| |
| |||||||
Log-Analyse und Auswertung: falsche goggle-startseiteWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
12.02.2011, 11:38
| #1 |
 |  falsche goggle-startseite hallo liebe gemeinde, ich habe seit einiger zeit das problem, dass ich unter w*w.google.at (meine bevorzugte startseite) eine falsche seite bekomme (w*w google.de geht bringt mir aber natülich andere ergebnisse) - mit hintergrundbild und ist einfach nicht die echte obwohl google oben steht. ich habe avg als virenscanner (findet nichts) und habe schon mal mit Anti Maleware durgescannt - erfolglos kann sich das bitte mal jemand ansehen? vielen dank bereits im voraus Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:37:50, on 12.02.2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19019) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Program Files\Soluto\soluto.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\AVG\AVG9\avgtray.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe C:\Windows\System32\mobsync.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://w*w.telekom.at/suche R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://w*w.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/su/*hxxp://de.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telekom Austria TA AG R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Program Files\Soluto\soluto.exe /userinit, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.6.22.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; OfficeLiveConnector.1.4; OfficeLivePatch.1.3; InfoPath.1)" -"hxxp://w*w.play4win.com/webcasino/connection.html" O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Alles mit BitComet herunterladen - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Alle &Filme mit BitComet herunterladen - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Free YouTube Download - C:\Users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Mit BitComet herunter&laden - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.4.6.22.dll/206 (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} (FixItClient Class) - https://fixit.support.microsoft.com/ActiveX/FixItClient.CAB O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264640385833 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - hxxp://www.systemrequirementslab.com/sysreqlab2.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F560} (Flatcast Viewer 5.2) - hxxp://92.51.137.94/objects/NpFv522.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll O20 - AppInit_DLLs: avgrsstx.dll acaptuser32.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2010 Advanced\DfsdkS.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - C:\Program Files\Soluto\SolutoService.exe O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 10763 bytes |
|
12.02.2011, 12:14
| #2 |
| /// Malware-holic   |  falsche goggle-startseite aloa,
__________________poste die Malwarebytes logs bitte Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt beide posten.
__________________ |
|
12.02.2011, 16:18
| #3 |
| | falsche goggle-startseite hallo,
__________________danke markusg, dass du dich meines problems annimmst malewarebytes log Malwarebytes' Anti-Malware 1.44 Datenbank Version: 3600 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18865 20.01.2010 20:50:02 mbam-log-2010-01-20 (20-50-02).txt Scan-Methode: Quick-Scan Durchsuchte Objekte: 1 Laufzeit: 49 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) ----------------------------------OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 12.02.2011 15:19:17 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Andreas\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
1.021,00 Mb Total Physical Memory | 189,00 Mb Available Physical Memory | 18,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 53,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 71,28 Gb Total Space | 19,45 Gb Free Space | 27,29% Space Free | Partition Type: NTFS
Drive D: | 70,94 Gb Total Space | 48,47 Gb Free Space | 68,33% Space Free | Partition Type: NTFS
Computer Name: ACER-5610 | User Name: Andreas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1399674020-1881937264-2458645722-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Andreas\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1399674020-1881937264-2458645722-1000]
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05E00A3B-943F-4293-9C44-A9A1E6203F9E}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1E284B58-9BE7-44C2-B8D5-167EDDC4FC6E}" = lport=8772 | protocol=6 | dir=in | name=bitcomet 8772 tcp |
"{283E7A02-054E-44EE-8C12-887CC2A8C993}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2BD46886-3561-4691-982D-0A2D4D467FA1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2EB5B47B-0D0D-442A-AA3E-ECC75019C3CB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2F107A7F-D75B-4226-99B8-24590C975668}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{34453F71-E1EB-44FB-A55D-D6E90CF9F017}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4E01F6C7-6AC6-4EFC-9562-CC59BA6AB071}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5198721F-719B-45C5-8754-D2416ACDFDEB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{53258EF5-AC8A-4AD2-B5DF-C31A913261B7}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5DEF7110-4F0C-4491-9D0E-C0BF8C06EF6D}" = lport=8023 | protocol=17 | dir=in | name=bitcomet 8023 udp |
"{5EF39263-49BA-4367-970F-6C38E5B978A2}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7E2874AB-ED98-42C7-A5C1-6DACD6BC6C26}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{82884CD8-A3EC-49BE-AC2A-E1F3B6604445}" = lport=8023 | protocol=6 | dir=in | name=bitcomet 8023 tcp |
"{910267F4-8E94-4F1F-93FE-94D6821A68EA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{91A19A93-04F6-45E4-8FC4-3A493C1FA958}" = lport=8023 | protocol=17 | dir=in | name=bitcomet 8023 udp |
"{92919597-64D1-4FC2-9555-4400EEDA218A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{979A7E0A-7629-493D-A32E-8F1B51DC22E9}" = lport=8772 | protocol=17 | dir=in | name=bitcomet 8772 udp |
"{A7006985-CC5B-4952-9FA2-2535EAF4CC1E}" = lport=22431 | protocol=6 | dir=in | name=bitcomet 22431 tcp |
"{A8AD8530-FEE4-444A-B36B-D36525DAC33F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B00C5D48-F8AD-495D-89FE-A2E5B6B29ABC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B44F8F96-35BB-4A59-ADB4-3367B52C96CC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D14E97EE-6637-478C-9A97-B6B11EE1DF4F}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E61D676B-3B8D-42FF-AE99-4548BEEE265F}" = lport=8023 | protocol=6 | dir=in | name=bitcomet 8023 tcp |
"{F26ECE18-1ED3-452C-8ED9-4C0F04DBE134}" = lport=22431 | protocol=17 | dir=in | name=bitcomet 22431 udp |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F5F2AC-D6B9-4005-B481-9C4B9A7B9FA2}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{03109A9F-58CD-46BE-B5B3-143233FD21DD}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{094EF7E8-E4BC-434D-A295-6E9B441C7A1F}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe |
"{0B8D64D9-8F08-4735-84D4-4B1C7BED17EA}" = dir=in | app=c:\program files\avg\avg9\avgdiagex.exe |
"{0C89DC49-CB6A-421A-BFCB-30EE77C719CF}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{16885E66-483A-4352-9F85-2F360AEE9161}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{173C4815-2356-4B90-A9CD-43E4BA47A534}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{17D0F203-3BB5-4161-9484-1F183AA5DD9B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{182582E7-33CA-42A1-ADBB-A514C7F4A5C4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{1CCB8487-D339-4D9D-88F8-D3F2A47746F3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1E6B9976-AB45-4874-B70B-807052BF62B9}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"{1F0564C6-B3B8-4A2A-AD55-3167F6F343E5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2451680A-88E9-4437-8161-CEB884E2E72D}" = protocol=17 | dir=in | app=c:\program files\telekom austria\breitband-internet-installation\mobile installer\aonflex.exe |
"{25459516-EE63-4B36-B4F8-C43F327EB52B}" = protocol=6 | dir=out | app=system |
"{2BC24538-FAD9-4F0B-8550-C6743B1DF654}" = protocol=6 | dir=in | app=c:\program files\aon\aoncontroller\aoncontroller.exe |
"{2F9E884B-C1DF-45D1-802E-8119A8E5D2AC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{331F368C-D97E-42E6-87A5-B15CB3974125}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"{39052E49-5CC9-44F4-B504-CD8002C68909}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{3CFD9355-A7AA-4739-8BAA-1004BB47100B}" = protocol=17 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleilcs.exe |
"{47B0CD0E-5688-4084-A2CD-932EF0D67314}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4A65735B-45D5-4816-BF42-BE06FF6EEDAA}" = protocol=17 | dir=in | app=c:\program files\aon\aoncontroller\aoncontroller.exe |
"{4E51BC7F-7947-4F1D-B6C8-8E32B09B1038}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{5E5F9A97-A985-4886-B1AB-63C36C094403}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{65F9CB04-29CC-4FEB-A567-77F9D76E2996}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{68EBB992-C0F6-4254-8960-89A8F293F430}" = protocol=17 | dir=in | app=c:\windows\temp\aonflex.exe |
