Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: falsche goggle-startseite

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 12.02.2011, 10:38   #1
fuchsi
 
falsche goggle-startseite - Icon32

falsche goggle-startseite



hallo liebe gemeinde,

ich habe seit einiger zeit das problem, dass ich unter w*w.google.at (meine bevorzugte startseite) eine falsche seite bekomme (w*w google.de geht bringt mir aber natülich andere ergebnisse) - mit hintergrundbild und ist einfach nicht die echte obwohl google oben steht.

ich habe avg als virenscanner (findet nichts) und habe schon mal mit Anti Maleware durgescannt - erfolglos

kann sich das bitte mal jemand ansehen? vielen dank bereits im voraus

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:37:50, on 12.02.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19019)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\Soluto\soluto.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://w*w.telekom.at/suche
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://w*w.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/su/*hxxp://de.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telekom Austria TA AG
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Program Files\Soluto\soluto.exe /userinit,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.6.22.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; OfficeLiveConnector.1.4; OfficeLivePatch.1.3; InfoPath.1)" -"hxxp://w*w.play4win.com/webcasino/connection.html"
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Alles mit BitComet herunterladen - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Alle &Filme mit BitComet herunterladen - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Free YouTube Download - C:\Users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Mit BitComet herunter&laden - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.4.6.22.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} (FixItClient Class) - https://fixit.support.microsoft.com/ActiveX/FixItClient.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264640385833
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - hxxp://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F560} (Flatcast Viewer 5.2) - hxxp://92.51.137.94/objects/NpFv522.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O20 - AppInit_DLLs: avgrsstx.dll acaptuser32.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2010 Advanced\DfsdkS.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - C:\Program Files\Soluto\SolutoService.exe
O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10763 bytes
Miniaturansicht angehängter Grafiken
falsche goggle-startseite-so-sieht-seite-.jpg  

Alt 12.02.2011, 11:14   #2
markusg
/// Malware-holic
 
falsche goggle-startseite - Standard

falsche goggle-startseite



aloa,
poste die Malwarebytes logs bitte
Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
beide posten.
__________________

__________________

Alt 12.02.2011, 15:18   #3
fuchsi
 
falsche goggle-startseite - Standard

falsche goggle-startseite



hallo,

danke markusg, dass du dich meines problems annimmst

malewarebytes log

Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3600
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865

20.01.2010 20:50:02
mbam-log-2010-01-20 (20-50-02).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 1
Laufzeit: 49 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

----------------------------------OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 12.02.2011 15:19:17 - Run 1
OTL by OldTimer - Version 3.2.20.6     Folder = C:\Users\Andreas\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1.021,00 Mb Total Physical Memory | 189,00 Mb Available Physical Memory | 18,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 53,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 71,28 Gb Total Space | 19,45 Gb Free Space | 27,29% Space Free | Partition Type: NTFS
Drive D: | 70,94 Gb Total Space | 48,47 Gb Free Space | 68,33% Space Free | Partition Type: NTFS
 
