 | 000,005,120 | ---- | C] () -- C:\Windows\System32\geOTraySpy.dll ========== LOP Check ========== [2010.11.12 13:05:55 | 000,000,432 | ---- | M] () -- C:\Windows\Tasks\1-Click Maintenance.job [2010.11.12 12:34:25 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.11.11 21:57:59 | 000,000,412 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{B740FC0F-03EC-4652-A1D3-6A160FC1FFD7}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2009.04.11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr [2006.09.18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys [2008.10.02 21:34:23 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2008.10.02 21:34:23 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2010.11.12 13:05:35 | 2460,205,056 | -HS- | M] () -- C:\pagefile.sys [2008.04.12 21:02:18 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm [2008.04.12 21:02:18 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm [2009.10.14 12:28:53 | 000,000,909 | ---- | M] () -- C:\updatedatfix.log < %systemroot%\system32\*.wt > < %systemroot%\system32\*.ruy > < %systemroot%\Fonts\*.com > [2006.11.02 13:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont [2006.11.02 13:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont [2006.11.02 13:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont [2009.10.13 20:05:24 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont < %systemroot%\Fonts\*.dll > < %systemroot%\Fonts\*.ini > [2006.09.18 22:37:34 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini < %systemroot%\Fonts\*.ini2 > < %systemroot%\system32\spool\prtprocs\w32x86\*.* > [2006.11.02 10:46:03 | 000,070,144 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNBPP3.DLL [2006.11.02 13:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll [2006.10.27 03:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll < %systemroot%\REPAIR\*.bak1 > < %systemroot%\REPAIR\*.ini > < %systemroot%\system32\*.jpg > < %systemroot%\*.scr > < %systemroot%\*._sy > < %APPDATA%\Adobe\Update\*.* > < %ALLUSERSPROFILE%\Favorites\*.* > < %APPDATA%\Microsoft\*.* > < %PROGRAMFILES%\*.* > [2008.11.27 19:58:35 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini < %APPDATA%\Update\*.* > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.04.11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll [2009.04.11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\System32\config\*.sav > [2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\user32.dll /md5 > [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll < %systemroot%\system32\ws2_32.dll /md5 > [2008.01.19 08:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll < %systemroot%\system32\ws2help.dll /md5 > [2006.11.02 10:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll < MD5 for: EXPLORER.EXE > [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2008.04.26 02:27:27 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe [2008.04.26 02:27:25 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe [2008.01.19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: WININIT.EXE > [2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-11-11 23:42:01 < End of report > OTL-Extra:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 12.11.2010 13:19:55 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Public\Desktop\MFtools
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 59,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,76 Gb Total Space | 24,02 Gb Free Space | 16,83% Space Free | Partition Type: NTFS
Drive D: | 6,29 Gb Total Space | 1,12 Gb Free Space | 17,80% Space Free | Partition Type: NTFS
Computer Name: HP-PC | User Name: HP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mp3tag] -- "C:\Data\DivX\Mp3tag\Mp3tag.exe" "/fp:%1" (Florian Heidenreich)
Directory [OpenNew] -- cmd.exe /k cd %1 (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- Reg Error: Key error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"mW[íµˆÖ¾`=µú¾˜v%S8’ÿÙêé>grl>*Ý\†Ð=ŸàÛ±Þ" =
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{046BA6D2-C0C4-4764-AC72-9916E611D8F7}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{0AA425B5-CF62-44EE-92C3-2E74E29C8258}" = lport=rpc | protocol=6 | dir=in | svc=ktmrm | app=c:\windows\system32\svchost.exe |
"{0F6091DB-F7F2-44E4-90C3-02E88880D298}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\p2phost.exe |
"{18ED6843-D6D7-420E-887C-671F1C03F96C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{1BA3C470-A52E-4D4F-9882-2C846D4AC4D8}" = lport=5357 | protocol=6 | dir=in | app=system |
"{2732E3AA-867E-4A77-A727-5697648138FD}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{284C94FD-BA73-42CD-A180-57E308835DF2}" = lport=6649 | protocol=17 | dir=in | name=udp emule |
"{2B04FBAB-ED80-44BD-AD82-230F66A2AB3C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{332E6BEE-0C2E-4356-B061-0802C6647B63}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{34CA7194-48FF-496B-90A4-F9F6E3E9593B}" = lport=5358 | protocol=6 | dir=in | app=system |
"{38F904AF-D95C-45D0-99B6-157232295971}" = rport=2178 | protocol=6 | dir=out | app=system |
"{3FE4B157-CC1C-42E5-B418-51251A497F80}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{43E9C5AA-22E9-47EE-89BB-79E222DD4CB8}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{53AA6A3D-80FE-41E6-A21E-0C1FBABB56F8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{5B96508A-015A-483C-8E3F-A273121D507D}" = lport=2178 | protocol=6 | dir=in | app=system |
"{5C9BDFCE-FDE2-44B5-ABEE-E19075B8688C}" = lport=1723 | protocol=6 | dir=in | app=system |
"{6676A886-7972-4701-8012-55C08873E27C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{761CD6FE-C831-4B2D-98E5-3A84D766351D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7D9DA317-75C8-45B8-BD2C-1FCD0FF19513}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7E44C975-1F76-44C6-A9C0-E79037E0730C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{7EEE7AB9-5DE7-4235-B966-289AD37B2AD9}" = lport=rpc | protocol=6 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe |
"{84CB362B-9F5B-4652-A9BF-181999C75798}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{953C9555-B934-4A4B-A1FF-6F6E720B28D1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{97A3F110-79BD-4179-BF89-D94EF1AF6C61}" = lport=59553 | protocol=6 | dir=in | name=tcp emule |
"{AADE849C-D114-4855-9C14-79995AB4EF8D}" = rport=5357 | protocol=6 | dir=out | app=system |
"{B0039986-789E-4D78-9D12-62B18AA7827E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{B824BAE7-FF5F-4C87-9CE0-9050A96040C3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{BC1D48EA-CE9F-46AD-8307-D08CCB5F98F3}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\netproj.exe |
"{BC5ADC96-093A-4660-A3AB-B58C5A7BDC5D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C15393C0-C950-4617-A217-F4A3ED880DF9}" = rport=5358 | protocol=6 | dir=out | app=system |
"{C8328147-B24D-40A7-B74A-5335367AC4C2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{CEFFF2BF-E6F6-41CB-974C-0B02C49E5DAC}" = lport=1701 | protocol=17 | dir=in | app=system |
"{D0874F20-7A91-4C19-91EE-24FF590DD644}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{D3E11691-DB40-4996-89A8-53B8CBE3B687}" = rport=1723 | protocol=6 | dir=out | app=system |
"{D8EB18A6-4C34-4FA7-8596-E9E53E768CBD}" = rport=1701 | protocol=17 | dir=out | app=system |
"{DDAB040A-F734-46EB-B436-DB7BF7174289}" = lport=3702 | protocol=17 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe |
"{E712C752-5EB8-4B22-9234-5FC82B0754B1}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\netproj.exe |
"{E9A4F65F-F6C1-417F-87C7-3AF01B88FDFA}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\p2phost.exe |
"{E9CC1CD6-E3F0-4EA6-A5AA-C7D739DB60DD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{EAC8CBE4-204C-429B-8171-28F7FC7AF925}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{F077B8E1-ED0A-4A54-9C29-AAF4E468795D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F24A426E-9113-437F-8FA0-EA1D0F6336B7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{FABC9986-55DA-4962-B3FB-2ABC17E53EC0}" = rport=3702 | protocol=17 | dir=out | svc=bits | app=c:\windows\system32\svchost.exe |
