|
TR/spy.729600.4 im sec takt Hallo liebe Forengemeinde Da ich sogut wie keine Ahnung von Pcs habe, wurde mir vom Kumpel nahegelegt mich an euch zu wenden. Habe folgendes problem Habe mir beim streamen nen virus eingefangen und dummerweise ueber diesen Virus nen antivirenprogramm runtergeladen,da avira antivir diesen nicht deleted (Antivirusguard welches vor systemstart laed) Liess darauf hin Spybot und Avira nach einander laufen bis sie nichts mehr fanden. Nachdem ich irgendwann auf die Idee kam (Antivirusguard) beim systemstart mit dem taskmanager zu beenden fand avira noch folgende viren Virusname Filename TR/spy.729600.4 dlo20.dll.bak findet Avira im sec takt TR/gendal.652288.1 sjaipk[1].htm TR/PSW.ldpinch.apww vvgkfy[1].htm TR/PSW.ldpinch.apww vvgkfy[1].htm TR/PSW.ldpinch.apxc jjdlsnvtov[1].htm TR/Gendal.652288.1 sjaipk[1].htm Da ich wie oben schon gesagt hab nicht wirklich ahung von pcs habe waere ich dankbar wenn man mir den Loesungsweg so einfach wie moeglich erklaert danke schonmal im vorraus greets Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:27:28, on 28.09.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\PLFSetI.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\WebCam\M3000\M3000Mnt.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Acer\Acer VCM\RS_Service.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\xxx\My Documents\Downloads\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=0xph10094425l0314wu55w57j2397s R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {B4BD1731-FC83-412B-91E0-A8ECADDD7F43} - c:\windows\system32\dlo20.dll (file missing) O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [M3000Mnt] Rundll32.exe M3000Rmv.dll ,WinMainRmv /StartStillMnt O4 - HKLM\..\Run: [PLFSetI] C:\WINDOWS\PLFSetI.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\xxx\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm O8 - Extra context menu item: S&end to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: Linked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Linked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - hxxp://download.divx.com/player/DivXBrowserPlugin.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- End of file - 7615 bytes |
Hallo und :hallo: Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
|
Danke hier schonmal die OTL logs lasse malwarebytes nochmal durchlaufen Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4712 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 28.09.2010 22:03:30 mbam-log-2010-09-28 (22-03-30).txt Scan type: Full scan (C:\|) Objects scanned: 190462 Time elapsed: 1 hour(s), 4 minute(s), 51 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) |
extras von otl OTL EXTRAS Logfile: Code: OTL Extras logfile created on: 28.09.2010 19:24:29 - Run 1========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.) "C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation) "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181) "{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{10140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14 "{10140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 14 "{10140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 14 "{10140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 14 "{10140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 14 "{10140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 14 "{10140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 14 "{10140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 14 "{10140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 14 "{10140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 14 "{10140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 14 "{10140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 14 "{10140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 14 "{10140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 14 "{10140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 14 "{10140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 14 "{10140000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 14 "{10140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 14 "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16 "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{56A648C2-D185-46A9-BBFF-78AE7A503000}" = WebCam "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{78E804CC-A148-4C8F-AD46-0B476EFE34C2}" = Microsoft Image Composite Editor "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4 "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities "{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US) "7-Zip" = 7-Zip 4.65 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "bwin Poker_is1" = bwin Poker "CCleaner" = CCleaner "DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar "EAGLE 5.10.0" = EAGLE 5.10.0 "EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.30 "Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2 "Free YouTube Download_is1" = Free YouTube Download 2.9 "HDMI" = Intel(R) Graphics Media Accelerator Driver "HijackThis" = HijackThis 2.0.2 "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10) "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 (Technical Preview) "Plus500" = Plus500 "PSpice Student" = PSpice Student 9.1 "SynTPDeinstKey" = Synaptics Pointing Device Driver "TuneUp Utilities" = TuneUp Utilities "Uninstall_is1" = Uninstall 1.0.0.1 "uTorrent" = µTorrent "Veetle TV" = Veetle TV 0.9.17 "VLC media player" = VLC media player 1.1.1 "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "Windows Media Format Runtime" = Windows Media Format Runtime "Windows Media Player" = Windows Media Player 10 "WinLiveSuite_Wave3" = Windows Live Essentials ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 28.09.2010 06:10:26 | Computer Name = KUNDI | Source = Application Error | ID = 1000 Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x0d73f840. Error - 28.09.2010 06:10:46 | Computer Name = KUNDI | Source = Application Error | ID = 1001 Description = Fault bucket 2022037742. Error - 28.09.2010 07:13:59 | Computer Name = KUNDI | Source = Application Error | ID = 1000 Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting module , version 0.0.0.0, fault address 0x00000000. Error - 28.09.2010 07:14:50 | Computer Name = KUNDI | Source = Application Error | ID = 1000 Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d. Error - 28.09.2010 07:14:59 | Computer Name = KUNDI | Source = Application Error | ID = 1001 Description = Fault bucket 223121472. Error - 28.09.2010 08:35:37 | Computer Name = KUNDI | Source = Application Error | ID = 1000 Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x0e6bf470. Error - 28.09.2010 08:36:41 | Computer Name = KUNDI | Source = Application Error | ID = 1001 Description = Fault bucket 1991869855. Error - 28.09.2010 11:58:30 | Computer Name = KUNDI | Source = ESENT | ID = 490 Description = svchost (1728) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\edb.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8). Error - 28.09.2010 11:59:22 | Computer Name = KUNDI | Source = Application Hang | ID = 1002 Description = Hanging application peerblock.exe, version 1.0.0.181, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 28.09.2010 12:50:05 | Computer Name = KUNDI | Source = Application Error | ID = 1000 Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x04daf540. [ System Events ] Error - 27.09.2010 07:38:09 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022 Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting. Error - 28.09.2010 05:03:38 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022 Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting. Error - 28.09.2010 06:16:11 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7023 Description = The i8042 Keyboard and PS/2 Mouse Port Helper service terminated with the following error: %%5 Error - 28.09.2010 08:01:48 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022 Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting. Error - 28.09.2010 11:40:47 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022 Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting. Error - 28.09.2010 11:54:03 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034 Description = The Intel(R) Matrix Storage Event Monitor service terminated unexpectedly. It has done this 1 time(s). Error - 28.09.2010 11:54:03 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034 Description = The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s). Error - 28.09.2010 11:54:04 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034 Description = The Raw Socket Service service terminated unexpectedly. It has done this 1 time(s). Error - 28.09.2010 11:54:04 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034 Description = The TuneUp Utilities Service service terminated unexpectedly. It has done this 1 time(s). Error - 28.09.2010 11:58:22 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022 Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting. < End of report > ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.) "C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation) "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181) "{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{10140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14 "{10140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 14 "{10140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 14 "{10140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 14 "{10140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 14 "{10140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 14 "{10140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 14 "{10140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 14 "{10140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 14 "{10140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 14 "{10140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 14 "{10140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 14 "{10140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 14 "{10140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 14 "{10140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 14 "{10140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 14 "{10140000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 14 "{10140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 14 "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16 "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{56A648C2-D185-46A9-BBFF-78AE7A503000}" = WebCam "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{78E804CC-A148-4C8F-AD46-0B476EFE34C2}" = Microsoft Image Composite Editor "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4 "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities "{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US) "7-Zip" = 7-Zip 4.65 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "bwin Poker_is1" = bwin Poker "CCleaner" = CCleaner "DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar "EAGLE 5.10.0" = EAGLE 5.10.0 "EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.30 "Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2 "Free YouTube Download_is1" = Free YouTube Download 2.9 "HDMI" = Intel(R) Graphics Media Accelerator Driver "HijackThis" = HijackThis 2.0.2 "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10) "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 (Technical Preview) "Plus500" = Plus500 "PSpice Student" = PSpice Student 9.1 "SynTPDeinstKey" = Synaptics Pointing Device Driver "TuneUp Utilities" = TuneUp Utilities "Uninstall_is1" = Uninstall 1.0.0.1 "uTorrent" = µTorrent "Veetle TV" = Veetle TV 0.9.17 "VLC media player" = VLC media player 1.1.1 "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "Windows Media Format Runtime" = Windows Media Format Runtime "Windows Media Player" = Windows Media Player 10 "WinLiveSuite_Wave3" = Windows Live Essentials ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 28.09.2010 06:10:26 | Computer Name = KUNDI | Source = Application Error | ID = 1000 Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x0d73f840. Error - 28.09.2010 06:10:46 | Computer Name = KUNDI | Source = Application Error | ID = 1001 Description = Fault bucket 2022037742. Error - 28.09.2010 07:13:59 | Computer Name = KUNDI | Source = Application Error | ID = 1000 Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting module , version 0.0.0.0, fault address 0x00000000. Error - 28.09.2010 07:14:50 | Computer Name = KUNDI | Source = Application Error | ID = 1000 Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d. Error - 28.09.2010 07:14:59 | Computer Name = KUNDI | Source = Application Error | ID = 1001 Description = Fault bucket 223121472. Error - 28.09.2010 08:35:37 | Computer Name = KUNDI | Source = Application Error | ID = 1000 Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x0e6bf470. Error - 28.09.2010 08:36:41 | Computer Name = KUNDI | Source = Application Error | ID = 1001 Description = Fault bucket 1991869855. Error - 28.09.2010 11:58:30 | Computer Name = KUNDI | Source = ESENT | ID = 490 Description = svchost (1728) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\edb.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8). Error - 28.09.2010 11:59:22 | Computer Name = KUNDI | Source = Application Hang | ID = 1002 Description = Hanging application peerblock.exe, version 1.0.0.181, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 28.09.2010 12:50:05 | Computer Name = KUNDI | Source = Application Error | ID = 1000 Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x04daf540. [ System Events ] Error - 27.09.2010 07:38:09 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022 Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting. Error - 28.09.2010 05:03:38 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022 Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting. Error - 28.09.2010 06:16:11 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7023 Description = The i8042 Keyboard and PS/2 Mouse Port Helper service terminated with the following error: %%5 Error - 28.09.2010 08:01:48 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022 Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting. Error - 28.09.2010 11:40:47 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022 Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting. Error - 28.09.2010 11:54:03 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034 Description = The Intel(R) Matrix Storage Event Monitor service terminated unexpectedly. It has done this 1 time(s). Error - 28.09.2010 11:54:03 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034 Description = The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s). Error - 28.09.2010 11:54:04 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034 Description = The Raw Socket Service service terminated unexpectedly. It has done this 1 time(s). Error - 28.09.2010 11:54:04 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034 Description = The TuneUp Utilities Service service terminated unexpectedly. It has done this 1 time(s). Error - 28.09.2010 11:58:22 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022 Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting. < End of report > ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.) "C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation) "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181) "{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{10140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14 "{10140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 14 "{10140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 14 "{10140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 14 "{10140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 14 "{10140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 14 "{10140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 14 "{10140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 14 "{10140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 14 "{10140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 14 "{10140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 14 "{10140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 14 "{10140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 14 "{10140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 14 "{10140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 14 "{10140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 14 "{10140000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 14 "{10140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 14 "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16 "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{56A648C2-D185-46A9-BBFF-78AE7A503000}" = WebCam "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{78E804CC-A148-4C8F-AD46-0B476EFE34C2}" = Microsoft Image Composite Editor "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4 "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities "{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US) "7-Zip" = 7-Zip 4.65 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "bwin Poker_is1" = bwin Poker "CCleaner" = CCleaner "DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar "EAGLE 5.10.0" = EAGLE 5.10.0 "EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.30 "Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2 "Free YouTube Download_is1" = Free YouTube Download 2.9 "HDMI" = Intel(R) Graphics Media Accelerator Driver "HijackThis" = HijackThis 2.0.2 "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10) "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 (Technical Preview) "Plus500" = Plus500 "PSpice Student" = PSpice Student 9.1 "SynTPDeinstKey" = Synaptics Pointing Device Driver "TuneUp Utilities" = TuneUp Utilities "Uninstall_is1" = Uninstall 1.0.0.1 "uTorrent" = µTorrent "Veetle TV" = Veetle TV 0.9.17 "VLC media player" = VLC media player 1.1.1 "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "Windows Media Format Runtime" = Windows Media Format Runtime "Windows Media Player" = Windows Media Player 10 "WinLiveSuite_Wave3" = Windows Live Essentials ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 28.09.2010 06:10:26 | Computer Name = KUNDI | Source = Application Error | ID = 1000 Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x0d73f840. Error - 28.09.2010 06:10:46 | Computer Name = KUNDI | Source = Application Error | ID = 1001 Description = Fault bucket 2022037742. Error - 28.09.2010 07:13:59 | Computer Name = KUNDI | Source = Application Error | ID = 1000 Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting module , version 0.0.0.0, fault address 0x00000000. Error - 28.09.2010 07:14:50 | Computer Name = KUNDI | Source = Application Error | ID = 1000 Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d. Error - 28.09.2010 07:14:59 | Computer Name = KUNDI | Source = Application Error | ID = 1001 Description = Fault bucket 223121472. Error - 28.09.2010 08:35:37 | Computer Name = KUNDI | Source = Application Error | ID = 1000 Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x0e6bf470. Error - 28.09.2010 08:36:41 | Computer Name = KUNDI | Source = Application Error | ID = 1001 Description = Fault bucket 1991869855. Error - 28.09.2010 11:58:30 | Computer Name = KUNDI | Source = ESENT | ID = 490 Description = svchost (1728) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\edb.