tr/kazy.mekml.1 weitgehend entfernt - nur die becks-werbung geht nicht weg...

Blenco · 23.04.2011, 10:24

grüß gott:

ich hab mir gestern diese fake windows recovery eingegangen und konnte die exes im abgesicherten modus löschen, mit unhide meine dateien wieder sichtbar machen und auch den run-eintrag und mehrere aus der registry. das system sieht wieder normal aus und verhält sich auch normal - BLOSS das unmotivierte abspielen der becks-werbung ist immer noch da, und zwar sobald ein programm (ie, thunderbird) geöffnet wird, daß die internetverbindung nutzt. avira antivir personal free antivirus, spy-bot search&destroy, malwarebytes Anti-Malware und co. finden alle nix mehr - was hab ich übersehen?

hier noch die report von malwarebytes (zuerst) und otl (erst der normale und dann extras):

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6424

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

23.04.2011 11:24:26
mbam-log-2011-04-23 (11-24-26).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 171191
Laufzeit: 9 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 23.04.2011 11:13:37 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Blenco\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 85,71 Gb Total Space | 22,39 Gb Free Space | 26,12% Space Free | Partition Type: NTFS
Drive E: | 29,79 Gb Total Space | 2,16 Gb Free Space | 7,24% Space Free | Partition Type: FAT32
Drive M: | 29,79 Gb Total Space | 27,96 Gb Free Space | 93,86% Space Free | Partition Type: NTFS
 
Computer Name: VGNTZ11VN | User Name: Blenco | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Blenco\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited)
PRC - C:\Program Files\Extended\ADS9.0\Server\ADS.EXE (iAnywhere Solutions, Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\Apntex.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\ApMsgFwd.exe (Alps Electric Co., Ltd.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Blenco\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\davclnt.dll (Microsoft Corporation)
MOD - C:\Windows\System32\ntlanman.dll (Microsoft Corporation)
MOD - C:\Windows\System32\drprov.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (CLTNetCnService) -- File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (WiselinkPro) -- C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe ()
SRV - (Advantage) -- C:\Program Files\Extended\ADS9.0\Server\ADS.EXE (iAnywhere Solutions, Inc.)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (VAIO Event Service) -- C:\Program Files\sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (avmaura) -- C:\Windows\System32\drivers\avmaura.sys (AVM Berlin)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (Beep) -- C:\Windows\System32\beep.sys (Microsoft Corporation)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (CBUSB) -- C:\Windows\System32\drivers\CBUSB.sys (MARX CryptoTech LP)
DRV - (SonyImgF) -- C:\Windows\System32\drivers\SonyImgF.sys (Sony Corporation)
DRV - (R5U870FLx86) -- C:\Windows\System32\drivers\R5U870FLx86.sys (Ricoh)
DRV - (R5U870FUx86) -- C:\Windows\System32\drivers\R5U870FUx86.sys (Ricoh)
DRV - (risdptsk) -- C:\Windows\system32\drivers\risdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (shpf) -- C:\Windows\system32\DRIVERS\shpf.sys (Sony Corporation)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (SNC) -- C:\Windows\System32\drivers\SonyNC.sys (Sony Corporation)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation)
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (SPI) -- C:\Windows\System32\drivers\SonyPI.sys (Sony Corporation)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (usbio) USBIO Driver (usbio.sys) -- C:\Windows\System32\drivers\usbio.sys (Thesycon GmbH, Germany)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Blenco\Desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/search?hl=de&safe=off&rlz=1T4SNYK_deDE323DE323&q=film+seminare&meta=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:4001
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {58D4392A-842E-11DE-B51A-C7B855D89593}:1.2.4
FF - prefs.js..extensions.enabledItems: de_DE@dicts.j3e.de:20110321
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:5.0.1
FF - prefs.js..extensions.enabledItems: {2ab1b709-ba03-4361-abf9-c50b964ff75d}:1.6.6
FF - prefs.js..extensions.enabledItems: {f6090211-2004-44d8-9090-be3c2adfd66f}:0.7.3
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{5FE7198A-5950-4068-9FBF-1A60395CC4E9}: C:\Program Files\1&1\1&1 SoftPhone\Firefox [2008.10.03 08:10:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.03.10 22:10:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010.11.14 18:51:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Blenco\AppData\Roaming\mozilla\Extensions
[2010.11.13 18:34:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Blenco\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.11.16 08:57:48 | 000,000,000 | ---D | M] (Signature Switch) -- C:\USERS\BLENCO\APPDATA\ROAMING\THUNDERBIRD\PROFILES\CS0V97IZ.DEFAULT\EXTENSIONS\{2AB1B709-BA03-4361-ABF9-C50B964FF75D}
[2010.11.14 17:37:55 | 000,000,000 | ---D | M] (CompactHeader) -- C:\USERS\BLENCO\APPDATA\ROAMING\THUNDERBIRD\PROFILES\CS0V97IZ.DEFAULT\EXTENSIONS\{58D4392A-842E-11DE-B51A-C7B855D89593}
[2011.03.23 10:24:46 | 000,000,000 | ---D | M] (Change quote and reply format) -- C:\USERS\BLENCO\APPDATA\ROAMING\THUNDERBIRD\PROFILES\CS0V97IZ.DEFAULT\EXTENSIONS\{F6090211-2004-44D8-9090-BE3C2ADFD66F}
[2011.03.24 22:50:52 | 000,000,000 | ---D | M] (WÃ¶rterbuch Deutsch (de-DE), Hunspell-unterstÃ¼tzt) -- C:\USERS\BLENCO\APPDATA\ROAMING\THUNDERBIRD\PROFILES\CS0V97IZ.DEFAULT\EXTENSIONS\DE_DE@DICTS.J3E.DE
[2010.11.14 17:37:48 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\USERS\BLENCO\APPDATA\ROAMING\THUNDERBIRD\PROFILES\CS0V97IZ.DEFAULT\EXTENSIONS\EN-US@DICTIONARIES.ADDONS.MOZILLA.ORG
 
