|
Log-Analyse und Auswertung: Einige Viren gefunden und ich glaube es werden mehr...Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
01.08.2010, 16:23 | #1 |
| Einige Viren gefunden und ich glaube es werden mehr... highjack this file: HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:14:18, on 01.08.2010 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18928) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\ASUS\ASUS Live Update\ALU.exe C:\Program Files\ASUS\Net4Switch\Net4Switch.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Nero\Nero 7\InCD\InCD.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Windows\ehome\ehtray.exe C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehmsas.exe C:\Users\***\Desktop\HiJackThis204.exe C:\Windows\system32\SearchFilterHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [IS CfgWiz] "C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: MultiFrame.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- End of file - 8803 bytes screenshots: bitte schnelle antwort |
03.08.2010, 11:32 | #2 |
/// Selecta Jahrusso | Einige Viren gefunden und ich glaube es werden mehr...Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Schritt 1 Downloade Dir bitte Load.exe
Nach dem Neustart findest Du einen Ordner MFTools auf dem Desktop. Darin befindet sich eine Anleitung.pdf. Diese bitte öffnen und die darin beschriebenen Schritte abarbeiten.
__________________ |
05.08.2010, 08:35 | #3 |
| Einige Viren gefunden und ich glaube es werden mehr... ok ich fange jetzt an !
__________________ |
05.08.2010, 10:18 | #4 |
| Einige Viren gefunden und ich glaube es werden mehr... Fehlermeldung! Bis GMER ist alles gut gegangen... Beim Scann von GMER kam dann eine Windowsmeldung GMER funktioniert nicht mehr blah blah dann ging nichts mehr. Das Laptop hat gehangen und ich musste ihn manuell aus machen! Was soll ich jetzt tun ? PS: bitte das mal anschauen... und danke |
05.08.2010, 10:27 | #5 |
/// Selecta Jahrusso | Einige Viren gefunden und ich glaube es werden mehr... Steht nicht irgendwo in der .pdf das wenn man Probleme hat mit dem nächsten Schritt fortfahren soll ?
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
05.08.2010, 11:03 | #6 | |
| Einige Viren gefunden und ich glaube es werden mehr... hier die scans: Malwarebytes' Anti-Malware Zitat:
Otl.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 05.08.2010 11:33:47 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\***\Desktop\MFTools Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18928) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 49,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 72,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 89,43 Gb Total Space | 35,15 Gb Free Space | 39,30% Space Free | Partition Type: NTFS Drive D: | 52,78 Gb Total Space | 52,69 Gb Free Space | 99,83% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ***-PC Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010.08.05 09:43:15 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\MFTools\OTL.exe PRC - [2010.04.22 21:36:22 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2010.03.02 10:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.02.24 09:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe PRC - [2009.05.19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2008.01.19 09:33:04 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2007.09.23 13:56:11 | 001,174,152 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe PRC - [2007.08.03 21:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe PRC - [2007.04.19 20:32:08 | 000,225,280 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\Hcontrol.exe PRC - [2007.04.17 05:03:18 | 000,135,168 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe PRC - [2007.03.26 20:43:02 | 000,864,816 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe PRC - [2007.03.26 20:42:38 | 001,057,328 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exe PRC - [2007.02.09 19:38:36 | 000,049,520 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe PRC - [2007.02.06 03:13:14 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe PRC - [2007.01.18 05:41:34 | 000,843,776 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe PRC - [2007.01.18 04:26:36 | 007,708,672 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe PRC - [2006.12.29 20:39:32 | 000,991,600 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe PRC - [2006.12.21 08:03:38 | 001,036,288 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe PRC - [2006.12.19 02:26:26 | 002,420,736 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe PRC - [2006.12.14 18:40:13 | 000,194,240 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe PRC - [2006.12.14 18:38:57 | 000,107,624 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe PRC - [2006.12.14 18:38:49 | 000,107,112 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe PRC - [2006.12.14 18:38:11 | 000,046,736 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe PRC - [2006.12.07 19:51:04 | 001,143,152 | ---- | M] (ASUS) -- C:\Program Files\ASUS\Net4Switch\Net4Switch.exe PRC - [2005.07.07 00:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe ========== Modules (SafeList) ========== MOD - [2010.08.05 09:43:15 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\MFTools\OTL.exe MOD - [2008.08.28 05:37:46 | 000,712,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll MOD - [2008.05.27 07:18:32 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll MOD - [2008.01.19 09:38:03 | 000,242,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll MOD - [2008.01.19 09:36:40 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll MOD - [2008.01.19 09:36:40 