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8). Error - 28.09.2010 11:59:22 | Computer Name = KUNDI | Source = Application Hang | ID = 1002 Description = Hanging application peerblock.exe, version 1.0.0.181, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 28.09.2010 12:50:05 | Computer Name = KUNDI | Source = Application Error | ID = 1000 Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x04daf540. [ System Events ] Error - 27.09.2010 07:38:09 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022 Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting. Error - 28.09.2010 05:03:38 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022 Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting. Error - 28.09.2010 06:16:11 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7023 Description = The i8042 Keyboard and PS/2 Mouse Port Helper service terminated with the following error: %%5 Error - 28.09.2010 08:01:48 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022 Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting. Error - 28.09.2010 11:40:47 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022 Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting. Error - 28.09.2010 11:54:03 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034 Description = The Intel(R) Matrix Storage Event Monitor service terminated unexpectedly. It has done this 1 time(s). Error - 28.09.2010 11:54:03 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034 Description = The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s). Error - 28.09.2010 11:54:04 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034 Description = The Raw Socket Service service terminated unexpectedly. It has done this 1 time(s). Error - 28.09.2010 11:54:04 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034 Description = The TuneUp Utilities Service service terminated unexpectedly. It has done this 1 time(s). Error - 28.09.2010 11:58:22 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022 Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting. < End of report > ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.) "C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation) "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181) "{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{10140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14 "{10140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 14 "{10140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 14 "{10140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 14 "{10140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 14 "{10140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 14 "{10140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 14 "{10140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 14 "{10140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 14 "{10140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 14 "{10140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 14 "{10140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 14 "{10140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 14 "{10140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 14 "{10140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 14 "{10140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 14 "{10140000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 14 "{10140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 14 "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16 "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{56A648C2-D185-46A9-BBFF-78AE7A503000}" = WebCam "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{78E804CC-A148-4C8F-AD46-0B476EFE34C2}" = Microsoft Image Composite Editor "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4 "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities "{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US) "7-Zip" = 7-Zip 4.65 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "bwin Poker_is1" = bwin Poker "CCleaner" = CCleaner "DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar "EAGLE 5.10.0" = EAGLE 5.10.0 "EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.30 "Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2 "Free YouTube Download_is1" = Free YouTube Download 2.9 "HDMI" = Intel(R) Graphics Media Accelerator Driver "HijackThis" = HijackThis 2.0.2 "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10) "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 (Technical Preview) "Plus500" = Plus500 "PSpice Student" = PSpice Student 9.1 "SynTPDeinstKey" = Synaptics Pointing Device Driver "TuneUp Utilities" = TuneUp Utilities "Uninstall_is1" = Uninstall 1.0.0.1 "uTorrent" = µTorrent "Veetle TV" = Veetle TV 0.9.17 "VLC media player" = VLC media player 1.1.1 "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "Windows Media Format Runtime" = Windows Media Format Runtime "Windows Media Player" = Windows Media Player 10 "WinLiveSuite_Wave3" = Windows Live Essentials ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 28.09.2010 06:10:26 | Computer Name = KUNDI | Source = Application Error | ID = 1000 Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x0d73f840. Error - 28.09.2010 06:10:46 | Computer Name = KUNDI | Source = Application Error | ID = 1001 Description = Fault bucket 2022037742. Error - 28.09.2010 07:13:59 | Computer Name = KUNDI | Source = Application Error | ID = 1000 Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting module , version 0.0.0.0, fault address 0x00000000. Error - 28.09.2010 07:14:50 | Computer Name = KUNDI | Source = Application Error | ID = 1000 Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d. Error - 28.09.2010 07:14:59 | Computer Name = KUNDI | Source = Application Error | ID = 1001 Description = Fault bucket 223121472. Error - 28.09.2010 08:35:37 | Computer Name = KUNDI | Source = Application Error | ID = 1000 Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x0e6bf470. Error - 28.09.2010 08:36:41 | Computer Name = KUNDI | Source = Application Error | ID = 1001 Description = Fault bucket 1991869855. Error - 28.09.2010 11:58:30 | Computer Name = KUNDI | Source = ESENT | ID = 490 Description = svchost (1728) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\edb.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8). Error - 28.09.2010 11:59:22 | Computer Name = KUNDI | Source = Application Hang | ID = 1002 Description = Hanging application peerblock.exe, version 1.0.0.181, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 28.09.2010 12:50:05 | Computer Name = KUNDI | Source = Application Error | ID = 1000 Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x04daf540. [ System Events ] Error - 27.09.2010 07:38:09 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022 Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting. Error - 28.09.2010 05:03:38 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022 Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting. Error - 28.09.2010 06:16:11 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7023 Description = The i8042 Keyboard and PS/2 Mouse Port Helper service terminated with the following error: %%5 Error - 28.09.2010 08:01:48 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022 Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting. Error - 28.09.2010 11:40:47 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022 Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting. Error - 28.09.2010 11:54:03 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034 Description = The Intel(R) Matrix Storage Event Monitor service terminated unexpectedly. It has done this 1 time(s). Error - 28.09.2010 11:54:03 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034 Description = The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s). Error - 28.09.2010 11:54:04 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034 Description = The Raw Socket Service service terminated unexpectedly. It has done this 1 time(s). Error - 28.09.2010 11:54:04 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034 Description = The TuneUp Utilities Service service terminated unexpectedly. It has done this 1 time(s). Error - 28.09.2010 11:58:22 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022 Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting. < End of report > [/quote] |
1ster teil vom OTLOTL Logfile: Code: OTL logfile created on: 28.09.2010 19:24:29 - Run 1PRC - C:\Documents and Settings\Wandi\Desktop\MFTools\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\WINDOWS\WebCam\M3000\M3000Mnt.exe () PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) PRC - C:\WINDOWS\PLFSetI.exe () PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Wandi\Desktop\MFTools\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll (Microsoft Corporation) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll (Microsoft Corporation) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll (Microsoft Corporation) MOD - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) MOD - C:\WINDOWS\system32\rsaenh.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation) SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (TuneUp.Defrag) -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (osppsvc) -- C:\WINDOWS\system32\OSPPSVC.EXE (Microsoft Corporation) SRV - (RS_Service) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (usfwvyrf) -- C:\WINDOWS\System32\dlo20.dll () ========== Driver Services (SafeList) ========== DRV - (USBCCID) -- C:\WINDOWS\System32\DRIVERS\Rts5161ccid.sys File not found DRV - (Rts516xIR) -- C:\WINDOWS\System32\DRIVERS\Rts516xIR.sys File not found DRV - (pgfilter) -- C:\Program Files\PeerGuardian2\pgfilter.sys File not found DRV - (DritekPortIO) -- C:\PROGRA~1\LAUNCH~1\DPortIO.sys File not found DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (pbfilter) -- C:\Program Files\PeerBlock\pbfilter.sys () DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (M3000Srv) -- C:\WINDOWS\system32\drivers\M3000KNT.sys () DRV - (L1c) -- C:\WINDOWS\system32\drivers\l1c51x86.sys (Atheros Communications, Inc.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\bcmwl5.sys (Broadcom Corporation) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics Incorporated) DRV - (RSUSBSTOR) -- C:\WINDOWS\system32\drivers\rtsustor.sys (Realtek Semiconductor Corp.) DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\ambfilt.sys (Creative) DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation) DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (lbrtfdc) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys (Toshiba Corp.) DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (gigvsugc) -- C:\WINDOWS\system32\drivers\gigvsugc.sys (Microsoft Corporation) DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (Changer) -- C:\WINDOWS\System32\drivers\changer.sys (Microsoft Corporation) DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation) DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\monfilt.sys (Creative Technology Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=0xph10094425l0314wu55w57j2397s IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://georgk86.nl/forum/index.php" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.16 18:45:53 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.16 18:45:53 | 000,000,000 | ---D | M] [2010.01.10 17:53:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Extensions [2010.09.28 11:45:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\extensions [2010.04.27 18:55:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.09.22 09:54:07 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.09.22 09:54:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.08.19 14:15:04 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.08.19 14:15:05 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.09.28 11:45:12 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\searchplugins\icqplugin-1.xml [2010.06.23 16:59:38 | 000,000,947 | ---- | M] () -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\searchplugins\icqplugin.xml [2010.02.14 13:20:31 | 000,001,330 | ---- | M] () -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\searchplugins\wikipedia-en.xml [2010.04.15 13:09:41 | 000,004,140 | ---- | M] () -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\searchplugins\youtube.xml [2010.01.10 17:52:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010.04.14 14:27:26 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.04.14 14:27:26 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.04.14 14:27:26 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.04.14 14:27:26 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.04.14 14:27:26 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.) O2 - BHO: () - {B4BD1731-FC83-412B-91E0-A8ECADDD7F43} - C:\WINDOWS\System32\dlo20.dll () O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [M3000Mnt] File not found O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe () O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PLFSetI] C:\WINDOWS\PLFSetI.exe () O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Wandi\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: S&end to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Linked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Linked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\Wandi\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Wandi\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - Unable to read "AutoRun" value or value not present! O32 - AutoRun File - [2009.07.28 04:32:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.09.28 19:20:53 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Wandi\Recent [2010.09.28 17:53:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Application Data\Malwarebytes [2010.09.28 17:53:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.09.28 17:53:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2010.09.28 17:53:04 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.09.28 17:53:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.09.28 17:52:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Desktop\MFTools [2010.09.27 10:27:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2010.09.27 10:27:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2010.09.27 10:22:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files [2010.09.26 09:12:33 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys [2010.09.26 09:12:33 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys [2010.09.26 09:11:14 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\changer.sys [2010.09.26 09:11:14 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys [2010.09.25 21:28:59 | 000,000,000 | ---D | C] -- C:\Program Files\Veetle [2010.09.24 19:56:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\My Documents\PokerStrategy.com [2010.09.24 19:56:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\PokerStrategy.com [2010.09.24 19:56:04 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStrategy.com [2010.09.24 19:53:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\Downloaded Installations [2010.09.22 19:17:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\Help [2010.09.22 19:17:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Application Data\Help [2010.09.22 18:24:40 | 000,368,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vbar332.dll [2010.09.22 18:24:39 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjet35.dll [2010.09.22 18:24:39 | 000,251,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msrd2x35.dll [2010.09.22 18:24:39 | 000,200,704 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\System32\THREED32.OCX [2010.09.22 18:24:39 | 000,121,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjint35.dll [2010.09.22 18:24:39 | 000,105,984 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\p2bdao.dll [2010.09.22 18:24:39 | 000,064,000 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\p2irdao.dll [2010.09.22 18:24:39 | 000,054,272 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\p2ctdao.dll [2010.09.22 18:24:39 | 000,024,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjter35.dll [2010.09.22 18:24:38 | 000,192,512 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\ltkrn60n.dll [2010.09.22 18:24:37 | 003,572,224 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\crpe32.dll [2010.09.22 18:24:37 | 000,416,768 | ---- | C] (Seagate Software) -- C:\WINDOWS\System32\cpeaut32.dll [2010.09.22 18:24:37 | 000,183,296 | ---- | C] (Seagate Software, Information Management Group, Inc.) -- C:\WINDOWS\System32\crpaig32.dll [2010.09.22 18:24:33 | 000,000,000 | ---D | C] -- C:\Program Files\OrCAD_Demo [2010.09.22 18:24:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Crystal [2010.09.22 18:23:37 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe [2010.09.22 18:23:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Desktop\New Folder (2) [2010.09.22 17:58:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\My Documents\eagle [2010.09.22 17:56:56 | 000,000,000 | ---D | C] -- C:\Program Files\EAGLE-5.10.0 [2010.09.22 17:56:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Application Data\CadSoft [2010.09.22 16:17:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Application Data\PriceGong [2010.09.22 15:21:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Application Data\eSobi [2010.09.22 14:19:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Desktop\System [2010.09.22 10:09:07 | 000,000,000 | ---D | C] -- C:\Program Files\Free M4a to MP3 Converter [2010.09.22 09:54:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\DVDVideoSoftTB [2010.09.22 09:54:11 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit [2010.09.22 09:54:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\Conduit [2010.09.22 09:54:10 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoftTB [2010.09.22 09:54:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Application Data\DVDVideoSoftIEHelpers [2010.09.22 09:53:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\My Documents\DVDVideoSoft [2010.09.22 09:53:42 | 002,091,632 | ---- | C] (DVDVideoSoft Limited.) -- C:\Documents and Settings\Wandi\Desktop\FreeYouTubeDownload.exe [2010.09.22 09:53:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft [2010.09.22 09:53:38 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft [2010.09.22 09:52:11 | 012,692,880 | ---- | C] (DVDVideoSoft Limited. ) -- C:\Documents and Settings\Wandi\Desktop\FreeYouTubeDownload_29.exe [2010.09.21 20:32:05 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ctfmon.exe.backup [2010.09.21 20:32:05 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ctfmon.exe.backup [2010.09.21 20:31:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Desktop\CtfmonRemoverDE-v2.3 [2010.09.21 20:14:44 | 000,000,000 | ---D | C] -- C:\Program Files\PeerBlock [2010.09.21 19:52:14 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2009.07.28 05:14:36 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\Interop.IWshRuntimeLibrary.dll [2009.06.16 