Computer Name: ACER-5610 | User Name: Andreas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1399674020-1881937264-2458645722-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Andreas\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1399674020-1881937264-2458645722-1000]
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05E00A3B-943F-4293-9C44-A9A1E6203F9E}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{1E284B58-9BE7-44C2-B8D5-167EDDC4FC6E}" = lport=8772 | protocol=6 | dir=in | name=bitcomet 8772 tcp | 
"{283E7A02-054E-44EE-8C12-887CC2A8C993}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2BD46886-3561-4691-982D-0A2D4D467FA1}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{2EB5B47B-0D0D-442A-AA3E-ECC75019C3CB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2F107A7F-D75B-4226-99B8-24590C975668}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{34453F71-E1EB-44FB-A55D-D6E90CF9F017}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{4E01F6C7-6AC6-4EFC-9562-CC59BA6AB071}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{5198721F-719B-45C5-8754-D2416ACDFDEB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{53258EF5-AC8A-4AD2-B5DF-C31A913261B7}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{5DEF7110-4F0C-4491-9D0E-C0BF8C06EF6D}" = lport=8023 | protocol=17 | dir=in | name=bitcomet 8023 udp | 
"{5EF39263-49BA-4367-970F-6C38E5B978A2}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{7E2874AB-ED98-42C7-A5C1-6DACD6BC6C26}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{82884CD8-A3EC-49BE-AC2A-E1F3B6604445}" = lport=8023 | protocol=6 | dir=in | name=bitcomet 8023 tcp | 
"{910267F4-8E94-4F1F-93FE-94D6821A68EA}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{91A19A93-04F6-45E4-8FC4-3A493C1FA958}" = lport=8023 | protocol=17 | dir=in | name=bitcomet 8023 udp | 
"{92919597-64D1-4FC2-9555-4400EEDA218A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{979A7E0A-7629-493D-A32E-8F1B51DC22E9}" = lport=8772 | protocol=17 | dir=in | name=bitcomet 8772 udp | 
"{A7006985-CC5B-4952-9FA2-2535EAF4CC1E}" = lport=22431 | protocol=6 | dir=in | name=bitcomet 22431 tcp | 
"{A8AD8530-FEE4-444A-B36B-D36525DAC33F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{B00C5D48-F8AD-495D-89FE-A2E5B6B29ABC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B44F8F96-35BB-4A59-ADB4-3367B52C96CC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D14E97EE-6637-478C-9A97-B6B11EE1DF4F}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{E61D676B-3B8D-42FF-AE99-4548BEEE265F}" = lport=8023 | protocol=6 | dir=in | name=bitcomet 8023 tcp | 
"{F26ECE18-1ED3-452C-8ED9-4C0F04DBE134}" = lport=22431 | protocol=17 | dir=in | name=bitcomet 22431 udp | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F5F2AC-D6B9-4005-B481-9C4B9A7B9FA2}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{03109A9F-58CD-46BE-B5B3-143233FD21DD}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{094EF7E8-E4BC-434D-A295-6E9B441C7A1F}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe | 
"{0B8D64D9-8F08-4735-84D4-4B1C7BED17EA}" = dir=in | app=c:\program files\avg\avg9\avgdiagex.exe | 
"{0C89DC49-CB6A-421A-BFCB-30EE77C719CF}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{16885E66-483A-4352-9F85-2F360AEE9161}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{173C4815-2356-4B90-A9CD-43E4BA47A534}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe | 
"{17D0F203-3BB5-4161-9484-1F183AA5DD9B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{182582E7-33CA-42A1-ADBB-A514C7F4A5C4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe | 
"{1CCB8487-D339-4D9D-88F8-D3F2A47746F3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1E6B9976-AB45-4874-B70B-807052BF62B9}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | 
"{1F0564C6-B3B8-4A2A-AD55-3167F6F343E5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{2451680A-88E9-4437-8161-CEB884E2E72D}" = protocol=17 | dir=in | app=c:\program files\telekom austria\breitband-internet-installation\mobile installer\aonflex.exe | 
"{25459516-EE63-4B36-B4F8-C43F327EB52B}" = protocol=6 | dir=out | app=system | 
"{2BC24538-FAD9-4F0B-8550-C6743B1DF654}" = protocol=6 | dir=in | app=c:\program files\aon\aoncontroller\aoncontroller.exe | 
"{2F9E884B-C1DF-45D1-802E-8119A8E5D2AC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{331F368C-D97E-42E6-87A5-B15CB3974125}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | 
"{39052E49-5CC9-44F4-B504-CD8002C68909}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{3CFD9355-A7AA-4739-8BAA-1004BB47100B}" = protocol=17 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleilcs.exe | 
"{47B0CD0E-5688-4084-A2CD-932EF0D67314}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4A65735B-45D5-4816-BF42-BE06FF6EEDAA}" = protocol=17 | dir=in | app=c:\program files\aon\aoncontroller\aoncontroller.exe | 
"{4E51BC7F-7947-4F1D-B6C8-8E32B09B1038}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{5E5F9A97-A985-4886-B1AB-63C36C094403}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{65F9CB04-29CC-4FEB-A567-77F9D76E2996}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{68EBB992-C0F6-4254-8960-89A8F293F430}" = protocol=17 | dir=in | app=c:\windows\temp\aonflex.exe | 
"{73D088FD-5FB8-40DC-A00E-FC14A5DB9F6F}" = protocol=6 | dir=in | app=c:\program files\aon\aoncontroller\aoncontroller.exe | 
"{7DD5D246-C423-4707-9A72-B592E1787840}" = protocol=17 | dir=in | app=c:\windows\temp\installer.exe | 
"{82EF3449-5A51-4895-BED8-5B4B463DDEF3}" = protocol=17 | dir=in | app=c:\program files\telekom austria\breitband-internet-installation\fixnet installer\installer.exe | 
"{8842593D-EF3D-4CEA-B85E-4FEA388E2136}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8E41017D-72E6-45F8-ACCD-8AB9D9ADBD70}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{91A1A778-F89B-46FE-97A3-013B5FC5218B}" = protocol=6 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleilcs.exe | 
"{949C24B8-1547-4A20-937C-ACE001FD1971}" = protocol=6 | dir=in | app=c:\windows\temp\installer.exe | 
"{949D6B85-F5C1-4102-B667-F2358BFAFAF9}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoservice.exe | 
"{970397DA-D4CF-46A6-A0E5-2F4693F2CD3F}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{9E31CA96-75B5-494D-B1AA-35964AE8DF7F}" = protocol=6 | dir=in | app=c:\windows\temp\aonflex.exe | 
"{9F3B961D-A978-4BE2-BC0F-AAB54F3E04FE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A00D9846-F8F4-4A9A-A2E7-3D046240A0C1}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoservice.exe | 
"{A22D5BC3-AC18-4C99-A935-C5C93E84D865}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A3AFD828-14F7-4EFB-A2B7-F0CCCB425923}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe | 
"{B1769FBB-FDB0-4D49-AF58-C1FAA4A0C8BC}" = dir=in | app=c:\program files\avg\avg9\avgam.exe | 
"{B2A1186B-300E-4902-AD1B-D73D8F70FFAB}" = protocol=6 | dir=in | app=c:\program files\telekom austria\breitband-internet-installation\fixnet installer\installer.exe | 
"{B7EF80C2-5729-4D77-A345-E6B79377CB81}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe | 
"{B8EA4C37-C8FF-4356-BD48-968F4AC40EC1}" = protocol=17 | dir=in | app=c:\program files\soluto\soluto.exe | 
"{C3FAAF7C-C7D7-452B-91DF-49D961AFF471}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe | 
"{C65C3E40-FE3F-4ADA-B505-8014C97A4F9E}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe | 
"{DED6106D-7DBE-46E1-A786-14470C5CF496}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E134D7A4-1F73-421D-ADC6-8CDD835A6A9A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E228B6AE-DD85-416F-A428-4F93A5D6C379}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E59A68BD-86FD-452C-80FB-F95B07C07B1C}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{E816806D-3C16-4B0C-AE2C-3FBFA5F29D85}" = protocol=17 | dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\mce deluxe suite.exe | 
"{E89D646F-F9B5-4CA4-AC11-90664DF82509}" = protocol=6 | dir=in | app=c:\program files\telekom austria\breitband-internet-installation\mobile installer\aonflex.exe | 
"{EB1E8568-65F0-450A-B936-F247615E7844}" = protocol=17 | dir=in | app=c:\program files\aon\aoncontroller\aoncontroller.exe | 
"{EC48B909-208A-4B5C-8733-13A5488A709A}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoconsole.exe | 
"{F58443D8-1535-4283-A923-BD4AA6B2D2BD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F7FC42A9-465F-4619-88D6-9EE705CCE118}" = protocol=6 | dir=in | app=c:\program files\soluto\soluto.exe | 
"{FAB0E74C-3939-4F10-9ED7-BB878A92688D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FAB21688-E9E1-4260-8D5B-4C36193883D6}" = protocol=6 | dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\mce deluxe suite.exe | 
"{FCD3FB4D-CFA5-4A76-B53E-7F5F202CE03D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{FF622334-DD79-4CB9-B5BE-C45E9803A504}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoconsole.exe | 
"TCP Query User{047FE5B8-19BF-4EE4-8911-5DFB72DC8731}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"TCP Query User{0C10DD66-7552-4E7E-9064-8D6E217BE5DA}C:\program files\shareaza\shareaza.exe" = protocol=6 | dir=in | app=c:\program files\shareaza\shareaza.exe | 
"TCP Query User{4B2D40B3-9704-4311-AB50-4E30ED2A5FD0}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | 
"TCP Query User{4E52627A-B114-4441-9A73-C2AD9366F002}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{4E814D91-C6D8-4D87-813C-EBE48527087B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{53209584-2A7A-451A-8E3D-A2F325899B59}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{65BE0A8F-4CD7-4BCD-B393-67AA79572CB8}C:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe | 
"TCP Query User{C134037E-4894-4093-9675-1BA3E4C07C27}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"TCP Query User{D1EDFA06-C4D8-4153-BC8C-91A4BCA1B56A}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | 
"TCP Query User{EA4279C7-61BD-471A-BDEB-B5438B079B91}C:\program files\emuleex\emsoft.exe" = protocol=6 | dir=in | app=c:\program files\emuleex\emsoft.exe | 
"UDP Query User{0495DA47-E7FE-4266-8FA5-95BAB7466DD9}C:\program files\emuleex\emsoft.exe" = protocol=17 | dir=in | app=c:\program files\emuleex\emsoft.exe | 
"UDP Query User{53AE5983-7BA8-4911-BEFF-B2C518E1708F}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | 
"UDP Query User{91251D3D-428F-4EB7-B5F8-0E46B2BBA69B}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{924A4AB4-B660-4173-BF39-A0888C4A7B15}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | 
"UDP Query User{968D2611-14A0-4DEF-925E-6EE6FFA4A421}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"UDP Query User{A120E007-2BF6-41A7-802D-04C9DB3C4356}C:\program files\shareaza\shareaza.exe" = protocol=17 | dir=in | app=c:\program files\shareaza\shareaza.exe | 
"UDP Query User{AB0BC7F4-92E1-47EE-B764-ABA04B44B132}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"UDP Query User{D49F8797-B5D7-418B-9DE1-2C00FD8EB3A7}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{E9ED6CB0-0B9B-4B9F-AFB5-D5F8609383BF}C:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe | 
"UDP Query User{F02D8A73-C717-4663-B6FA-E5FFE4ABC366}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0F79C1B2-36B2-4B62-8221-42721CF54638}" = Acer OrbiCam Application
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1AEC7728-1640-4E98-AABC-5EBE3FB57FE4}" = SMSC Fast Infrared Driver
"{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = Corel Graphics Suite 11
"{1DA193D3-BEC6-4FEF-89E3-D8F739216BFB}_is1" = Ashampoo Anti-Malware 1.02
"{1ED31028-6D65-4CFD-AD03-8E484A052FE7}" = aonUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23C3F5C0-566B-478B-AAB6-197ADAD0C945}" = Uniblue SpeedUpMyPC 2009
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 22
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2CF2D7F1-73A0-4D5D-85E6-A49AECF67B15}" = Windows Vista Cleaner
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel(R) PROSet/Wireless WiFi-Software
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4767A89A-F6A5-41B1-903C-734483739882}" = Highspeed-Internet-Installation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C556B5C-8EF7-47B4-AE05-FE71EEB2C25B}" = Plus Pack für Acronis True Image Home 2010
"{51E4FE53-D6B0-43A0-B98C-7DE233D53EAB}" = Farming Extreme Manager
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5980B928-1C95-4B3E-957B-B02D8147FF9E}" = Desktop SMS
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis*True*Image*Home
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B7FB3C4-E71B-478D-9E15-5AE97EAD67B8}" = aonFTP
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7b7e564b-0c70-4506-9ab6-b7a2044425ab}" = Gigaset QuickSync
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{904B64C4-49D8-4941-A2B6-D13D06C5CD8B}" = Controller
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AD976243-75CB-4A2B-809F-8C9EC4292377}" = Mobiles Internet für unterwegs
"{B0D7190D-B2DD-404E-88E6-74CC0B62054C}" = Soluto
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{BFBB91DB-9F0F-4A9C-9669-A97DA3512CF2}" = RealSpeak Solo fur Deutsch - Steffi
"{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}" = Uniblue DriverScanner 2009
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DAF4C31F-5DE8-48D4-AF5B-8D1165B548AE}" = egisReader1.0
"{DF2035BE-5820-4965-BD97-7FAF8D4A7879}" = Microsoft_VC90_CRT_x86
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe  1.4.124.1
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.01.058
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Any Video Converter_is1" = Any Video Converter 2.7.9
"aonFTP" = aonFTP
"aonUpdate" = aonUpdate
"Ashampoo WinOptimizer 2010 Advanced_is1" = Ashampoo WinOptimizer 2010 Advanced
"Autoplay Repair" = Autoplay Repair 2.2.0
"AutoRunnerX" = AutoRunnerX
"AVG9Uninstall" = AVG 9.0
"BitComet" = BitComet 1.22
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"Controller" = Controller
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"eMule" = eMule
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Studio_is1" = Free Studio version 4.8
"Free YouTube Download_is1" = Free YouTube Download 2.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"GridVista" = Acer GridVista
"Highspeed-Internet-Installation" = Highspeed-Internet-Installation
"HijackThis" = HijackThis 2.0.2
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = Corel Graphics Suite 11
"IsoBuster_is1" = IsoBuster 2.8
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mobiles Internet für unterwegs" = Mobiles Internet für unterwegs
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MPE" = MyPhoneExplorer
"NVIDIA Drivers" = NVIDIA Drivers
"PC Wizard 2010_is1" = PC Wizard 2010.1.95
"ProInst" = Intel PROSet Wireless
"RealPlayer 12.0" = RealPlayer
"Security Task Manager" = Security Task Manager 1.7h
"Shareaza_is1" = Shareaza 2.3.1.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"TeamViewer 5" = TeamViewer 5
"Trojan Remover_is1" = Trojan Remover 6.8.1
"TuneUp Utilities" = TuneUp Utilities
"Uniblue DriverScanner 2009" = Uniblue DriverScanner 2009
"Uniblue SpeedUpMyPC 2009" = Uniblue SpeedUpMyPC 2009
"Uninstall_is1" = Uninstall 1.0.0.1
"Update Service" = Update Service
"ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"XviD" = XviD MPEG-4 Codec
"Xvid_is1" = Xvid 1.1.3 final uninstall
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1399674020-1881937264-2458645722-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"OnlineFestplatte" = aon Online Festplatte (entfernen)
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
--- --- ---
----------------------------------------------------OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 12.02.2011 15:19:17 - Run 1
OTL by OldTimer - Version 3.2.20.6     Folder = C:\Users\Andreas\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1.021,00 Mb Total Physical Memory | 189,00 Mb Available Physical Memory | 18,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 53,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 71,28 Gb Total Space | 19,45 Gb Free Space | 27,29% Space Free | Partition Type: NTFS
Drive D: | 70,94 Gb Total Space | 48,47 Gb Free Space | 68,33% Space Free | Partition Type: NTFS
 