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\thumbcache.dll MOD - [2008.01.19 09:36:10 | 000,225,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll MOD - [2008.01.19 09:34:07 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\duser.dll MOD - [2008.01.19 09:34:00 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll MOD - [2008.01.19 09:33:42 | 000,326,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll MOD - [2008.01.19 09:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx MOD - [2008.01.19 09:26:34 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2010.04.27 13:43:48 | 000,611,840 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010.04.22 21:36:22 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.24 09:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.08.05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2009.05.19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2007.09.23 13:56:11 | 001,174,152 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC) SRV - [2007.08.03 21:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr) SRV - [2007.03.26 20:43:02 | 000,864,816 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv) SRV - [2007.02.06 03:13:14 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2006.12.14 18:40:13 | 002,541,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE -- (LiveUpdate) SRV - [2006.12.14 18:40:13 | 000,194,240 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler) SRV - [2006.12.14 18:38:57 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService) SRV - [2006.12.14 18:38:57 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr) SRV - [2006.12.14 18:38:57 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr) SRV - [2006.12.14 18:38:11 | 000,046,736 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore) SRV - [2006.12.14 18:36:29 | 000,049,296 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost) SRV - [2006.12.14 18:34:37 | 000,080,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\PRISMA02.sys -- (PRISM_A02) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipswuio.sys -- (ipswuio) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive) DRV - [2010.03.01 09:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010.02.26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2010.02.26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2010.02.26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2010.02.26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2010.02.26 14:21:22 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - [2010.02.26 14:21:22 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc) DRV - [2010.02.16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.08.05 23:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr) DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007.09.23 13:57:12 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2007.08.03 06:26:21 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio) DRV - [2007.03.26 20:43:00 | 000,039,472 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDRm.sys -- (incdrm) DRV - [2007.03.26 20:42:56 | 000,037,040 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDPass.sys -- (InCDPass) DRV - [2007.03.26 20:42:44 | 000,108,592 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\Windows\System32\drivers\InCDfs.sys -- (InCDfs) DRV - [2007.03.06 06:24:05 | 001,666,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx) DRV - [2007.03.06 06:24:05 | 001,666,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm) DRV - [2007.01.23 05:00:59 | 000,050,176 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2006.12.14 18:41:05 | 000,185,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI) DRV - [2006.12.14 18:41:05 | 000,026,384 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV) DRV - [2006.12.14 18:40:53 | 000,275,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL) DRV - [2006.12.14 18:40:53 | 000,024,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX) DRV - [2006.12.14 18:40:51 | 000,245,880 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP) DRV - [2006.12.14 18:40:45 | 000,406,672 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv) DRV - [2006.12.14 18:38:35 | 000,831,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\NAVEX15.SYS -- (NAVEX15) DRV - [2006.12.14 18:38:33 | 000,102,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2006.12.14 18:38:33 | 000,079,240 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\NAVENG.SYS -- (NAVENG) DRV - [2006.12.14 18:38:31 | 000,387,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2006.12.14 18:34:33 | 000,202,872 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20061025.029\IDSvix86.sys -- (IDSvix86) DRV - [2006.12.14 09:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor) DRV - [2006.11.22 07:48:53 | 000,181,304 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP) DRV - [2006.11.14 13:42:45 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2006.11.02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2006.11.02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2006.11.02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2006.11.02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2006.11.02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2006.11.02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2006.11.02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2006.11.02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006.11.02 11:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) DRV - [2006.11.02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006.11.02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2006.11.02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2006.11.02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2) DRV - [2006.11.02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2006.11.02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006.11.02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006.11.02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006.11.02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2006.11.02 11:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2006.11.02 11:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2006.11.02 11:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006.11.02 09:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006.11.02 09:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2006.11.02 09:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R) DRV - [2006.11.02 09:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2006.11.02 09:30:52 | 000,467,456 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2006.10.14 05:04:33 | 004,422,560 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2006.07.24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1815958254-1624086985-4005138977-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com IE - HKU\S-1-5-21-1815958254-1624086985-4005138977-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/ IE - HKU\S-1-5-21-1815958254-1624086985-4005138977-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1815958254-1624086985-4005138977-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7 FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.01 11:26:35 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.01 11:26:36 | 000,000,000 | ---D | M] [2009.02.13 21:23:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.08.05 09:41:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\d7v1sep4.default\extensions [2010.05.01 13:33:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\d7v1sep4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.05.01 13:33:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\d7v1sep4.default\extensions\youtube2mp3@mondayx.de [2009.12.23 20:25:53 | 000,002,171 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\d7v1sep4.default\searchplugins\bing.xml [2010.08.05 09:41:46 | 000,000,944 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\d7v1sep4.default\searchplugins\icqplugin.xml [2010.04.05 09:56:27 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009.12.23 20:38:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.08.01 11:26:28 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.08.01 11:26:28 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.08.01 11:26:28 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.08.01 11:26:28 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.08.01 11:26:28 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll (Symantec Corporation) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll (Symantec Corporation) O3 - HKU\S-1-5-21-1815958254-1624086985-4005138977-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG) O4 - HKLM..\Run: [IS CfgWiz] C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe (Symantec Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton Internet Security\osCheck.exe (Symantec Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-1815958254-1624086985-4005138977-1000..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated) O4 - HKU\S-1-5-21-1815958254-1624086985-4005138977-1000..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{f1aff52f-7591-11dc-8953-001d60a340fa}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation) Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation) Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation) Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation) Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation) Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.iyuv - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation) Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation) Drivers32: vidc.uyvy - C:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32: vidc.yuy2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32: vidc.yvu9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation) Drivers32: vidc.yvyu - C:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 90 Days ========== [2010.08.05 11:28:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2010.08.05 10:20:24 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010.08.05 10:18:51 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT [2010.08.05 09:50:11 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch [2010.08.05 09:47:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2010.08.05 09:45:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.08.05 09:44:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.08.05 09:44:44 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.08.05 09:44:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.08.05 09:42:56 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\MFTools [2010.08.01 17:08:17 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\***\Desktop\HiJackThis204.exe [2010.08.01 16:22:12 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\*** [2010.08.01 16:14:35 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\*** [2010.08.01 16:09:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ImgBurn [2010.08.01 16:03:53 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\*** [2010.08.01 16:02:43 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn [2010.08.01 09:14:22 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\*** [2010.06.20 12:27:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\vlc [2010.06.20 12:26:07 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2010.06.13 10:47:58 | 