O1 HOSTS File: ([2009.07.09 22:01:33 | 000,317,142 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    www.0scan.com
O1 - Hosts: 127.0.0.1    0scan.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    www.100sexlinks.com
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.10sek.com
O1 - Hosts: 127.0.0.1    123topsearch.com
O1 - Hosts: 127.0.0.1    www.123topsearch.com
O1 - Hosts: 127.0.0.1    132.com
O1 - Hosts: 127.0.0.1    www.132.com
O1 - Hosts: 127.0.0.1    www.136136.net
O1 - Hosts: 10881 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Auto Run Software for Photo Frame] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [zinit32] C:\Windows\zinit32.exe (Agenda Informationssysteme GmbH & Co. KG)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Auto Run Software for Photo Frame] File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Program Files\FlashGet\jc_all.htm ()
O8 - Extra context menu item: &Mit FlashGet laden - C:\Program Files\FlashGet\jc_link.htm ()
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8 - Extra context menu item: In 1&&1 SoftPhone wählen - C:\ProgramData\1&1\1&1 SoftPhone\ContextMenuHandler.html ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: chefkoch.de ([www] http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Domains: kaliber35.de ([www] http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: save.tv ([www] http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: snapfisch.de ([www] http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: tvinfo.de ([www] http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: videoload.de ([]http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: xing.com ([www] https in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Ranges: Range78 ([*] in Lokales Intranet)
O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} Reg Error: Value error. (StreamPlug Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://webzugang.brnet.de/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\cf - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img3.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img3.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0e4ee841-17f1-11dd-bb60-0013a9fc342a}\Shell - "" = AutoRun
O33 - MountPoints2\{0e4ee841-17f1-11dd-bb60-0013a9fc342a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{0f1156e4-13f5-11dd-a18c-0013a9fc342a}\Shell - "" = AutoRun
O33 - MountPoints2\{0f1156e4-13f5-11dd-a18c-0013a9fc342a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{156358e6-cfe0-11df-ab15-0013a9fc342a}\Shell - "" = AutoRun
O33 - MountPoints2\{156358e6-cfe0-11df-ab15-0013a9fc342a}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{78a5343d-0f7c-11dd-9e72-0013a9fc342a}\Shell - "" = AutoRun
O33 - MountPoints2\{78a5343d-0f7c-11dd-9e72-0013a9fc342a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{78a53453-0f7c-11dd-9e72-0013a9fc342a}\Shell - "" = AutoRun
O33 - MountPoints2\{78a53453-0f7c-11dd-9e72-0013a9fc342a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{892d5871-8e4f-11de-aedc-001bfb189c71}\Shell - "" = AutoRun
O33 - MountPoints2\{892d5871-8e4f-11de-aedc-001bfb189c71}\Shell\AutoRun\command - "" = H:\Install.exe
O33 - MountPoints2\{8fa70673-8ff0-11de-b4dd-001bfb189c71}\Shell - "" = AutoRun
O33 - MountPoints2\{8fa70673-8ff0-11de-b4dd-001bfb189c71}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{b7915a4b-d610-11dc-a76f-897418141781}\Shell\AutoRun\command - "" = G:\TrueCrypt\TrueCrypt.exe /q /a /e /cy /m rm /v "._tmp"
O33 - MountPoints2\{b7915a4b-d610-11dc-a76f-897418141781}\Shell\dismount\command - "" = G:\TrueCrypt\TrueCrypt.exe /q /d
O33 - MountPoints2\{b7915a4b-d610-11dc-a76f-897418141781}\Shell\mount\command - "" = G:\TrueCrypt\TrueCrypt.exe /q /a /e /cy /m rm /v "._tmp"
O33 - MountPoints2\{b7915a4b-d610-11dc-a76f-897418141781}\Shell\open\command - "" = G:\TrueCrypt\TrueCrypt.exe /e /cy /m rm /v "._tmp"
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 7 Days ==========
 
[2011.04.23 11:03:06 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Blenco\Desktop\OTL.exe
[2011.04.23 09:46:23 | 000,000,000 | ---D | C] -- C:\Users\Blenco\AppData\Roaming\Malwarebytes
[2011.04.23 09:46:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.04.23 09:46:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.04.23 09:46:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.04.23 02:42:47 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\beep.sys
[2011.04.21 18:45:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
 