"{FAD4E0C3-92B4-4105-A44B-F0FCC36B5771}" = rport=10243 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0931E48F-19D5-4D31-AB70-1087B96B3F24}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{0B6DDC3D-BA5A-4A31-B9E2-B79134C65CAB}" = protocol=6 | dir=out | app=c:\windows\system32\p2phost.exe |
"{10A1E355-E353-4195-8BFA-4DA7EF6D1BEE}" = protocol=6 | dir=in | app=c:\windows\system32\msdtc.exe |
"{13C0D5A2-EBB3-4F19-BF83-4F0F897291E3}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{16336478-D8F2-4FC4-8B9E-5595A02764EA}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{1AF6988B-7BCB-4751-992C-3DC940FEF229}" = protocol=6 | dir=out | app=system |
"{20B7BF96-2153-4F7F-91E8-DC91BF05C43D}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{426D7F36-A79D-4C25-AF30-15EFD21628DA}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{43798DC5-65D6-4065-B250-EDDEC85D5399}" = protocol=6 | dir=out | app=c:\windows\system32\netproj.exe |
"{45129504-75AE-4EF4-9E8F-56AB0A26254B}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{45C9EFB3-F196-45D1-B27D-36B17ACB6423}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{4EDD32CA-B22E-44BF-9B3B-0536DAEE2FB6}" = protocol=6 | dir=in | app=c:\windows\system32\netproj.exe |
"{50B4B8CF-965E-46DC-A843-F7414F3E17CA}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{50B5A8F6-DC80-4AB5-B230-99797B41D4F7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5871113A-E7D0-4E9E-9576-F5F4D3DFE9A8}" = protocol=6 | dir=in | svc=msiscsi | app=c:\windows\system32\svchost.exe |
"{58F114AF-AB66-41C2-9172-A0814D74D5BA}" = protocol=6 | dir=out | app=c:\windows\system32\msdtc.exe |
"{5C786B3C-B3E7-4934-80BD-C085E2DA96E0}" = protocol=6 | dir=out | svc=msiscsi | app=c:\windows\system32\svchost.exe |
"{5E575797-40C6-4191-A497-8A6DE6350B2F}" = protocol=17 | dir=in | app=c:\data\emule\emule.exe |
"{6238767D-679F-4F37-B572-CC3E7C0B5CA7}" = protocol=6 | dir=out | app=system |
"{66F55A84-3B0B-49CC-996B-6BA3249BD98A}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{76E8B8E5-4330-43C4-9275-ABBE9D1972A1}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{817841D5-5394-4C59-A851-7A70EA7940FD}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{870695B6-1AEF-47F0-9281-6E85344A812F}" = protocol=6 | dir=in | app=c:\windows\system32\plasrv.exe |
"{893A8DE8-053A-498E-802C-A2530523AC4E}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{8A5ECD2A-72B9-4A88-AD19-CA26E8537D75}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{96BE35D5-0E9F-4D01-952C-D1DD15B3BF3C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A0E3E205-FFBD-4A27-92E2-B190667CADB2}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{A4677D01-B480-4192-BA68-2A0908F8B159}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{AA75F5DF-A1CA-465E-BB9D-A33C49D9FDC8}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{BC92F97A-D5E7-4B49-AE3F-B297C1DB0B6D}" = protocol=6 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{BF177D75-D879-43C0-A6AB-D99F932F9CE0}" = protocol=6 | dir=in | app=c:\data\emule\emule.exe |
"{C3750147-F128-44C4-9C48-ED0DAF129B6F}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{C66BB7E5-8F90-475A-979F-AB7C99BF067F}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{C8E271E1-3630-42F3-A333-2109A8F1DC78}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{CFA14975-10B7-4A54-9BF3-FA0041507A32}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{D7C2090E-D2A8-4EC2-8FAE-477AF97AF5BA}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{E5201261-C314-48A1-9B9E-688564875E48}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{FF77150C-CB6D-4B57-9549-C97243FE1D6D}" = protocol=6 | dir=in | app=c:\windows\system32\p2phost.exe |
"TCP Query User{0E5D7DFC-D81F-4C50-A9DA-93DDCDEE5DF7}C:\data\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\data\vlc\vlc.exe |
"TCP Query User{14953F9C-CFE7-4B3E-AD14-380ED611DE12}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{1A77AF62-3BE3-4534-AD06-E4A25DACC41B}C:\users\hp\desktop\storage\emule0.48a-stullemule_v5.3-bin\emule.exe" = protocol=6 | dir=in | app=c:\users\hp\desktop\storage\emule0.48a-stullemule_v5.3-bin\emule.exe |