Computer Name: ACER-5610 | User Name: Andreas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Andreas\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Soluto\SolutoService.exe (Soluto)
PRC - C:\Program Files\Soluto\Soluto.exe (Soluto)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2010 Advanced\DfSdkS.exe (mst software GmbH, Germany)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Andreas\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
MOD - C:\Windows\System32\vbscript.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wbem\wmiutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wbem\wbemsvc.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wbem\wbemprox.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wbem\fastprox.dll (Microsoft Corporation)
MOD - C:\Windows\System32\rsaenh.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wbem\wbemdisp.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wbemcomn.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sxs.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (avgfws9) -- C:\Program Files\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (TuneUp.Defrag) -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (SolutoService) -- C:\Program Files\Soluto\SolutoService.exe (Soluto)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Sony Ericsson PCCompanion) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe (Avanquest Software)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AAMWService) -- C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_Service.exe ()
SRV - (afcdpsrv) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (DfSdkS) -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2010 Advanced\DfsdkS.exe (mst software GmbH, Germany)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (PCGenFAM) -- C:\Windows\system32\DRIVERS\PCGenFAM.sys (Soluto LTD.)
DRV - (AvgTdiX) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSFiltervtx) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShimvtx) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSErHrvtx) -- C:\Windows\System32\Drivers\AVGIDSvx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDrivervtx) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgRkx86) -- C:\Windows\System32\Drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgfwfd) -- C:\Windows\System32\drivers\avgfwd6x.sys (AVG Technologies CZ, s.r.o.)
DRV - (afcdp) -- C:\Windows\System32\drivers\afcdp.sys (Acronis)
DRV - (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258) -- C:\Windows\system32\DRIVERS\tdrpm258.sys (Acronis)
DRV - (timounter) -- C:\Windows\system32\DRIVERS\timntr.sys (Acronis)
DRV - (snapman) -- C:\Windows\system32\DRIVERS\snapman.sys (Acronis)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (BthAvrcp) -- C:\Windows\System32\drivers\BthAvrcp.sys (CSR, plc)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s1018mdm) -- C:\Windows\System32\drivers\s1018mdm.sys (MCCI Corporation)
DRV - (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM) -- C:\Windows\System32\drivers\s1018unic.sys (MCCI Corporation)
DRV - (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s1018mgmt.sys (MCCI Corporation)
DRV - (s1018obex) -- C:\Windows\System32\drivers\s1018obex.sys (MCCI Corporation)
DRV - (s1018bus) Sony Ericsson Device 1018 driver (WDM) -- C:\Windows\System32\drivers\s1018bus.sys (MCCI Corporation)
DRV - (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS) -- C:\Windows\System32\drivers\s1018nd5.sys (MCCI Corporation)
DRV - (s1018mdfl) -- C:\Windows\System32\drivers\s1018mdfl.sys (MCCI Corporation)
DRV - (GigasetGenericUSB) -- C:\Windows\System32\drivers\GigasetGenericUSB.sys (Siemens Home and Office Communication Devices GmbH & Co. KG)
DRV - (btnetBUs) -- C:\Windows\System32\drivers\btnetBus.sys ()
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (lv321av) Logitech USB PC Camera (VC0321) -- C:\Windows\System32\drivers\lv321av.sys (Logitech Inc.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.)
DRV - (DritekPortIO) -- C:\Program Files\Launch Manager\DPortIO.sys (Dritek System Inc.)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (ESDCR) -- C:\Windows\System32\drivers\ESD7SK.sys (ENE Technology Inc.)
DRV - (ESMCR) -- C:\Windows\System32\drivers\ESM7SK.sys (ENE Technology Inc.)
DRV - (EMSCR) -- C:\Windows\System32\drivers\EMS7SK.sys (ENE Technology Inc.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (SMSCIRDA) -- C:\Windows\System32\drivers\smscirda.sys (SMSC)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (AvgAsCln) -- C:\Windows\System32\drivers\AvgAsCln.sys (GRISOFT, s.r.o.)
DRV - (UBHelper) -- C:\Windows\System32\drivers\UBHelper.sys ()
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (SE2Eobex) -- C:\Windows\System32\drivers\SE2Eobex.sys (MCCI)
DRV - (SE2Emgmt) Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\SE2Emgmt.sys (MCCI)
DRV - (SE2Emdm) -- C:\Windows\System32\drivers\SE2Emdm.sys (MCCI)
DRV - (SE2Emdfl) -- C:\Windows\System32\drivers\SE2Emdfl.sys (MCCI)
DRV - (SE2Ebus) Sony Ericsson Device 046 Driver driver (WDM) -- C:\Windows\System32\drivers\SE2Ebus.sys (MCCI)
DRV - (se2End5) Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS) -- C:\Windows\System32\drivers\se2End5.sys (MCCI)
DRV - (se2Eunic) Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM) -- C:\Windows\System32\drivers\se2Eunic.sys (MCCI)
DRV - (LHidKe) -- C:\Windows\System32\drivers\LHidKE.Sys (Logitech, Inc.)
DRV - (LMouKE) -- C:\Windows\System32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (Ser2pl) -- C:\Windows\System32\drivers\ser2pl.sys (Prolific Technology Inc.)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1399674020-1881937264-2458645722-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = 
IE - HKU\S-1-5-21-1399674020-1881937264-2458645722-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://www.telekom.at/suche
IE - HKU\S-1-5-21-1399674020-1881937264-2458645722-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-1399674020-1881937264-2458645722-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1399674020-1881937264-2458645722-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1399674020-1881937264-2458645722-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKU\S-1-5-21-1399674020-1881937264-2458645722-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/"
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:1.0.2
FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:2.5.8.6
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.29 18:00:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.11.03 04:33:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.07.15 06:27:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.11.03 04:33:43 | 000,000,000 | ---D | M]
 
[2010.07.29 18:01:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Extensions
[2011.02.12 11:01:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\2qy1druw.default\extensions
[2010.07.29 18:19:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\2qy1druw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.11.18 19:42:47 | 000,000,000 | ---D | M] (Winload Toolbar) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\2qy1druw.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2010.09.01 15:32:49 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\2qy1druw.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.08.29 14:32:10 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\2qy1druw.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.10.16 17:34:42 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\2qy1druw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.07.30 02:17:00 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\2qy1druw.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2010.11.18 19:42:40 | 000,000,000 | ---D | M] (Mein Gutscheincode Finder) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\2qy1druw.default\extensions\finder@meingutscheincode.de
[2011.02.12 11:01:37 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\2qy1druw.default\extensions\toolbar@ask.com
[2010.02.04 16:45:40 | 000,002,254 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\2qy1druw.default\searchplugins\askcom.xml
[2010.10.20 11:41:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.08.15 09:08:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.20 11:41:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2008.01.23 07:20:30 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2010.09.15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008.02.19 01:07:20 | 001,193,952 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\Mozilla Firefox\plugins\NpFv41629.dll
[2008.09.04 08:50:59 | 001,271,760 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\Mozilla Firefox\plugins\NpFv501.dll
[2010.07.23 01:48:56 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.23 01:48:56 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.23 01:48:56 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.23 01:48:56 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.23 01:48:56 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.05.16 08:50:34 | 000,000,734 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.6.22.dll (BitComet)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-1399674020-1881937264-2458645722-1000\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O3 - HKU\S-1-5-21-1399674020-1881937264-2458645722-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1399674020-1881937264-2458645722-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-1399674020-1881937264-2458645722-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1399674020-1881937264-2458645722-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1399674020-1881937264-2458645722-1000..\RunOnce: [Shockwave Updater]  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-21-1399674020-1881937264-2458645722-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O8 - Extra context menu item: &Alles mit BitComet herunterladen - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Alle &Filme mit BitComet herunterladen - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Mit BitComet herunter&laden - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.6.22.dll (BitComet)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} https://fixit.support.microsoft.com/ActiveX/FixItClient.CAB (FixItClient Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264640385833 (WUWebControl Class)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} hxxp://www.systemrequirementslab.com/sysreqlab2.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2-windows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F560} hxxp://92.51.137.94/objects/NpFv522.dll (Flatcast Viewer 5.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) - C:\Program Files\Soluto\soluto.exe (Soluto)
O24 - Desktop WallPaper: C:\Users\Andreas\Pictures\BILD0388.JPG
O24 - Desktop BackupWallPaper: C:\Users\Andreas\Pictures\BILD0388.JPG
O30 - LSA: Authentication Packages - (C:\Windows\system32\khfFWnKC) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.12.05 03:24:29 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7cc7af08-af47-11df-a7ff-0009dd60f197}\Shell\AutoRun\command - "" = F:\SanDiskMediaManager.EXE
O33 - MountPoints2\{7cc7af09-af47-11df-a7ff-0009dd60f197}\Shell - "" = AutoRun
O33 - MountPoints2\{7cc7af09-af47-11df-a7ff-0009dd60f197}\Shell\AutoRun\command - "" = G:\Startme.exe
O33 - MountPoints2\{7fc6b006-b1c1-11df-9d9e-0016d4686c43}\Shell\AutoRun\command - "" = F:\SanDiskMediaManager.EXE
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.02.12 15:05:40 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Andreas\Desktop\OTL.exe
[2011.02.12 11:20:40 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\AskToolbar
[2011.02.12 11:01:56 | 000,114,176 | ---- | C] (CPUID) -- C:\Windows\System32\PCWizard.cpl
[2011.02.12 11:01:56 | 000,000,000 | ---D | C] -- C:\Windows\Java
[2011.02.12 11:01:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
[2011.02.12 11:01:54 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2011.02.12 11:01:37 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2011.02.12 10:56:33 | 005,262,149 | ---- | C] (CPUID                                                       ) -- C:\Users\Andreas\Desktop\pc-wizard_2010.1.95-setup.exe
[2011.02.12 10:40:25 | 000,000,000 | ---D | C] -- C:\Program Files\Feedback Tool
[2010.09.03 16:40:43 | 000,000,254 | ---- | C] () -- C:\Users\Andreas\AppData\Local\xobni_installer_updater.log
[2010.08.15 08:17:29 | 000,000,098 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010.08.03 13:18:01 | 001,456,640 | ---- | C] () -- C:\Program Files\Common Files\Falk Navi-Manager.msi
[2010.06.05 11:10:00 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.05.08 00:48:49 | 004,288,534 | -H-- | C] () -- C:\Users\Andreas\AppData\Local\IconCache.db
[2010.04.23 07:43:40 | 000,463,906 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\farm.bmp
[2010.04.23 07:38:36 | 000,011,917 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\settings.dat
[2010.04.21 10:52:42 | 000,004,096 | -H-- | C] () -- C:\Users\Andreas\AppData\Local\keyfile3.drm
[2010.02.03 17:14:04 | 000,034,308 | ---- | C] () -- C:\ProgramData\mazuki.dll
[2010.01.18 13:34:50 | 000,000,680 | ---- | C] () -- C:\Users\Andreas\AppData\Local\d3d9caps.dat
[2009.10.09 23:55:52 | 000,009,211 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009.08.09 15:32:02 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe2138.dll
[2009.08.09 12:36:12 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe1ADD.dll
[2009.03.18 20:07:19 | 000,047,962 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.03.18 20:07:19 | 000,047,962 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008.06.29 17:25:35 | 000,110,456 | ---- | C] () -- C:\ProgramData\BM2b0ac1ff.xml
[2008.06.29 17:25:35 | 000,105,393 | ---- | C] () -- C:\ProgramData\BM2b0ac1ff.txt
[2008.06.29 17:25:35 | 000,000,023 | ---- | C] () -- C:\ProgramData\pskt.ini
[2007.07.24 22:55:00 | 000,038,425 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2007.07.24 22:50:44 | 000,038,410 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\Microsoft Excel.ADR
[2007.06.09 19:21:41 | 000,029,239 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\UserTile.png
[2007.05.10 07:14:36 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2007.03.28 01:53:43 | 000,013,119 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\nvModes.001
[2007.03.28 01:53:41 | 000,013,119 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\nvModes.dat
[2007.03.28 00:09:59 | 000,031,232 | ---- | C] () -- C:\Users\Andreas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.03.27 19:20:12 | 000,129,088 | ---- | C] () -- C:\Users\Andreas\AppData\Local\GDIPFONTCACHEV1.DAT
[2006.12.05 03:31:45 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
[2006.11.02 13:50:50 | 000,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
 