14:03:56 | 000,126,976 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.SHDocVw.dll [1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.09.28 19:09:33 | 000,594,998 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.09.28 19:09:33 | 000,497,868 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.09.28 19:09:33 | 000,085,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.09.28 19:05:24 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.09.28 17:57:16 | 000,000,566 | ---- | M] () -- C:\WINDOWS\tasks\Automatic troubleshooting.job [2010.09.28 17:56:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.09.28 17:56:03 | 1063,194,624 | -HS- | M] () -- C:\hiberfil.sys [2010.09.28 17:55:17 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Wandi\NTUSER.DAT [2010.09.28 17:55:17 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Wandi\ntuser.ini [2010.09.28 17:53:12 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.28 17:52:40 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Gmer.zip [2010.09.28 17:52:40 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\defogger.exe [2010.09.27 13:34:01 | 000,000,095 | ---- | M] () -- C:\WINDOWS\wininit.ini [2010.09.26 21:34:03 | 000,206,336 | ---- | M] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.24 19:47:03 | 001,452,371 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Foto0341.jpg [2010.09.24 17:20:05 | 001,471,511 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Foto0344.jpg [2010.09.23 16:29:24 | 000,006,603 | ---- | M] () -- C:\WINDOWS\PSPICEEV.INI [2010.09.23 15:56:49 | 000,495,908 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\0273694243_csf_v9.zip [2010.09.23 15:56:35 | 005,290,891 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\0273694243_csf_multisim.zip [2010.09.22 18:21:06 | 028,620,288 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\91pspstu.exe [2010.09.22 16:39:03 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT [2010.09.22 16:36:43 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Wandi\NTUSER.DAT_tureg_old [2010.09.22 16:29:13 | 000,645,370 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Electronica_tentamenbundel.pdf [2010.09.22 10:09:11 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Free M4a to MP3 Converter.lnk [2010.09.22 10:09:11 | 000,000,739 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\My Music Tools.lnk [2010.09.22 09:53:58 | 000,000,896 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\DVDVideoSoft Free Studio.lnk [2010.09.22 09:52:20 | 012,692,880 | ---- | M] (DVDVideoSoft Limited. ) -- C:\Documents and Settings\Wandi\Desktop\FreeYouTubeDownload_29.exe [2010.09.21 19:31:56 | 000,134,413 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 1.png [2010.09.21 19:31:56 | 000,113,358 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 2.png [2010.09.21 19:18:34 | 000,065,698 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Suche.jpg [2010.09.21 19:17:37 | 000,081,252 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Archive.jpg [2010.09.21 19:17:36 | 000,075,142 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Suche.jpg [2010.09.21 19:17:25 | 000,081,843 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Allgemeines - Erweiterte Gefahrenkategorien.jpg [2010.09.21 19:17:21 | 000,056,756 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Heuristik.jpg [2010.09.21 19:17:20 | 000,068,441 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Heuristik.jpg [2010.09.17 17:24:15 | 000,012,081 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Arbeitstunden.xlsx [2010.09.17 16:19:49 | 000,042,873 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Verkauf.xlsx [2010.09.15 16:05:43 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2010.09.15 08:58:39 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ] [/code] |
Was ist mit malwarebytes? Ich hab nicht geschrieben, dass die Reihenfolge beliebig ist. Eigentlich erst MBAM, dann OTL! |
========== Files Created - No Company Name ========== [2010.09.28 17:53:12 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.28 17:52:20 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\defogger.exe [2010.09.28 17:52:11 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\Gmer.zip [2010.09.28 11:59:28 | 000,002,510 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\B4BD1731-FC83-412B-91E0-A8ECADDD7F43.txt [2010.09.28 11:58:45 | 000,002,510 | ---- | C] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\B4BD1731-FC83-412B-91E0-A8ECADDD7F43.txt [2010.09.27 13:34:01 | 000,000,095 | ---- | C] () -- C:\WINDOWS\wininit.ini [2010.09.24 19:46:17 | 001,452,371 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\Foto0341.jpg [2010.09.24 17:19:14 | 001,471,511 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\Foto0344.jpg [2010.09.23 15:56:49 | 000,495,908 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\0273694243_csf_v9.zip [2010.09.23 15:56:23 | 005,290,891 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\0273694243_csf_multisim.zip [2010.09.22 18:24:44 | 000,006,603 | ---- | C] () -- C:\WINDOWS\PSPICEEV.INI [2010.09.22 18:24:38 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\lffax60n.dll [2010.09.22 18:24:38 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\lfcmp60n.dll [2010.09.22 18:24:38 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\lfpng60n.dll [2010.09.22 18:24:38 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\lftif60n.dll [2010.09.22 18:24:38 | 000,043,008 | ---- | C] () -- C:\WINDOWS\System32\ltfil60n.dll [2010.09.22 18:24:38 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\lfpcx60n.dll [2010.09.22 18:24:38 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\lfpct60n.dll [2010.09.22 18:24:38 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\lfeps60n.dll [2010.09.22 18:24:38 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\lfbmp60n.dll [2010.09.22 18:24:38 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\lfpsd60n.dll [2010.09.22 18:24:38 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\lftga60n.dll [2010.09.22 18:24:38 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\lfwpg60n.dll [2010.09.22 18:24:38 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\lfwmf60n.dll [2010.09.22 18:24:38 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\lfmsp60n.dll [2010.09.22 18:24:38 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\lfmac60n.dll [2010.09.22 18:24:37 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\implode.dll [2010.09.22 18:18:52 | 028,620,288 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\91pspstu.exe [2010.09.22 16:39:03 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT_tureg_new.LOG [2010.09.22 16:29:13 | 000,645,370 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\Electronica_tentamenbundel.pdf [2010.09.22 10:09:11 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\Free M4a to MP3 Converter.lnk [2010.09.22 10:09:11 | 000,000,739 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\My Music Tools.lnk [2010.09.22 09:53:58 | 000,000,896 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\DVDVideoSoft Free Studio.lnk [2010.09.21 19:31:44 | 000,134,413 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 1.png [2010.09.21 19:31:44 | 000,113,358 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 2.png [2010.09.21 19:16:59 | 000,081,843 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Allgemeines - Erweiterte Gefahrenkategorien.jpg [2010.09.21 19:16:59 | 000,081,252 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Archive.jpg [2010.09.21 19:16:59 | 000,075,142 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Suche.jpg [2010.09.21 19:16:59 | 000,068,441 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Heuristik.jpg [2010.09.21 19:16:59 | 000,065,698 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Suche.jpg [2010.09.21 19:16:59 | 000,056,756 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Heuristik.jpg [2010.09.17 16:07:07 | 000,012,081 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\Arbeitstunden.xlsx [2010.09.15 08:58:39 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.01.11 17:08:11 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\A67807F7B8.sys [2010.01.11 17:08:10 | 000,002,828 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys [2010.01.06 19:18:19 | 000,000,242 | ---- | C] () -- C:\Documents and Settings\Wandi\Application Data\wklnhst.dat [2009.11.09 14:14:19 | 000,000,363 | ---- | C] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\postgresinstall.bat [2009.10.24 05:05:57 | 000,626,688 | ---- | C] () -- C:\WINDOWS\Image.dll [2009.10.24 05:05:57 | 000,000,036 | ---- | C] () -- C:\WINDOWS\PidList.ini [2009.10.24 05:05:56 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\M3000DIF.dll [2009.10.24 05:05:56 | 000,145,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\M3000KNT.sys [2009.10.24 05:05:56 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M3000Twn.ini [2009.10.24 05:05:47 | 000,000,639 | ---- | C] () -- C:\WINDOWS\AutoSetFrequency.ini [2009.10.23 16:42:10 | 000,206,336 | ---- | C] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.07.28 07:29:39 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2009.07.28 06:21:23 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll [2009.07.28 05:14:12 | 000,729,600 | ---- | C] () -- C:\WINDOWS\System32\dlo20.dll.bak [2009.07.28 05:14:12 | 000,729,600 | ---- | C] () -- C:\WINDOWS\System32\dlo20.dll [2009.07.28 04:35:51 | 000,007,003 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2009.07.28 04:30:03 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2009.06.16 14:03:58 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\dossec.dll ========== LOP Check ========== [2009.07.28 07:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSobi [2010.04.27 20:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ [2009.12.21 20:26:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2010.01.04 16:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software [2010.01.04 16:56:17 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} [2010.06.29 22:36:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\2FE3C73E8A6EF87BC87529BEE60EA321 [2009.07.28 07:05:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Acer [2009.07.28 06:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Acer GameZone Console [2010.09.22 17:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\CadSoft [2010.02.12 12:31:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\com.adobe.example.avatarAirApplication.199ED43C2CFEB351CD0244628B93195D7C58F98C.1 [2010.09.22 09:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\DVDVideoSoftIEHelpers [2010.09.22 15:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\eSobi [2010.05.27 15:44:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\FinalMediaPlayer [2010.04.07 18:17:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\MSNInstaller [2010.09.25 11:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\PriceGong [2009.07.28 06:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Super-Cow [2010.01.06 19:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Template [2010.01.04 16:58:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\TuneUp Software [2010.09.27 10:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\uTorrent [2010.08.25 02:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Windows Live Writer [2010.09.28 17:57:16 | 000,000,566 | ---- | M] () -- C:\WINDOWS\Tasks\Automatic troubleshooting.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CF61E54 < End of report > PRC - C:\Documents and Settings\Wandi\Desktop\MFTools\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\WINDOWS\system32\OSPPSVC.EXE (Microsoft Corporation) PRC - C:\WINDOWS\WebCam\M3000\M3000Mnt.exe () PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) PRC - C:\WINDOWS\PLFSetI.exe () PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Wandi\Desktop\MFTools\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll (Microsoft Corporation) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll (Microsoft Corporation) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll (Microsoft Corporation) MOD - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) MOD - C:\WINDOWS\system32\rsaenh.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation) SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (TuneUp.Defrag) -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (osppsvc) -- C:\WINDOWS\system32\OSPPSVC.EXE (Microsoft Corporation) SRV - (RS_Service) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (usfwvyrf) -- C:\WINDOWS\System32\dlo20.dll () ========== Driver Services (SafeList) ========== DRV - (USBCCID) -- C:\WINDOWS\System32\DRIVERS\Rts5161ccid.sys File not found DRV - (Rts516xIR) -- C:\WINDOWS\System32\DRIVERS\Rts516xIR.sys File not found DRV - (pgfilter) -- C:\Program Files\PeerGuardian2\pgfilter.sys File not found DRV - (DritekPortIO) -- C:\PROGRA~1\LAUNCH~1\DPortIO.sys File not found DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (pbfilter) -- C:\Program Files\PeerBlock\pbfilter.sys () DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (M3000Srv) -- C:\WINDOWS\system32\drivers\M3000KNT.sys () DRV - (L1c) -- C:\WINDOWS\system32\drivers\l1c51x86.sys (Atheros Communications, Inc.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\bcmwl5.sys (Broadcom Corporation) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics Incorporated) DRV - (RSUSBSTOR) -- C:\WINDOWS\system32\drivers\rtsustor.sys (Realtek Semiconductor Corp.) DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\ambfilt.sys (Creative) DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation) DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (lbrtfdc) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys (Toshiba Corp.) DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (gigvsugc) -- C:\WINDOWS\system32\drivers\gigvsugc.sys (Microsoft Corporation) DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (Changer) -- C:\WINDOWS\System32\drivers\changer.sys (Microsoft Corporation) DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation) DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\monfilt.sys (Creative Technology Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://georgk86.nl/forum/index.php" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.16 18:45:53 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.16 18:45:53 | 000,000,000 | ---D | M] [2010.01.10 17:53:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Extensions [2010.09.28 11:45:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\extensions [2010.04.27 18:55:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.09.22 09:54:07 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.09.22 09:54:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.08.19 14:15:04 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.08.19 14:15:05 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.09.28 11:45:12 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\searchplugins\icqplugin-1.xml [2010.06.23 16:59:38 | 000,000,947 | ---- | M] () -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\searchplugins\icqplugin.xml [2010.02.14 13:20:31 | 000,001,330 | ---- | M] () -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\searchplugins\wikipedia-en.xml [2010.04.15 13:09:41 | 000,004,140 | ---- | M] () -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\searchplugins\youtube.xml [2010.01.10 17:52:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010.04.14 14:27:26 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.04.14 14:27:26 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.04.14 14:27:26 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.04.14 14:27:26 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.04.14 14:27:26 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.) O2 - BHO: () - {B4BD1731-FC83-412B-91E0-A8ECADDD7F43} - C:\WINDOWS\System32\dlo20.dll () O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [M3000Mnt] File not found O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe () O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PLFSetI] C:\WINDOWS\PLFSetI.exe () O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Wandi\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: S&end to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Linked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Linked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\Wandi\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Wandi\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - Unable to read "AutoRun" value or value not present! O32 - AutoRun File - [2009.07.28 04:32:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.09.28 19:20:53 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Wandi\Recent [2010.09.28 17:53:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Application Data\Malwarebytes [2010.09.28 17:53:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.09.28 17:53:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2010.09.28 17:53:04 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.09.28 17:53:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.09.28 17:52:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Desktop\MFTools [2010.09.27 10:27:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2010.09.27 10:27:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2010.09.27 10:22:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files [2010.09.26 09:12:33 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys [2010.09.26 09:12:33 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys [2010.09.26 09:11:14 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\changer.sys [2010.09.26 09:11:14 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys [2010.09.25 21:28:59 | 000,000,000 | ---D | C] -- C:\Program Files\Veetle [2010.09.24 19:56:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\My Documents\PokerStrategy.com [2010.09.24 19:56:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\PokerStrategy.com [2010.09.24 19:56:04 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStrategy.com [2010.09.24 19:53:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\Downloaded Installations [2010.09.22 19:17:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\Help [2010.09.22 19:17:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Application Data\Help [2010.09.22 18:24:40 | 000,368,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vbar332.dll [2010.09.22 18:24:39 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjet35.dll [2010.09.22 18:24:39 | 000,251,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msrd2x35.dll [2010.09.22 18:24:39 | 000,200,704 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\System32\THREED32.OCX [2010.09.22 18:24:39 | 000,121,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjint35.dll [2010.09.22 18:24:39 | 000,105,984 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\p2bdao.dll [2010.09.22 18:24:39 | 000,064,000 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\p2irdao.dll [2010.09.22 18:24:39 | 000,054,272 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\p2ctdao.dll [2010.09.22 18:24:39 | 000,024,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjter35.dll [2010.09.22 