"{73D088FD-5FB8-40DC-A00E-FC14A5DB9F6F}" = protocol=6 | dir=in | app=c:\program files\aon\aoncontroller\aoncontroller.exe |
"{7DD5D246-C423-4707-9A72-B592E1787840}" = protocol=17 | dir=in | app=c:\windows\temp\installer.exe |
"{82EF3449-5A51-4895-BED8-5B4B463DDEF3}" = protocol=17 | dir=in | app=c:\program files\telekom austria\breitband-internet-installation\fixnet installer\installer.exe |
"{8842593D-EF3D-4CEA-B85E-4FEA388E2136}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8E41017D-72E6-45F8-ACCD-8AB9D9ADBD70}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{91A1A778-F89B-46FE-97A3-013B5FC5218B}" = protocol=6 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleilcs.exe |
"{949C24B8-1547-4A20-937C-ACE001FD1971}" = protocol=6 | dir=in | app=c:\windows\temp\installer.exe |
"{949D6B85-F5C1-4102-B667-F2358BFAFAF9}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoservice.exe |
"{970397DA-D4CF-46A6-A0E5-2F4693F2CD3F}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{9E31CA96-75B5-494D-B1AA-35964AE8DF7F}" = protocol=6 | dir=in | app=c:\windows\temp\aonflex.exe |
"{9F3B961D-A978-4BE2-BC0F-AAB54F3E04FE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A00D9846-F8F4-4A9A-A2E7-3D046240A0C1}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoservice.exe |
"{A22D5BC3-AC18-4C99-A935-C5C93E84D865}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A3AFD828-14F7-4EFB-A2B7-F0CCCB425923}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{B1769FBB-FDB0-4D49-AF58-C1FAA4A0C8BC}" = dir=in | app=c:\program files\avg\avg9\avgam.exe |
"{B2A1186B-300E-4902-AD1B-D73D8F70FFAB}" = protocol=6 | dir=in | app=c:\program files\telekom austria\breitband-internet-installation\fixnet installer\installer.exe |
"{B7EF80C2-5729-4D77-A345-E6B79377CB81}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{B8EA4C37-C8FF-4356-BD48-968F4AC40EC1}" = protocol=17 | dir=in | app=c:\program files\soluto\soluto.exe |
"{C3FAAF7C-C7D7-452B-91DF-49D961AFF471}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{C65C3E40-FE3F-4ADA-B505-8014C97A4F9E}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe |
"{DED6106D-7DBE-46E1-A786-14470C5CF496}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E134D7A4-1F73-421D-ADC6-8CDD835A6A9A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E228B6AE-DD85-416F-A428-4F93A5D6C379}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E59A68BD-86FD-452C-80FB-F95B07C07B1C}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{E816806D-3C16-4B0C-AE2C-3FBFA5F29D85}" = protocol=17 | dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\mce deluxe suite.exe |
"{E89D646F-F9B5-4CA4-AC11-90664DF82509}" = protocol=6 | dir=in | app=c:\program files\telekom austria\breitband-internet-installation\mobile installer\aonflex.exe |
"{EB1E8568-65F0-450A-B936-F247615E7844}" = protocol=17 | dir=in | app=c:\program files\aon\aoncontroller\aoncontroller.exe |
"{EC48B909-208A-4B5C-8733-13A5488A709A}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoconsole.exe |
"{F58443D8-1535-4283-A923-BD4AA6B2D2BD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F7FC42A9-465F-4619-88D6-9EE705CCE118}" = protocol=6 | dir=in | app=c:\program files\soluto\soluto.exe |
"{FAB0E74C-3939-4F10-9ED7-BB878A92688D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FAB21688-E9E1-4260-8D5B-4C36193883D6}" = protocol=6 | dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\mce deluxe suite.exe |
"{FCD3FB4D-CFA5-4A76-B53E-7F5F202CE03D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{FF622334-DD79-4CB9-B5BE-C45E9803A504}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoconsole.exe |
"TCP Query User{047FE5B8-19BF-4EE4-8911-5DFB72DC8731}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{0C10DD66-7552-4E7E-9064-8D6E217BE5DA}C:\program files\shareaza\shareaza.exe" = protocol=6 | dir=in | app=c:\program files\shareaza\shareaza.exe |
"TCP Query User{4B2D40B3-9704-4311-AB50-4E30ED2A5FD0}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"TCP Query User{4E52627A-B114-4441-9A73-C2AD9366F002}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{4E814D91-C6D8-4D87-813C-EBE48527087B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{53209584-2A7A-451A-8E3D-A2F325899B59}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{65BE0A8F-4CD7-4BCD-B393-67AA79572CB8}C:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe |
"TCP Query User{C134037E-4894-4093-9675-1BA3E4C07C27}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{D1EDFA06-C4D8-4153-BC8C-91A4BCA1B56A}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"TCP Query User{EA4279C7-61BD-471A-BDEB-B5438B079B91}C:\program files\emuleex\emsoft.exe" = protocol=6 | dir=in | app=c:\program files\emuleex\emsoft.exe |
"UDP Query User{0495DA47-E7FE-4266-8FA5-95BAB7466DD9}C:\program files\emuleex\emsoft.exe" = protocol=17 | dir=in | app=c:\program files\emuleex\emsoft.exe |
"UDP Query User{53AE5983-7BA8-4911-BEFF-B2C518E1708F}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"UDP Query User{91251D3D-428F-4EB7-B5F8-0E46B2BBA69B}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{924A4AB4-B660-4173-BF39-A0888C4A7B15}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"UDP Query User{968D2611-14A0-4DEF-925E-6EE6FFA4A421}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{A120E007-2BF6-41A7-802D-04C9DB3C4356}C:\program files\shareaza\shareaza.exe" = protocol=17 | dir=in | app=c:\program files\shareaza\shareaza.exe |
"UDP Query User{AB0BC7F4-92E1-47EE-B764-ABA04B44B132}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{D49F8797-B5D7-418B-9DE1-2C00FD8EB3A7}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{E9ED6CB0-0B9B-4B9F-AFB5-D5F8609383BF}C:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe |
"UDP Query User{F02D8A73-C717-4663-B6FA-E5FFE4ABC366}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0F79C1B2-36B2-4B62-8221-42721CF54638}" = Acer OrbiCam Application
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1AEC7728-1640-4E98-AABC-5EBE3FB57FE4}" = SMSC Fast Infrared Driver
"{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = Corel Graphics Suite 11
"{1DA193D3-BEC6-4FEF-89E3-D8F739216BFB}_is1" = Ashampoo Anti-Malware 1.02
"{1ED31028-6D65-4CFD-AD03-8E484A052FE7}" = aonUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23C3F5C0-566B-478B-AAB6-197ADAD0C945}" = Uniblue SpeedUpMyPC 2009
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 22
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2CF2D7F1-73A0-4D5D-85E6-A49AECF67B15}" = Windows Vista Cleaner
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel(R) PROSet/Wireless WiFi-Software
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4767A89A-F6A5-41B1-903C-734483739882}" = Highspeed-Internet-Installation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C556B5C-8EF7-47B4-AE05-FE71EEB2C25B}" = Plus Pack für Acronis True Image Home 2010
"{51E4FE53-D6B0-43A0-B98C-7DE233D53EAB}" = Farming Extreme Manager
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5980B928-1C95-4B3E-957B-B02D8147FF9E}" = Desktop SMS
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis*True*Image*Home
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B7FB3C4-E71B-478D-9E15-5AE97EAD67B8}" = aonFTP
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7b7e564b-0c70-4506-9ab6-b7a2044425ab}" = Gigaset QuickSync
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{904B64C4-49D8-4941-A2B6-D13D06C5CD8B}" = Controller
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AD976243-75CB-4A2B-809F-8C9EC4292377}" = Mobiles Internet für unterwegs
"{B0D7190D-B2DD-404E-88E6-74CC0B62054C}" = Soluto
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{BFBB91DB-9F0F-4A9C-9669-A97DA3512CF2}" = RealSpeak Solo fur Deutsch - Steffi
"{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}" = Uniblue DriverScanner 2009
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DAF4C31F-5DE8-48D4-AF5B-8D1165B548AE}" = egisReader1.0
"{DF2035BE-5820-4965-BD97-7FAF8D4A7879}" = Microsoft_VC90_CRT_x86
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.01.058
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Any Video Converter_is1" = Any Video Converter 2.7.9
"aonFTP" = aonFTP
"aonUpdate" = aonUpdate
"Ashampoo WinOptimizer 2010 Advanced_is1" = Ashampoo WinOptimizer 2010 Advanced
"Autoplay Repair" = Autoplay Repair 2.2.0
"AutoRunnerX" = AutoRunnerX
"AVG9Uninstall" = AVG 9.0
"BitComet" = BitComet 1.22
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"Controller" = Controller
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"eMule" = eMule
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Studio_is1" = Free Studio version 4.8
"Free YouTube Download_is1" = Free YouTube Download 2.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"GridVista" = Acer GridVista
"Highspeed-Internet-Installation" = Highspeed-Internet-Installation
"HijackThis" = HijackThis 2.0.2