========== Files - Modified Within 7 Days ==========
 
[2011.04.23 11:18:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.23 11:02:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Blenco\Desktop\OTL.exe
[2011.04.23 10:19:12 | 000,000,194 | ---- | M] () -- C:\Windows\Aroey95.ini
[2011.04.23 10:18:55 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.23 10:18:54 | 000,003,680 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.23 10:18:54 | 000,003,680 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.23 10:18:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.23 09:29:57 | 193,546,659 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.04.23 03:31:56 | 000,000,136 | ---- | M] () -- C:\ProgramData\~42786568r
[2011.04.23 03:31:56 | 000,000,120 | ---- | M] () -- C:\ProgramData\~42786568
[2011.04.21 14:10:12 | 000,383,395 | ---- | M] () -- C:\Users\Blenco\jap.conf
 
========== Files Created - No Company Name ==========
 
[2011.04.23 09:29:57 | 193,546,659 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.04.23 03:07:36 | 000,000,136 | ---- | C] () -- C:\ProgramData\~42786568r
[2011.04.23 03:07:36 | 000,000,120 | ---- | C] () -- C:\ProgramData\~42786568
[2011.04.05 09:45:50 | 000,000,680 | ---- | C] () -- C:\Users\Blenco\AppData\Local\d3d9caps.dat
[2010.12.23 00:55:23 | 000,000,089 | ---- | C] () -- C:\Windows\ULead32.ini
[2010.11.29 17:47:03 | 000,000,057 | ---- | C] () -- C:\Windows\ADS.ini
[2010.11.29 17:42:06 | 000,000,194 | ---- | C] () -- C:\Windows\Aroey95.ini
[2010.10.11 08:25:58 | 000,244,984 | ---- | C] () -- C:\Windows\TUTIL32.DLL
[2010.10.11 08:24:48 | 001,573,888 | ---- | C] () -- C:\Windows\System32\wertzu80.dll
[2010.10.11 08:24:47 | 000,791,552 | ---- | C] () -- C:\Windows\System32\wertzu125.dll
[2010.10.11 08:16:38 | 000,069,632 | ---- | C] () -- C:\Windows\System32\ODMA32.DLL
[2010.10.02 12:05:31 | 000,081,920 | ---- | C] () -- C:\Users\Blenco\AppData\Roaming\fontdb.mdb
[2010.10.01 07:19:45 | 000,000,065 | ---- | C] () -- C:\Windows\System32\bd7820n.dat
[2010.09.22 09:15:44 | 000,000,000 | ---- | C] () -- C:\Windows\FAKT.INI
[2010.07.20 13:29:15 | 000,000,000 | ---- | C] () -- C:\Windows\Fibu.INI
[2010.06.22 16:15:49 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2010.02.22 09:57:45 | 000,004,096 | ---- | C] () -- C:\Users\Blenco\AppData\Local\keyfile3.drm
[2009.09.20 11:12:35 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009.09.11 08:55:21 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.09.11 08:55:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.11 08:53:22 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.07.28 11:39:08 | 000,000,056 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009.01.14 16:54:24 | 000,038,422 | ---- | C] () -- C:\Users\Blenco\AppData\Roaming\Kommagetrennte Werte (DOS).ADR
[2008.10.03 08:10:15 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008.09.24 14:48:30 | 000,024,376 | ---- | C] () -- C:\Windows\System32\TALDM32A.dll
[2008.09.24 14:48:30 | 000,022,832 | ---- | C] () -- C:\Windows\System32\TALDM32.DLL
[2008.09.24 14:48:28 | 000,052,536 | ---- | C] () -- C:\Windows\System32\TAL12832.DLL
[2008.09.24 14:48:26 | 000,075,576 | ---- | C] () -- C:\Windows\System32\ENCODE32.DLL
[2008.09.15 20:00:52 | 000,000,547 | ---- | C] () -- C:\Windows\Flasher.INI
[2008.07.25 23:22:02 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.07.09 19:22:36 | 000,042,296 | ---- | C] () -- C:\Windows\System32\SBSPAINT.DLL
[2008.07.09 19:22:34 | 000,255,288 | ---- | C] () -- C:\Windows\System32\SBSPAIN3.DLL
[2008.07.09 19:22:32 | 000,050,488 | ---- | C] () -- C:\Windows\System32\SBSPAIN2.DLL
[2008.06.26 09:56:58 | 000,022,230 | ---- | C] () -- C:\Users\Blenco\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2008.02.11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008.01.12 16:24:56 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2008.01.02 17:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2007.12.07 00:32:22 | 000,022,231 | ---- | C] () -- C:\Users\Blenco\AppData\Roaming\Tabulatorgetrennte Werte (Windows).ADR
[2007.11.19 22:15:56 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin
[2007.11.16 12:34:29 | 000,000,199 | ---- | C] () -- C:\Users\Blenco\AppData\Roaming\Digital TV Script Preferences
[2007.11.07 19:00:09 | 000,022,220 | ---- | C] () -- C:\Users\Blenco\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2007.11.07 19:00:02 | 000,000,130 | ---- | C] () -- C:\Windows\ODBC.INI
[2007.10.18 10:12:20 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1350.dll
[2007.09.14 13:27:27 | 000,003,333 | ---- | C] () -- C:\Windows\tm.ini
[2007.09.09 21:31:27 | 000,000,182 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2007.08.31 19:01:36 | 000,000,000 | ---- | C] () -- C:\Windows\Softbuch.INI
[2007.08.24 19:46:48 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll
[2007.08.22 21:15:07 | 000,000,134 | ---- | C] () -- C:\Windows\wininit.ini
[2007.08.11 00:25:20 | 000,018,944 | ---- | C] () -- C:\Windows\eraser.exe
[2007.08.08 08:19:25 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CBNDLL.DLL
[2007.08.08 01:00:24 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2007.08.07 23:47:04 | 000,150,016 | ---- | C] () -- C:\Users\Blenco\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.08.07 23:45:01 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2007.08.07 23:43:26 | 000,000,225 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2007.08.07 23:43:26 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2007.08.07 23:25:39 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007.06.19 19:42:45 | 000,532,480 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Sony.dll
[2007.04.13 09:34:10 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2007.04.12 22:17:44 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1151.dll
[2007.03.19 01:16:58 | 000,011,264 | ---- | C] () -- C:\Windows\System32\sssegfilter.dll
[2007.03.19 01:16:54 | 000,217,088 | ---- | C] () -- C:\Windows\System32\ssminidriver.dll
[2007.03.19 01:16:50 | 000,027,136 | ---- | C] () -- C:\Windows\System32\ssimgfilter.dll
[2007.03.19 01:16:40 | 000,010,752 | ---- | C] () -- C:\Windows\System32\sserrhandler.dll
[2007.01.15 10:52:20 | 000,022,723 | ---- | C] () -- C:\Windows\System32\cx21sl3.dll
[2006.11.02 17:42:41 | 000,632,530 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:42:41 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:42:41 | 000,127,548 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:42:41 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:43 | 002,376,808 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 12:33:01 | 000,599,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,105,192 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.06.23 13:38:22 | 000,036,864 | ---- | C] () -- C:\Windows\System32\OrdMen.dll
 