18:24:38 | 000,192,512 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\ltkrn60n.dll [2010.09.22 18:24:37 | 003,572,224 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\crpe32.dll [2010.09.22 18:24:37 | 000,416,768 | ---- | C] (Seagate Software) -- C:\WINDOWS\System32\cpeaut32.dll [2010.09.22 18:24:37 | 000,183,296 | ---- | C] (Seagate Software, Information Management Group, Inc.) -- C:\WINDOWS\System32\crpaig32.dll [2010.09.22 18:24:33 | 000,000,000 | ---D | C] -- C:\Program Files\OrCAD_Demo [2010.09.22 18:24:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Crystal [2010.09.22 18:23:37 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe [2010.09.22 18:23:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Desktop\New Folder (2) [2010.09.22 17:58:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\My Documents\eagle [2010.09.22 17:56:56 | 000,000,000 | ---D | C] -- C:\Program Files\EAGLE-5.10.0 [2010.09.22 17:56:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Application Data\CadSoft [2010.09.22 16:17:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Application Data\PriceGong [2010.09.22 15:21:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Application Data\eSobi [2010.09.22 14:19:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Desktop\System [2010.09.22 10:09:07 | 000,000,000 | ---D | C] -- C:\Program Files\Free M4a to MP3 Converter [2010.09.22 09:54:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\DVDVideoSoftTB [2010.09.22 09:54:11 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit [2010.09.22 09:54:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\Conduit [2010.09.22 09:54:10 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoftTB [2010.09.22 09:54:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Application Data\DVDVideoSoftIEHelpers [2010.09.22 09:53:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\My Documents\DVDVideoSoft [2010.09.22 09:53:42 | 002,091,632 | ---- | C] (DVDVideoSoft Limited.) -- C:\Documents and Settings\Wandi\Desktop\FreeYouTubeDownload.exe [2010.09.22 09:53:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft [2010.09.22 09:53:38 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft [2010.09.22 09:52:11 | 012,692,880 | ---- | C] (DVDVideoSoft Limited. ) -- C:\Documents and Settings\Wandi\Desktop\FreeYouTubeDownload_29.exe [2010.09.21 20:32:05 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ctfmon.exe.backup [2010.09.21 20:32:05 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ctfmon.exe.backup [2010.09.21 20:31:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Desktop\CtfmonRemoverDE-v2.3 [2010.09.21 20:14:44 | 000,000,000 | ---D | C] -- C:\Program Files\PeerBlock [2010.09.21 19:52:14 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2009.07.28 05:14:36 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\Interop.IWshRuntimeLibrary.dll [2009.06.16 14:03:56 | 000,126,976 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.SHDocVw.dll [1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.09.28 19:09:33 | 000,594,998 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.09.28 19:09:33 | 000,497,868 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.09.28 19:09:33 | 000,085,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.09.28 19:05:24 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.09.28 17:57:16 | 000,000,566 | ---- | M] () -- C:\WINDOWS\tasks\Automatic troubleshooting.job [2010.09.28 17:56:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.09.28 17:56:03 | 1063,194,624 | -HS- | M] () -- C:\hiberfil.sys [2010.09.28 17:55:17 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Wandi\NTUSER.DAT [2010.09.28 17:55:17 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Wandi\ntuser.ini [2010.09.28 17:53:12 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.28 17:52:40 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Gmer.zip [2010.09.28 17:52:40 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\defogger.exe [2010.09.27 13:34:01 | 000,000,095 | ---- | M] () -- C:\WINDOWS\wininit.ini [2010.09.26 21:34:03 | 000,206,336 | ---- | M] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.24 19:47:03 | 001,452,371 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Foto0341.jpg [2010.09.24 17:20:05 | 001,471,511 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Foto0344.jpg [2010.09.23 16:29:24 | 000,006,603 | ---- | M] () -- C:\WINDOWS\PSPICEEV.INI [2010.09.23 15:56:49 | 000,495,908 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\0273694243_csf_v9.zip [2010.09.23 15:56:35 | 005,290,891 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\0273694243_csf_multisim.zip [2010.09.22 18:21:06 | 028,620,288 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\91pspstu.exe [2010.09.22 16:39:03 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT [2010.09.22 16:36:43 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Wandi\NTUSER.DAT_tureg_old [2010.09.22 16:29:13 | 000,645,370 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Electronica_tentamenbundel.pdf [2010.09.22 10:09:11 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Free M4a to MP3 Converter.lnk [2010.09.22 10:09:11 | 000,000,739 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\My Music Tools.lnk [2010.09.22 09:53:58 | 000,000,896 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\DVDVideoSoft Free Studio.lnk [2010.09.22 09:52:20 | 012,692,880 | ---- | M] (DVDVideoSoft Limited. ) -- C:\Documents and Settings\Wandi\Desktop\FreeYouTubeDownload_29.exe [2010.09.21 19:31:56 | 000,134,413 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 1.png [2010.09.21 19:31:56 | 000,113,358 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 2.png [2010.09.21 19:18:34 | 000,065,698 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Suche.jpg [2010.09.21 19:17:37 | 000,081,252 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Archive.jpg [2010.09.21 19:17:36 | 000,075,142 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Suche.jpg [2010.09.21 19:17:25 | 000,081,843 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Allgemeines - Erweiterte Gefahrenkategorien.jpg [2010.09.21 19:17:21 | 000,056,756 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Heuristik.jpg [2010.09.21 19:17:20 | 000,068,441 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Heuristik.jpg [2010.09.17 17:24:15 | 000,012,081 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Arbeitstunden.xlsx [2010.09.17 16:19:49 | 000,042,873 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Verkauf.xlsx [2010.09.15 16:05:43 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2010.09.15 08:58:39 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.09.28 17:53:12 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.28 17:52:20 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\defogger.exe [2010.09.28 17:52:11 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\Gmer.zip [2010.09.28 11:59:28 | 000,002,510 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\B4BD1731-FC83-412B-91E0-A8ECADDD7F43.txt [2010.09.28 11:58:45 | 000,002,510 | ---- | C] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\B4BD1731-FC83-412B-91E0-A8ECADDD7F43.txt [2010.09.27 13:34:01 | 000,000,095 | ---- | C] () -- C:\WINDOWS\wininit.ini [2010.09.24 19:46:17 | 001,452,371 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\Foto0341.jpg [2010.09.24 17:19:14 | 001,471,511 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\Foto0344.jpg [2010.09.23 15:56:49 | 000,495,908 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\0273694243_csf_v9.zip [2010.09.23 15:56:23 | 005,290,891 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\0273694243_csf_multisim.zip [2010.09.22 18:24:44 | 000,006,603 | ---- | C] () -- C:\WINDOWS\PSPICEEV.INI [2010.09.22 18:24:38 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\lffax60n.dll [2010.09.22 18:24:38 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\lfcmp60n.dll [2010.09.22 18:24:38 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\lfpng60n.dll [2010.09.22 18:24:38 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\lftif60n.dll [2010.09.22 18:24:38 | 000,043,008 | ---- | C] () -- C:\WINDOWS\System32\ltfil60n.dll [2010.09.22 18:24:38 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\lfpcx60n.dll [2010.09.22 18:24:38 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\lfpct60n.dll [2010.09.22 18:24:38 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\lfeps60n.dll [2010.09.22 18:24:38 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\lfbmp60n.dll [2010.09.22 18:24:38 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\lfpsd60n.dll [2010.09.22 18:24:38 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\lftga60n.dll [2010.09.22 18:24:38 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\lfwpg60n.dll [2010.09.22 18:24:38 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\lfwmf60n.dll [2010.09.22 18:24:38 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\lfmsp60n.dll [2010.09.22 18:24:38 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\lfmac60n.dll [2010.09.22 18:24:37 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\implode.dll [2010.09.22 18:18:52 | 028,620,288 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\91pspstu.exe [2010.09.22 16:39:03 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT_tureg_new.LOG [2010.09.22 16:29:13 | 000,645,370 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\Electronica_tentamenbundel.pdf [2010.09.22 10:09:11 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\Free M4a to MP3 Converter.lnk [2010.09.22 10:09:11 | 000,000,739 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\My Music Tools.lnk [2010.09.22 09:53:58 | 000,000,896 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\DVDVideoSoft Free Studio.lnk [2010.09.21 19:31:44 | 000,134,413 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 1.png [2010.09.21 19:31:44 | 000,113,358 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 2.png [2010.09.21 19:16:59 | 000,081,843 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Allgemeines - Erweiterte Gefahrenkategorien.jpg [2010.09.21 19:16:59 | 000,081,252 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Archive.jpg [2010.09.21 19:16:59 | 000,075,142 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Suche.jpg [2010.09.21 19:16:59 | 000,068,441 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Heuristik.jpg [2010.09.21 19:16:59 | 000,065,698 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Suche.jpg [2010.09.21 19:16:59 | 000,056,756 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Heuristik.jpg [2010.09.17 16:07:07 | 000,012,081 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\Arbeitstunden.xlsx [2010.09.15 08:58:39 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.01.11 17:08:11 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\A67807F7B8.sys [2010.01.11 17:08:10 | 000,002,828 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys [2010.01.06 19:18:19 | 000,000,242 | ---- | C] () -- C:\Documents and Settings\Wandi\Application Data\wklnhst.dat [2009.11.09 14:14:19 | 000,000,363 | ---- | C] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\postgresinstall.bat [2009.10.24 05:05:57 | 000,626,688 | ---- | C] () -- C:\WINDOWS\Image.dll [2009.10.24 05:05:57 | 000,000,036 | ---- | C] () -- C:\WINDOWS\PidList.ini [2009.10.24 05:05:56 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\M3000DIF.dll [2009.10.24 05:05:56 | 000,145,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\M3000KNT.sys [2009.10.24 05:05:56 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M3000Twn.ini [2009.10.24 05:05:47 | 000,000,639 | ---- | C] () -- C:\WINDOWS\AutoSetFrequency.ini [2009.10.23 16:42:10 | 000,206,336 | ---- | C] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.07.28 07:29:39 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2009.07.28 06:21:23 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll [2009.07.28 05:14:12 | 000,729,600 | ---- | C] () -- C:\WINDOWS\System32\dlo20.dll.bak [2009.07.28 05:14:12 | 000,729,600 | ---- | C] () -- C:\WINDOWS\System32\dlo20.dll [2009.07.28 04:35:51 | 000,007,003 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2009.07.28 04:30:03 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2009.06.16 14:03:58 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\dossec.dll ========== LOP Check ========== [2009.07.28 07:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSobi [2010.04.27 20:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ [2009.12.21 20:26:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2010.01.04 16:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software [2010.01.04 16:56:17 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} [2010.06.29 22:36:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\2FE3C73E8A6EF87BC87529BEE60EA321 [2009.07.28 07:05:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Acer [2009.07.28 06:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Acer GameZone Console [2010.09.22 17:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\CadSoft [2010.02.12 12:31:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\com.adobe.example.avatarAirApplication.199ED43C2CFEB351CD0244628B93195D7C58F98C.1 [2010.09.22 09:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\DVDVideoSoftIEHelpers [2010.09.22 15:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\eSobi [2010.05.27 15:44:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\FinalMediaPlayer [2010.04.07 18:17:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\MSNInstaller [2010.09.25 11:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\PriceGong [2009.07.28 06:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Super-Cow [2010.01.06 19:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Template [2010.01.04 16:58:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\TuneUp Software [2010.09.27 10:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\uTorrent [2010.08.25 02:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Windows Live Writer [2010.09.28 17:57:16 | 000,000,566 | ---- | M] () -- C:\WINDOWS\Tasks\Automatic troubleshooting.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CF61E54 < End of report > [2010.09.28 19:45:28 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\Wandi\ntuser.dat.LOG [2010.09.28 19:26:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Skype [2010.09.28 19:20:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy [2010.09.28 19:20:54 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Wandi\Recent [2010.09.28 19:09:33 | 000,594,998 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.09.28 19:09:33 | 000,497,868 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.09.28 19:09:33 | 000,085,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.09.28 19:05:24 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.09.28 17:58:54 | 000,000,000 | ---D | M] -- C:\Program Files\PeerBlock [2010.09.28 17:57:16 | 000,000,566 | ---- | M] () -- C:\WINDOWS\tasks\Automatic troubleshooting.job [2010.09.28 17:56:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.09.28 17:55:17 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Wandi\NTUSER.DAT [2010.09.28 17:55:17 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Wandi\ntuser.ini [2010.09.28 17:53:21 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Wandi\Application Data [2010.09.28 17:53:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Malwarebytes [2010.09.28 17:53:15 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.09.28 17:53:12 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.28 17:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Desktop [2010.09.28 17:53:05 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data [2010.09.28 17:53:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2010.09.28 17:52:40 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Gmer.zip [2010.09.28 17:52:40 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\defogger.exe [2010.09.28 17:52:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Desktop [2010.09.28 17:40:58 | 000,002,510 | ---- | M] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\B4BD1731-FC83-412B-91E0-A8ECADDD7F43.txt [2010.09.28 17:40:47 | 000,002,510 | ---- | M] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\B4BD1731-FC83-412B-91E0-A8ECADDD7F43.txt [2010.09.28 14:11:09 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG [2010.09.28 12:21:48 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner [2010.09.28 12:15:27 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Wandi\Cookies [2010.09.28 11:35:57 | 000,000,000 | ---D | M] -- C:\Program Files\PokerStars [2010.09.27 13:34:01 | 000,000,095 | ---- | M] () -- C:\WINDOWS\wininit.ini [2010.09.27 10:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\uTorrent [2010.09.27 10:27:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2010.09.27 10:27:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2010.09.27 10:22:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files [2010.09.26 21:34:03 | 000,206,336 | ---- | M] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.26 09:18:06 | 000,000,000 | ---D | M] -- C:\Program Files\PeerGuardian2 [2010.09.25 21:29:21 | 000,000,000 | ---D | M] -- C:\Program Files\Veetle [2010.09.25 12:05:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Tracing [2010.09.25 11:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\PriceGong [2010.09.24 19:56:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\PokerStrategy.com [2010.09.24 19:56:04 | 000,000,000 | ---D | M] -- C:\Program Files\PokerStrategy.com [2010.09.24 19:53:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\Downloaded Installations [2010.09.24 19:47:03 | 001,452,371 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Foto0341.jpg [2010.09.24 19:41:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\dvdcss [2010.09.24 19:41:05 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET [2010.09.24 17:20:05 | 001,471,511 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Foto0344.jpg [2010.09.23 17:03:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\DVDVideoSoftTB [2010.09.23 16:29:24 | 000,006,603 | ---- | M] () -- C:\WINDOWS\PSPICEEV.INI [2010.09.23 15:56:49 | 000,495,908 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\0273694243_csf_v9.zip [2010.09.23 15:56:35 | 005,290,891 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\0273694243_csf_multisim.zip [2010.09.22 19:17:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\Help [2010.09.22 19:17:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Help [2010.09.22 18:24:47 | 000,000,000 | ---D | M] -- C:\Program Files\OrCAD_Demo [2010.09.22 18:21:06 | 028,620,288 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\91pspstu.exe [2010.09.22 18:03:27 | 000,000,000 | ---D | M] -- C:\Program Files\EAGLE-5.10.0 [2010.09.22 17:58:12 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Wandi\My Documents [2010.09.22 17:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\CadSoft [2010.09.22 16:39:03 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT [2010.09.22 16:39:03 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT_tureg_new.LOG [2010.09.22 16:36:43 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Wandi\NTUSER.DAT_tureg_old [2010.09.22 16:29:13 | 000,645,370 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Electronica_tentamenbundel.pdf [2010.09.22 16:17:18 | 000,000,000 | ---D | M] -- C:\Program Files\DVDVideoSoftTB [2010.09.22 16:16:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\Conduit [2010.09.22 15:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\eSobi [2010.09.22 14:28:03 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Wandi\Start Menu [2010.09.22 10:09:12 | 000,000,000 | ---D | M] -- C:\Program Files\Free M4a to MP3 Converter [2010.09.22 10:09:11 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Free M4a to MP3 Converter.lnk [2010.09.22 10:09:11 | 000,000,739 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\My Music Tools.lnk [2010.09.22 09:54:11 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit [2010.09.22 09:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\DVDVideoSoftIEHelpers [2010.09.22 09:53:58 | 000,000,896 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\DVDVideoSoft Free Studio.lnk [2010.09.22 09:53:53 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\DVDVideoSoft [2010.09.22 09:53:39 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files [2010.09.22 09:53:38 | 000,000,000 | ---D | M] -- C:\Program Files\DVDVideoSoft [2010.09.22 09:52:20 | 012,692,880 | ---- | M] (DVDVideoSoft Limited. ) -- C:\Documents and Settings\Wandi\Desktop\FreeYouTubeDownload_29.exe [2010.09.21 19:31:56 | 000,134,413 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 1.png [2010.09.21 19:31:56 | 000,113,358 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 2.png [2010.09.21 19:18:34 | 000,065,698 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Suche.jpg [2010.09.21 19:17:37 | 000,081,252 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Archive.jpg [2010.09.21 19:17:36 | 000,075,142 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Suche.jpg [2010.09.21 19:17:25 | 000,081,843 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Allgemeines - Erweiterte Gefahrenkategorien.jpg [2010.09.21 19:17:21 | 000,056,756 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Heuristik.jpg [2010.09.21 19:17:20 | 000,068,441 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Heuristik.jpg [2010.09.17 17:24:15 | 000,012,081 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Arbeitstunden.xlsx [2010.09.17 16:19:49 | 000,042,873 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Verkauf.xlsx [2010.09.16 18:46:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox [2010.09.15 16:05:43 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2010.09.15 08:58:39 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.09.11 16:00:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\skypePM [2010.09.06 17:49:56 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight [2010.08.31 09:46:01 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent [2010.08.31 04:34:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\Microsoft [2010.08.31 04:34:45 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Wandi\Application Data\Microsoft [2010.03.25 11:00:35 | 000,093,064 | ---- | M] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2010.03.20 01:38:55 | 000,002,828 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys [2010.03.20 01:38:50 | 000,000,088 | RHS- | M] () -- C:\Documents and Settings\All Users\Application Data\A67807F7B8.sys [2010.01.06 19:23:50 | 000,000,242 | ---- | M] () -- C:\Documents and Settings\Wandi\Application Data\wklnhst.dat [2009.11.09 14:14:19 | 000,000,363 | ---- | M] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\postgresinstall.bat [2009.10.27 22:14:56 | 004,843,300 | -H-- | M] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\IconCache.db [2009.07.27 21:27:29 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Wandi\Application Data\desktop.ini [2009.07.27 21:27:29 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini [1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.09.28 19:09:33 | 000,594,998 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.09.28 19:09:33 | 000,497,868 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.09.28 19:09:33 | 000,085,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.09.28 19:05:24 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.09.28 17:57:16 | 000,000,566 | ---- | M] () -- C:\WINDOWS\tasks\Automatic troubleshooting.job [2010.09.28 17:56:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.09.28 17:56:03 | 1063,194,624 | -HS- | M] () -- C:\hiberfil.sys [2010.09.28 17:55:17 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Wandi\NTUSER.DAT [2010.09.28 17:55:17 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Wandi\ntuser.ini [2010.09.28 17:53:12 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.28 17:52:40 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Gmer.zip [2010.09.28 17:52:40 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\defogger.exe [2010.09.27 13:34:01 | 000,000,095 | ---- | M] () -- C:\WINDOWS\wininit.ini [2010.09.26 21:34:03 | 000,206,336 | ---- | M] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.24 19:47:03 | 001,452,371 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Foto0341.jpg [2010.09.24 17:20:05 | 001,471,511 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Foto0344.jpg [2010.09.23 16:29:24 | 000,006,603 | ---- | M] () -- C:\WINDOWS\PSPICEEV.INI [2010.09.23 15:56:49 | 000,495,908 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\0273694243_csf_v9.zip [2010.09.23 15:56:35 | 005,290,891 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\0273694243_csf_multisim.zip [2010.09.22 18:21:06 | 028,620,288 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\91pspstu.exe [2010.09.22 16:39:03 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT [2010.09.22 16:36:43 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Wandi\NTUSER.DAT_tureg_old [2010.09.22 16:29:13 | 000,645,370 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Electronica_tentamenbundel.pdf [2010.09.22 10:09:11 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Free M4a to MP3 Converter.lnk [2010.09.22 10:09:11 | 000,000,739 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\My Music Tools.lnk [2010.09.22 09:53:58 | 000,000,896 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\DVDVideoSoft Free Studio.lnk [2010.09.22 09:52:20 | 012,692,880 | ---- | M] (DVDVideoSoft Limited. ) -- C:\Documents and Settings\Wandi\Desktop\FreeYouTubeDownload_29.exe [2010.09.21 19:31:56 | 000,134,413 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 1.png [2010.09.21 19:31:56 | 000,113,358 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 2.png [2010.09.21 19:18:34 | 000,065,698 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Suche.jpg [2010.09.21 19:17:37 | 000,081,252 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Archive.jpg [2010.09.21 19:17:36 | 000,075,142 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Suche.jpg [2010.09.21 19:17:25 | 000,081,843 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Allgemeines - Erweiterte Gefahrenkategorien.jpg [2010.09.21 19:17:21 | 000,056,756 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Heuristik.jpg [2010.09.21 19:17:20 | 000,068,441 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Heuristik.jpg [2010.09.17 17:24:15 | 000,012,081 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Arbeitstunden.xlsx [2010.09.17 16:19:49 | 000,042,873 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Verkauf.xlsx [2010.09.15 16:05:43 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2010.09.15 08:58:39 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ] ========== LOP Check ========== [2009.07.28 07:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSobi [2010.04.27 20:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ [2009.12.21 20:26:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2010.01.04 16:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software [2010.01.04 16:56:17 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} [2010.06.29 22:36:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\2FE3C73E8A6EF87BC87529BEE60EA321 [2009.07.28 07:05:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Acer [2009.07.28 06:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Acer GameZone Console [2010.09.22 17:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\CadSoft [2010.02.12 12:31:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\com.adobe.example.avatarAirApplication.199ED43C2CFEB351CD0244628B93195D7C58F98C.1 [2010.09.22 09:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\DVDVideoSoftIEHelpers [2010.09.22 15:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\eSobi [2010.05.27 15:44:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\FinalMediaPlayer [2010.04.07 18:17:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\MSNInstaller [2010.09.25 11:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\PriceGong [2009.07.28 06:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Super-Cow [2010.01.06 19:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Template [2010.01.04 16:58:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\TuneUp Software [2010.09.27 10:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\uTorrent [2010.08.25 02:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Windows Live Writer [2010.09.28 17:57:16 | 000,000,566 | ---- | M] () -- C:\WINDOWS\Tasks\Automatic troubleshooting.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CF61E54 < End of report > [2010.09.28 19:49:37 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\Wandi\ntuser.dat.LOG [2010.09.28 19:26:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Skype [2010.09.28 19:20:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy [2010.09.28 19:20:54 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Wandi\Recent [2010.09.28 19:09:33 | 000,594,998 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.09.28 19:09:33 | 000,497,868 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.09.28 19:09:33 | 000,085,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.09.28 19:05:24 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.09.28 17:58:54 | 000,000,000 | ---D | M] -- C:\Program Files\PeerBlock [2010.09.28 17:57:16 | 000,000,566 | ---- | M] () -- C:\WINDOWS\tasks\Automatic troubleshooting.job [2010.09.28 17:56:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.09.28 17:55:17 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Wandi\NTUSER.DAT [2010.09.28 17:55:17 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Wandi\ntuser.ini [2010.09.28 17:53:21 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Wandi\Application Data [2010.09.28 17:53:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Malwarebytes [2010.09.28 17:53:15 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.09.28 17:53:12 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.28 17:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Desktop [2010.09.28 17:53:05 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data [2010.09.28 17:53:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2010.09.28 17:52:40 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Gmer.zip [2010.09.28 17:52:40 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\defogger.exe [2010.09.28 17:52:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Desktop [2010.09.28 17:40:58 | 000,002,510 | ---- | M] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\B4BD1731-FC83-412B-91E0-A8ECADDD7F43.txt [2010.09.28 17:40:47 | 000,002,510 | ---- | M] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\B4BD1731-FC83-412B-91E0-A8ECADDD7F43.txt [2010.09.28 14:11:09 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG [2010.09.28 12:21:48 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner [2010.09.28 12:15:27 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Wandi\Cookies [2010.09.28 11:35:57 | 000,000,000 | ---D | M] -- C:\Program Files\PokerStars [2010.09.27 13:34:01 | 000,000,095 | ---- | M] () -- C:\WINDOWS\wininit.ini [2010.09.27 10:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\uTorrent [2010.09.27 10:27:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2010.09.27 10:27:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2010.09.27 10:22:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files [2010.09.26 21:34:03 | 000,206,336 | ---- | M] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.26 09:18:06 | 000,000,000 | ---D | M] -- C:\Program Files\PeerGuardian2 [2010.09.25 21:29:21 | 000,000,000 | ---D | M] -- C:\Program Files\Veetle [2010.09.25 12:05:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Tracing [2010.09.25 11:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\PriceGong [2010.09.24 19:56:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\PokerStrategy.com [2010.09.24 19:56:04 | 000,000,000 | ---D | M] -- C:\Program Files\PokerStrategy.com [2010.09.24 19:53:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\Downloaded Installations [2010.09.24 19:47:03 | 001,452,371 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Foto0341.jpg [2010.09.24 19:41:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\dvdcss [2010.09.24 19:41:05 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET [2010.09.24 17:20:05 | 001,471,511 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Foto0344.jpg [2010.09.23 17:03:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\DVDVideoSoftTB [2010.09.23 16:29:24 | 000,006,603 | ---- | M] () -- C:\WINDOWS\PSPICEEV.INI [2010.09.23 15:56:49 | 000,495,908 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\0273694243_csf_v9.zip [2010.09.23 15:56:35 | 005,290,891 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\0273694243_csf_multisim.zip [2010.09.22 19:17:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\Help [2010.09.22 19:17:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Help [2010.09.22 18:24:47 | 000,000,000 | ---D | M] -- C:\Program Files\OrCAD_Demo [2010.09.22 18:21:06 | 028,620,288 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\91pspstu.exe [2010.09.22 18:03:27 | 000,000,000 | ---D | M] -- C:\Program Files\EAGLE-5.10.0 [2010.09.22 17:58:12 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Wandi\My Documents [2010.09.22 17:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\CadSoft [2010.09.22 16:39:03 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT [2010.09.22 16:39:03 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT_tureg_new.LOG [2010.09.22 16:36:43 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Wandi\NTUSER.DAT_tureg_old [2010.09.22 16:29:13 | 000,645,370 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Electronica_tentamenbundel.pdf [2010.09.22 16:17:18 | 000,000,000 | ---D | M] -- C:\Program Files\DVDVideoSoftTB [2010.09.22 16:16:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\Conduit [2010.09.22 15:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\eSobi [2010.09.22 14:28:03 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Wandi\Start Menu [2010.09.22 10:09:12 | 000,000,000 | ---D | M] -- C:\Program Files\Free M4a to MP3 Converter [2010.09.22 10:09:11 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Free M4a to MP3 Converter.lnk [2010.09.22 10:09:11 | 000,000,739 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\My Music Tools.lnk [2010.09.22 09:54:11 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit [2010.09.22 09:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\DVDVideoSoftIEHelpers [2010.09.22 09:53:58 | 000,000,896 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\DVDVideoSoft Free Studio.lnk [2010.09.22 09:53:53 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\DVDVideoSoft [2010.09.22 09:53:39 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files [2010.09.22 09:53:38 | 000,000,000 | ---D | M] -- C:\Program Files\DVDVideoSoft [2010.09.22 09:52:20 | 012,692,880 | ---- | M] (DVDVideoSoft Limited. ) -- C:\Documents and Settings\Wandi\Desktop\FreeYouTubeDownload_29.exe [2010.09.21 19:31:56 | 000,134,413 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 1.png [2010.09.21 19:31:56 | 000,113,358 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 2.png [2010.09.21 19:18:34 | 000,065,698 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Suche.jpg [2010.09.21 19:17:37 | 000,081,252 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Archive.jpg [2010.09.21 19:17:36 | 000,075,142 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Suche.jpg [2010.09.21 19:17:25 | 000,081,843 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Allgemeines - Erweiterte Gefahrenkategorien.jpg [2010.09.21 19:17:21 | 000,056,756 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Heuristik.jpg [2010.09.21 19:17:20 | 000,068,441 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Heuristik.jpg [2010.09.17 17:24:15 | 000,012,081 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Arbeitstunden.xlsx [2010.09.17 16:19:49 | 000,042,873 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Verkauf.xlsx [2010.09.16 18:46:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox [2010.09.15 16:05:43 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2010.09.15 08:58:39 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.09.11 16:00:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\skypePM [2010.09.06 17:49:56 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight [2010.08.31 09:46:01 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent [2010.08.31 04:34:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\Microsoft [2010.08.31 04:34:45 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Wandi\Application Data\Microsoft [2010.03.25 11:00:35 | 000,093,064 | ---- | M] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2010.03.20 01:38:55 | 000,002,828 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys [2010.03.20 01:38:50 | 000,000,088 | RHS- | M] () -- C:\Documents and Settings\All Users\Application Data\A67807F7B8.sys [2010.01.06 19:23:50 | 000,000,242 | ---- | M] () -- C:\Documents and Settings\Wandi\Application Data\wklnhst.dat [2009.11.09 14:14:19 | 000,000,363 | ---- | M] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\postgresinstall.bat [2009.10.27 22:14:56 | 004,843,300 | -H-- | M] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\IconCache.db [2009.07.27 21:27:29 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Wandi\Application Data\desktop.ini [2009.07.27 21:27:29 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini [1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.09.28 19:09:33 | 000,594,998 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.09.28 19:09:33 | 000,497,868 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.09.28 19:09:33 | 000,085,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.09.28 19:05:24 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.09.28 17:57:16 | 000,000,566 | ---- | M] () -- C:\WINDOWS\tasks\Automatic troubleshooting.job [2010.09.28 17:56:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.09.28 17:56:03 | 1063,194,624 | -HS- | M] () -- C:\hiberfil.sys [2010.09.28 17:55:17 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Wandi\NTUSER.DAT [2010.09.28 17:55:17 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Wandi\ntuser.ini [2010.09.28 17:53:12 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.28 17:52:40 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Gmer.zip [2010.09.28 17:52:40 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\defogger.exe [2010.09.27 13:34:01 | 000,000,095 | ---- | M] () -- C:\WINDOWS\wininit.ini [2010.09.26 21:34:03 | 000,206,336 | ---- | M] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.24 19:47:03 | 001,452,371 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Foto0341.jpg [2010.09.24 17:20:05 | 001,471,511 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Foto0344.jpg [2010.09.23 16:29:24 | 000,006,603 | ---- | M] () -- C:\WINDOWS\PSPICEEV.INI [2010.09.23 15:56:49 | 000,495,908 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\0273694243_csf_v9.zip [2010.09.23 15:56:35 | 005,290,891 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\0273694243_csf_multisim.zip [2010.09.22 18:21:06 | 028,620,288 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\91pspstu.exe [2010.09.22 16:39:03 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT [2010.09.22 16:36:43 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Wandi\NTUSER.DAT_tureg_old [2010.09.22 16:29:13 | 000,645,370 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Electronica_tentamenbundel.pdf [2010.09.22 10:09:11 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Free M4a to MP3 Converter.lnk [2010.09.22 10:09:11 | 000,000,739 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\My Music Tools.lnk [2010.09.22 09:53:58 | 000,000,896 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\DVDVideoSoft Free Studio.lnk [2010.09.22 09:52:20 | 012,692,880 | ---- | M] (DVDVideoSoft Limited. ) -- C:\Documents and Settings\Wandi\Desktop\FreeYouTubeDownload_29.exe [2010.09.21 19:31:56 | 000,134,413 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 1.png [2010.09.21 19:31:56 | 000,113,358 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 2.png [2010.09.21 19:18:34 | 000,065,698 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Suche.jpg [2010.09.21 19:17:37 | 000,081,252 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Archive.jpg [2010.09.21 19:17:36 | 000,075,142 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Suche.jpg [2010.09.21 19:17:25 | 000,081,843 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Allgemeines - Erweiterte Gefahrenkategorien.jpg [2010.09.21 19:17:21 | 000,056,756 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Heuristik.jpg [2010.09.21 19:17:20 | 000,068,441 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Heuristik.jpg [2010.09.17 17:24:15 | 000,012,081 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Arbeitstunden.xlsx [2010.09.17 16:19:49 | 000,042,873 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Verkauf.xlsx [2010.09.15 16:05:43 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2010.09.15 08:58:39 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ] ========== LOP Check ========== [2009.07.28 07:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSobi [2010.04.27 20:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ [2009.12.21 20:26:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2010.01.04 16:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software [2010.01.04 16:56:17 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} [2010.06.29 22:36:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\2FE3C73E8A6EF87BC87529BEE60EA321 [2009.07.28 07:05:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Acer [2009.07.28 06:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Acer GameZone Console [2010.09.22 17:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\CadSoft [2010.02.12 12:31:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\com.adobe.example.avatarAirApplication.199ED43C2CFEB351CD0244628B93195D7C58F98C.1 [2010.09.22 09:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\DVDVideoSoftIEHelpers [2010.09.22 15:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\eSobi [2010.05.27 15:44:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\FinalMediaPlayer [2010.04.07 18:17:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\MSNInstaller [2010.09.25 11:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\PriceGong [2009.07.28 06:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Super-Cow [2010.01.06 19:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Template [2010.01.04 16:58:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\TuneUp Software [2010.09.27 10:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\uTorrent [2010.08.25 02:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Windows Live Writer [2010.09.28 17:57:16 | 000,000,566 | ---- | M] () -- C:\WINDOWS\Tasks\Automatic troubleshooting.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CF61E54 < End of report > |
hier ist der erste log vom maleware sry wegen der unubersichtlichkeit weiss nicht wie ich das wegbekomme vllt waere es gut wenn nen admin meine beitraege editiert greets Malwarebytes' Anti-Malware 1.46 Malwarebytes Database version: 4712 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 28.09.2010 18:59:44 mbam-log-2010-09-28 (18-59-44).txt Scan type: Full scan (C:\|) Objects scanned: 189870 Time elapsed: 1 hour(s), 0 minute(s), 56 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 3 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\3FWHZQA3LT (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\SMH2B46TDP (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Trojan.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) |
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code: :OTLDas Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. |
Hi Beim reboot kommt diese anzeige access violation at address 05b9446 in module 'OTL.exe'. Read of address 00000000 |
OTL Logfile: Code: OTL logfile created on: 28.09.2010 23:30:08 - Run 2[2010.09.28 23:38:36 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\Wandi\ntuser.dat.LOG [2010.09.28 23:38:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Desktop [2010.09.28 23:32:11 | 000,594,998 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.09.28 23:32:11 | 000,497,868 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.09.28 23:32:11 | 000,085,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.09.28 23:29:23 | 000,000,566 | ---- | M] () -- C:\WINDOWS\tasks\Automatic troubleshooting.job [2010.09.28 23:27:11 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.09.28 23:27:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.09.28 23:26:25 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Wandi\NTUSER.DAT [2010.09.28 23:26:25 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Wandi\ntuser.ini [2010.09.28 23:25:58 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts [2010.09.28 23:25:58 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Wandi\Application Data [2010.09.28 23:25:58 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data [2010.09.28 23:24:40 | 000,002,510 | ---- | M] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\B4BD1731-FC83-412B-91E0-A8ECADDD7F43.txt [2010.09.28 23:24:29 | 000,002,928 | ---- | M] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\B4BD1731-FC83-412B-91E0-A8ECADDD7F43.txt [2010.09.28 23:23:16 | 000,000,000 | ---D | M] -- C:\Program Files\PeerBlock [2010.09.28 23:22:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Skype [2010.09.28 23:20:43 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Wandi\Cookies [2010.09.28 22:59:03 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Wandi\Recent [2010.09.28 21:27:30 | 000,014,065 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\otl.7z [2010.09.28 21:27:00 | 000,014,065 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Desktop.7z [2010.09.28 20:18:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Tracing [2010.09.28 19:20:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy [2010.09.28 17:53:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Malwarebytes [2010.09.28 17:53:15 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.09.28 17:53:12 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.28 17:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Desktop [2010.09.28 17:53:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2010.09.28 17:52:40 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Gmer.zip [2010.09.28 17:52:40 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\defogger.exe [2010.09.28 14:11:09 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG [2010.09.28 12:21:48 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner [2010.09.28 11:35:57 | 000,000,000 | ---D | M] -- C:\Program Files\PokerStars [2010.09.27 13:34:01 | 000,000,095 | ---- | M] () -- C:\WINDOWS\wininit.ini [2010.09.27 10:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\uTorrent [2010.09.27 10:27:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2010.09.27 10:27:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2010.09.27 10:22:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files [2010.09.26 21:34:03 | 000,206,336 | ---- | M] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.26 09:18:06 | 000,000,000 | ---D | M] -- C:\Program Files\PeerGuardian2 [2010.09.25 21:29:21 | 000,000,000 | ---D | M] -- C:\Program Files\Veetle [2010.09.24 19:56:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\PokerStrategy.com [2010.09.24 19:56:04 | 000,000,000 | ---D | M] -- C:\Program Files\PokerStrategy.com [2010.09.24 19:53:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\Downloaded Installations [2010.09.24 19:47:03 | 001,452,371 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Foto0341.jpg [2010.09.24 19:41:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\dvdcss [2010.09.24 19:41:05 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET [2010.09.24 17:20:05 | 001,471,511 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Foto0344.jpg [2010.09.23 17:03:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\DVDVideoSoftTB [2010.09.22 19:17:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\Help [2010.09.22 19:17:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Help [2010.09.22 18:24:47 | 000,000,000 | ---D | M] -- C:\Program Files\OrCAD_Demo [2010.09.22 18:21:06 | 028,620,288 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\91pspstu.exe [2010.09.22 18:03:27 | 000,000,000 | ---D | M] -- C:\Program Files\EAGLE-5.10.0 [2010.09.22 17:58:12 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Wandi\My Documents [2010.09.22 17:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\CadSoft [2010.09.22 16:39:03 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT [2010.09.22 16:39:03 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT_tureg_new.LOG [2010.09.22 16:36:43 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Wandi\NTUSER.DAT_tureg_old [2010.09.22 16:29:13 | 000,645,370 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Electronica_tentamenbundel.pdf [2010.09.22 16:17:18 | 000,000,000 | ---D | M] -- C:\Program Files\DVDVideoSoftTB [2010.09.22 16:16:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\Conduit [2010.09.22 15:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\eSobi [2010.09.22 14:28:03 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Wandi\Start Menu [2010.09.22 10:09:12 | 000,000,000 | ---D | M] -- C:\Program Files\Free M4a to MP3 Converter [2010.09.22 10:09:11 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Free M4a to MP3 Converter.lnk [2010.09.22 10:09:11 | 000,000,739 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\My Music Tools.lnk [2010.09.22 09:54:11 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit [2010.09.22 09:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\DVDVideoSoftIEHelpers [2010.09.22 09:53:58 | 000,000,896 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\DVDVideoSoft Free Studio.lnk [2010.09.22 09:53:53 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\DVDVideoSoft [2010.09.22 09:53:39 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files [2010.09.22 09:53:38 | 000,000,000 | ---D | M] -- C:\Program Files\DVDVideoSoft [2010.09.22 09:52:20 | 012,692,880 | ---- | M] (DVDVideoSoft Limited. ) -- C:\Documents and Settings\Wandi\Desktop\FreeYouTubeDownload_29.exe [2010.09.21 19:31:56 | 000,134,413 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 1.png [2010.09.21 19:31:56 | 000,113,358 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 2.png [2010.09.21 19:18:34 | 000,065,698 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Suche.jpg [2010.09.21 19:17:37 | 000,081,252 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Archive.jpg [2010.09.21 19:17:36 | 000,075,142 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Suche.jpg [2010.09.21 19:17:25 | 000,081,843 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Allgemeines - Erweiterte Gefahrenkategorien.jpg [2010.09.21 19:17:21 | 000,056,756 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Heuristik.jpg [2010.09.21 19:17:20 | 000,068,441 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Heuristik.jpg [2010.09.17 17:24:15 | 000,012,081 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Arbeitstunden.xlsx [2010.09.17 16:19:49 | 000,042,873 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Verkauf.xlsx [2010.09.16 18:46:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox [2010.09.15 16:05:43 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2010.09.15 08:58:39 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.09.11 16:00:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\skypePM [2010.09.06 17:49:56 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight [2010.08.31 09:46:01 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent [2010.08.31 04:34:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\Microsoft [2010.08.31 04:34:45 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Wandi\Application Data\Microsoft [2010.03.25 11:00:35 | 000,093,064 | ---- | M] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2010.03.20 01:38:55 | 000,002,828 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys [2010.03.20 01:38:50 | 000,000,088 | RHS- | M] () -- C:\Documents and Settings\All Users\Application Data\A67807F7B8.sys [2010.01.06 19:23:50 | 000,000,242 | ---- | M] () -- C:\Documents and Settings\Wandi\Application Data\wklnhst.dat [2009.11.09 14:14:19 | 000,000,363 | ---- | M] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\postgresinstall.bat [2009.10.27 22:14:56 | 004,843,300 | -H-- | M] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\IconCache.db [2009.07.27 21:27:29 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Wandi\Application Data\desktop.ini [2009.07.27 21:27:29 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini [1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.09.28 23:32:11 | 000,594,998 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.09.28 23:32:11 | 000,497,868 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.09.28 23:32:11 | 000,085,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.09.28 23:29:23 | 000,000,566 | ---- | M] () -- C:\WINDOWS\tasks\Automatic troubleshooting.job [2010.09.28 23:27:11 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.09.28 23:27:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.09.28 23:27:04 | 1063,194,624 | -HS- | M] () -- C:\hiberfil.sys [2010.09.28 23:26:25 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Wandi\NTUSER.DAT [2010.09.28 23:26:25 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Wandi\ntuser.ini [2010.09.28 23:25:58 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts [2010.09.28 21:27:30 | 000,014,065 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\otl.7z [2010.09.28 21:27:00 | 000,014,065 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Desktop.7z [2010.09.28 17:53:12 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.28 17:52:40 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Gmer.zip [2010.09.28 17:52:40 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\defogger.exe [2010.09.27 13:34:01 | 000,000,095 | ---- | M] () -- C:\WINDOWS\wininit.ini [2010.09.26 21:34:03 | 000,206,336 | ---- | M] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.24 19:47:03 | 001,452,371 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Foto0341.jpg [2010.09.24 17:20:05 | 001,471,511 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Foto0344.jpg [2010.09.22 18:21:06 | 028,620,288 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\91pspstu.exe [2010.09.22 16:39:03 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT [2010.09.22 16:36:43 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Wandi\NTUSER.DAT_tureg_old [2010.09.22 16:29:13 | 000,645,370 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Electronica_tentamenbundel.pdf [2010.09.22 10:09:11 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Free M4a to MP3 Converter.lnk [2010.09.22 10:09:11 | 000,000,739 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\My Music Tools.lnk [2010.09.22 09:53:58 | 000,000,896 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\DVDVideoSoft Free Studio.lnk [2010.09.22 09:52:20 | 012,692,880 | ---- | M] (DVDVideoSoft Limited. ) -- C:\Documents and Settings\Wandi\Desktop\FreeYouTubeDownload_29.exe [2010.09.21 19:31:56 | 000,134,413 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 1.png [2010.09.21 19:31:56 | 000,113,358 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 2.png [2010.09.21 19:18:34 | 000,065,698 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Suche.jpg [2010.09.21 19:17:37 | 000,081,252 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Archive.jpg [2010.09.21 19:17:36 | 000,075,142 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Suche.jpg [2010.09.21 19:17:25 | 000,081,843 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Allgemeines - Erweiterte Gefahrenkategorien.jpg [2010.09.21 19:17:21 | 000,056,756 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Heuristik.jpg [2010.09.21 19:17:20 | 000,068,441 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Heuristik.jpg [2010.09.17 17:24:15 | 000,012,081 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Arbeitstunden.xlsx [2010.09.17 16:19:49 | 000,042,873 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Verkauf.xlsx [2010.09.15 16:05:43 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2010.09.15 08:58:39 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ] ========== LOP Check ========== [2009.07.28 07:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSobi [2010.04.27 20:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ [2009.12.21 20:26:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2010.01.04 16:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software [2009.07.28 07:05:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Acer [2009.07.28 06:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Acer GameZone Console [2010.09.22 17:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\CadSoft [2010.02.12 12:31:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\com.adobe.example.avatarAirApplication.199ED43C2CFEB351CD0244628B93195D7C58F98C.1 [2010.09.22 09:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\DVDVideoSoftIEHelpers [2010.09.22 15:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\eSobi [2010.05.27 15:44:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\FinalMediaPlayer [2010.04.07 18:17:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\MSNInstaller [2009.07.28 06:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Super-Cow [2010.01.06 19:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Template [2010.01.04 16:58:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\TuneUp Software [2010.09.27 10:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\uTorrent [2010.08.25 02:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Windows Live Writer [2010.09.28 23:29:23 | 000,000,566 | ---- | M] () -- C:\WINDOWS\Tasks\Automatic troubleshooting.job ========== Purity Check ========== < End of report > |