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = Corel Graphics Suite 11
"IsoBuster_is1" = IsoBuster 2.8
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mobiles Internet für unterwegs" = Mobiles Internet für unterwegs
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MPE" = MyPhoneExplorer
"NVIDIA Drivers" = NVIDIA Drivers
"PC Wizard 2010_is1" = PC Wizard 2010.1.95
"ProInst" = Intel PROSet Wireless
"RealPlayer 12.0" = RealPlayer
"Security Task Manager" = Security Task Manager 1.7h
"Shareaza_is1" = Shareaza 2.3.1.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"TeamViewer 5" = TeamViewer 5
"Trojan Remover_is1" = Trojan Remover 6.8.1
"TuneUp Utilities" = TuneUp Utilities
"Uniblue DriverScanner 2009" = Uniblue DriverScanner 2009
"Uniblue SpeedUpMyPC 2009" = Uniblue SpeedUpMyPC 2009
"Uninstall_is1" = Uninstall 1.0.0.1
"Update Service" = Update Service
"ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"XviD" = XviD MPEG-4 Codec
"Xvid_is1" = Xvid 1.1.3 final uninstall
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1399674020-1881937264-2458645722-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"OnlineFestplatte" = aon Online Festplatte (entfernen)
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
----------------------------------------------------OTL Logfile: Code:
ATTFilter OTL logfile created on: 12.02.2011 15:19:17 - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Andreas\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19019) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 1.021,00 Mb Total Physical Memory | 189,00 Mb Available Physical Memory | 18,00% Memory free 2,00 Gb Paging File | 1,00 Gb Available in Paging File | 53,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 71,28 Gb Total Space | 19,45 Gb Free Space | 27,29% Space Free | Partition Type: NTFS Drive D: | 70,94 Gb Total Space | 48,47 Gb Free Space | 68,33% Space Free | Partition Type: NTFS Computer Name: ACER-5610 | User Name: Andreas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Andreas\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe (Adobe Systems, Inc.) PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\Soluto\SolutoService.exe (Soluto) PRC - C:\Program Files\Soluto\Soluto.exe (Soluto) PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgam.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2010 Advanced\DfSdkS.exe (mst software GmbH, Germany) PRC - C:\Windows\explorer.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Andreas\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) MOD - C:\Windows\System32\vbscript.dll (Microsoft Corporation) MOD - C:\Windows\System32\wbem\wmiutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\wbem\wbemsvc.dll (Microsoft Corporation) MOD - C:\Windows\System32\wbem\wbemprox.dll (Microsoft Corporation) MOD - C:\Windows\System32\wbem\fastprox.dll (Microsoft Corporation) MOD - C:\Windows\System32\rsaenh.dll (Microsoft Corporation) MOD - C:\Windows\System32\wbem\wbemdisp.dll (Microsoft Corporation) MOD - C:\Windows\System32\wbemcomn.dll (Microsoft Corporation) MOD - C:\Windows\System32\sxs.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (avgfws9) -- C:\Program Files\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o.) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (TuneUp.Defrag) -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (SolutoService) -- C:\Program Files\Soluto\SolutoService.exe (Soluto) SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (Sony Ericsson PCCompanion) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe (Avanquest Software) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (AAMWService) -- C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_Service.exe () SRV - (afcdpsrv) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (DfSdkS) -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2010 Advanced\DfsdkS.exe (mst software GmbH, Germany) SRV - (LBTServ) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer) SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.) SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe () SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe () ========== Driver Services (SafeList) ========== DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (PCGenFAM) -- C:\Windows\system32\DRIVERS\PCGenFAM.sys (Soluto LTD.) DRV - (AvgTdiX) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (AVGIDSFiltervtx) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. ) DRV - (AVGIDSShimvtx) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. ) DRV - (AVGIDSErHrvtx) -- C:\Windows\System32\Drivers\AVGIDSvx.sys (AVG Technologies CZ, s.r.o. ) DRV - (AVGIDSDrivervtx) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. ) DRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgMfx86) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgRkx86) -- C:\Windows\System32\Drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgfwfd) -- C:\Windows\System32\drivers\avgfwd6x.sys (AVG Technologies CZ, s.r.o.) DRV - (afcdp) -- C:\Windows\System32\drivers\afcdp.sys (Acronis) DRV - (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258) -- C:\Windows\system32\DRIVERS\tdrpm258.sys (Acronis) DRV - (timounter) -- C:\Windows\system32\DRIVERS\timntr.sys (Acronis) DRV - (snapman) -- C:\Windows\system32\DRIVERS\snapman.sys (Acronis) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (BthAvrcp) -- C:\Windows\System32\drivers\BthAvrcp.sys (CSR, plc) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated) DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (s1018mdm) -- C:\Windows\System32\drivers\s1018mdm.sys (MCCI Corporation) DRV - (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM) -- C:\Windows\System32\drivers\s1018unic.sys (MCCI Corporation) DRV - (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s1018mgmt.sys (MCCI Corporation) DRV - (s1018obex) -- C:\Windows\System32\drivers\s1018obex.sys (MCCI Corporation) DRV - (s1018bus) Sony Ericsson Device 1018 driver (WDM) -- C:\Windows\System32\drivers\s1018bus.sys (MCCI Corporation) DRV - (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS) -- C:\Windows\System32\drivers\s1018nd5.sys (MCCI Corporation) DRV - (s1018mdfl) -- C:\Windows\System32\drivers\s1018mdfl.sys (MCCI Corporation) DRV - (GigasetGenericUSB) -- C:\Windows\System32\drivers\GigasetGenericUSB.sys (Siemens Home and Office Communication Devices GmbH & Co. KG) DRV - (btnetBUs) -- C:\Windows\System32\drivers\btnetBus.sys () DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (lv321av) Logitech USB PC Camera (VC0321) -- C:\Windows\System32\drivers\lv321av.sys (Logitech Inc.) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation) DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.) DRV - (DritekPortIO) -- C:\Program Files\Launch Manager\DPortIO.sys (Dritek System Inc.) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation) DRV - (ESDCR) -- C:\Windows\System32\drivers\ESD7SK.sys (ENE Technology Inc.) DRV - (ESMCR) -- C:\Windows\System32\drivers\ESM7SK.sys (ENE Technology Inc.) DRV - (EMSCR) -- C:\Windows\System32\drivers\EMS7SK.sys (ENE Technology Inc.) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (SMSCIRDA) -- C:\Windows\System32\drivers\smscirda.sys (SMSC) DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.) DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.) DRV - (AvgAsCln) -- C:\Windows\System32\drivers\AvgAsCln.sys (GRISOFT, s.r.o.) DRV - (UBHelper) -- C:\Windows\System32\drivers\UBHelper.sys () DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (SE2Eobex) -- C:\Windows\System32\drivers\SE2Eobex.sys (MCCI) DRV - (SE2Emgmt) Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\SE2Emgmt.sys (MCCI) DRV - (SE2Emdm) -- C:\Windows\System32\drivers\SE2Emdm.sys (MCCI) DRV - (SE2Emdfl) -- C:\Windows\System32\drivers\SE2Emdfl.sys (MCCI) DRV - (SE2Ebus) Sony Ericsson Device 046 Driver driver (WDM) -- C:\Windows\System32\drivers\SE2Ebus.sys (MCCI) DRV - (se2End5) Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS) -- C:\Windows\System32\drivers\se2End5.sys (MCCI) DRV - (se2Eunic) Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM) -- C:\Windows\System32\drivers\se2Eunic.sys (MCCI) DRV - (LHidKe) -- C:\Windows\System32\drivers\LHidKE.Sys (Logitech, Inc.) DRV - (LMouKE) -- C:\Windows\System32\drivers\LMouKE.Sys (Logitech, Inc.) DRV - (Ser2pl) -- C:\Windows\System32\drivers\ser2pl.sys (Prolific Technology Inc.) DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1399674020-1881937264-2458645722-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = IE - HKU\S-1-5-21-1399674020-1881937264-2458645722-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://www.telekom.at/suche IE - HKU\S-1-5-21-1399674020-1881937264-2458645722-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKU\S-1-5-21-1399674020-1881937264-2458645722-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKU\S-1-5-21-1399674020-1881937264-2458645722-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-1399674020-1881937264-2458645722-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) IE - HKU\S-1-5-21-1399674020-1881937264-2458645722-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/" FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:1.0.2 FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:2.5.8.6 FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.29 18:00:51 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.11.03 04:33:43 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.07.15 06:27:23 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.11.03 04:33:43 | 000,000,000 | ---D | M] [2010.07.29 18:01:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Extensions [2011.02.12 11:01:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\2qy1druw.default\extensions [2010.07.29 18:19:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\2qy1druw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.11.18 19:42:47 | 000,000,000 | ---D | M] (Winload Toolbar) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\2qy1druw.