========== Files - Modified Within 30 Days ==========
 
[2011.02.12 15:09:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.02.12 15:05:44 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Andreas\Desktop\OTL.exe
[2011.02.12 14:59:02 | 000,003,296 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.02.12 14:59:02 | 000,003,296 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.02.12 14:54:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.02.12 14:54:40 | 1071,767,552 | -HS- | M] () -- C:\hiberfil.sys
[2011.02.12 14:51:53 | 000,005,332 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.02.12 14:41:07 | 000,001,126 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1399674020-1881937264-2458645722-1000UA.job
[2011.02.12 14:14:28 | 071,115,338 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2011.02.12 11:28:19 | 000,015,913 | ---- | M] () -- C:\Users\Andreas\Desktop\so sieht die seite aus.jpg
[2011.02.12 11:01:58 | 000,000,884 | ---- | M] () -- C:\Users\Andreas\Desktop\PC Wizard 2010.lnk
[2011.02.12 10:57:00 | 005,262,149 | ---- | M] (CPUID                                                       ) -- C:\Users\Andreas\Desktop\pc-wizard_2010.1.95-setup.exe
[2011.02.12 10:49:07 | 000,013,119 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\nvModes.001
[2011.02.12 10:41:53 | 000,000,134 | ---- | M] () -- C:\Users\Andreas\Desktop\Internet Explorer-Problembehebung.url
[2011.02.12 10:22:40 | 000,864,256 | ---- | M] () -- C:\Users\Andreas\Desktop\Dok1.doc
[2011.02.12 07:41:01 | 000,001,074 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1399674020-1881937264-2458645722-1000Core.job
[2011.02.11 18:13:18 | 000,645,397 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavifw.avm
[2011.02.10 03:44:11 | 000,637,262 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.02.10 03:44:11 | 000,603,224 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.02.10 03:44:11 | 000,129,996 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.02.10 03:44:11 | 000,107,040 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.02.10 03:36:30 | 000,460,616 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.01.16 09:40:00 | 000,602,508 | ---- | M] () -- C:\Users\Andreas\Desktop\IMAG0030.jpg
 
========== Files Created - No Company Name ==========
 
[2011.02.12 11:28:19 | 000,015,913 | ---- | C] () -- C:\Users\Andreas\Desktop\so sieht die seite aus.jpg
[2011.02.12 11:01:58 | 000,000,884 | ---- | C] () -- C:\Users\Andreas\Desktop\PC Wizard 2010.lnk
[2011.02.12 10:41:53 | 000,000,134 | ---- | C] () -- C:\Users\Andreas\Desktop\Internet Explorer-Problembehebung.url
[2011.02.12 10:22:39 | 000,864,256 | ---- | C] () -- C:\Users\Andreas\Desktop\Dok1.doc
[2011.01.16 09:40:38 | 000,602,508 | ---- | C] () -- C:\Users\Andreas\Desktop\IMAG0030.jpg
[2010.02.05 22:14:06 | 000,000,085 | ---- | C] () -- C:\Windows\MGX.INI
[2009.06.28 18:52:08 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.03.11 22:00:18 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009.03.03 19:50:48 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2009.03.03 19:50:48 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2009.03.03 19:50:48 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2009.03.03 19:50:48 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2008.12.07 12:44:54 | 000,030,088 | ---- | C] () -- C:\Windows\System32\drivers\btnetBus.sys
[2008.07.02 07:25:29 | 000,450,542 | -HS- | C] () -- C:\Windows\System32\DeeOqBeg.ini
[2008.07.02 00:53:16 | 000,450,542 | -HS- | C] () -- C:\Windows\System32\sDJPAcfe.ini
[2008.07.01 20:12:39 | 000,451,844 | -HS- | C] () -- C:\Windows\System32\CKnWFfhk.ini
[2008.07.01 09:25:16 | 000,450,438 | -HS- | C] () -- C:\Windows\System32\EeKUFfhk.ini
[2008.07.01 01:55:56 | 000,451,035 | -HS- | C] () -- C:\Windows\System32\KkjlmUvw.ini
[2008.06.30 23:27:13 | 000,450,404 | -HS- | C] () -- C:\Windows\System32\IRCIOqss.ini
[2008.06.30 10:31:37 | 000,000,501 | ---- | C] () -- C:\Windows\wininit.ini
[2008.06.29 07:24:20 | 000,450,999 | -HS- | C] () -- C:\Windows\System32\IhghhiPo.ini
[2008.02.29 20:14:57 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008.02.29 20:14:56 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008.02.24 09:56:59 | 000,061,440 | ---- | C] () -- C:\Windows\System32\cygz.dll
[2008.02.24 09:56:59 | 000,007,196 | ---- | C] () -- C:\Windows\System32\INI_Pro_3GP_AAC.ini
[2008.02.24 09:56:59 | 000,006,490 | ---- | C] () -- C:\Windows\System32\INI_Pro_PSP.ini
[2008.02.24 09:56:59 | 000,005,028 | ---- | C] () -- C:\Windows\System32\INI_Pro_3GP2_AAC.ini
[2008.02.24 09:56:59 | 000,004,296 | ---- | C] () -- C:\Windows\System32\INI_Pro_Zune.ini
[2008.02.24 09:56:59 | 000,003,045 | ---- | C] () -- C:\Windows\System32\INI_Pro_iPod.ini
[2008.02.24 09:56:59 | 000,002,956 | ---- | C] () -- C:\Windows\System32\INI_Pro_PMP.ini
[2008.02.24 09:56:59 | 000,002,910 | ---- | C] () -- C:\Windows\System32\INI_Pro_3GP_AMR.ini
[2008.02.24 09:56:59 | 000,002,516 | ---- | C] () -- C:\Windows\System32\INI_Pro_PPC.ini
[2008.02.24 09:56:59 | 000,002,175 | ---- | C] () -- C:\Windows\System32\INI_Pro_iPhone.ini
[2008.02.24 09:56:59 | 000,001,964 | ---- | C] () -- C:\Windows\System32\INI_QT_3GPP2_QVGA_AAC.ini
[2008.02.24 09:56:59 | 000,001,964 | ---- | C] () -- C:\Windows\System32\INI_QT_3GPP2_QCIF_AAC.ini
[2008.02.24 09:56:59 | 000,001,878 | ---- | C] () -- C:\Windows\System32\INI_Pro_Xbox.ini
[2008.02.24 09:56:59 | 000,001,814 | ---- | C] () -- C:\Windows\System32\INI_QT_3GPP_QVGA_AMR.ini
[2008.02.24 09:56:59 | 000,001,814 | ---- | C] () -- C:\Windows\System32\INI_QT_3GPP_QVGA_AAC.ini
[2008.02.24 09:56:59 | 000,001,814 | ---- | C] () -- C:\Windows\System32\INI_QT_3GPP_QCIF_AMR.ini
[2008.02.24 09:56:59 | 000,001,814 | ---- | C] () -- C:\Windows\System32\INI_QT_3GPP_QCIF_AAC.ini
[2008.02.24 09:56:59 | 000,001,739 | ---- | C] () -- C:\Windows\System32\INI_Pro_AppleTV.ini
[2008.02.24 09:56:59 | 000,000,036 | ---- | C] () -- C:\Windows\System32\INI_Add_mfra.ini
[2008.02.24 09:56:52 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2008.02.24 09:56:49 | 000,598,016 | ---- | C] () -- C:\Windows\System32\viscomqtde.dll
[2007.12.28 08:22:04 | 000,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2007.05.30 11:22:08 | 000,000,028 | ---- | C] () -- C:\Windows\Jcmkr32.INI
[2007.04.28 14:58:39 | 000,000,952 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2007.04.28 09:49:00 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2007.03.27 19:32:49 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2007.03.27 19:32:49 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2007.03.27 19:31:54 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2007.03.27 19:21:10 | 000,000,037 | ---- | C] () -- C:\Windows\Acer.ini
[2007.02.06 22:57:20 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2006.12.28 01:22:29 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2006.12.05 12:27:19 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2006.12.05 10:40:19 | 000,000,101 | ---- | C] () -- C:\Windows\Alaunch.ini
[2006.12.05 10:40:08 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006.12.05 10:39:08 | 000,042,594 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2006.12.05 03:35:42 | 000,198,144 | ---- | C] () -- C:\Windows\System32\_psisdecd.dll
[2006.12.05 03:31:48 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2006.12.05 03:24:47 | 000,013,952 | ---- | C] () -- C:\Windows\System32\drivers\UBHelper.sys
[2006.12.05 03:17:47 | 000,356,352 | ---- | C] () -- C:\Windows\EMCRI.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2003.02.20 16:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2002.09.10 16:10:05 | 000,495,616 | ---- | C] () -- C:\Windows\System32\xvid.dll
[2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
 