OTL EXTRAS Logfile: Code: OTL Extras logfile created on: 28.09.2010 23:30:08 - Run 2========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.) "C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation) "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181) "{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{10140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14 "{10140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 14 "{10140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 14 "{10140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 14 "{10140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 14 "{10140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 14 "{10140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 14 "{10140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 14 "{10140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 14 "{10140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 14 "{10140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 14 "{10140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 14 "{10140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 14 "{10140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 14 "{10140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 14 "{10140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 14 "{10140000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 14 "{10140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 14 "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16 "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{56A648C2-D185-46A9-BBFF-78AE7A503000}" = WebCam "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{78E804CC-A148-4C8F-AD46-0B476EFE34C2}" = Microsoft Image Composite Editor "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4 "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities "{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US) "7-Zip" = 7-Zip 4.65 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "bwin Poker_is1" = bwin Poker "CCleaner" = CCleaner "DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar "EAGLE 5.10.0" = EAGLE 5.10.0 "EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.30 "Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2 "Free YouTube Download_is1" = Free YouTube Download 2.9 "HDMI" = Intel(R) Graphics Media Accelerator Driver "HijackThis" = HijackThis 2.0.2 "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10) "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 (Technical Preview) "Plus500" = Plus500 "PSpice Student" = PSpice Student 9.1 "SynTPDeinstKey" = Synaptics Pointing Device Driver "TuneUp Utilities" = TuneUp Utilities "Uninstall_is1" = Uninstall 1.0.0.1 "uTorrent" = µTorrent "Veetle TV" = Veetle TV 0.9.17 "VLC media player" = VLC media player 1.1.1 "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "Windows Media Format Runtime" = Windows Media Format Runtime "Windows Media Player" = Windows Media Player 10 "WinLiveSuite_Wave3" = Windows Live Essentials ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 28.09.2010 06:10:46 | Computer Name = KUNDI | Source = Application Error | ID = 1001 Description = Fault bucket 2022037742. Error - 28.09.2010 07:13:59 | Computer Name = KUNDI | Source = Application Error | ID = 1000 Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting module , version 0.0.0.0, fault address 0x00000000. Error - 28.09.2010 07:14:50 | Computer Name = KUNDI | Source = Application Error | ID = 1000 Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d. Error - 28.09.2010 07:14:59 | Computer Name = KUNDI | Source = Application Error | ID = 1001 Description = Fault bucket 223121472. Error - 28.09.2010 08:35:37 | Computer Name = KUNDI | Source = Application Error | ID = 1000 Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x0e6bf470. Error - 28.09.2010 08:36:41 | Computer Name = KUNDI | Source = Application Error | ID = 1001 Description = Fault bucket 1991869855. Error - 28.09.2010 11:58:30 | Computer Name = KUNDI | Source = ESENT | ID = 490 Description = svchost (1728) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\edb.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8). Error - 28.09.2010 11:59:22 | Computer Name = KUNDI | Source = Application Hang | ID = 1002 Description = Hanging application peerblock.exe, version 1.0.0.181, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 28.09.2010 12:50:05 | Computer Name = KUNDI | Source = Application Error | ID = 1000 Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x04daf540. Error - 28.09.2010 17:23:27 | Computer Name = KUNDI | Source = Application Hang | ID = 1002 Description = Hanging application peerblock.exe, version 1.0.0.181, hang module hungapp, version 0.0.0.0, hang address 0x00000000. [ System Events ] Error - 28.09.2010 11:54:03 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034 Description = The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s). Error - 28.09.2010 11:54:04 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034 Description = The Raw Socket Service service terminated unexpectedly. It has done this 1 time(s). Error - 28.09.2010 11:54:04 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034 Description = The TuneUp Utilities Service service terminated unexpectedly. It has done this 1 time(s). Error - 28.09.2010 11:58:22 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022 Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting. Error - 28.09.2010 17:22:36 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022 Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting. Error - 28.09.2010 17:24:48 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034 Description = The Intel(R) Matrix Storage Event Monitor service terminated unexpectedly. It has done this 1 time(s). Error - 28.09.2010 17:24:48 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034 Description = The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s). Error - 28.09.2010 17:24:48 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034 Description = The Raw Socket Service service terminated unexpectedly. It has done this 1 time(s). Error - 28.09.2010 17:24:48 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034 Description = The TuneUp Utilities Service service terminated unexpectedly. It has done this 1 time(s). Error - 28.09.2010 17:29:06 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022 Description = The Terminal Server Device Redirector Helper service hung on starting. < End of report > |
Du solltest den Fix mit OTL machen und nicht ein OTL.txt posten. Falsches Log? |
mhh also habe den text bei OTL eingefuegt und den fix gemacht aber da kam kein log darum habe ich otl nochmal laufen lasse greets |
Mach den Fix bitte nochmal. |
HI hab den fix nochmal durchgefuehrt und beim restart kommt wieder nur dieses fenstern access violation at address 05b9446 in module 'OTL.exe'. Read of address 00000000 und kann nirgends nen log finden gruesse |
Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
http://saved.im/mtm0nzyzmzd5/cofi.jpg
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! |
Hi vielen dank das du dir die zeit nimmst CCLeaner findet folgendes problem immer wieder ActiveX/COM Fehler InProcServer32\c:\windows\system32\dlo20.dll HKCR\CLSID\{B4BD1731-FC83-412B-91E0-A8ECADDD7F43} Soll ich trotzdem cofi.exe laufen lassen ? |
Ja bitte ausführen |
Combofix Logfile: Code: ComboFix 10-09-28.03 - Wandi 30.09.2010 19:35:08.1.2 - x86 |
Ich brauch den Quarantäneordner von Combofix. Bitte folgendes machen: 1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf da nicht rummurksen! 2.) Ordner C:\Qoobox in eine Datei zippen 3.) die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html 4.) Wenns erfolgreich war Bescheid sagen 5.) Erst dann wieder den Virenscanner einschalten |
Hi Hab den ordner gezipped und hochgeladen greets |
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus. Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen. Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt. |
hi habe beides laufen lassen GMER Logfile: Code: GMER 1.0.15.15281 - hxxp://www.gmer.netund hier der osam-log OSAM Logfile: Code: Report of OSAM: Autorun Manager v5.0.11926.0If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
der bootkit remover gibt folgendes aus .\debug.cpp(238) : Debug log started at 03.10.2010 - 13:41:22 .\boot_cleaner.cpp(527) : Bootkit Remover .\boot_cleaner.cpp(528) : (c) 2009 eSage Lab .\boot_cleaner.cpp(529) : www.esagelab.com .\boot_cleaner.cpp(533) : Program version: 1.2.0.0 .\boot_cleaner.cpp(540) : OS Version: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) .\debug.cpp(248) : ********************************************** .\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] *********** .\debug.cpp(250) : ********************************************** .\debug.cpp(256) : 0x804d7000 0x00228000 "\WINDOWS\system32\ntoskrnl.exe" .\debug.cpp(256) : 0x806ff000 0x00020d00 "\WINDOWS\system32\hal.dll" .\debug.cpp(256) : 0xf7cfd000 0x00002000 "\WINDOWS\system32\KDCOM.DLL" .\debug.cpp(256) : 0xf7c0d000 0x00003000 "\WINDOWS\system32\BOOTVID.dll" .\debug.cpp(256) : 0xf77ae000 0x0002e000 "ACPI.sys" .\debug.cpp(256) : 0xf7cff000 0x00002000 "\WINDOWS\system32\DRIVERS\WMILIB.SYS" .\debug.cpp(256) : 0xf779d000 0x00011000 "pci.sys" .\debug.cpp(256) : 0xf77fd000 0x0000a000 "isapnp.sys" .\debug.cpp(256) : 0xf7c11000 0x00003000 "compbatt.sys" .\debug.cpp(256) : 0xf7c15000 0x00004000 "\WINDOWS\system32\DRIVERS\BATTC.SYS" .\debug.cpp(256) : 0xf7dc5000 0x00001000 "pciide.sys" .\debug.cpp(256) : 0xf7a7d000 0x00007000 "\WINDOWS\system32\DRIVERS\PCIIDEX.SYS" .\debug.cpp(256) : 0xf780d000 0x0000b000 "MountMgr.sys" .\debug.cpp(256) : 0xf777e000 0x0001f000 "ftdisk.sys" .\debug.cpp(256) : 0xf7a85000 0x00005000 "PartMgr.sys" .\debug.cpp(256) : 0xf7c19000 0x00003000 "ACPIEC.sys" .\debug.cpp(256) : 0xf7dc6000 0x00001000 "\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS" .\debug.cpp(256) : 0xf781d000 0x0000d000 "VolSnap.sys" .\debug.cpp(256) : 0xf7766000 0x00018000 "atapi.sys" .\debug.cpp(256) : 0xf7698000 0x000ce000 "iaStor.sys" .\debug.cpp(256) : 0xf782d000 0x00009000 "disk.sys" .\debug.cpp(256) : 0xf783d000 0x0000d000 "\WINDOWS\system32\DRIVERS\CLASSPNP.SYS" .\debug.cpp(256) : 0xf7678000 0x00020000 "fltMgr.sys" .\debug.cpp(256) : 0xf7666000 0x00012000 "sr.sys" .\debug.cpp(256) : 0xf764f000 0x00017000 "KSecDD.sys" .\debug.cpp(256) : 0xf75c2000 0x0008d000 "Ntfs.sys" .\debug.cpp(256) : 0xf7595000 0x0002d000 "NDIS.sys" .\debug.cpp(256) : 0xf757b000 0x0001a000 "Mup.sys" .\debug.cpp(256) : 0xf78ed000 0x00009000 "\SystemRoot\system32\DRIVERS\intelppm.sys" .\debug.cpp(256) : 0xf613d000 0x00596000 "\SystemRoot\system32\DRIVERS\igxpmp32.sys" .\debug.cpp(256) : 0xf6129000 0x00014000 "\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS" .\debug.cpp(256) : 0xf6101000 0x00028000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys" .\debug.cpp(256) : 0xf78fd000 0x0000e000 "\SystemRoot\system32\DRIVERS\l1c51x86.sys" .\debug.cpp(256) : 0xf7aed000 0x00006000 "\SystemRoot\system32\DRIVERS\usbuhci.sys" .\debug.cpp(256) : 0xf60dd000 0x00024000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS" .\debug.cpp(256) : 0xf7af5000 0x00008000 "\SystemRoot\system32\DRIVERS\usbehci.sys" .\debug.cpp(256) : 0xf74ad000 0x00004000 "\SystemRoot\system32\DRIVERS\CmBatt.sys" .\debug.cpp(256) : 0xf790d000 0x0000d000 "\SystemRoot\system32\DRIVERS\i8042prt.sys" .\debug.cpp(256) : 0xf7afd000 0x00005000 "\SystemRoot\system32\DRIVERS\DKbFltr.sys" .\debug.cpp(256) : 0xf7b05000 0x00006000 "\SystemRoot\system32\DRIVERS\kbdclass.sys" .\debug.cpp(256) : 0xf60ac000 0x00031000 "\SystemRoot\system32\DRIVERS\SynTP.sys" .\debug.cpp(256) : 0xf7d35000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS" .\debug.cpp(256) : 0xf791d000 0x0000d000 "\SystemRoot\system32\DRIVERS\WDFLDR.SYS" .\debug.cpp(256) : 0xf6030000 0x0007c000 "\SystemRoot\System32\Drivers\wdf01000.sys" .\debug.cpp(256) : 0xf7b0d000 0x00006000 "\SystemRoot\system32\DRIVERS\mouclass.sys" .\debug.cpp(256) : 0xf74a9000 0x00003000 "\SystemRoot\system32\DRIVERS\wmiacpi.sys" .\debug.cpp(256) : 0xf7f03000 0x00001000 "\SystemRoot\system32\DRIVERS\audstub.sys" .\debug.cpp(256) : 0xf792d000 0x0000d000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys" .\debug.cpp(256) : 0xf74a5000 0x00003000 "\SystemRoot\system32\DRIVERS\ndistapi.sys" .\debug.cpp(256) : 0xf6019000 0x00017000 "\SystemRoot\system32\DRIVERS\ndiswan.sys" .\debug.cpp(256) : 0xf793d000 0x0000b000 "\SystemRoot\system32\DRIVERS\raspppoe.sys" .\debug.cpp(256) : 0xf794d000 0x0000c000 "\SystemRoot\system32\DRIVERS\raspptp.sys" .\debug.cpp(256) : 0xf7b15000 0x00005000 "\SystemRoot\system32\DRIVERS\TDI.SYS" .\debug.cpp(256) : 0xf6008000 0x00011000 "\SystemRoot\system32\DRIVERS\psched.sys" .\debug.cpp(256) : 0xf795d000 0x00009000 "\SystemRoot\system32\DRIVERS\msgpc.sys" .\debug.cpp(256) : 0xf7b1d000 0x00005000 "\SystemRoot\system32\DRIVERS\ptilink.sys" .\debug.cpp(256) : 0xf7b25000 0x00005000 "\SystemRoot\system32\DRIVERS\raspti.sys" .\debug.cpp(256) : 0xf796d000 0x0000a000 "\SystemRoot\system32\DRIVERS\termdd.sys" .\debug.cpp(256) : 0xf7d37000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys" .\debug.cpp(256) : 0xf5fe5000 0x00023000 "\SystemRoot\system32\DRIVERS\ks.sys" .\debug.cpp(256) : 0xf5f87000 0x0005e000 "\SystemRoot\system32\DRIVERS\update.sys" .\debug.cpp(256) : 0xf7491000 0x00004000 "\SystemRoot\system32\DRIVERS\mssmbios.sys" .\debug.cpp(256) : 0xf45d8000 0x0000a000 "\SystemRoot\System32\Drivers\NDProxy.SYS" .\debug.cpp(256) : 0xf16cd000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbhub.sys" .\debug.cpp(256) : 0xaa2b3000 0x004f9000 "\SystemRoot\system32\drivers\RtkHDAud.sys" .\debug.cpp(256) : 0xaa28f000 0x00024000 "\SystemRoot\system32\drivers\portcls.sys" .\debug.cpp(256) : 0xf16bd000 0x0000f000 "\SystemRoot\system32\drivers\drmk.sys" .\debug.cpp(256) : 0xf1277000 0x00003000 "\SystemRoot\System32\Drivers\i2omgmt.SYS" .\debug.cpp(256) : 0xf7d05000 0x00002000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS" .\debug.cpp(256) : 0xf120f000 0x00001000 "\SystemRoot\System32\Drivers\Null.SYS" .\debug.cpp(256) : 0xf7d07000 0x00002000 "\SystemRoot\System32\Drivers\Beep.SYS" .\debug.cpp(256) : 0xf1c8c000 0x00006000 "\SystemRoot\System32\drivers\vga.sys" .\debug.cpp(256) : 0xf7d09000 0x00002000 "\SystemRoot\System32\Drivers\mnmdd.SYS" .\debug.cpp(256) : 0xf7d0b000 0x00002000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys" .\debug.cpp(256) : 0xf1c84000 0x00005000 "\SystemRoot\System32\Drivers\Msfs.SYS" .\debug.cpp(256) : 0xf1c7c000 0x00008000 "\SystemRoot\System32\Drivers\Npfs.SYS" .\debug.cpp(256) : 0xf1273000 0x00003000 "\SystemRoot\system32\DRIVERS\rasacd.sys" .\debug.cpp(256) : 0xaa1a4000 0x00013000 "\SystemRoot\system32\DRIVERS\ipsec.sys" .\debug.cpp(256) : 0xaa14b000 0x00059000 "\SystemRoot\system32\DRIVERS\tcpip.sys" .\debug.cpp(256) : 0xaa0fb000 0x00028000 "\SystemRoot\system32\DRIVERS\netbt.sys" .\debug.cpp(256) : 0xaa0d5000 0x00026000 "\SystemRoot\system32\DRIVERS\ipnat.sys" .\debug.cpp(256) : 0xaa0b3000 0x00022000 "\SystemRoot\System32\drivers\afd.sys" .\debug.cpp(256) : 0xf168d000 0x00009000 "\SystemRoot\system32\DRIVERS\netbios.sys" .\debug.cpp(256) : 0xf167d000 0x00009000 "\SystemRoot\system32\DRIVERS\wanarp.sys" .\debug.cpp(256) : 0xf1c6c000 0x00006000 "\SystemRoot\system32\DRIVERS\ssmdrv.sys" .\debug.cpp(256) : 0xaa033000 0x00024000 "\SystemRoot\System32\Drivers\M3000KNT.sys" .\debug.cpp(256) : 0xf0f48000 0x0000d000 "\SystemRoot\System32\Drivers\STREAM.SYS" .\debug.cpp(256) : 0xaa008000 0x0002b000 "\SystemRoot\system32\DRIVERS\rdbss.sys" .\debug.cpp(256) : 0xa9f98000 0x00070000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys" .\debug.cpp(256) : 0xf07b1000 0x00004000 "\??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys" .\debug.cpp(256) : 0xf0f28000 0x0000b000 "\SystemRoot\System32\Drivers\Fips.SYS" .\debug.cpp(256) : 0xa9f03000 0x00022000 "\SystemRoot\system32\DRIVERS\avipbb.sys" .\debug.cpp(256) : 0xf7d3d000 0x00002000 "\??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys" .\debug.cpp(256) : 0x9f692000 0x000ce000 "\SystemRoot\System32\Drivers\dump_iaStor.sys" .\debug.cpp(256) : 0xbf800000 0x001c5000 "\SystemRoot\System32\win32k.sys" .\debug.cpp(256) : 0xaa127000 0x00003000 "\SystemRoot\System32\drivers\Dxapi.sys" .\debug.cpp(256) : 0xa01ca000 0x00005000 "\SystemRoot\System32\watchdog.sys" .\debug.cpp(256) : 0xbf000000 0x00012000 "\SystemRoot\System32\drivers\dxg.sys" .\debug.cpp(256) : 0xf7e29000 0x00001000 "\SystemRoot\System32\drivers\dxgthk.sys" .\debug.cpp(256) : 0xbf024000 0x0002b000 "\SystemRoot\System32\igxpgd32.dll" .\debug.cpp(256) : 0xbf012000 0x00012000 "\SystemRoot\System32\igxprd32.dll" .\debug.cpp(256) : 0xbf04f000 0x00198000 "\SystemRoot\System32\igxpdv32.DLL" .\debug.cpp(256) : 0xbf1e7000 0x00293000 "\SystemRoot\System32\igxpdx32.DLL" .\debug.cpp(256) : 0xbffa0000 0x00046000 "\SystemRoot\System32\ATMFD.DLL" .\debug.cpp(256) : 0x9f67d000 0x00015000 "\SystemRoot\system32\DRIVERS\avgntflt.sys" .\debug.cpp(256) : 0xaa13b000 0x00004000 "\??\C:\WINDOWS\system32\drivers\mbam.sys" .\debug.cpp(256) : 0xa059b000 0x00004000 "\SystemRoot\system32\DRIVERS\ndisuio.sys" .\debug.cpp(256) : 0x9f5a0000 0x00015000 "\SystemRoot\system32\drivers\wdmaud.sys" .\debug.cpp(256) : 0xf6763000 0x0000f000 "\SystemRoot\system32\drivers\sysaudio.sys" .\debug.cpp(256) : 0x9f2a8000 0x00057000 "\SystemRoot\system32\DRIVERS\srv.sys" .\debug.cpp(256) : 0x9ec8f000 0x00041000 "\SystemRoot\System32\Drivers\HTTP.sys" .\debug.cpp(256) : 0xa04c0000 0x00001000 "\??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys" .\debug.cpp(256) : 0x9ef0e000 0x00009000 "\SystemRoot\system32\DRIVERS\ipfltdrv.sys" .\debug.cpp(256) : 0xa01ea000 0x00006000 "\??\C:\Program Files\PeerBlock\pbfilter.sys" .\debug.cpp(256) : 0x9e6ec000 0x0002b000 "\SystemRoot\system32\drivers\kmixer.sys" .\debug.cpp(256) : 0x7c900000 0x000b2000 "\WINDOWS\system32\ntdll.dll" .\debug.cpp(263) : ********************************************** .\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] *********** .\debug.cpp(308) : ********************************************** .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1" .\debug.cpp(400) : Destination "\Device\Video0" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&57608fd&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}" .\debug.cpp(400) : Destination "\Device\USBPDO-0" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{9F5CFBF1-DFD2-4620-8776-3859F4C4AF63}" .\debug.cpp(400) : Destination "\Device\{9F5CFBF1-DFD2-4620-8776-3859F4C4AF63}" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27CA&SUBSYS_022F1025&REV_02#3&b1bfb68&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}" .