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f} [2010.09.01 15:32:49 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\2qy1druw.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.08.29 14:32:10 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\2qy1druw.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.10.16 17:34:42 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\2qy1druw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.07.30 02:17:00 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\2qy1druw.default\extensions\en-GB@dictionaries.addons.mozilla.org [2010.11.18 19:42:40 | 000,000,000 | ---D | M] (Mein Gutscheincode Finder) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\2qy1druw.default\extensions\finder@meingutscheincode.de [2011.02.12 11:01:37 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\2qy1druw.default\extensions\toolbar@ask.com [2010.02.04 16:45:40 | 000,002,254 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\2qy1druw.default\searchplugins\askcom.xml [2010.10.20 11:41:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010.08.15 09:08:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.20 11:41:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2008.01.23 07:20:30 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll [2010.09.15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2008.02.19 01:07:20 | 001,193,952 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\Mozilla Firefox\plugins\NpFv41629.dll [2008.09.04 08:50:59 | 001,271,760 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\Mozilla Firefox\plugins\NpFv501.dll [2010.07.23 01:48:56 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.07.23 01:48:56 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.07.23 01:48:56 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.07.23 01:48:56 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.07.23 01:48:56 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.05.16 08:50:34 | 000,000,734 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.6.22.dll (BitComet) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found. O3 - HKU\S-1-5-21-1399674020-1881937264-2458645722-1000\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found. O3 - HKU\S-1-5-21-1399674020-1881937264-2458645722-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-1399674020-1881937264-2458645722-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found. O3 - HKU\S-1-5-21-1399674020-1881937264-2458645722-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-1399674020-1881937264-2458645722-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-1399674020-1881937264-2458645722-1000..\RunOnce: [Shockwave Updater] File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0 O7 - HKU\S-1-5-21-1399674020-1881937264-2458645722-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 O8 - Extra context menu item: &Alles mit BitComet herunterladen - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: Alle &Filme mit BitComet herunterladen - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Free YouTube Download - C:\Users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Mit BitComet herunter&laden - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.6.22.dll (BitComet) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} https://fixit.support.microsoft.com/ActiveX/FixItClient.CAB (FixItClient Class) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264640385833 (WUWebControl Class) O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} hxxp://www.systemrequirementslab.com/sysreqlab2.cab (Reg Error: Key error.) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2-windows-i586.cab (Java Plug-in 1.4.2) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F560} hxxp://92.51.137.94/objects/NpFv522.dll (Flatcast Viewer 5.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems, Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) - C:\Program Files\Soluto\soluto.exe (Soluto) O24 - Desktop WallPaper: C:\Users\Andreas\Pictures\BILD0388.JPG O24 - Desktop BackupWallPaper: C:\Users\Andreas\Pictures\BILD0388.JPG O30 - LSA: Authentication Packages - (C:\Windows\system32\khfFWnKC) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.12.05 03:24:29 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{7cc7af08-af47-11df-a7ff-0009dd60f197}\Shell\AutoRun\command - "" = F:\SanDiskMediaManager.EXE O33 - MountPoints2\{7cc7af09-af47-11df-a7ff-0009dd60f197}\Shell - "" = AutoRun O33 - MountPoints2\{7cc7af09-af47-11df-a7ff-0009dd60f197}\Shell\AutoRun\command - "" = G:\Startme.exe O33 - MountPoints2\{7fc6b006-b1c1-11df-9d9e-0016d4686c43}\Shell\AutoRun\command - "" = F:\SanDiskMediaManager.EXE O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.02.12 15:05:40 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Andreas\Desktop\OTL.exe [2011.02.12 11:20:40 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\AskToolbar [2011.02.12 11:01:56 | 000,114,176 | ---- | C] (CPUID) -- C:\Windows\System32\PCWizard.cpl [2011.02.12 11:01:56 | 000,000,000 | ---D | C] -- C:\Windows\Java [2011.02.12 11:01:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID [2011.02.12 11:01:54 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID [2011.02.12 11:01:37 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com [2011.02.12 10:56:33 | 005,262,149 | ---- | C] (CPUID ) -- C:\Users\Andreas\Desktop\pc-wizard_2010.1.95-setup.exe [2011.02.12 10:40:25 | 000,000,000 | ---D | C] -- C:\Program Files\Feedback Tool [2010.09.03 16:40:43 | 000,000,254 | ---- | C] () -- C:\Users\Andreas\AppData\Local\xobni_installer_updater.log [2010.08.15 08:17:29 | 000,000,098 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2010.08.03 13:18:01 | 001,456,640 | ---- | C] () -- C:\Program Files\Common Files\Falk Navi-Manager.msi [2010.06.05 11:10:00 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.05.08 00:48:49 | 004,288,534 | -H-- | C] () -- C:\Users\Andreas\AppData\Local\IconCache.db [2010.04.23 07:43:40 | 000,463,906 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\farm.bmp [2010.04.23 07:38:36 | 000,011,917 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\settings.dat [2010.04.21 10:52:42 | 000,004,096 | -H-- | C] () -- C:\Users\Andreas\AppData\Local\keyfile3.drm [2010.02.03 17:14:04 | 000,034,308 | ---- | C] () -- C:\ProgramData\mazuki.dll [2010.01.18 13:34:50 | 000,000,680 | ---- | C] () -- C:\Users\Andreas\AppData\Local\d3d9caps.dat [2009.10.09 23:55:52 | 000,009,211 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2009.08.09 15:32:02 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe2138.dll [2009.08.09 12:36:12 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe1ADD.dll [2009.03.18 20:07:19 | 000,047,962 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.03.18 20:07:19 | 000,047,962 | ---- | C] () -- C:\ProgramData\nvModes.001 [2008.06.29 17:25:35 | 000,110,456 | ---- | C] () -- C:\ProgramData\BM2b0ac1ff.xml [2008.06.29 17:25:35 | 000,105,393 | ---- | C] () -- C:\ProgramData\BM2b0ac1ff.txt [2008.06.29 17:25:35 | 000,000,023 | ---- | C] () -- C:\ProgramData\pskt.ini [2007.07.24 22:55:00 | 000,038,425 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\Kommagetrennte Werte (Windows).ADR [2007.07.24 22:50:44 | 000,038,410 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\Microsoft Excel.ADR [2007.06.09 19:21:41 | 000,029,239 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\UserTile.png [2007.05.10 07:14:36 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2007.03.28 01:53:43 | 000,013,119 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\nvModes.001 [2007.03.28 01:53:41 | 000,013,119 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\nvModes.dat [2007.03.28 00:09:59 | 000,031,232 | ---- | C] () -- C:\Users\Andreas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.03.27 19:20:12 | 000,129,088 | ---- | C] () -- C:\Users\Andreas\AppData\Local\GDIPFONTCACHEV1.DAT [2006.12.05 03:31:45 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll [2006.11.02 13:50:50 | 000,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini ========== Files - Modified Within 30 Days ========== [2011.02.12 15:09:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.02.12 15:05:44 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Andreas\Desktop\OTL.exe [2011.02.12 14:59:02 | 000,003,296 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.02.12 14:59:02 | 000,003,296 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.02.12 14:54:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.02.12 14:54:40 | 1071,767,552 | -HS- | M] () -- C:\hiberfil.sys [2011.02.12 14:51:53 | 000,005,332 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.02.12 14:41:07 | 000,001,126 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1399674020-1881937264-2458645722-1000UA.job [2011.02.12 14:14:28 | 071,115,338 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm [2011.02.12 11:28:19 | 000,015,913 | ---- | M] () -- C:\Users\Andreas\Desktop\so sieht die seite aus.jpg [2011.02.12 11:01:58 | 000,000,884 | ---- | M] () -- C:\Users\Andreas\Desktop\PC Wizard 2010.lnk [2011.02.12 10:57:00 | 005,262,149 | ---- | M] (CPUID ) -- C:\Users\Andreas\Desktop\pc-wizard_2010.1.95-setup.exe [2011.02.12 10:49:07 | 000,013,119 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\nvModes.001 [2011.02.12 10:41:53 | 000,000,134 | ---- | M] () -- C:\Users\Andreas\Desktop\Internet Explorer-Problembehebung.url [2011.02.12 10:22:40 | 000,864,256 | ---- | M] () -- C:\Users\Andreas\Desktop\Dok1.doc [2011.02.12 07:41:01 | 000,001,074 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1399674020-1881937264-2458645722-1000Core.job [2011.02.11 18:13:18 | 000,645,397 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavifw.avm [2011.02.10 03:44:11 | 000,637,262 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.02.10 03:44:11 | 000,603,224 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.02.10 03:44:11 | 000,129,996 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.02.10 03:44:11 | 000,107,040 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.02.10 03:36:30 | 000,460,616 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.01.16 09:40:00 | 000,602,508 | ---- | M] () -- C:\Users\Andreas\Desktop\IMAG0030.jpg ========== Files Created - No Company Name ========== [2011.02.12 11:28:19 | 000,015,913 | ---- | C] () -- C:\Users\Andreas\Desktop\so sieht die seite aus.jpg [2011.02.12 11:01:58 | 000,000,884 | ---- | C] () -- C:\Users\Andreas\Desktop\PC Wizard 2010.lnk [2011.02.12 10:41:53 | 000,000,134 | ---- | C] () -- C:\Users\Andreas\Desktop\Internet Explorer-Problembehebung.url [2011.02.12 10:22:39 | 000,864,256 | ---- | C] () -- C:\Users\Andreas\Desktop\Dok1.doc [2011.01.16 09:40:38 | 000,602,508 | ---- | C] () -- C:\Users\Andreas\Desktop\IMAG0030.jpg [2010.02.05 22:14:06 | 000,000,085 | ---- | C] () -- C:\Windows\MGX.INI [2009.06.28 18:52:08 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.03.11 22:00:18 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI [2009.03.03 19:50:48 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll [2009.03.03 19:50:48 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll [2009.03.03 19:50:48 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll [2009.03.03 19:50:48 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll [2008.12.07 12:44:54 | 000,030,088 | ---- | C] () -- C:\Windows\System32\drivers\btnetBus.sys [2008.07.02 07:25:29 | 000,450,542 | -HS- | C] () -- C:\Windows\System32\DeeOqBeg.ini [2008.07.02 00:53:16 | 000,450,542 | -HS- | C] () -- C:\Windows\System32\sDJPAcfe.ini [2008.07.01 20:12:39 | 000,451,844 | -HS- | C] () -- C:\Windows\System32\CKnWFfhk.ini [2008.07.01 09:25:16 | 000,450,438 | -HS- | C] () -- C:\Windows\System32\EeKUFfhk.ini [2008.07.01 01:55:56 | 000,451,035 | -HS- | C] () -- C:\Windows\System32\KkjlmUvw.ini [2008.06.30 23:27:13 | 000,450,404 | -HS- | C] () -- C:\Windows\System32\IRCIOqss.ini [2008.06.30 10:31:37 | 000,000,501 | ---- | C] () -- C:\Windows\wininit.ini [2008.06.29 07:24:20 | 000,450,999 | -HS- | C] () -- C:\Windows\System32\IhghhiPo.ini [2008.02.29 20:14:57 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2008.02.29 20:14:56 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2008.02.24 09:56:59 | 000,061,440 | ---- | C] () -- C:\Windows\System32\cygz.dll [2008.02.24 09:56:59 | 000,007,196 | ---- | C] () -- C:\Windows\System32\INI_Pro_3GP_AAC.ini [2008.02.24 09:56:59 | 000,006,490 | ---- | C] () -- C:\Windows\System32\INI_Pro_PSP.ini [2008.02.24 09:56:59 | 000,005,028 | ---- | C] () -- C:\Windows\System32\INI_Pro_3GP2_AAC.ini [2008.02.24 09:56:59 | 000,004,296 | ---- | C] () -- C:\Windows\System32\INI_Pro_Zune.ini [2008.02.24 09:56:59 | 000,003,045 | ---- | C] () -- C:\Windows\System32\INI_Pro_iPod.ini [2008.02.24 09:56:59 | 000,002,956 | ---- | C] () -- C:\Windows\System32\INI_Pro_PMP.ini [2008.02.24 09:56:59 | 000,002,910 | ---- | C] () -- C:\Windows\System32\INI_Pro_3GP_AMR.ini [2008.02.24 09:56:59 | 000,002,516 | ---- | C] () -- C:\Windows\System32\INI_Pro_PPC.ini [2008.02.24 09:56:59 | 000,002,175 | ---- | C] () -- C:\Windows\System32\INI_Pro_iPhone.ini [2008.02.24 09:56:59 | 000,001,964 | ---- | C] () -- C:\Windows\System32\INI_QT_3GPP2_QVGA_AAC.ini [2008.02.24 09:56:59 | 000,001,964 | ---- | C] () -- C:\Windows\System32\INI_QT_3GPP2_QCIF_AAC.ini [2008.02.24 09:56:59 | 000,001,878 | ---- | C] () -- C:\Windows\System32\INI_Pro_Xbox.ini [2008.02.24 09:56:59 | 000,001,814 | ---- | C] () -- C:\Windows\System32\INI_QT_3GPP_QVGA_AMR.ini [2008.02.24 09:56:59 | 000,001,814 | ---- | C] () -- C:\Windows\System32\INI_QT_3GPP_QVGA_AAC.ini [2008.02.24 09:56:59 | 000,001,814 | ---- | C] () -- C:\Windows\System32\INI_QT_3GPP_QCIF_AMR.ini [2008.02.24 09:56:59 | 000,001,814 | ---- | C] () -- C:\Windows\System32\INI_QT_3GPP_QCIF_AAC.ini [2008.02.24 09:56:59 | 000,001,739 | ---- | C] () -- C:\Windows\System32\INI_Pro_AppleTV.ini [2008.02.24 09:56:59 | 000,000,036 | ---- | C] () -- C:\Windows\System32\INI_Add_mfra.ini [2008.02.24 09:56:52 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2008.02.24 09:56:49 | 000,598,016 | ---- | C] () -- C:\Windows\System32\viscomqtde.dll [2007.12.28 08:22:04 | 000,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS [2007.05.30 11:22:08 | 000,000,028 | ---- | C] () -- C:\Windows\Jcmkr32.INI [2007.04.28 14:58:39 | 000,000,952 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys [2007.04.28 09:49:00 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2007.03.27 19:32:49 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys [2007.03.27 19:32:49 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys [2007.03.27 19:31:54 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll [2007.03.27 19:21:10 | 000,000,037 | ---- | C] () -- C:\Windows\Acer.ini [2007.02.06 22:57:20 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll [2006.12.28 01:22:29 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI [2006.12.05 12:27:19 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll [2006.12.05 10:40:19 | 000,000,101 | ---- | C] () -- C:\Windows\Alaunch.ini [2006.12.05 10:40:08 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2006.12.05 10:39:08 | 000,042,594 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2006.12.05 03:35:42 | 000,198,144 | ---- | C] () -- C:\Windows\System32\_psisdecd.dll [2006.12.05 03:31:48 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll [2006.12.05 03:24:47 | 000,013,952 | ---- | C] () -- C:\Windows\System32\drivers\UBHelper.sys [2006.12.05 03:17:47 | 000,356,352 | ---- | C] () -- C:\Windows\EMCRI.dll [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2003.02.20 16:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI [2002.09.10 16:10:05 | 000,495,616 | ---- | C] () -- C:\Windows\System32\xvid.dll [2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== LOP Check ========== [2010.01.06 08:03:41 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Acronis [2009.06.15 19:17:09 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\AD ON Multimedia [2009.12.22 03:09:15 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Any Video Converter [2008.06.28 23:14:03 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Application Data [2010.07.17 23:57:10 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\BitComet [2009.02.23 10:58:43 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\digital publishing [2010.09.01 15:35:12 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers [2007.06.23 00:39:27 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\gtk-2.0 [2010.01.14 21:00:54 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Image Zone Express [2009.12.06 13:28:35 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Leadertech [2010.01.26 14:18:07 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Morpheus Software [2008.10.11 02:56:27 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\mquadr.at [2010.01.26 12:23:31 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\mresreg [2010.10.31 16:58:15 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\MyPhoneExplorer [2009.03.05 12:52:12 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Opera [2007.06.09 19:21:41 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\PeerNetworking [2010.01.14 21:00:53 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Printer Info Cache [2010.07.18 08:02:11 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Registry Booster [2010.01.21 08:06:45 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Registry Mechanic [2008.08.26 05:06:32 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Shareaza [2009.03.03 19:50:43 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Simply Super Software [2011.01.15 01:41:30 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\TeamViewer [2008.02.29 16:24:02 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\TuneUp Software [2010.01.23 09:24:53 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Uniblue [2010.02.04 01:27:10 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Web Page Maker [2009.01.21 17:11:01 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Windows Live Writer [2011.02.12 14:51:51 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.01.06 08:03:41 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Acronis [2009.06.15 19:17:09 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\AD ON Multimedia [2010.08.12 23:41:14 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Adobe [2007.05.05 21:40:17 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\AdobeUM [2009.12.22 03:09:15 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Any Video Converter [2010.07.20 00:45:46 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Apple Computer [2008.06.28 23:14:03 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Application Data [2009.12.20 11:28:53 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\AVS4YOU [2010.07.17 23:57:10 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\BitComet [2007.05.03 23:49:57 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Corel [2007.07.11 06:56:27 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\CyberLink [2009.02.23 10:58:43 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\digital publishing [2010.09.06 01:53:25 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DivX [2010.09.01 15:35:12 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers [2007.06.23 00:39:27 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\gtk-2.0 [2010.01.15 19:26:21 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\HpUpdate [2007.03.27 19:21:51 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Identities [2010.01.14 21:00:54 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Image Zone Express [2008.02.15 20:08:14 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\InstallShield [2007.07.12 01:21:04 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Intel [2009.12.06 13:28:35 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Leadertech [2008.02.15 19:42:33 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Logitech [2007.03.27 19:21:14 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Macromedia [2010.01.19 07:58:45 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Malwarebytes [2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Media Center Programs [2010.11.08 14:55:30 | 000,000,000 | --SD | M] -- C:\Users\Andreas\AppData\Roaming\Microsoft [2010.01.26 14:18:07 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Morpheus Software [2010.07.29 18:01:37 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Mozilla [2008.10.11 02:56:27 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\mquadr.at [2010.01.26 12:23:31 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\mresreg [2010.10.31 16:58:15 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\MyPhoneExplorer [2009.03.05 12:52:12 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Opera [2007.06.09 19:21:41 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\PeerNetworking [2010.01.14 21:00:53 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Printer Info Cache [2010.05.07 19:07:01 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Real [2010.07.18 08:02:11 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Registry Booster [2010.01.21 08:06:45 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Registry Mechanic [2008.08.26 05:06:32 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Shareaza [2009.03.03 19:50:43 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Simply Super Software [2010.08.15 08:35:40 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Skype [2010.08.15 08:27:12 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\skypePM [2007.03.29 20:48:55 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Sun [2008.02.09 15:47:56 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Talkback [2011.01.15 01:41:30 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\TeamViewer [2008.02.29 16:24:02 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\TuneUp Software [2010.01.23 09:24:53 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Uniblue [2010.02.04 01:27:10 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Web Page Maker [2009.01.21 17:11:01 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Windows Live Writer [2007.12.18 17:27:53 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Yahoo! < %APPDATA%\*.exe /s > [2007.05.08 21:29:03 | 026,598,760 | ---- | M] (Adobe Systems Inc ) -- C:\Users\Andreas\AppData\Roaming\Adobe\Acrobat\7.0\Updater\Ac705PrP_efgj.exe [2007.05.06 10:04:02 | 005,214,208 | ---- | M] ( ) -- C:\Users\Andreas\AppData\Roaming\Adobe\Acrobat\7.0\Updater\AdbeRdr709_en_US.exe [2008.09.11 13:46:15 | 013,505,768 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airinstaller1x0\airinstaller1x0.exe [2007.04.09 17:13:00 | 000,025,214 | R--- | M] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Installer\{2CF2D7F1-73A0-4D5D-85E6-A49AECF67B15}\_963318B54532554E2BCCC4.exe [2007.04.09 17:13:00 | 000,025,214 | R--- | M] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Installer\{2CF2D7F1-73A0-4D5D-85E6-A49AECF67B15}\_B4BEDDCA51A0D19F96C44A.exe [2010.04.27 00:48:27 | 000,454,838 | R--- | M] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Installer\{51E4FE53-D6B0-43A0-B98C-7DE233D53EAB}\_79EA6093CDC1C8B67BF4A7.exe [2010.04.27 00:48:27 | 000,454,838 | R--- | M] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Installer\{51E4FE53-D6B0-43A0-B98C-7DE233D53EAB}\_B2A5E32828760C880D7C1D.exe [2010.05.07 18:58:44 | 000,738,824 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Andreas\AppData\Roaming\Real\RealPlayer\setup\AU_setup20100217.exe [2010.01.21 08:35:21 | 003,175,784 | ---- | M] (Uniblue Systems Ltd ) -- C:\Users\Andreas\AppData\Roaming\Uniblue\RegistryBooster 2010\_temp\ub.exe [2010.04.21 00:55:12 | 004,004,960 | ---- | M] (Uniblue Systems Ltd ) -- C:\Users\Andreas\AppData\Roaming\Uniblue\RegistryBooster\_temp\ub.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.02.15 20:20:16 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008.02.15 20:20:16 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008.02.15 20:20:15 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2007.10.12 01:39:28 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe [2007.10.12 01:39:28 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe [2008.01.19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTORV.SYS > [2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2007.04.04 08:40:21 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll [2007.04.04 08:40:21 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.04.11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll [2009.04.11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll < > ========== Alternate Data Streams ========== @Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:8FF81EB0 @Alternate Data Stream - 185 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 16 bytes -> C:\Users\Andreas\Downloads\Documents\Shareaza Downloads:Shareaza.GUID @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:D1B5B4F1 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:CB0AACC9 @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A8ADE5D8 < End of report > danke im voraus ! |
|
12.02.2011, 16:22
| #4 |
| /// Malware-holic | falsche goggle-startseite bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.02.2011, 19:50
| #5 |
| | falsche goggle-startseite Combofix Logfile: Code:
ATTFilter ComboFix 11-02-11.02 - Andreas 12.02.2011 17:10:47.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.43.1031.18.1021.291 [GMT 1:00]
ausgeführt von:: c:\users\Andreas\Desktop\ComboFix.exe
AV: AVG Internet Security *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\hpe1ADD.dll
c:\programdata\hpe2138.dll
c:\programdata\mazuki.dll
c:\users\Andreas\AppData\Roaming\AD ON Multimedia
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\CKnWFfhk.ini
c:\windows\system32\DeeOqBeg.ini
c:\windows\system32\EeKUFfhk.ini
c:\windows\system32\IhghhiPo.ini
c:\windows\system32\IRCIOqss.ini
c:\windows\system32\KkjlmUvw.ini
c:\windows\system32\sDJPAcfe.ini
c:\windows\system32\system
.