"TCP Query User{1B8D2138-0AEB-48AB-9526-A4872563FD37}C:\program files\nero\nero 7\nero showtime\showtime.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero 7\nero showtime\showtime.exe |
"TCP Query User{1B9BD2DC-75CE-4D98-B2F9-9F984A85A083}C:\alien arena 7_32\crx.exe" = protocol=6 | dir=in | app=c:\alien arena 7_32\crx.exe |
"TCP Query User{26259421-1192-4AF5-9AB4-A801F929F730}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{47A90FCB-56DA-4406-8BEE-E26B2B97D89C}C:\data\hl.exe" = protocol=6 | dir=in | app=c:\data\hl.exe |
"TCP Query User{4FA61CF7-8FEA-488D-9BFD-166C40DC2A62}C:\users\hp\desktop\ablage\emule0.48a-stullemule_v5.3-bin\emule.exe" = protocol=6 | dir=in | app=c:\users\hp\desktop\ablage\emule0.48a-stullemule_v5.3-bin\emule.exe |
"TCP Query User{62B66E51-8030-4D31-9E1F-9EC17B1E3ED1}C:\users\hp\desktop\ablage\emule0.48a-stullemule_v5.3-bin\emule.exe" = protocol=6 | dir=in | app=c:\users\hp\desktop\ablage\emule0.48a-stullemule_v5.3-bin\emule.exe |
"TCP Query User{6EFE1804-854E-4904-913D-0EEE66A23F14}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{70490A01-F387-4F4B-A79B-BEC26FF4B31D}C:\program files\microsoft games\halo\halo.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\halo\halo.exe |
"TCP Query User{8846CFCC-EC42-40B8-8C41-54D1D192AD01}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{884EA3EE-F75A-42CE-B24B-ADA9D1ACD142}C:\data\veohtv\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\data\veohtv\veoh\veohclient.exe |
"TCP Query User{968213FC-1139-419C-9F38-9A60B86A2F54}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{9C91A4CE-DF33-41BC-AE4D-602BE2DAAD10}C:\program files\microsoft games\halo\halo.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\halo\halo.exe |
"TCP Query User{C7091F5F-C457-4269-BA9F-7710B55B54A3}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{EAAAFF30-C329-4079-B05A-8B7DD41FFA8F}C:\users\hp\desktop\emule0.48a-stullemule_v5.3-bin\emule.exe" = protocol=6 | dir=in | app=c:\users\hp\desktop\emule0.48a-stullemule_v5.3-bin\emule.exe |
"TCP Query User{F0F3E517-A4C5-4538-9611-15A495A62CB0}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{05F6B163-3DC4-476C-97DA-D8FBC6941B6F}C:\program files\nero\nero 7\nero showtime\showtime.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero 7\nero showtime\showtime.exe |
"UDP Query User{0802A55A-7287-4043-B971-16581A1E8857}C:\users\hp\desktop\ablage\emule0.48a-stullemule_v5.3-bin\emule.exe" = protocol=17 | dir=in | app=c:\users\hp\desktop\ablage\emule0.48a-stullemule_v5.3-bin\emule.exe |
"UDP Query User{09B1A52E-D626-47D4-AAC5-2A3082559B5B}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{12488953-05DE-4AD2-95CD-456D10186C4C}C:\data\veohtv\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\data\veohtv\veoh\veohclient.exe |
"UDP Query User{19F60805-CA3C-4D6C-BB32-D2689DED9A15}C:\data\hl.exe" = protocol=17 | dir=in | app=c:\data\hl.exe |
"UDP Query User{347D47F5-733F-47DB-8A1F-55AA96DCDC57}C:\data\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\data\vlc\vlc.exe |
"UDP Query User{3FD66CF2-54D3-460F-BE0C-BC8456835E2A}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{4926AAF4-6890-43BE-88FF-9DB634502FB8}C:\program files\microsoft games\halo\halo.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\halo\halo.exe |
"UDP Query User{652094BC-A8DA-465B-9477-8FEAEFEC2999}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{6FC0DA83-AFE9-475E-93F8-8B446E7655A2}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{74BA6C73-4F8A-4E88-BC76-B3DB1A13A557}C:\users\hp\desktop\storage\emule0.48a-stullemule_v5.3-bin\emule.exe" = protocol=17 | dir=in | app=c:\users\hp\desktop\storage\emule0.48a-stullemule_v5.3-bin\emule.exe |
"UDP Query User{89E88571-15F2-4EA3-8754-50AF2F61BA1E}C:\program files\microsoft games\halo\halo.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\halo\halo.exe |
"UDP Query User{AAECAF26-630F-48E3-8A92-89761A015811}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{B170054D-475B-4049-8ADC-FBF7E27416DF}C:\users\hp\desktop\emule0.48a-stullemule_v5.3-bin\emule.exe" = protocol=17 | dir=in | app=c:\users\hp\desktop\emule0.48a-stullemule_v5.3-bin\emule.exe |