========== LOP Check ==========
 
[2007.09.28 09:30:50 | 000,000,000 | ---D | M] -- C:\Users\Blenco\AppData\Roaming\1&1
[2009.06.11 16:55:00 | 000,000,000 | ---D | M] -- C:\Users\Blenco\AppData\Roaming\Blackberry Desktop
[2010.10.02 12:20:23 | 000,000,000 | ---D | M] -- C:\Users\Blenco\AppData\Roaming\BorWare
[2007.12.04 22:50:44 | 000,000,000 | ---D | M] -- C:\Users\Blenco\AppData\Roaming\CCleanup
[2009.01.28 17:24:57 | 000,000,000 | ---D | M] -- C:\Users\Blenco\AppData\Roaming\DAEMON Tools
[2009.01.28 18:14:39 | 000,000,000 | ---D | M] -- C:\Users\Blenco\AppData\Roaming\DAEMON Tools Lite
[2009.01.28 17:24:56 | 000,000,000 | ---D | M] -- C:\Users\Blenco\AppData\Roaming\DAEMON Tools Pro
[2007.11.16 12:35:08 | 000,000,000 | ---D | M] -- C:\Users\Blenco\AppData\Roaming\Digital TV Script
[2011.02.17 15:01:11 | 000,000,000 | ---D | M] -- C:\Users\Blenco\AppData\Roaming\Dropbox
[2010.03.15 12:11:45 | 000,000,000 | ---D | M] -- C:\Users\Blenco\AppData\Roaming\eDocPrintPro
[2011.02.16 19:51:34 | 000,000,000 | ---D | M] -- C:\Users\Blenco\AppData\Roaming\elsterformular
[2007.10.05 01:29:31 | 000,000,000 | ---D | M] -- C:\Users\Blenco\AppData\Roaming\FlashGet
[2007.08.11 20:40:32 | 000,000,000 | ---D | M] -- C:\Users\Blenco\AppData\Roaming\InterVideo
[2010.11.03 13:49:22 | 000,000,000 | ---D | M] -- C:\Users\Blenco\AppData\Roaming\JonDo
[2008.07.13 11:20:49 | 000,000,000 | ---D | M] -- C:\Users\Blenco\AppData\Roaming\Juniper Networks
[2007.11.20 05:10:59 | 000,000,000 | ---D | M] -- C:\Users\Blenco\AppData\Roaming\LinkedIn
[2008.07.02 17:59:25 | 000,000,000 | ---D | M] -- C:\Users\Blenco\AppData\Roaming\MiniDm
[2010.08.11 03:55:39 | 000,000,000 | ---D | M] -- C:\Users\Blenco\AppData\Roaming\Research In Motion
[2007.10.14 06:59:41 | 000,000,000 | ---D | M] -- C:\Users\Blenco\AppData\Roaming\saveTV
[2010.05.21 21:27:48 | 000,000,000 | ---D | M] -- C:\Users\Blenco\AppData\Roaming\ShareTV
[2010.12.07 09:17:19 | 000,000,000 | ---D | M] -- C:\Users\Blenco\AppData\Roaming\SoftGrid Client
[2010.06.12 14:15:53 | 000,000,000 | ---D | M] -- C:\Users\Blenco\AppData\Roaming\TeamDrive
[2010.09.19 13:10:34 | 000,000,000 | ---D | M] -- C:\Users\Blenco\AppData\Roaming\Thinstall
[2010.11.13 18:34:52 | 000,000,000 | ---D | M] -- C:\Users\Blenco\AppData\Roaming\Thunderbird
[2010.12.07 09:13:59 | 000,000,000 | ---D | M] -- C:\Users\Blenco\AppData\Roaming\TP
[2011.04.23 10:17:39 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
< End of report >