========== LOP Check ==========
 
[2010.01.06 08:03:41 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Acronis
[2009.06.15 19:17:09 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\AD ON Multimedia
[2009.12.22 03:09:15 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Any Video Converter
[2008.06.28 23:14:03 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Application Data
[2010.07.17 23:57:10 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\BitComet
[2009.02.23 10:58:43 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\digital publishing
[2010.09.01 15:35:12 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers
[2007.06.23 00:39:27 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\gtk-2.0
[2010.01.14 21:00:54 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Image Zone Express
[2009.12.06 13:28:35 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Leadertech
[2010.01.26 14:18:07 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Morpheus Software
[2008.10.11 02:56:27 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\mquadr.at
[2010.01.26 12:23:31 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\mresreg
[2010.10.31 16:58:15 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\MyPhoneExplorer
[2009.03.05 12:52:12 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Opera
[2007.06.09 19:21:41 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\PeerNetworking
[2010.01.14 21:00:53 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Printer Info Cache
[2010.07.18 08:02:11 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Registry Booster
[2010.01.21 08:06:45 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Registry Mechanic
[2008.08.26 05:06:32 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Shareaza
[2009.03.03 19:50:43 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Simply Super Software
[2011.01.15 01:41:30 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\TeamViewer
[2008.02.29 16:24:02 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\TuneUp Software
[2010.01.23 09:24:53 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Uniblue
[2010.02.04 01:27:10 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Web Page Maker
[2009.01.21 17:11:01 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Windows Live Writer
[2011.02.12 14:51:51 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.01.06 08:03:41 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Acronis
[2009.06.15 19:17:09 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\AD ON Multimedia
[2010.08.12 23:41:14 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Adobe
[2007.05.05 21:40:17 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\AdobeUM
[2009.12.22 03:09:15 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Any Video Converter
[2010.07.20 00:45:46 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Apple Computer
[2008.06.28 23:14:03 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Application Data
[2009.12.20 11:28:53 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\AVS4YOU
[2010.07.17 23:57:10 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\BitComet
[2007.05.03 23:49:57 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Corel
[2007.07.11 06:56:27 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\CyberLink
[2009.02.23 10:58:43 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\digital publishing
[2010.09.06 01:53:25 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DivX
[2010.09.01 15:35:12 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers
[2007.06.23 00:39:27 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\gtk-2.0
[2010.01.15 19:26:21 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\HpUpdate
[2007.03.27 19:21:51 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Identities
[2010.01.14 21:00:54 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Image Zone Express
[2008.02.15 20:08:14 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\InstallShield
[2007.07.12 01:21:04 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Intel
[2009.12.06 13:28:35 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Leadertech
[2008.02.15 19:42:33 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Logitech
[2007.03.27 19:21:14 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Macromedia
[2010.01.19 07:58:45 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Malwarebytes
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Media Center Programs
[2010.11.08 14:55:30 | 000,000,000 | --SD | M] -- C:\Users\Andreas\AppData\Roaming\Microsoft
[2010.01.26 14:18:07 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Morpheus Software
[2010.07.29 18:01:37 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Mozilla
[2008.10.11 02:56:27 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\mquadr.at
[2010.01.26 12:23:31 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\mresreg
[2010.10.31 16:58:15 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\MyPhoneExplorer
[2009.03.05 12:52:12 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Opera
[2007.06.09 19:21:41 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\PeerNetworking
[2010.01.14 21:00:53 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Printer Info Cache
[2010.05.07 19:07:01 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Real
[2010.07.18 08:02:11 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Registry Booster
[2010.01.21 08:06:45 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Registry Mechanic
[2008.08.26 05:06:32 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Shareaza
[2009.03.03 19:50:43 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Simply Super Software
[2010.08.15 08:35:40 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Skype
[2010.08.15 08:27:12 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\skypePM
[2007.03.29 20:48:55 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Sun
[2008.02.09 15:47:56 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Talkback
[2011.01.15 01:41:30 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\TeamViewer
[2008.02.29 16:24:02 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\TuneUp Software
[2010.01.23 09:24:53 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Uniblue
[2010.02.04 01:27:10 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Web Page Maker
[2009.01.21 17:11:01 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Windows Live Writer
[2007.12.18 17:27:53 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Yahoo!
 
< %APPDATA%\*.exe /s >
[2007.05.08 21:29:03 | 026,598,760 | ---- | M] (Adobe Systems Inc                                           ) -- C:\Users\Andreas\AppData\Roaming\Adobe\Acrobat\7.0\Updater\Ac705PrP_efgj.exe
[2007.05.06 10:04:02 | 005,214,208 | ---- | M] (                            ) -- C:\Users\Andreas\AppData\Roaming\Adobe\Acrobat\7.0\Updater\AdbeRdr709_en_US.exe
[2008.09.11 13:46:15 | 013,505,768 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airinstaller1x0\airinstaller1x0.exe
[2007.04.09 17:13:00 | 000,025,214 | R--- | M] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Installer\{2CF2D7F1-73A0-4D5D-85E6-A49AECF67B15}\_963318B54532554E2BCCC4.exe
[2007.04.09 17:13:00 | 000,025,214 | R--- | M] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Installer\{2CF2D7F1-73A0-4D5D-85E6-A49AECF67B15}\_B4BEDDCA51A0D19F96C44A.exe
[2010.04.27 00:48:27 | 000,454,838 | R--- | M] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Installer\{51E4FE53-D6B0-43A0-B98C-7DE233D53EAB}\_79EA6093CDC1C8B67BF4A7.exe
[2010.04.27 00:48:27 | 000,454,838 | R--- | M] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Installer\{51E4FE53-D6B0-43A0-B98C-7DE233D53EAB}\_B2A5E32828760C880D7C1D.exe
[2010.05.07 18:58:44 | 000,738,824 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Andreas\AppData\Roaming\Real\RealPlayer\setup\AU_setup20100217.exe
[2010.01.21 08:35:21 | 003,175,784 | ---- | M] (Uniblue Systems Ltd                                         ) -- C:\Users\Andreas\AppData\Roaming\Uniblue\RegistryBooster 2010\_temp\ub.exe
[2010.04.21 00:55:12 | 004,004,960 | ---- | M] (Uniblue Systems Ltd                                         ) -- C:\Users\Andreas\AppData\Roaming\Uniblue\RegistryBooster\_temp\ub.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.02.15 20:20:16 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.02.15 20:20:16 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.02.15 20:20:15 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007.10.12 01:39:28 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007.10.12 01:39:28 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.04.04 08:40:21 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2007.04.04 08:40:21 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.04.11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009.04.11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
 
<  >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:8FF81EB0
@Alternate Data Stream - 185 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 16 bytes -> C:\Users\Andreas\Downloads\Documents\Shareaza Downloads:Shareaza.GUID
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:CB0AACC9
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >
         
--- --- ---
danke im voraus !
__________________

Alt 12.02.2011, 15:22   #4
markusg
/// Malware-holic
 
falsche goggle-startseite - Standard

falsche goggle-startseite



bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 12.02.2011, 18:50   #5
fuchsi
 
falsche goggle-startseite - Standard

falsche goggle-startseite



Combofix Logfile:
Code:
ATTFilter
ComboFix 11-02-11.02 - Andreas 12.02.2011  17:10:47.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.43.1031.18.1021.291 [GMT 1:00]
ausgeführt von:: c:\users\Andreas\Desktop\ComboFix.exe
AV: AVG Internet Security *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\hpe1ADD.dll
c:\programdata\hpe2138.dll
c:\programdata\mazuki.dll
c:\users\Andreas\AppData\Roaming\AD ON Multimedia
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\CKnWFfhk.ini
c:\windows\system32\DeeOqBeg.ini
c:\windows\system32\EeKUFfhk.ini
c:\windows\system32\IhghhiPo.ini
c:\windows\system32\IRCIOqss.ini
c:\windows\system32\KkjlmUvw.ini
c:\windows\system32\sDJPAcfe.ini
c:\windows\system32\system

.
(((((((((((((((((((((((   Dateien erstellt von 2011-01-12 bis 2011-02-12  ))))))))))))))))))))))))))))))
.

2011-02-12 16:23 . 2011-02-12 16:30	--------	d-----w-	c:\users\Andreas\AppData\Local\temp
2011-02-12 10:20 . 2011-02-12 10:20	--------	d-----w-	c:\users\Andreas\AppData\Local\AskToolbar
2011-02-12 10:01 . 2011-02-12 10:01	--------	d-----w-	c:\windows\Java
2011-02-12 10:01 . 2010-08-22 13:48	114176	----a-w-	c:\windows\system32\PCWizard.cpl
2011-02-12 10:01 . 2011-02-12 10:01	--------	dc----w-	c:\program files\CPUID
2011-02-12 10:01 . 2011-02-12 10:01	--------	dc----w-	c:\program files\Ask.com
2011-02-12 09:40 . 2011-02-12 09:40	--------	dc----w-	c:\program files\Feedback Tool
2011-02-09 15:01 . 2010-12-31 13:57	2039808	----a-w-	c:\windows\system32\win32k.sys
2011-02-09 14:59 . 2011-01-20 16:06	2873344	----a-w-	c:\windows\system32\mf.dll
2011-02-09 14:59 . 2011-01-20 16:08	160768	----a-w-	c:\windows\system32\d3d10_1.dll
2011-02-09 14:59 . 2011-01-20 16:08	1029120	----a-w-	c:\windows\system32\d3d10.dll
2011-02-09 14:59 . 2011-01-20 14:26	667648	----a-w-	c:\windows\system32\printfilterpipelinesvc.exe
2011-02-09 14:59 . 2011-01-20 16:08	189952	----a-w-	c:\windows\system32\d3d10core.dll
2011-02-09 14:59 . 2011-01-20 14:11	486400	----a-w-	c:\windows\system32\d3d10level9.dll
2011-02-09 14:59 . 2011-01-20 16:07	586240	----a-w-	c:\windows\system32\stobject.dll
2011-02-09 14:59 . 2011-01-20 16:04	209920	----a-w-	c:\windows\system32\mfplat.dll
2011-02-09 14:59 . 2011-01-20 16:07	37376	----a-w-	c:\windows\system32\cdd.dll
2011-02-09 14:59 . 2011-01-20 16:04	98816	----a-w-	c:\windows\system32\mfps.dll
2011-02-09 14:59 . 2011-01-20 16:07	258048	----a-w-	c:\windows\system32\winspool.drv
2011-02-09 14:59 . 2011-01-20 16:06	26112	----a-w-	c:\windows\system32\printfilterpipelineprxy.dll
2011-02-09 14:50 . 2011-01-08 06:28	292352	----a-w-	c:\windows\system32\atmfd.dll
2011-02-09 14:49 . 2011-01-08 08:47	34304	----a-w-	c:\windows\system32\atmlib.dll