"UDP Query User{CC9DAE27-AEDC-4DFC-B6E3-592DFA60C987}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{D8E4372C-1891-4532-A4FE-090C5651576B}C:\alien arena 7_32\crx.exe" = protocol=17 | dir=in | app=c:\alien arena 7_32\crx.exe |
"UDP Query User{F4E82F03-2634-4B9C-83B7-E49F4F7C6343}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{F9C52866-1929-45A1-8C7A-A675D301A372}C:\users\hp\desktop\ablage\emule0.48a-stullemule_v5.3-bin\emule.exe" = protocol=17 | dir=in | app=c:\users\hp\desktop\ablage\emule0.48a-stullemule_v5.3-bin\emule.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{194C14D5-3CB0-4977-8886-A79DFC00E820}" = MSCU for Microsoft Vista
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 19
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34341B15-CA5B-43E0-AADD-3AED44647598}" = ESU for Microsoft Vista
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 B1
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.2
"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E79AC14-1F0A-4044-B069-126EDCD2308F}" = Vista Manager
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
"{A666A477-4C02-415E-9F31-3541FC0CD6B5}" = SipdxDLL
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A7E07C2B-2220-4415-87E3-784D5814BC93}" = NVIDIA PhysX v8.09.04
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{C20B3C31-28CD-4732-AE45-A30F401AF91F}" = WALKMAN Launcher
"{C21C71CB-3E5C-401C-91D2-DEDACDB26BAF}" = ESET Smart Security
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{D83BD5E2-5AF4-49F6-B5C1-484A9760E73D}" = Brother MFL-Pro Suite
"{DA5E6A2D-DEAA-4152-A43A-FDBDE29AA724}" = DAMN NFO Viewer 2.10.0031 RC3
"{DDFD9BA2-8E26-4E49-92AE-882424DAB1BC}" = HP User Guides 0057
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{E89B484C-B913-49A0-959B-89E836001658}" = GEAR 32bit Driver Installer
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1D891A7-2BAF-4033-9A20-DBB78F86BF0C}" = Video Downloader
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"{FE013D72-CF3D-41A8-BC09-C38070FDE2CB}" = Image Converter 3
"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files
"Absolute MP3 Splitter_is1" = Absolute MP3 Splitter version 2.3.0
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Alien Outbreak 2 Invasion" = Alien Outbreak 2 Invasion 2
"CCleaner" = CCleaner (remove only)
"C-Media CM108 Like Sound Driver" = USB7.1 AUDIO
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"eMule_is1" = stullemuleemuleversion
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"Halo" = Microsoft Halo
"HD Pack" = HD Pack 1.7
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"melon" = melon 3.05
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MixMeister BPM Analyzer_is1" = MixMeister BPM Analyzer 1.0
"mmfsetup_is1" = MixMeister Fusion 7.3.5
"mmssetup_is1" = MixMeister Studio Demo 7.4.4
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Mp3tag" = Mp3tag v2.44
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"Revo Uninstaller" = Revo Uninstaller 1.90
"SmartAudio" = SmartAudio
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"tdxkrxvywejegwk" = Tagging System Revenuebuster
"Video mp3 Extractor_is1" = Video mp3 Extractor
"VirtualCloneDrive" = VirtualCloneDrive
"What's Running_is1" = What's Running 2.2
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"xp-AntiSpy" = xp-AntiSpy 3.97-2
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 03.06.2009 14:45:12 | Computer Name = HP-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 03.06.2009 14:45:12 | Computer Name = HP-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 03.06.2009 14:45:12 | Computer Name = HP-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 03.06.2009 14:45:12 | Computer Name = HP-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 03.06.2009 14:45:13 | Computer Name = HP-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 03.06.2009 14:45:18 | Computer Name = HP-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 03.06.2009 14:45:19 | Computer Name = HP-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 03.06.2009 14:45:32 | Computer Name = HP-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 04.06.2009 04:14:17 | Computer Name = HP-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 04.06.2009 04:30:40 | Computer Name = HP-PC | Source = Google Update | ID = 20