--- --- ---
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 23.04.2011 11:13:37 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Blenco\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 85,71 Gb Total Space | 22,39 Gb Free Space | 26,12% Space Free | Partition Type: NTFS
Drive E: | 29,79 Gb Total Space | 2,16 Gb Free Space | 7,24% Space Free | Partition Type: FAT32
Drive M: | 29,79 Gb Total Space | 27,96 Gb Free Space | 93,86% Space Free | Partition Type: NTFS
 
Computer Name: VGNTZ11VN | User Name: Blenco | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1879129682-458446916-792048273-1004]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{051E110D-A8AB-4868-AC48-EE19EF34F609}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery | 
"{53DC9C7E-C7FE-4FFE-BADE-D2A78CBCCC26}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{873188A6-13B9-4E96-8F66-DF0FFFC26A3B}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{8CA3FBFC-1D45-453B-9464-55769A38861D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8E62CF58-BF7F-4FF3-B94A-98D085DB622B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A1D23C21-935D-45FA-B6EC-7E8AE12F98E3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A3CE0E01-170D-48B4-94A4-67DFD771CD88}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{AE054DFD-1E5B-4E76-B4DD-D5589EEECF19}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery | 
"{C2EAECE0-4A9A-4DEE-B964-6B9D2D9D1188}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer | 
"{C75F1458-7276-4ABF-B337-4E819A4F22D4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DEB3ACCA-FAFA-4779-8BF0-53FD7221CE45}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{E1475ED8-8AAC-4426-AFB2-84034D55CFF0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E6088476-3211-4122-BAE4-4E6049A89397}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{000AD0A1-AA40-4260-97E6-83C700AF4F51}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{02E3A647-A020-4870-860C-B7C9A1537A0D}" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"{07B617B0-B2B7-45EB-B90F-687F03DBF26E}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe | 
"{0E54D74F-72FF-4101-9226-0FA42160541B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{16D243ED-ACE6-4261-B8D6-C4EA9B7E7713}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{17EAC4FF-88DB-4347-B056-5F48825722EC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{197FC529-CF55-4348-9D3C-E22B0F762FB3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1A7049A1-5A47-4A7B-8558-60A10922962C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2256BFA0-0183-4512-A89B-99F1A6A13B16}" = protocol=6 | dir=out | app=system | 
"{23C4AFA1-5976-49C8-9A66-E1162B2F0507}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{24669E6A-8846-4490-AAE8-781F74CFB090}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung pc share manager\http_ss_win_pro.exe | 
"{2DE41336-1D8A-4D1C-BBAB-B00FDFDEC041}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{2F2FFC7D-6D86-4939-8402-BBF47EFD471B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{32FA3EE3-BF7D-4AA7-9BA0-6238784E9268}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{360C0886-9141-4D8D-9946-B089A9CEA1ED}" = protocol=17 | dir=in | app=c:\users\blenco\appdata\local\apps\2.0\h1j39atz.5m8\x0hwwlmx.zr5\frit..tion_f8d772dfbb3f7453_0002.0001_147a792107b9f781\fritzbox-usb-fernanschluss.exe | 
"{3EB15BF3-7D8E-44CF-8B35-0BBC955FC772}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung pc share manager\http_ss_win_pro.exe | 
"{46C3FA73-28B1-420D-8D3C-FC8F695C8F63}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{47B0CDCC-F003-4DDF-BA5C-A67836F1558A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4848EF27-F4C8-4CC5-8678-80BDC9F7F28D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4F805FC4-429F-4070-8909-26EFF06B74D2}" = protocol=17 | dir=in | app=c:\users\blenco\appdata\roaming\dropbox\bin\dropbox.exe | 
"{5122B39B-8101-4410-858C-462C334B6D72}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{58E4BA80-A591-40F9-8201-AC83014B3CA0}" = protocol=6 | dir=in | app=c:\users\blenco\appdata\local\apps\2.0\h1j39atz.5m8\x0hwwlmx.zr5\frit..tion_f8d772dfbb3f7453_0002.0001_147a792107b9f781\fritzbox-usb-fernanschluss.exe | 
"{597A6296-042B-4309-8BE5-6C0ABC0042E9}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{61233A65-B43A-4037-837D-F02B37069003}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{66492B5E-E795-47C6-9518-B1DA0701EE4C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6AE0555C-931C-4BFE-8E2C-BE2FB9126A6D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6C23E08C-A583-490F-A003-6D16E889AC4E}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{74862540-08CF-4AC5-8805-01FD0DF047F4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{79EC196C-D86A-4EF3-ADA6-81D157D30491}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{8546448C-6322-424C-BD3D-EED22F432D3B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{856AE092-D1B1-4280-846C-769E80B1C349}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8E9571C7-D4FE-4DEC-ACBB-D9687325871C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9AC723FB-A19B-4B72-85BE-AC1D7E91D075}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{9E1CDA0E-35F7-48AA-ABC6-F77658D61E6B}" = protocol=17 | dir=in | app=c:\users\blenco\appdata\local\apps\2.0\h1j39atz.5m8\x0hwwlmx.zr5\frit..tion_f8d772dfbb3f7453_0002.0001_147a792107b9f781\fritzbox-usb-fernanschluss.exe | 