((((((((((((((((((((((( Dateien erstellt von 2011-01-12 bis 2011-02-12 ))))))))))))))))))))))))))))))
.
2011-02-12 16:23 . 2011-02-12 16:30 -------- d-----w- c:\users\Andreas\AppData\Local\temp
2011-02-12 10:20 . 2011-02-12 10:20 -------- d-----w- c:\users\Andreas\AppData\Local\AskToolbar
2011-02-12 10:01 . 2011-02-12 10:01 -------- d-----w- c:\windows\Java
2011-02-12 10:01 . 2010-08-22 13:48 114176 ----a-w- c:\windows\system32\PCWizard.cpl
2011-02-12 10:01 . 2011-02-12 10:01 -------- dc----w- c:\program files\CPUID
2011-02-12 10:01 . 2011-02-12 10:01 -------- dc----w- c:\program files\Ask.com
2011-02-12 09:40 . 2011-02-12 09:40 -------- dc----w- c:\program files\Feedback Tool
2011-02-09 15:01 . 2010-12-31 13:57 2039808 ----a-w- c:\windows\system32\win32k.sys
2011-02-09 14:59 . 2011-01-20 16:06 2873344 ----a-w- c:\windows\system32\mf.dll
2011-02-09 14:59 . 2011-01-20 16:08 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-02-09 14:59 . 2011-01-20 16:08 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-02-09 14:59 . 2011-01-20 14:26 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-02-09 14:59 . 2011-01-20 16:08 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-02-09 14:59 . 2011-01-20 14:11 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-02-09 14:59 . 2011-01-20 16:07 586240 ----a-w- c:\windows\system32\stobject.dll
2011-02-09 14:59 . 2011-01-20 16:04 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-02-09 14:59 . 2011-01-20 16:07 37376 ----a-w- c:\windows\system32\cdd.dll
2011-02-09 14:59 . 2011-01-20 16:04 98816 ----a-w- c:\windows\system32\mfps.dll
2011-02-09 14:59 . 2011-01-20 16:07 258048 ----a-w- c:\windows\system32\winspool.drv
2011-02-09 14:59 . 2011-01-20 16:06 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-02-09 14:50 . 2011-01-08 06:28 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 14:49 . 2011-01-08 08:47 34304 ----a-w- c:\windows\system32\atmlib.dll
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-30 06:57 . 2010-01-02 09:34 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-12-28 15:55 . 2011-01-12 02:08 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-20 17:09 . 2010-01-19 06:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-01-19 06:58 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-14 14:49 . 2011-01-12 02:08 1169408 ----a-w- c:\windows\system32\sdclt.exe
2009-11-17 13:01 . 2010-08-03 12:18 1456640 ----a-w- c:\program files\Common Files\Falk Navi-Manager.msi
.
|
|
12.02.2011, 20:05
| #6 |
| /// Malware-holic | falsche goggle-startseite
__________________ --> falsche goggle-startseite |
|
12.02.2011, 20:34
| #7 |
| | falsche goggle-startseite Combofix Logfile: Code:
ATTFilter ComboFix 11-02-11.02 - Andreas 12.02.2011 17:10:47.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.43.1031.18.1021.291 [GMT 1:00]
ausgeführt von:: c:\users\Andreas\Desktop\ComboFix.exe
AV: AVG Internet Security *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\hpe1ADD.dll
c:\programdata\hpe2138.dll
c:\programdata\mazuki.dll
c:\users\Andreas\AppData\Roaming\AD ON Multimedia
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\CKnWFfhk.ini
c:\windows\system32\DeeOqBeg.ini
c:\windows\system32\EeKUFfhk.ini
c:\windows\system32\IhghhiPo.ini
c:\windows\system32\IRCIOqss.ini
c:\windows\system32\KkjlmUvw.ini
c:\windows\system32\sDJPAcfe.ini
c:\windows\system32\system
.
((((((((((((((((((((((( Dateien erstellt von 2011-01-12 bis 2011-02-12 ))))))))))))))))))))))))))))))
.
2011-02-12 16:23 . 2011-02-12 16:30 -------- d-----w- c:\users\Andreas\AppData\Local\temp
2011-02-12 10:20 . 2011-02-12 10:20 -------- d-----w- c:\users\Andreas\AppData\Local\AskToolbar
2011-02-12 10:01 . 2011-02-12 10:01 -------- d-----w- c:\windows\Java
2011-02-12 10:01 . 2010-08-22 13:48 114176 ----a-w- c:\windows\system32\PCWizard.cpl
2011-02-12 10:01 . 2011-02-12 10:01 -------- dc----w- c:\program files\CPUID
2011-02-12 10:01 . 2011-02-12 10:01 -------- dc----w- c:\program files\Ask.com
2011-02-12 09:40 . 2011-02-12 09:40 -------- dc----w- c:\program files\Feedback Tool
2011-02-09 15:01 . 2010-12-31 13:57 2039808 ----a-w- c:\windows\system32\win32k.sys
2011-02-09 14:59 . 2011-01-20 16:06 2873344 ----a-w- c:\windows\system32\mf.dll
2011-02-09 14:59 . 2011-01-20 16:08 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-02-09 14:59 . 2011-01-20 16:08 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-02-09 14:59 . 2011-01-20 14:26 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-02-09 14:59 . 2011-01-20 16:08 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-02-09 14:59 . 2011-01-20 14:11 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-02-09 14:59 . 2011-01-20 16:07 586240 ----a-w- c:\windows\system32\stobject.dll
2011-02-09 14:59 . 2011-01-20 16:04 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-02-09 14:59 . 2011-01-20 16:07 37376 ----a-w- c:\windows\system32\cdd.dll
2011-02-09 14:59 . 2011-01-20 16:04 98816 ----a-w- c:\windows\system32\mfps.dll
2011-02-09 14:59 . 2011-01-20 16:07 258048 ----a-w- c:\windows\system32\winspool.drv
2011-02-09 14:59 . 2011-01-20 16:06 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-02-09 14:50 . 2011-01-08 06:28 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 14:49 . 2011-01-08 08:47 34304 ----a-w- c:\windows\system32\atmlib.dll
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-30 06:57 . 2010-01-02 09:34 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-12-28 15:55 . 2011-01-12 02:08 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-20 17:09 . 2010-01-19 06:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-01-19 06:58 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-14 14:49 . 2011-01-12 02:08 1169408 ----a-w- c:\windows\system32\sdclt.exe
2009-11-17 13:01 . 2010-08-03 12:18 1456640 ----a-w- c:\program files\Common Files\Falk Navi-Manager.msi
.