Description =
[ Media Center Events ]
Error - 27.02.2009 16:01:34 | Computer Name = HP-PC | Source = MCX2Filter | ID = 602
Description =
Error - 27.02.2009 16:01:34 | Computer Name = HP-PC | Source = MCX2Filter | ID = 602
Description =
Error - 27.02.2009 16:01:35 | Computer Name = HP-PC | Source = MCX2Filter | ID = 602
Description =
Error - 27.02.2009 16:01:35 | Computer Name = HP-PC | Source = MCX2Filter | ID = 602
Description =
Error - 27.02.2009 16:01:35 | Computer Name = HP-PC | Source = MCX2Filter | ID = 602
Description =
Error - 27.02.2009 16:01:35 | Computer Name = HP-PC | Source = MCX2Filter | ID = 602
Description =
Error - 27.02.2009 16:01:35 | Computer Name = HP-PC | Source = MCX2Filter | ID = 602
Description =
Error - 27.02.2009 16:01:35 | Computer Name = HP-PC | Source = MCX2Filter | ID = 602
Description =
Error - 27.02.2009 16:01:35 | Computer Name = HP-PC | Source = MCX2Filter | ID = 602
Description =
Error - 27.02.2009 16:01:35 | Computer Name = HP-PC | Source = MCX2Filter | ID = 602
Description =
[ System Events ]
Error - 12.11.2010 07:58:51 | Computer Name = HP-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 12.11.2010 07:58:51 | Computer Name = HP-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 12.11.2010 08:00:28 | Computer Name = HP-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 12.11.2010 08:00:28 | Computer Name = HP-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 12.11.2010 08:05:40 | Computer Name = HP-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 12.11.2010 um 13:04:06 unerwartet heruntergefahren.
Error - 12.11.2010 08:06:08 | Computer Name = HP-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 12.11.2010 08:06:08 | Computer Name = HP-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 12.11.2010 08:06:08 | Computer Name = HP-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 12.11.2010 08:07:33 | Computer Name = HP-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 12.11.2010 08:07:33 | Computer Name = HP-PC | Source = Service Control Manager | ID = 7001
Description =
< End of report >
|
|
12.11.2010, 14:56
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Problem im Firefox mit "DirectCPV/LoudMo"-Werbung > Layer Ad ?Zitat:
 Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden, bitte auch davon alle posten!
__________________ |
|
12.11.2010, 16:58
| #3 |
| | Problem im Firefox mit "DirectCPV/LoudMo"-Werbung > Layer Ad ? Ergebnis des Vollscan mit AntiMalwareBytes:
__________________ältere Log´s habe ich leider nicht mehr... Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 5099 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18975 12.11.2010 16:55:33 mbam-log-2010-11-12 (16-55-33).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 316310 Laufzeit: 1 Stunde(n), 46 Minute(n), 46 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
12.11.2010, 17:18
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Problem im Firefox mit "DirectCPV/LoudMo"-Werbung > Layer Ad ? Wirklich keine Funde bei MBAM? Oder postest du nur die Logs ohne Funde? 
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
12.11.2010, 17:36
| #5 |
| | Problem im Firefox mit "DirectCPV/LoudMo"-Werbung > Layer Ad ? Die eben gepostete ist die aktuelle Log-Datei von vor einer Stunde... alle älteren habe ich leider gelöscht. Hatte heute morgen etwas gefunden und gelöscht, glaube aber nicht dass es sich um den betreffenden DirctCPV/LoudMou handelt. Habe ein Screenshot der Qurantäne von AMWB angehängt... vielleicht hilft der weiter !? |
|
12.11.2010, 18:35
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Problem im Firefox mit "DirectCPV/LoudMo"-Werbung > Layer Ad ? Wieso löscht du denn sowas?  Das grenzt ja shon fast an Spurenvernichtung um uns das Helfen noch schwieriger zu machen! Schau mal in den Reiter Logdateien nach, hoffentlich sind da noch alle Logs.