"{AB885FDA-BEE2-415B-9B95-6C475F399726}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{ACD2DD07-4378-486E-BC43-2ABC282CFAB7}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{B168946A-70EC-44DC-8C3E-8A1D4E194DE9}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{B42679CD-94E6-43EC-8265-D5B85148908C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B7946EAB-4F82-4C9A-BD93-D1C7AA6676A3}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{B875217B-1C94-4FFA-8E33-315319C970F3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BAAA8EFD-07E8-4E3F-86E8-FE828FAE07A0}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{BE2998FF-8889-46A5-8E3F-C8E82707F5C3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C3A7446E-13C7-477A-8AC2-7D3469C99B62}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C861731F-522B-4B0E-B6D9-3401FCB8C20C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CA273DCC-5F9B-403C-A090-816941008F38}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{D17E0278-EEF6-4DDC-9B2B-42A05A058E37}" = protocol=6 | dir=in | app=c:\users\blenco\appdata\roaming\dropbox\bin\dropbox.exe | 
"{DF1825C9-D98C-4552-B55B-55AFFD8B34DF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E254F736-2183-4620-B403-FD469FDE1240}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe | 
"{E479FE38-A8A7-4363-88AA-8EDCA5917992}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung pc share manager\wiselinkpro.exe | 
"{E6A957CB-7413-4CDF-B36B-31E2D8546901}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E6C2FFCC-4760-415B-84CF-0B1289317F6E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E8E8FF76-B32F-4AC4-8BB3-EB0B4612E78A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E8F73629-03A6-456A-8168-9808D9D08775}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F7C68908-8BB6-4679-876C-B44D47EB3FA6}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung pc share manager\wiselinkpro.exe | 
"{FC3B6406-2897-4680-8E12-8D9F50907746}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{FFBF7FC0-3E5C-49EC-A2BF-49BEBB3B8A99}" = protocol=6 | dir=in | app=c:\users\blenco\appdata\local\apps\2.0\h1j39atz.5m8\x0hwwlmx.zr5\frit..tion_f8d772dfbb3f7453_0002.0001_147a792107b9f781\fritzbox-usb-fernanschluss.exe | 
"TCP Query User{1B0A856D-4D52-4FC4-848F-394ED325A0DE}C:\program files\1&1\1&1 softphone\ipphoneui.exe" = protocol=6 | dir=in | app=c:\program files\1&1\1&1 softphone\ipphoneui.exe | 
"TCP Query User{2B2710EB-6E54-4A28-8D51-B4CE38626A58}C:\program files\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files\flashget\flashget.exe | 
"TCP Query User{341C692A-3FA7-4402-9A9C-2179DFFB3082}C:\users\blenco\appdata\local\thinstall\cache\stubs\90c81a682a0f6d78eb7dcf2d2fce2bd5bd52d\wswc.exe" = protocol=6 | dir=in | app=c:\users\blenco\appdata\local\thinstall\cache\stubs\90c81a682a0f6d78eb7dcf2d2fce2bd5bd52d\wswc.exe | 
"TCP Query User{3DA190F1-D227-495C-980E-D614DF35D1D5}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe | 
"TCP Query User{5CECBBB4-340E-4E4E-82E2-4946807AA635}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{5F33D289-6630-4865-AC12-C205DF177A0A}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{95158942-2082-4D89-B03A-34D4D29110CF}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{9ADF5715-ED43-40FA-8213-9EE41A08F7A5}C:\program files\leechftp\leechftp.exe" = protocol=6 | dir=in | app=c:\program files\leechftp\leechftp.exe | 
"TCP Query User{9CCF8069-F760-458D-98DE-BDADCE2FEC00}C:\program files\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files\flashget\flashget.exe | 
"TCP Query User{A2652D3F-5C8C-48BB-A2F7-03D7DFC8A01D}C:\program files\1&1\1&1 softphone\ipphoneui.exe" = protocol=6 | dir=in | app=c:\program files\1&1\1&1 softphone\ipphoneui.exe | 
"TCP Query User{B0B4EAA9-5BA9-4165-BEA6-394805D9F63E}C:\program files\nero\nero 7\nero showtime\showtime.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero 7\nero showtime\showtime.exe | 
"TCP Query User{D2E914B1-11F5-46E2-8868-16648A92BD38}C:\program files\leechftp\leechftp.exe" = protocol=6 | dir=in | app=c:\program files\leechftp\leechftp.exe | 
"TCP Query User{DA55CBC2-F4AD-48DD-9C40-276E2CE5C6E4}C:\program files\common files\ahead\nero web\setupx.exe" = protocol=6 | dir=in | app=c:\program files\common files\ahead\nero web\setupx.exe | 
"TCP Query User{E94ADD2E-0DCE-433C-B8E1-2475EC09AC32}C:\program files\microsoft office\office12\excel.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\excel.exe | 
"UDP Query User{026219FA-1707-4BBC-B166-9454108FBA9A}C:\program files\microsoft office\office12\excel.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\excel.exe | 
"UDP Query User{09284BF6-17FA-4CCA-802B-0F2B02F38E3F}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{1963D6C4-2BB5-4006-B15A-3E88A91AFFAA}C:\users\blenco\appdata\local\thinstall\cache\stubs\90c81a682a0f6d78eb7dcf2d2fce2bd5bd52d\wswc.exe" = protocol=17 | dir=in | app=c:\users\blenco\appdata\local\thinstall\cache\stubs\90c81a682a0f6d78eb7dcf2d2fce2bd5bd52d\wswc.exe | 
"UDP Query User{314180DE-15B7-4FA4-B49E-A03706E2DB49}C:\program files\1&1\1&1 softphone\ipphoneui.exe" = protocol=17 | dir=in | app=c:\program files\1&1\1&1 softphone\ipphoneui.exe | 
"UDP Query User{55C8A7E6-E516-4507-83A4-FA99E51F0814}C:\program files\leechftp\leechftp.exe" = protocol=17 | dir=in | app=c:\program files\leechftp\leechftp.exe | 
"UDP Query User{67B3CE1D-4BE0-42F4-ACD0-FC3EE78FFC25}C:\program files\common files\ahead\nero web\setupx.exe" = protocol=17 | dir=in | app=c:\program files\common files\ahead\nero web\setupx.exe | 