|
|
12.02.2011, 22:21
| #8 |
| | falsche goggle-startseite 2011-02-12 16:34:43 . 2011-02-12 16:34:43 602 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-AVG Anti-Spyware Guard.reg.dat 2011-02-12 16:34:43 . 2011-02-12 16:34:43 602 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-AVG Anti-Spyware Driver.reg.dat 2011-02-12 16:19:55 . 2011-02-12 16:19:55 21,423 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg 2011-02-12 16:02:50 . 2011-02-12 16:10:47 113 -c--a-w- C:\Qoobox\Quarantine\catchme.log 2010-02-03 16:14:04 . 2010-02-03 16:14:04 34,308 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\mazuki.dll.vir 2010-01-08 03:29:53 . 2010-01-08 03:29:53 20 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\SYSTEM.vir 2009-08-09 14:32:02 . 2009-08-09 14:32:02 148,736 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\hpe2138.dll.vir 2009-08-09 11:36:12 . 2009-08-09 11:36:12 148,736 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\hpe1ADD.dll.vir 2008-07-02 06:25:29 . 2008-07-02 06:31:34 450,542 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\DeeOqBeg.ini.vir 2008-07-01 23:53:16 . 2008-07-01 23:59:21 450,542 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\sDJPAcfe.ini.vir 2008-07-01 19:12:39 . 2008-07-02 13:25:25 451,844 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\CKnWFfhk.ini.vir 2008-07-01 08:25:16 . 2008-07-01 08:27:32 450,438 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\EeKUFfhk.ini.vir 2008-07-01 00:55:56 . 2008-07-01 07:21:14 451,035 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\KkjlmUvw.ini.vir 2008-06-30 22:27:13 . 2008-06-30 22:29:36 450,404 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\IRCIOqss.ini.vir 2008-06-29 06:24:20 . 2008-06-29 18:13:34 450,999 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\IhghhiPo.ini.vir 2007-04-24 12:11:14 . 2007-04-24 12:11:14 365 ----a-w- C:\Qoobox\Quarantine\C\Windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf.vir |
|
13.02.2011, 11:39
| #9 |
| /// Malware-holic | falsche goggle-startseite ich sprach aber von gmer :-)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.02.2011, 14:27
| #10 |
| | falsche goggle-startseite werde mich bemühen exakter zu lesen  ------------------------------------------------------- der scan hat bei mir anders als in der beschreibung ausgesehen ? ------------------------------------------------------- GMER 1.0.15.15530 - hxxp://www.gmer.net Rootkit quick scan 2011-02-13 14:22:40 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1600BEVS-22RST0 rev.04.01G04 Running: 0pue0lqr.exe; Driver: C:\Users\Andreas\AppData\Local\Temp\kwlyrpob.sys ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis) AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) ---- EOF - GMER 1.0.15 ---- |
|
13.02.2011, 14:37
| #11 |
| /// Malware-holic | falsche goggle-startseite gibts immernoch probleme mit google? kannst du falls ja, mal die url aus der adress leiste posten bitte?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet Geändert von markusg (13.02.2011 um 14:43 Uhr) |
|
13.02.2011, 20:04
| #12 |
| | falsche goggle-startseite nein geht leider immer noch nicht, ist noch das komische bild da, dass ich sonst bei der selben url nicht sehe, also hats da was..... was mich auch noch stutzig macht - rechts oben neben i-google steht "mesut.1907fb@live.at" hxxp://www.google.at/ tut mir leid, dass es so lange gedauert hat, aber ich habe lange nicht gesehen, dass es eine seite 2 gibt :-) |
|
13.02.2011, 20:07
| #13 |
| /// Malware-holic | falsche goggle-startseite du hast nur den GMER quick scan gemacht sehe ich grad, bitte die ganze anleitung abarbeiten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.02.2011, 21:15
| #14 |
| | falsche goggle-startseite url geht immer nocht nicht normal, scan hat jetzt wesendlich länger gedauert, danke, dass dudir so viel zeit nimmst ! ---------------------------------------------------------------------- GMER Logfile: Code:
ATTFilter GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2011-02-13 21:11:34
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1600BEVS-22RST0 rev.04.01G04
Running: 0pue0lqr.exe; Driver: C:\Users\Andreas\AppData\Local\Temp\kwlyrpob.sys
---- Kernel code sections - GMER 1.0.15 ----
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8E408340, 0x292427, 0xE8000020]
PAGE spsys.sys!?SPVersion@@3PADA + 1ABF A678403F 110 Bytes [8B, FF, 55, 8B, EC, 8B, 45, ...]
PAGE spsys.sys!?SPVersion@@3PADA + 1B2F A67840AF 1 Byte [16]
PAGE spsys.sys!?SPVersion@@3PADA + 1B2F A67840AF 128 Bytes [16, 3B, C8, 75, E2, B0, 01, ...]
PAGE spsys.sys!?SPVersion@@3PADA + 1BB0 A6784130 6 Bytes [0E, 83, 78, 14, 01, 75]
PAGE spsys.sys!?SPVersion@@3PADA + 1BB7 A6784137 2298 Bytes [83, 78, 18, 37, 75, 02, B3, ...]
PAGE ...
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [732D7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7332A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [732DBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [732CF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [732D75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [732CE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73308395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [732DDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [732CFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [732CFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [732C71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7335CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [732FC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [732CD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [732C6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [732C687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [732D2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis)
Device \Driver\BTHUSB \Device\00000082 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000084 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272cf2ee9
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272cf2ee9@001a75ec0447 0xEB 0x84 0xC2 0x43 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272cf2ee9@0018139fdffe 0x64 0xF0 0x6D 0xF7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd60f197
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd60f197@0018139fdffe 0xAD 0x77 0xFC 0xD5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd60f197@002243e16d49 0x39 0x4C 0x6D 0xEB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd60f197@0024ef868850 0x3B 0xEB 0x39 0xC4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd60f197@58170cf129a4 0x38 0xD1 0x2E 0xE5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd60f197@38e7d8261ebb 0xBF 0x15 0x03 0x93 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000272cf2ee9 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000272cf2ee9@001a75ec0447 0xEB 0x84 0xC2 0x43 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000272cf2ee9@0018139fdffe 0x64 0xF0 0x6D 0xF7 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0009dd60f197 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0009dd60f197@0018139fdffe 0xAD 0x77 0xFC 0xD5 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0009dd60f197@002243e16d49 0x39 0x4C 0x6D 0xEB ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0009dd60f197@0024ef868850 0x3B 0xEB 0x39 0xC4 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0009dd60f197@58170cf129a4 0x38 0xD1 0x2E 0xE5 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0009dd60f197@38e7d8261ebb 0xBF 0x15 0x03 0x93 ...
---- EOF - GMER 1.0.15 ----
|
|
13.02.2011, 21:19
| #15 |
| /// Malware-holic | falsche goggle-startseite nutze mal cureit http://www.trojaner-board.de/59299-a...eb-cureit.html anders als beschrieben im normalen modus nutzen, alle programme abschalten. dann die funde posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu falsche goggle-startseite |
| adobe, anti maleware, avg, bho, bonjour, converter, download, explorer, falsche seite, firewall, hijack, hijackthis, internet, internet explorer, maleware, media center, microsoft, mp3, object, pdf, plug-in, problem, registry, scan, software, system, vista, windows, wmp |
Linear-Darstellung