__________________ --> Problem im Firefox mit "DirectCPV/LoudMo"-Werbung > Layer Ad ? |
|
12.11.2010, 20:06
| #7 |
| | Problem im Firefox mit "DirectCPV/LoudMo"-Werbung > Layer Ad ? sorry, sind alle weg... (siehe angehängtes PNG) ...wusste nicht dass alte Logs gebraucht werden... war in jedem Fall keine Absicht !! ...ist euch denn evtl. >>LoudMou<< bekannt ? hat der "AdwareAdRotator" vielleicht was damit zu tun ? ...hm... bis jetzt hab ich beim surfen Ruhe... aber das muss nichts heißen, war schon öfter dass ich dachte... aber dann nervt er wieder... |
|
12.11.2010, 20:07
| #8 |
| | Problem im Firefox mit "DirectCPV/LoudMo"-Werbung > Layer Ad ? ...hab noch 2 png`s angehängt... von dem nervigen Werbeteil... eins von meinem FF und eines anderen User aus dem Netz... |
|
14.11.2010, 08:01
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Problem im Firefox mit "DirectCPV/LoudMo"-Werbung > Layer Ad ? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.11.2010, 18:36
| #10 |
| | Problem im Firefox mit "DirectCPV/LoudMo"-Werbung > Layer Ad ? ...habe Combofix heruntergeladen, jedoch nicht als .exe gespeichert weil ich nur einen "Speichern"-Button habe und dann läd´die Datei schon herunter. CCCleaner ausgeführt... alle Fenster und Programme einschließlich EsEt Security geschlossen... Combofix als Administrator ausgeführt... Gewährleistungsfrage mit ja beantwortet... dann erschien das blaue Fenster mit dem blinkenden Strich und dann passierte gar nichts mehr... habe es 1 Stunde ohne Störung laufen lassen... Combofix ließ sich nicht beenden und der PC ließ sich nicht herunterfahren, nur über die Off-Taste beenden... Dann 2ter Versuch.... blaues Fenster >> 5 h in Ruhe laufen lassen >> genau das gleiche wie beim ersten Versuch... versteh nicht was ich falsch gemacht haben könnte !? >> mein beschriebenes Problem mit der Werbung im Firefox besteht nach wie vor und nervt........ hm... was soll ich machen !? |
|
15.11.2010, 22:04
| #11 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™ | Problem im Firefox mit "DirectCPV/LoudMo"-Werbung > Layer Ad ?Zitat:
Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.11.2010, 14:10
| #12 | |
| | Problem im Firefox mit "DirectCPV/LoudMo"-Werbung > Layer Ad ?Zitat:
|
|
16.11.2010, 14:43
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Problem im Firefox mit "DirectCPV/LoudMo"-Werbung > Layer Ad ? Das .exe wird nur nicht angezeigt! Mach aus combofix einfach ein cofi!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.11.2010, 14:50
| #14 |
| | Problem im Firefox mit "DirectCPV/LoudMo"-Werbung > Layer Ad ? ok... hat funktioniert... schäm... probiers aus und meld mich dann wieder |
|
28.12.2010, 11:08
| #15 |
| | Problem im Firefox mit "DirectCPV/LoudMo"-Werbung > Layer Ad ? Hallo... sorry, hatte wenig Zeit... leider komme ich auch mit der cofi.exe nicht weiter... es erscheint das blaue Fenster mit dem blinkenden Strich und dann passiert nichts mehr... habe es Stunden laufen lassen.... der PC hängt sich dann jedes mal auf, lässt sich nicht mal mehr herunterfahren... das Problem mit den lästigen Werbefenstern besteht nach wie vor !? Greets |
|
| Themen zu Problem im Firefox mit "DirectCPV/LoudMo"-Werbung > Layer Ad ? |
| 32 bit, bho, bitte um hilfe, bluescreen, canon, converter, corp./icp, desktop, egui.exe, error, eset smart security, excel, fehlermeldung, firefox, firefox.exe, flash player, hilfreich, home, home premium, install.exe, load.exe, location, logfile, media center, microsoft office word, minidump, monitor, mozilla thunderbird, mp3, nvlddmkm.sys, nvstor.sys, office 2007, oldtimer, otl logfile, otl-scan, plug-in, port, problem, programdata, registry, required, revo uninstaller, rundll, safer networking, saver, searchplugins, security, security update, server, shell32.dll, software, start menu, studio, svchost.exe, system, system restore, udp, vista |
Linear-Darstellung