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-30 06:57 . 2010-01-02 09:34	2560	----a-w-	c:\windows\_MSRSTRT.EXE
2010-12-28 15:55 . 2011-01-12 02:08	413696	----a-w-	c:\windows\system32\odbc32.dll
2010-12-20 17:09 . 2010-01-19 06:58	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-01-19 06:58	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-12-14 14:49 . 2011-01-12 02:08	1169408	----a-w-	c:\windows\system32\sdclt.exe
2009-11-17 13:01 . 2010-08-03 12:18	1456640	----a-w-	c:\program files\Common Files\Falk Navi-Manager.msi
.
Code:
ATTFilter
<pre>
c:\program files\AVG\AVG9\avgtray .exe
c:\program files\Common Files\Logitech\LComMgr\lvcomsx .exe
c:\program files\Synaptics\SynTP\syntpenh .exe
</pre>
         
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448] [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2010-02-04 15:50 1197448 -c--a-w- c:\program files\Ask.com\GenericAskToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"="start http:" [X] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) "NoFileAssociate"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\acaptuser32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat - Schnellstart.lnk] backup=c:\windows\pss\Adobe Acrobat - Schnellstart.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] 2008-06-11 21:43 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service] 2009-11-12 04:42 362032 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher] 2008-06-12 01:25 37232 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ashampoo Anti-Malware Guard] 2010-01-28 02:08 3582976 -c--a-w- c:\program files\Ashampoo\Ashampoo Anti-Malware\AAMW_Guard.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] c:\program files\Avira\AntiVir Desktop\avgnt.exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop SMS] 2007-06-18 09:51 1507328 -c--a-w- c:\program files\IDM\Desktop SMS\DesktopSMS.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ Malwarebytes Anti-Malware (reboot)] 2010-12-20 17:08 963976 -c--a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2010-12-20 17:08 443728 -c--a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ehTray.exe"=c:\windows\ehome\ehTray.exe "Mozilla Thunderbird"=c:\program files\Mozilla Thunderbird\thunderbird.exe -mail "WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup "Internet Explorer"=c:\program files\Internet Explorer\iexplore.exe "Microsoft Office Outlook"=c:\progra~1\MICROS~2\OFFICE11\OUTLOOK.EXE /recycle [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" "NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit "WarReg_PopUp"=c:\acer\WR_PopUp\WarReg_PopUp.exe "AcerOrbicamRibbon"="c:\program files\Acer\OrbiCam10\OrbiCam.exe" /hide "RtHDVCpl"=RtHDVCpl.exe "TrueImageMonitor.exe"=c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe "Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" "AutoRunnerX"=c:\program files\AutoRunnerX\arxsrv.exe /run "LManager"=c:\progra~1\LAUNCH~1\LManager.exe "NvSvc"=RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start " Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "Ashampoo Anti-Malware Guard"="c:\program files\Ashampoo\Ashampoo Anti-Malware\AAMW_Guard.exe" "Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1399674020-1881937264-2458645722-1000] "EnableNotificationsRef"=dword:00000001 R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [x] R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x] R0 mlkv;mlkv;c:\windows\System32\drivers\ulqyiecy.sys [x] R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x] R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-20 363344] R3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2010-01-06 160288] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936] R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2008-12-07 30088] R3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 2010 Advanced\DfsdkS.exe [2009-08-24 406016] R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2010-09-06 13224] R3 GigasetGenericUSB;GigasetGenericUSB;c:\windows\system32\DRIVERS\GigasetGenericUSB.sys [2009-02-20 44032] R3 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-17 135664] R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [x] R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-04-27 9216] R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 86824] R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016] R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728] R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208] R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024] R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2009-03-25 104744] R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2009-03-25 109864] R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2006-10-18 31232] R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2010-06-07 153808] R3 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-03-18 172328] R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] R4 AAMWService;Ashampoo Anti-Malware Service;c:\program files\Ashampoo\Ashampoo Anti-Malware\AAMW_Service.exe [2010-01-29 1489752] R4 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2010-01-06 2480048] R4 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 810320] S0 PCGenFAM;PCGenFAM;c:\windows\system32\DRIVERS\PCGenFAM.sys [2010-06-30 179144] S0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\DRIVERS\tdrpm258.sys [2010-01-06 911680] S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2010-06-30 336728] S3 BthAvrcp;Bluetooth-AVRCP-Profil;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-27 27488] S3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\DRIVERS\lv321av.sys [2006-11-20 847392] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-20 20952] S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480] S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Inhalt des "geplante Tasks" Ordners 2010-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-17 22:57] 2011-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-17 22:57] 2011-02-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1399674020-1881937264-2458645722-1000Core.job - c:\users\Andreas\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-27 22:57] 2011-02-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1399674020-1881937264-2458645722-1000UA.job - c:\users\Andreas\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-27 22:57] . . ------- Zusätzlicher Suchlauf ------- . uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 uStart Page = hxxp://www.google.de/ uLocal Page = mStart Page = hxxp://de.intl.acer.yahoo.com uSearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/su/*hxxp://de.yahoo.com IE: &Alles mit BitComet herunterladen - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: Alle &Filme mit BitComet herunterladen - c:\program files\BitComet\BitComet.exe/AddVideo.htm IE: An vorhandenes PDF anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Free YouTube Download - c:\users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm IE: Free YouTube to Mp3 Converter - c:\users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: Mit BitComet herunter&laden - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html DPF: {E55FD215-A32E-43FE-A777-A7E8F165F560} - hxxp://92.51.137.94/objects/NpFv522.dll FF - ProfilePath - c:\users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\2qy1druw.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/ FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: British English Dictionary: en-GB@dictionaries.addons.mozilla.org - %profile%\extensions\en-GB@dictionaries.addons.mozilla.org FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} FF - Ext: Mein Gutscheincode Finder: finder@meingutscheincode.de - %profile%\extensions\finder@meingutscheincode.de FF - Ext: Winload Toolbar: {40c3cc16-7269-4b32-9531-17f2950fb06f} - %profile%\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f} FF - user.js: network.http.max-persistent-connections-per-server - 4 . - - - - Entfernte verwaiste Registrierungseinträge - - - - SafeBoot-AVG Anti-Spyware Driver SafeBoot-AVG Anti-Spyware Guard ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2011-02-12 17:30 Windows 6.0.6002 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0016\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0017\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0018\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0019\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0020\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0021\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0022\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0023\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0024\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0025\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0026\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0027\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0028\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . ------------------------ Weitere laufende Prozesse ------------------------ . c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe c:\windows\system32\WLANExt.exe c:\windows\system32\wbem\unsecapp.exe . ************************************************************************** . Zeit der Fertigstellung: 2011-02-12 17:38:04 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2011-02-12 16:37 Vor Suchlauf: 17 Verzeichnis(se), 21.931.872.256 Bytes frei Nach Suchlauf: 23 Verzeichnis(se), 21.478.277.120 Bytes frei - - End Of File - - 7688B90AB8F7EE50CBF4BDBABF9D169D
--- --- ---


Alt 12.02.2011, 19:05   #6
markusg
/// Malware-holic
 
falsche goggle-startseite - Standard

falsche goggle-startseite



poste einen GMER log bitte
http://www.trojaner-board.de/74908-a...t-scanner.html
__________________
--> falsche goggle-startseite

Alt 12.02.2011, 19:34   #7
fuchsi
 
falsche goggle-startseite - Standard

falsche goggle-startseite



Combofix Logfile:
Code:
ATTFilter
ComboFix 11-02-11.02 - Andreas 12.02.2011  17:10:47.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.43.1031.18.1021.291 [GMT 1:00]
ausgeführt von:: c:\users\Andreas\Desktop\ComboFix.exe
AV: AVG Internet Security *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\hpe1ADD.dll
c:\programdata\hpe2138.dll
c:\programdata\mazuki.dll
c:\users\Andreas\AppData\Roaming\AD ON Multimedia
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\CKnWFfhk.ini
c:\windows\system32\DeeOqBeg.ini
c:\windows\system32\EeKUFfhk.ini
c:\windows\system32\IhghhiPo.ini
c:\windows\system32\IRCIOqss.ini
c:\windows\system32\KkjlmUvw.ini
c:\windows\system32\sDJPAcfe.ini
c:\windows\system32\system

.
(((((((((((((((((((((((   Dateien erstellt von 2011-01-12 bis 2011-02-12  ))))))))))))))))))))))))))))))
.