"UDP Query User{7C9DCC71-DD86-424D-BEEC-6816D6E1CCF3}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{9EAC0D42-2755-4522-A12D-65122AFD1ACA}C:\program files\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files\flashget\flashget.exe | 
"UDP Query User{A6168534-ECF0-4F78-8A42-3C189F94B614}C:\program files\leechftp\leechftp.exe" = protocol=17 | dir=in | app=c:\program files\leechftp\leechftp.exe | 
"UDP Query User{AB5754D3-C07A-4842-B14D-E469E1C8CE68}C:\program files\nero\nero 7\nero showtime\showtime.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero 7\nero showtime\showtime.exe | 
"UDP Query User{DB93E2C0-0AB5-40D7-9309-B59C85EE0CC7}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe | 
"UDP Query User{E6197AF6-1E45-4F87-8D27-5DB497C24D1D}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{E74BC214-89E1-4FBD-9B49-A243DD36D213}C:\program files\1&1\1&1 softphone\ipphoneui.exe" = protocol=17 | dir=in | app=c:\program files\1&1\1&1 softphone\ipphoneui.exe | 
"UDP Query User{EFCCA39D-4860-4D75-8E13-D5E0E4FC7FA1}C:\program files\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files\flashget\flashget.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07E78C07-ECEF-4AEF-9581-2C31A5BDA6C0}" = sipgate Faxdrucker
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent
"{1417F599-1DBD-4499-9375-B2813E9F890C}" = VAIO Camera Utility
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1A0F7DFF-6F13-458C-8EC3-5386E8C251C6}" = BlackBerry Device Software Updater
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3A23120C-CD83-4CE6-B451-C5C998052522}" = Battery Care Function
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F07C18C-6FD4-4746-A282-30D70571867C}" = Peripheral Device & Storage Media Restriction Setting Utility
"{428A6DA3-FD56-44AE-B602-15DCCD6A7515}" = VAIO AV Mode Launcher
"{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 3
"{500C3FDC-5E5F-485F-BDF5-2C445839CBE0}" = 
"{55B781F0-060E-11D4-99D7-00C04FCCB775}" = 
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{5A8A1D79-89B8-45B0-A683-631F814D8203}" = Advantage Database Server for Windows v9.0
"{5E343EF6-D27C-4CFC-9FAE-9AAFB541BCEE}" = VAIO Photo 2007
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6970AAC9-A97B-4F89-A887-2F0636791E10}" = VAIO Status Monitor
"{6D2576EC-A0E9-418A-A09A-409933A3B6F4}" = VAIO Camera Capture Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{93293322-B694-4270-B7FE-DDE1A681ACCA}" = linguatec Voice Reader
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.81
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A947C2B3-7445-42C4-9063-EE704CACCB22}" = VAIO Hardware Diagnostics
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-1033-F400-7760-000000000002}" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C183A21C-395A-490F-99D4-CCAB35E32859}" = 
"{C518C7BF-A345-4019-815B-FFDF32EBCAD9}" = VAIO HDD Protection
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF097717-F174-4144-954A-FBC4BF301031}" = Nero 7 Ultra Edition
"{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0
"{D83BD5E2-5AF4-49F6-B5C1-484A9760E73D}" = Brother MFL-Pro Suite
"{DA592460-CD51-4B46-8120-4C44BB0A2FEB}" = Stampit Business
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EC2A8F27-4FBF-4E41-B27B-FE822511B761}" = iTunes
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" = 
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FC37C108-821D-4EDE-8F40-D5B497586805}" = VAIO Control Center
"1&1 SoftPhone" = 1&1 SoftPhone
"Adobe Acrobat 7.0 Professional - EFG" = Adobe Acrobat 7.1.0 Professional - English, Français, Deutsch
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Aguninst" = Agenda Software
"Audiograbber" = Audiograbber 1.83 SE 
"Audiograbber-Lame" = Audiograbber Lame-MP3-Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"ElsterFormular für Privatanwender und Unternehmer 12.0.0.5880k" = ElsterFormular für Privatanwender und Unternehmer
"FlashGet" = FlashGet 1.9.6.1073
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"JAP" = JAP
"JuniperSetupClient Activex Control" = Juniper Networks Setup Client Activex Control
"LeechFTP" = LeechFTP 
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9)
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-13-24-01
"Philips Photo Manager_is1" = Philips Photo Manager 1.1
"Softbuch Online 2006" = Softbuch Online 2006
"Softbuch Version 2.x" = Softbuch Version 2.x
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"Ulead GIF Animator Lite Edition 1.0" = Ulead GIF Animator Lite Edition 1.0
"UMTS USB Modem Manager" = UMTS USB Modem Manager
"VLC media player" = VideoLAN VLC media player 0.8.6c
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f6791b188d8f3ff8" = AVM FRITZ!Box USB-Fernanschluss
"JuniperSetupClient" = Juniper Networks Setup Client
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 22.04.2011 21:01:42 | Computer Name = VGNTZ11VN | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 22.04.2011 21:06:53 | Computer Name = VGNTZ11VN | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 22.04.2011 21:10:20 | Computer Name = VGNTZ11VN | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung dAmLSTWYyWMb.exe, Version 1.8.0.0, Zeitstempel
0x21475346, fehlerhaftes Modul USER32.dll, Version 6.0.6002.18005, Zeitstempel 
0x49e0380e, Ausnahmecode 0xc0000409, Fehleroffset 0x00065276, Prozess-ID 0xc14, Anwendungsstartzeit
01cc0152b2abdf59.
 