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0010" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&2695e4f&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}" .\debug.cpp(400) : Destination "\Device\USBPDO-3" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS" .\debug.cpp(400) : Destination "\Device\Ndis" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination "\Device\00000043" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination "\Device\00000032" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{71985f4a-1ca1-11d3-9cc8-00c04f7971e0}" .\debug.cpp(400) : Destination "\Device\0000003a" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2" .\debug.cpp(400) : Destination "\Device\Video1" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}" .\debug.cpp(400) : Destination "\Device\0000003a" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3" .\debug.cpp(400) : Destination "\Device\Video2" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ip" .\debug.cpp(400) : Destination "\Device\Ip" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0272&SUBSYS_1025022F&REV_1000#4&32214977&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}" .\debug.cpp(400) : Destination "\Device\0000006d" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0D#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination "\Device\00000044" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination "\Device\00000031" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4" .\debug.cpp(400) : Destination "\Device\Video3" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDev" .\debug.cpp(400) : Destination "\Device\IPSEC" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\avgio" .\debug.cpp(400) : Destination "\Device\avgio" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{1F2EC027-B29D-49EC-84EF-D886DD468669}" .\debug.cpp(400) : Destination "\Device\{1F2EC027-B29D-49EC-84EF-D886DD468669}" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9aa4a2cc-81e0-4cfd-802f-0f74526d2bd3}" .\debug.cpp(400) : Destination "\Device\0000003a" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27AE&SUBSYS_022F1025&REV_03#3&b1bfb68&0&10#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}" .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0001" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5" .\debug.cpp(400) : Destination "\Device\Video4" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDPROXY" .\debug.cpp(400) : Destination "\Device\NDProxy" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{fd0a5af4-b41d-11d2-9c95-00c04f7971e0}" .\debug.cpp(400) : Destination "\Device\0000003a" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}" .\debug.cpp(400) : Destination "\Device\0000003a" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CompositeBattery" .\debug.cpp(400) : Destination "\Device\CompositeBattery" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#1#{72631e54-78a4-11d0-bcf7-00aa00b7b32a}" .\debug.cpp(400) : Destination "\Device\0000005a" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#SYN1B1C#4&38462492&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination "\Device\00000065" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&38462492&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination "\Device\00000064" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice" .\debug.cpp(400) : Destination "\Device\WMIDataDevice" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\avgntflt" .\debug.cpp(400) : Destination "\FileSystem\Filters\avgntflt" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0272&SUBSYS_1025022F&REV_1000#4&32214977&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}" .\debug.cpp(400) : Destination "\Device\0000006d" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196}" .\debug.cpp(400) : Destination "\Device\0000003a" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE" .\debug.cpp(400) : Destination "\Device\NamedPipe" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{FFDE26C8-2C9F-449F-8DF3-E9492BA46084}" .\debug.cpp(400) : Destination "\Device\{FFDE26C8-2C9F-449F-8DF3-E9492BA46084}" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}" .\debug.cpp(400) : Destination "\Device\0000003a" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c5066e-72c1-11d2-9755-0000f8004788}" .\debug.cpp(400) : Destination "\Device\KSENUM#00000002" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSched" .\debug.cpp(400) : Destination "\Device\PSched" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}" .\debug.cpp(400) : Destination "\Device\0000003a" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPNAT" .\debug.cpp(400) : Destination "\Device\IPNAT" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC" .\debug.cpp(400) : Destination "\Device\Mup" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_064e&Pid_d101#CN0316-M608-OV011-VA-R07.01.01#{65e8773d-8f56-11d0-a3b9-00a0c9223196}" .\debug.cpp(400) : Destination "\Device\USBPDO-5" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\I2OExec" .\debug.cpp(400) : Destination "\Device\I2OExec" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp" .\debug.cpp(400) : Destination "\Device\Tcp" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg" .\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0" .\debug.cpp(400) : Destination "\Device\USBFDO-0" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}" .\debug.cpp(400) : Destination "\Device\0000003a" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination "\Device\00000037" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD" .\debug.cpp(400) : Destination "\Device\VideoPdo0" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1" .\debug.cpp(400) : Destination "\Device\USBFDO-1" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPFILTERDRIVER" .\debug.cpp(400) : Destination "\Device\IPFILTERDRIVER" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0" .\debug.cpp(400) : Destination "\Device\Harddisk0\DR0" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}" .\debug.cpp(400) : Destination "\Device\0000003a" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}" .\debug.cpp(400) : Destination "\Device\0000003a" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2" .\debug.cpp(400) : Destination "\Device\USBFDO-2" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN" .\debug.cpp(400) : Destination "\DosDevices\LPT1" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination "\Device\00000034" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}" .\debug.cpp(400) : Destination "\Device\0000003a" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3" .\debug.cpp(400) : Destination "\Device\USBFDO-3" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination "\Device\00000036" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap" .\debug.cpp(400) : Destination "\Device\FsWrap" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Dritek_NTPortIO" .\debug.cpp(400) : Destination "\Device\DritekNTPortIO" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\sysaudio" .\debug.cpp(400) : Destination "\Device\sysaudio" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{1B994A31-0F6E-43DD-BA43-69DC8ACB53BB}" .\debug.cpp(400) : Destination "\Device\{1B994A31-0F6E-43DD-BA43-69DC8ACB53BB}" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4" .\debug.cpp(400) : Destination "\Device\USBFDO-4" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global" .\debug.cpp(400) : Destination "\GLOBAL??" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination "\Device\00000047" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#THRM#{4afa3d51-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination "\Device\00000042" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{F91E2212-5008-4A03-AB47-D9DE24133A18}" .\debug.cpp(400) : Destination "\Device\{F91E2212-5008-4A03-AB47-D9DE24133A18}" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27A6&SUBSYS_022F1025&REV_03#3&b1bfb68&0&11#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}" .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0002" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27CC&SUBSYS_022F1025&REV_02#3&b1bfb68&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}" .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0012" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50671-72c1-11d2-9755-0000f8004788}" .\debug.cpp(400) : Destination "\Device\KSENUM#00000002" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&38462492&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination "\Device\00000064" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde}" .\debug.cpp(400) : Destination "\Device\0000003a" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000}" .\debug.cpp(400) : Destination "\Device\0000003a" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}" .\debug.cpp(400) : Destination "\Device\0000003a" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{d0ca27c2-c048-11de-a23c-806d6172696f}" .\debug.cpp(400) : Destination "\Device\HarddiskVolume2" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{EDFEF9B5-17EA-4E1E-9CCF-46BA241C7B2E}" .\debug.cpp(400) : Destination "\Device\{EDFEF9B5-17EA-4E1E-9CCF-46BA241C7B2E}" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{07dad660-22f1-11d1-a9f4-00c04fbbde8f}" .\debug.cpp(400) : Destination "\Device\0000003a" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0272&SUBSYS_1025022F&REV_1000#4&32214977&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}" .\debug.cpp(400) : Destination "\Device\0000006d" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\pbfilter" .\debug.cpp(400) : Destination "\Device\pbfilter" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskHitachi_HTS545016B9A300_________________PBBOC60F#4&13b7eae7&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination "\Device\Ide\IAAStorageDevice-0" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0E#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination "\Device\00000045" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination "\Device\00000030" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&f20ca68&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}" .\debug.cpp(400) : Destination "\Device\USBPDO-2" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ssmctl" .\debug.cpp(400) : Destination "\Device\ssmctl" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50674-72c1-11d2-9755-0000f8004788}" .\debug.cpp(400) : Destination "\Device\KSENUM#00000002" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager" .\debug.cpp(400) : Destination "\Device\MountPointManager" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination "\Device\00000003" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp" .\debug.cpp(400) : Destination "\Device\WANARP" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27CB&SUBSYS_022F1025&REV_02#3&b1bfb68&0&EB#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}" .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0011" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0272&SUBSYS_1025022F&REV_1000#4&32214977&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}" .\debug.cpp(400) : Destination "\Device\0000006d" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP" .\debug.cpp(400) : Destination "\Device\NdisWanIp" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination "\Device\0000003a" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0272&SUBSYS_1025022F&REV_1000#4&32214977&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}" .\debug.cpp(400) : Destination "\Device\0000006d" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Dritek_KB_Filter" .\debug.cpp(400) : Destination "\Device\Dritek_KB_Filter" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature53A330F8Offset280500000Length22C2D00000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination "\Device\HarddiskVolume2" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27C8&SUBSYS_022F1025&REV_02#3&b1bfb68&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}" .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0008" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1969&DEV_1062&SUBSYS_022F1025&REV_C0#4&2803e7c1&0&00E2#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0019" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_064e&Pid_d101#CN0316-M608-OV011-VA-R07.01.01#{6994ad05-93ef-11d0-a3cc-00a0c9223196}" .\debug.cpp(400) : Destination "\Device\USBPDO-5" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_064e&Pid_d101#CN0316-M608-OV011-VA-R07.01.01#{fb6c428a-0353-11d1-905f-0000c0cc16ba}" .\debug.cpp(400) : Destination "\Device\USBPDO-5" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{fbf6f530-07b9-11d2-a71e-0000f8004788}" .\debug.cpp(400) : Destination "\Device\KSENUM#00000002" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1}" .\debug.cpp(400) : Destination "\Device\0000003a" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:" .\debug.cpp(400) : Destination "\Device\Ide\IdePort0" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK1" .\debug.cpp(400) : Destination "\Device\ParTechInc0" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination "\Device\00000033" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}" .\debug.cpp(400) : Destination "\Device\0000003a" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&2f9ddbdf&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}" .\debug.cpp(400) : Destination "\Device\USBPDO-4" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:" .\debug.cpp(400) : Destination "\Device\Ide\iaStor0" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK2" .\debug.cpp(400) : Destination "\Device\ParTechInc1" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&58d3a8f&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}" .\debug.cpp(400) : Destination "\Device\USBPDO-1" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPMULTICAST" .\debug.cpp(400) : Destination "\Device\IPMULTICAST" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan" .\debug.cpp(400) : Destination "\Device\NdisWan" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISTAPI" .\debug.cpp(400) : Destination "\Device\NdisTapi" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{74533171-195F-423A-BD4D-C6EFE5A81A38}" .\debug.cpp(400) : Destination "\Device\{74533171-195F-423A-BD4D-C6EFE5A81A38}" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}" .\debug.cpp(400) : Destination "\Device\0000003a" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK3" .\debug.cpp(400) : Destination "\Device\ParTechInc2" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Shadow" .\debug.cpp(400) : Destination "\Device\LanmanRedirector" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl" .\debug.cpp(400) : Destination "\Device\FtControl" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_28#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}" .\debug.cpp(400) : Destination "\Device\0000003f" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_064e&Pid_d101#CN0316-M608-OV011-VA-R07.01.01#{a5dcbf10-6530-11d2-901f-00c04fb951ed}" .\debug.cpp(400) : Destination "\Device\USBPDO-5" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr" .\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:" .\debug.cpp(400) : Destination "\Device\HarddiskVolume2" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_28#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}" .\debug.cpp(400) : Destination "\Device\00000040" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Oceanus.00" .\debug.cpp(400) : Destination "\Device\Oceanus.00" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX" .\debug.cpp(400) : Destination "\DosDevices\COM1" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT" .\debug.cpp(400) : Destination "\Device\MailSlot" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MBAMProtector" .\debug.cpp(400) : Destination "\Device\MBAMProtector" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT" .\debug.cpp(400) : Destination "" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination "\Device\00000039" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio" .\debug.cpp(400) : Destination "\Device\Ndisuio" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL" .\debug.cpp(400) : Destination "\Device\Null" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SYNTP" .\debug.cpp(400) : Destination "\Device\SynTP" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination "\Device\00000038" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27C9&SUBSYS_022F1025&REV_02#3&b1bfb68&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}" .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0009" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\avipbb" .\debug.cpp(400) : Destination "\Device\avipbb" .\debug.cpp(409) : -- .\debug.cpp(453) : ********************************************** .\boot_cleaner.cpp(565) : System volume is \\.\C: .\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000002`80500000 .\boot_cleaner.cpp(276) : Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826 .\boot_cleaner.cpp(1060) : .\boot_cleaner.cpp(1061) : Size Device Name MBR Status .\boot_cleaner.cpp(1062) : -------------------------------------------- .\boot_cleaner.cpp(1106) : 149 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found) .\boot_cleaner.cpp(1112) : .\boot_cleaner.cpp(1151) : Done; |
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! |
Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4736 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 03.10.2010 17:05:17 mbam-log-2010-10-03 (17-05-17).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 189983 Laufzeit: 51 Minute(n), 44 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) super anti spyware SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 10/04/2010 at 00:02 AM Application Version : 4.44.1000 Core Rules Database Version : 5623 Trace Rules Database Version: 3435 Scan type : Complete Scan Total Scan Time : 01:58:25 Memory items scanned : 520 Memory threats detected : 0 Registry items scanned : 6722 Registry threats detected : 0 File items scanned : 47976 File threats detected : 7 Adware.Tracking Cookie hottraffic.nl [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\QZKXRZQB ] yieldmanager.edgesuite.net [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\QZKXRZQB ] 2mdn.net [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\9U5MVVVM ] hottraffic.nl [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\9U5MVVVM ] hottraffic.nl [ C:\Documents and Settings\Wandi\Application Data\Macromedia\Flash Player\#SharedObjects\CNQUKBDK ] www.ardmediathek.de [ C:\Documents and Settings\Wandi\Application Data\Macromedia\Flash Player\#SharedObjects\CNQUKBDK ] yieldmanager.edgesuite.net [ C:\Documents and Settings\Wandi\Application Data\Macromedia\Flash Player\#SharedObjects\CNQUKBDK ] |
Sieht ok aus, da wurden nur Cookies gefunden. Noch Probleme oder weitere Funde in der Zwischenzeit? |
Ne gar keine Problem mehr auch keine neuen Funde vielen Dank fuer die Hilfe und die Zeit die du dir genommen hast |
Dann wären wir durch! :abklatsch: Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es. |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 00:01 Uhr. |
Copyright ©2000-2025, Trojaner-Board