2011-02-12 16:23 . 2011-02-12 16:30	--------	d-----w-	c:\users\Andreas\AppData\Local\temp
2011-02-12 10:20 . 2011-02-12 10:20	--------	d-----w-	c:\users\Andreas\AppData\Local\AskToolbar
2011-02-12 10:01 . 2011-02-12 10:01	--------	d-----w-	c:\windows\Java
2011-02-12 10:01 . 2010-08-22 13:48	114176	----a-w-	c:\windows\system32\PCWizard.cpl
2011-02-12 10:01 . 2011-02-12 10:01	--------	dc----w-	c:\program files\CPUID
2011-02-12 10:01 . 2011-02-12 10:01	--------	dc----w-	c:\program files\Ask.com
2011-02-12 09:40 . 2011-02-12 09:40	--------	dc----w-	c:\program files\Feedback Tool
2011-02-09 15:01 . 2010-12-31 13:57	2039808	----a-w-	c:\windows\system32\win32k.sys
2011-02-09 14:59 . 2011-01-20 16:06	2873344	----a-w-	c:\windows\system32\mf.dll
2011-02-09 14:59 . 2011-01-20 16:08	160768	----a-w-	c:\windows\system32\d3d10_1.dll
2011-02-09 14:59 . 2011-01-20 16:08	1029120	----a-w-	c:\windows\system32\d3d10.dll
2011-02-09 14:59 . 2011-01-20 14:26	667648	----a-w-	c:\windows\system32\printfilterpipelinesvc.exe
2011-02-09 14:59 . 2011-01-20 16:08	189952	----a-w-	c:\windows\system32\d3d10core.dll
2011-02-09 14:59 . 2011-01-20 14:11	486400	----a-w-	c:\windows\system32\d3d10level9.dll
2011-02-09 14:59 . 2011-01-20 16:07	586240	----a-w-	c:\windows\system32\stobject.dll
2011-02-09 14:59 . 2011-01-20 16:04	209920	----a-w-	c:\windows\system32\mfplat.dll
2011-02-09 14:59 . 2011-01-20 16:07	37376	----a-w-	c:\windows\system32\cdd.dll
2011-02-09 14:59 . 2011-01-20 16:04	98816	----a-w-	c:\windows\system32\mfps.dll
2011-02-09 14:59 . 2011-01-20 16:07	258048	----a-w-	c:\windows\system32\winspool.drv
2011-02-09 14:59 . 2011-01-20 16:06	26112	----a-w-	c:\windows\system32\printfilterpipelineprxy.dll
2011-02-09 14:50 . 2011-01-08 06:28	292352	----a-w-	c:\windows\system32\atmfd.dll
2011-02-09 14:49 . 2011-01-08 08:47	34304	----a-w-	c:\windows\system32\atmlib.dll

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-30 06:57 . 2010-01-02 09:34	2560	----a-w-	c:\windows\_MSRSTRT.EXE
2010-12-28 15:55 . 2011-01-12 02:08	413696	----a-w-	c:\windows\system32\odbc32.dll
2010-12-20 17:09 . 2010-01-19 06:58	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-01-19 06:58	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-12-14 14:49 . 2011-01-12 02:08	1169408	----a-w-	c:\windows\system32\sdclt.exe
2009-11-17 13:01 . 2010-08-03 12:18	1456640	----a-w-	c:\program files\Common Files\Falk Navi-Manager.msi
.
Code:
ATTFilter
<pre>
c:\program files\AVG\AVG9\avgtray .exe
c:\program files\Common Files\Logitech\LComMgr\lvcomsx .exe
c:\program files\Synaptics\SynTP\syntpenh .exe
</pre>
         
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448] [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2010-02-04 15:50 1197448 -c--a-w- c:\program files\Ask.com\GenericAskToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"="start http:" [X] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) "NoFileAssociate"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\acaptuser32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat - Schnellstart.lnk] backup=c:\windows\pss\Adobe Acrobat - Schnellstart.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] 2008-06-11 21:43 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service] 2009-11-12 04:42 362032 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher] 2008-06-12 01:25 37232 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ashampoo Anti-Malware Guard] 2010-01-28 02:08 3582976 -c--a-w- c:\program files\Ashampoo\Ashampoo Anti-Malware\AAMW_Guard.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] c:\program files\Avira\AntiVir Desktop\avgnt.exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop SMS] 2007-06-18 09:51 1507328 -c--a-w- c:\program files\IDM\Desktop SMS\DesktopSMS.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ Malwarebytes Anti-Malware (reboot)] 2010-12-20 17:08 963976 -c--a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2010-12-20 17:08 443728 -c--a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ehTray.exe"=c:\windows\ehome\ehTray.exe "Mozilla Thunderbird"=c:\program files\Mozilla Thunderbird\thunderbird.exe -mail "WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup "Internet Explorer"=c:\program files\Internet Explorer\iexplore.exe "Microsoft Office Outlook"=c:\progra~1\MICROS~2\OFFICE11\OUTLOOK.EXE /recycle [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" "NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit "WarReg_PopUp"=c:\acer\WR_PopUp\WarReg_PopUp.exe "AcerOrbicamRibbon"="c:\program files\Acer\OrbiCam10\OrbiCam.exe" /hide "RtHDVCpl"=RtHDVCpl.exe "TrueImageMonitor.exe"=c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe "Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" "AutoRunnerX"=c:\program files\AutoRunnerX\arxsrv.exe /run "LManager"=c:\progra~1\LAUNCH~1\LManager.exe "NvSvc"=RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start " Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "Ashampoo Anti-Malware Guard"="c:\program files\Ashampoo\Ashampoo Anti-Malware\AAMW_Guard.exe" "Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1399674020-1881937264-2458645722-1000] "EnableNotificationsRef"=dword:00000001 R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [x] R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x] R0 mlkv;mlkv;c:\windows\System32\drivers\ulqyiecy.sys [x] R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x] R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-20 363344] R3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2010-01-06 160288] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936] R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2008-12-07 30088] R3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 2010 Advanced\DfsdkS.exe [2009-08-24 406016] R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2010-09-06 13224] R3 GigasetGenericUSB;GigasetGenericUSB;c:\windows\system32\DRIVERS\GigasetGenericUSB.sys [2009-02-20 44032] R3 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-17 135664] R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [x] R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-04-27 9216] R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 86824] R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016] R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728] R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208] R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024] R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2009-03-25 104744] R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2009-03-25 109864] R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2006-10-18 31232] R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2010-06-07 153808] R3 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-03-18 172328] R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] R4 AAMWService;Ashampoo Anti-Malware Service;c:\program files\Ashampoo\Ashampoo Anti-Malware\AAMW_Service.exe [2010-01-29 1489752] R4 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2010-01-06 2480048] R4 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 810320] S0 PCGenFAM;PCGenFAM;c:\windows\system32\DRIVERS\PCGenFAM.sys [2010-06-30 179144] S0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\DRIVERS\tdrpm258.sys [2010-01-06 911680] S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2010-06-30 336728] S3 BthAvrcp;Bluetooth-AVRCP-Profil;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-27 27488] S3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\DRIVERS\lv321av.sys [2006-11-20 847392] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-20 20952] S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480] S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Inhalt des "geplante Tasks" Ordners 2010-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-17 22:57] 2011-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-17 22:57] 2011-02-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1399674020-1881937264-2458645722-1000Core.job - c:\users\Andreas\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-27 22:57] 2011-02-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1399674020-1881937264-2458645722-1000UA.job - c:\users\Andreas\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-27 22:57] . . ------- Zusätzlicher Suchlauf ------- . uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 uStart Page = hxxp://www.google.de/ uLocal Page = mStart Page = hxxp://de.intl.acer.yahoo.com uSearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/su/*Yahoo! Deutschland IE: &Alles mit BitComet herunterladen - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: Alle &Filme mit BitComet herunterladen - c:\program files\BitComet\BitComet.exe/AddVideo.htm IE: An vorhandenes PDF anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Free YouTube Download - c:\users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm IE: Free YouTube to Mp3 Converter - c:\users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: Mit BitComet herunter&laden - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html DPF: {E55FD215-A32E-43FE-A777-A7E8F165F560} - hxxp://92.51.137.94/objects/NpFv522.dll FF - ProfilePath - c:\users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\2qy1druw.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/ FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: British English Dictionary: en-GB@dictionaries.addons.mozilla.org - %profile%\extensions\en-GB@dictionaries.addons.mozilla.org FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} FF - Ext: Mein Gutscheincode Finder: finder@meingutscheincode.de - %profile%\extensions\finder@meingutscheincode.de FF - Ext: Winload Toolbar: {40c3cc16-7269-4b32-9531-17f2950fb06f} - %profile%\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f} FF - user.js: network.http.max-persistent-connections-per-server - 4 . - - - - Entfernte verwaiste Registrierungseinträge - - - - SafeBoot-AVG Anti-Spyware Driver SafeBoot-AVG Anti-Spyware Guard ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-02-12 17:30 Windows 6.0.6002 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0016\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0017\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0018\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0019\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0020\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0021\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0022\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0023\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0024\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0025\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0026\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0027\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0028\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . ------------------------ Weitere laufende Prozesse ------------------------ . c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe c:\windows\system32\WLANExt.exe c:\windows\system32\wbem\unsecapp.exe . ************************************************************************** . Zeit der Fertigstellung: 2011-02-12 17:38:04 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2011-02-12 16:37 Vor Suchlauf: 17 Verzeichnis(se), 21.931.872.256 Bytes frei Nach Suchlauf: 23 Verzeichnis(se), 21.478.277.120 Bytes frei - - End Of File - - 7688B90AB8F7EE50CBF4BDBABF9D169D
--- --- ---