Error - 22.04.2011 21:29:03 | Computer Name = VGNTZ11VN | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 22.04.2011 21:49:15 | Computer Name = VGNTZ11VN | Source = EventSystem | ID = 4609
Description = 
 
Error - 22.04.2011 22:03:25 | Computer Name = VGNTZ11VN | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 23.04.2011 03:31:51 | Computer Name = VGNTZ11VN | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 23.04.2011 03:54:39 | Computer Name = VGNTZ11VN | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 23.04.2011 04:12:22 | Computer Name = VGNTZ11VN | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 23.04.2011 04:19:37 | Computer Name = VGNTZ11VN | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ System Events ]
Error - 23.04.2011 04:11:24 | Computer Name = VGNTZ11VN | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 23.04.2011 04:11:24 | Computer Name = VGNTZ11VN | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 23.04.2011 04:12:19 | Computer Name = VGNTZ11VN | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 23.04.2011 04:13:12 | Computer Name = VGNTZ11VN | Source = WMPNetworkSvc | ID = 866312
Description = 
 
Error - 23.04.2011 04:13:12 | Computer Name = VGNTZ11VN | Source = WMPNetworkSvc | ID = 866312
Description = 
 
Error - 23.04.2011 04:19:12 | Computer Name = VGNTZ11VN | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 23.04.2011 04:19:12 | Computer Name = VGNTZ11VN | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 23.04.2011 04:19:30 | Computer Name = VGNTZ11VN | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 23.04.2011 04:19:40 | Computer Name = VGNTZ11VN | Source = WMPNetworkSvc | ID = 866312
Description = 
 
Error - 23.04.2011 04:19:40 | Computer Name = VGNTZ11VN | Source = WMPNetworkSvc | ID = 866312
Description = 
 
 
< End of report >

--- --- ---

was mir noch aufgefallen ist: ich benutze den warnton aus den behindertenoptionen, um mich vor versehentlichem aktivieren der feststellfunktion zu schützen. das geht nicht mehr und läßt sich auch nicht wieder herstellen. liegt das an der angeblich infizierten beep.sys, die ich entfernt habe? wie kriegt ich die funktion (uninfiziert) zurück?

also von "weitgehend entfernt" kann unter dem strich leider gar keine rede sein. zwar sind die sichtbaren grausamkeiten von windows recovery weg und inzwischen konnte ich auch die becks werbung killen, aber das ganze system ist umglaublich langsam und schwerfällig und der browser funkt ein ständig ein skript namens ac.php auf unterschiedlichsten servern (findboots.org, findcute.org, searchnecessary.org) an - und zwar sogar im abgesicherten modus!

ich bin da mit meinem latein am ende - kann sich das bitte mal jemand anschauen, der davon mehr versteht als ich?

1000 dank & all the best, M.

cosinus · 26.04.2011, 15:00

Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

26.04.2011, 15:00	#2
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	tr/kazy.mekml.1 weitgehend entfernt - nur die becks-werbung geht nicht weg... Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind. __________________ __________________

tr/kazy.mekml.1 weitgehend entfernt - nur die becks-werbung geht nicht weg...

Log-Analyse und Auswertung: tr/kazy.mekml.1 weitgehend entfernt - nur die becks-werbung geht nicht weg...

tr/kazy.mekml.1 weitgehend entfernt - nur die becks-werbung geht nicht weg...

tr/kazy.mekml.1 weitgehend entfernt - nur die becks-werbung geht nicht weg...

Ähnliche Themen: tr/kazy.mekml.1 weitgehend entfernt - nur die becks-werbung geht nicht weg...