Alt 12.02.2011, 21:21   #8
fuchsi
 
falsche goggle-startseite - Standard

falsche goggle-startseite



2011-02-12 16:34:43 . 2011-02-12 16:34:43 602 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-AVG Anti-Spyware Guard.reg.dat
2011-02-12 16:34:43 . 2011-02-12 16:34:43 602 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-AVG Anti-Spyware Driver.reg.dat
2011-02-12 16:19:55 . 2011-02-12 16:19:55 21,423 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2011-02-12 16:02:50 . 2011-02-12 16:10:47 113 -c--a-w- C:\Qoobox\Quarantine\catchme.log
2010-02-03 16:14:04 . 2010-02-03 16:14:04 34,308 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\mazuki.dll.vir
2010-01-08 03:29:53 . 2010-01-08 03:29:53 20 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\SYSTEM.vir
2009-08-09 14:32:02 . 2009-08-09 14:32:02 148,736 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\hpe2138.dll.vir
2009-08-09 11:36:12 . 2009-08-09 11:36:12 148,736 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\hpe1ADD.dll.vir
2008-07-02 06:25:29 . 2008-07-02 06:31:34 450,542 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\DeeOqBeg.ini.vir
2008-07-01 23:53:16 . 2008-07-01 23:59:21 450,542 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\sDJPAcfe.ini.vir
2008-07-01 19:12:39 . 2008-07-02 13:25:25 451,844 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\CKnWFfhk.ini.vir
2008-07-01 08:25:16 . 2008-07-01 08:27:32 450,438 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\EeKUFfhk.ini.vir
2008-07-01 00:55:56 . 2008-07-01 07:21:14 451,035 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\KkjlmUvw.ini.vir
2008-06-30 22:27:13 . 2008-06-30 22:29:36 450,404 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\IRCIOqss.ini.vir
2008-06-29 06:24:20 . 2008-06-29 18:13:34 450,999 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\IhghhiPo.ini.vir
2007-04-24 12:11:14 . 2007-04-24 12:11:14 365 ----a-w- C:\Qoobox\Quarantine\C\Windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf.vir

Alt 13.02.2011, 10:39   #9
markusg
/// Malware-holic
 
falsche goggle-startseite - Standard

falsche goggle-startseite



ich sprach aber von gmer :-)
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 13.02.2011, 13:27   #10
fuchsi
 
falsche goggle-startseite - Standard

falsche goggle-startseite



werde mich bemühen exakter zu lesen
-------------------------------------------------------
der scan hat bei mir anders als in der beschreibung ausgesehen ?
-------------------------------------------------------

GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit quick scan 2011-02-13 14:22:40
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1600BEVS-22RST0 rev.04.01G04
Running: 0pue0lqr.exe; Driver: C:\Users\Andreas\AppData\Local\Temp\kwlyrpob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Alt 13.02.2011, 13:37   #11
markusg
/// Malware-holic
 
falsche goggle-startseite - Standard

falsche goggle-startseite



gibts immernoch probleme mit google?
kannst du falls ja, mal die url aus der adress leiste posten bitte?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Geändert von markusg (13.02.2011 um 13:43 Uhr)

Alt 13.02.2011, 19:04   #12
fuchsi
 
falsche goggle-startseite - Standard

falsche goggle-startseite



nein geht leider immer noch nicht, ist noch das komische bild da, dass ich sonst bei der selben url nicht sehe, also hats da was.....
was mich auch noch stutzig macht - rechts oben neben i-google steht "mesut.1907fb@live.at"
hxxp://www.google.at/
tut mir leid, dass es so lange gedauert hat, aber ich habe lange nicht gesehen, dass es eine seite 2 gibt :-)

Alt 13.02.2011, 19:07   #13
markusg
/// Malware-holic
 
falsche goggle-startseite - Standard

falsche goggle-startseite



du hast nur den GMER quick scan gemacht sehe ich grad, bitte die ganze anleitung abarbeiten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 13.02.2011, 20:15   #14
fuchsi
 
falsche goggle-startseite - Standard

falsche goggle-startseite



url geht immer nocht nicht normal, scan hat jetzt wesendlich länger gedauert, danke, dass dudir so viel zeit nimmst !
----------------------------------------------------------------------
GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2011-02-13 21:11:34
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1600BEVS-22RST0 rev.04.01G04
Running: 0pue0lqr.exe; Driver: C:\Users\Andreas\AppData\Local\Temp\kwlyrpob.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                            section is writeable [0x8E408340, 0x292427, 0xE8000020]
PAGE            spsys.sys!?SPVersion@@3PADA + 1ABF                                                                  A678403F 110 Bytes  [8B, FF, 55, 8B, EC, 8B, 45, ...]
PAGE            spsys.sys!?SPVersion@@3PADA + 1B2F                                                                  A67840AF 1 Byte  [16]
PAGE            spsys.sys!?SPVersion@@3PADA + 1B2F                                                                  A67840AF 128 Bytes  [16, 3B, C8, 75, E2, B0, 01, ...]
PAGE            spsys.sys!?SPVersion@@3PADA + 1BB0                                                                  A6784130 6 Bytes  [0E, 83, 78, 14, 01, 75]
PAGE            spsys.sys!?SPVersion@@3PADA + 1BB7                                                                  A6784137 2298 Bytes  [83, 78, 18, 37, 75, 02, B3, ...]
PAGE            ...                                                                                                 

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\Explorer.EXE[652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                [732D7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                 [7332A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]             [732DBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]       [732CF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                 [732D75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]              [732CE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]  [73308395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]     [732DDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]             [732CFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]              [732CFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]               [732C71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]       [7335CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]          [732FC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]             [732CD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                       [732C6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                      [732C687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]         [732D2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                              tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                             Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                             Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                              tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                              snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                              tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                              snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                              tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                              snapman.sys (Acronis Snapshot API/Acronis)

Device          \Driver\BTHUSB \Device\00000082                                                                     bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device          \Driver\BTHUSB \Device\00000084                                                                     bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272cf2ee9                         
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272cf2ee9@001a75ec0447            0xEB 0x84 0xC2 0x43 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272cf2ee9@0018139fdffe            0x64 0xF0 0x6D 0xF7 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd60f197                         
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd60f197@0018139fdffe            0xAD 0x77 0xFC 0xD5 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd60f197@002243e16d49            0x39 0x4C 0x6D 0xEB ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd60f197@0024ef868850            0x3B 0xEB 0x39 0xC4 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd60f197@58170cf129a4            0x38 0xD1 0x2E 0xE5 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd60f197@38e7d8261ebb            0xBF 0x15 0x03 0x93 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000272cf2ee9 (not active ControlSet)     
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000272cf2ee9@001a75ec0447                0xEB 0x84 0xC2 0x43 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000272cf2ee9@0018139fdffe                0x64 0xF0 0x6D 0xF7 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0009dd60f197 (not active ControlSet)     
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0009dd60f197@0018139fdffe                0xAD 0x77 0xFC 0xD5 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0009dd60f197@002243e16d49                0x39 0x4C 0x6D 0xEB ...
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0009dd60f197@0024ef868850                0x3B 0xEB 0x39 0xC4 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0009dd60f197@58170cf129a4                0x38 0xD1 0x2E 0xE5 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0009dd60f197@38e7d8261ebb                0xBF 0x15 0x03 0x93 ...

---- EOF - GMER 1.0.15 ----
         
--- --- ---

Alt 13.02.2011, 20:19   #15
markusg
/// Malware-holic
 
falsche goggle-startseite - Standard

falsche goggle-startseite



nutze mal cureit
http://www.trojaner-board.de/59299-a...eb-cureit.html
anders als beschrieben im normalen modus nutzen, alle programme abschalten.
dann die funde posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu falsche goggle-startseite
adobe, anti maleware, avg, bho, bonjour, converter, download, explorer, falsche seite, firewall, hijack, hijackthis, internet, internet explorer, maleware, media center, microsoft, mp3, object, pdf, problem, registry, scan, software, system, vista, windows, wmp



Ähnliche Themen: falsche goggle-startseite


  1. Windows 8.1 / Firefox, falsche Startseite homepage-web.com
    Log-Analyse und Auswertung - 08.04.2015 (41)
  2. falsche Startseite auf einmal hinterlegt homepage-web.com/?s=lenovo&m=start
    Plagegeister aller Art und deren Bekämpfung - 31.03.2015 (12)
  3. Win 8.1 : Mozilla Tab-falsche Startseite und Chinesische Schriftzeichen, Windows-Start "Startmenü aktualisiert"
    Log-Analyse und Auswertung - 15.03.2015 (33)
  4. Firefox falsche Startseite homepage-web.com/?s=acer&m=tab
    Log-Analyse und Auswertung - 10.02.2015 (3)
  5. Startseite verändert, falsche Seiten öffnen sich 22find...
    Log-Analyse und Auswertung - 24.04.2014 (5)
  6. Windows 7: Firefox fehlermeldung : Proxy-Server verweigert die Verbindung, Internet Explorer falsche Startseite, viel werbung
    Log-Analyse und Auswertung - 22.04.2014 (23)
  7. Win7: Falsche Startseite, Lollipop Network und Pop-Ups
    Log-Analyse und Auswertung - 15.04.2014 (11)
  8. goggle.com entfernen
    Anleitungen, FAQs & Links - 11.12.2013 (2)
  9. Goggle Redirecter gelöst durch Combofix Logfile Frage
    Log-Analyse und Auswertung - 04.05.2010 (0)
  10. Goggle umgeleitet und Bild erscheint
    Log-Analyse und Auswertung - 31.03.2009 (7)
  11. Viruswarnung in der Taskleiste und falsche Startseite
    Plagegeister aller Art und deren Bekämpfung - 05.02.2007 (10)
  12. Goggle suche spinnt
    Log-Analyse und Auswertung - 16.01.2007 (2)
  13. falsche IE Startseite / Plötzliche Meldung von Trojanerfund QLowZones-15
    Log-Analyse und Auswertung - 15.07.2006 (4)
  14. Spyware-Popup und falsche IE-startseite
    Log-Analyse und Auswertung - 05.11.2005 (1)
  15. IE 6 zeigt falsche Startseite - Hijack Log File
    Log-Analyse und Auswertung - 09.10.2005 (6)
  16. Falsche Startseite beim Öffnen des M.Explorers
    Plagegeister aller Art und deren Bekämpfung - 31.10.2004 (1)
  17. falsche Startseite - kann das jemand anschauen? danke
    Log-Analyse und Auswertung - 07.10.2004 (6)

Zum Thema falsche goggle-startseite - hallo liebe gemeinde, ich habe seit einiger zeit das problem, dass ich unter w*w.google.at (meine bevorzugte startseite) eine falsche seite bekomme (w*w google.de geht bringt mir aber natülich andere ergebnisse) - falsche goggle-startseite...
Archiv
Du betrachtest: falsche goggle-startseite auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.