000,018,816 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys [2010.06.13 10:46:47 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution [2010.06.13 10:45:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia [2010.06.13 10:08:54 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\*** ========== Files - Modified Within 90 Days ========== [2010.08.05 11:40:42 | 003,407,872 | -HS- | M] () -- C:\Users\***\NTUSER.DAT [2010.08.05 11:17:41 | 000,074,886 | ---- | M] () -- C:\Users\***\Desktop\22.jpg [2010.08.05 11:15:50 | 000,099,374 | ---- | M] () -- C:\Users\***\Desktop\11.jpg [2010.08.05 11:02:04 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2010.08.05 11:02:01 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.08.05 11:02:01 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.08.05 11:01:58 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.08.05 11:01:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.08.05 11:01:39 | 2138,365,952 | -HS- | M] () -- C:\hiberfil.sys [2010.08.05 10:18:54 | 000,000,740 | ---- | M] () -- C:\Users\***\Desktop\NTREGOPT.lnk [2010.08.05 10:18:54 | 000,000,721 | ---- | M] () -- C:\Users\***\Desktop\ERUNT.lnk [2010.08.05 10:11:18 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe [2010.08.05 10:09:09 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.08.05 10:09:00 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.08.05 10:09:00 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.08.05 09:46:13 | 000,000,825 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.05 09:43:06 | 000,284,915 | ---- | M] () -- C:\Users\***\Desktop\Gmer.zip [2010.08.05 09:38:39 | 000,410,784 | ---- | M] () -- C:\Users\***\Desktop\Load.exe [2010.08.05 09:36:06 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EEC096F7-0D97-41BE-87E6-24872796CCD2}.job [2010.08.01 17:23:16 | 002,991,909 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db [2010.08.01 17:20:00 | 000,093,943 | ---- | M] () -- C:\Users\***\Desktop\c.jpg [2010.08.01 17:19:27 | 000,094,891 | ---- | M] () -- C:\Users\***\Desktop\a.jpg [2010.08.01 17:18:20 | 000,079,217 | ---- | M] () -- C:\Users\***\Desktop\b.jpg [2010.08.01 17:08:39 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\***\Desktop\HiJackThis204.exe [2010.08.01 16:55:59 | 000,030,720 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.01 16:06:34 | 001,445,116 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.08.01 16:06:34 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.08.01 16:06:34 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.08.01 16:06:34 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.08.01 16:06:34 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.08.01 16:02:48 | 000,001,657 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk [2010.06.20 12:26:27 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2010.06.20 11:22:19 | 000,372,152 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.06.13 10:45:29 | 000,002,002 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Software Updater.lnk [2010.05.15 20:52:30 | 000,021,504 | ---- | M] () -- C:\Users\***\Desktop\*** ========== Files Created - No Company Name ========== [2010.08.05 11:17:40 | 000,074,886 | ---- | C] () -- C:\Users\***\Desktop\22.jpg [2010.08.05 11:15:49 | 000,099,374 | ---- | C] () -- C:\Users\***\Desktop\11.jpg [2010.08.05 10:39:30 | 000,293,376 | ---- | C] () -- C:\Users\***\Desktop\gmer.exe [2010.08.05 10:18:54 | 000,000,740 | ---- | C] () -- C:\Users\***\Desktop\NTREGOPT.lnk [2010.08.05 10:18:54 | 000,000,721 | ---- | C] () -- C:\Users\***\Desktop\ERUNT.lnk [2010.08.05 09:46:13 | 000,000,825 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.05 09:43:05 | 000,284,915 | ---- | C] () -- C:\Users\***\Desktop\Gmer.zip [2010.08.05 09:38:19 | 000,410,784 | ---- | C] () -- C:\Users\***\Desktop\Load.exe [2010.08.01 17:19:59 | 000,093,943 | ---- | C] () -- C:\Users\***\Desktop\c.jpg [2010.08.01 17:19:27 | 000,094,891 | ---- | C] () -- C:\Users\***\Desktop\a.jpg [2010.08.01 17:18:19 | 000,079,217 | ---- | C] () -- C:\Users\***\Desktop\b.jpg [2010.08.01 16:02:48 | 000,001,657 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk [2010.06.20 12:26:27 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2010.06.13 10:45:29 | 000,002,002 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Software Updater.lnk [2009.10.16 16:27:50 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini [2008.03.04 15:49:08 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2008.03.04 15:48:36 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini [2008.02.06 19:52:08 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2008.02.05 21:06:54 | 000,000,231 | ---- | C] () -- C:\Windows\pwcsu.INI [2007.12.25 10:20:09 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2007.10.06 13:36:28 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini [2007.04.18 11:06:01 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini [2007.03.06 06:49:41 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1227.dll [2007.03.06 05:34:09 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.03.09 04:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll ========== LOP Check ========== [2008.02.06 20:42:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BearShare [2009.07.25 12:49:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2009.11.18 20:07:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ImgBurn [2008.06.15 18:14:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer [2009.01.28 20:17:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\VoipCheapCom [2007.12.12 21:26:11 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\BearShare [2007.10.13 22:26:13 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\ICQ [2010.08.01 16:21:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ImgBurn [2010.05.06 15:50:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite [2007.10.07 12:17:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PeerNetworking [2008.03.04 16:20:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung [2008.06.15 18:09:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer [2007.12.27 22:22:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Uniblue [2008.06.15 20:13:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\zweitgeist [2010.08.05 10:09:15 | 000,032,548 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.08.05 09:36:06 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{EEC096F7-0D97-41BE-87E6-24872796CCD2}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2008.01.19 09:45:45 | 000,333,203 | RHS- | M] () -- C:\bootmgr [2007.04.18 11:26:27 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK [2007.04.04 06:01:54 | 000,000,019 | ---- | M] () -- C:\CA12.txt [2007.12.25 10:22:26 | 000,000,074 | ---- | M] () -- C:\CMLoader.log [2006.09.18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys [2007.09.23 14:34:42 | 000,018,977 | ---- | M] () -- C:\devlist.txt [2007.09.23 14:31:21 | 000,000,009 | ---- | M] () -- C:\Finish.log [2010.08.05 11:01:39 | 2138,365,952 | -HS- | M] () -- C:\hiberfil.sys [2007.04.15 01:26:25 | 000,000,027 | ---- | M] () -- C:\NERO.LOG [2007.03.16 01:18:45 | 000,000,025 | ---- | M] () -- C:\OFFICE2007_A.TXT [2010.08.05 11:01:38 | 2452,160,512 | -HS- | M] () -- C:\pagefile.sys [2007.07.19 01:40:45 | 000,000,508 | ---- | M] () -- C:\Patch.LOG [2007.08.13 14:17:28 | 000,000,003 | ---- | M] () -- C:\PRO52H_VISTA32.RC4 [2007.09.23 14:02:36 | 000,000,087 | ---- | M] () -- C:\smsetup.log [2006.05.16 02:22:24 | 000,000,005 | ---- | M] () -- C:\Store.LOG [2007.04.18 04:55:28 | 000,000,018 | ---- | M] () -- C:\V52.TXT [2007.08.07 14:52:09 | 000,524,288 | ---- | M] () -- C:\X51HAS.BIN < %systemroot%\system32\*.wt > < %systemroot%\system32\*.ruy > < %systemroot%\Fonts\*.com > [2006.11.02 14:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont [2006.11.02 14:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont [2006.11.02 14:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont [2006.11.02 14:37:12 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont < %systemroot%\Fonts\*.dll > < %systemroot%\Fonts\*.ini > [2006.09.18 23:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini < %systemroot%\Fonts\*.ini2 > < %systemroot%\system32\spool\prtprocs\w32x86\*.* > [2006.11.02 14:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll < %systemroot%\REPAIR\*.bak1 > < %systemroot%\REPAIR\*.ini > < %systemroot%\system32\*.jpg > < %systemroot%\*.scr > [2009.07.10 14:10:44 | 000,307,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR < %systemroot%\*._sy > < %APPDATA%\Adobe\Update\*.* > < %ALLUSERSPROFILE%\Favorites\*.* > < %APPDATA%\Microsoft\*.* > [2007.10.08 15:44:45 | 000,001,674 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\LastFlashConfig.WFC < %PROGRAMFILES%\*.* > [2010.03.07 14:26:49 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini < %APPDATA%\Update\*.* > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2008.01.19 09:38:03 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll [2008.01.19 09:36:10 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll [2008.08.12 05:39:08 | 000,443,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\win32spl.dll < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\System32\config\*.sav > [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\user32.dll /md5 > [2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll < %systemroot%\system32\ws2_32.dll /md5 > [2008.01.19 09:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll < %systemroot%\system32\ws2help.dll /md5 > [2006.11.02 11:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-05 09:36:07 < End of report > EXTRAS.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 05.08.2010 11:33:47 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\***\Desktop\MFTools Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18928) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 49,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 72,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 89,43 Gb Total Space | 35,15 Gb Free Space | 39,30% Space Free | Partition Type: NTFS Drive D: | 52,78 Gb Total Space | 52,69 Gb Free Space | 99,83% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ***-PC Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 1 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{08DDFDFD-5AE5-494F-B9BE-08801EC52E15}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{14B1D9C9-D5F0-4282-8630-3AF445279938}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{182A04F9-AA02-4A4D-91AD-97794CB0503F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{194A6510-70E5-423E-805E-A86D58A89075}" = lport=2869 | protocol=6 | dir=in | app=system | "{1A574C7B-3CC2-481B-8EC4-988C2EA73109}" = lport=2869 | protocol=6 | dir=in | app=system | "{1C502FC8-6279-4D2E-8A45-BC3F8FADDEEE}" = lport=2869 | protocol=6 | dir=in | app=system | "{22ED9560-403C-422A-803D-A0EF2AAF366A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{2902DBD1-C9D7-4F58-BCF1-CCA5CD867698}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{2C30CDB0-D580-4BC3-881B-273138D324C4}" = lport=2869 | protocol=6 | dir=in | app=system | "{2C94E36D-189A-42C8-A3E7-0A9FD136CDA7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{2CB7A6CB-42C4-4347-916E-E596F8D6B0AE}" = lport=2869 | protocol=6 | dir=in | app=system | "{32BBB011-A86A-4329-B3EA-8DF81ADBD227}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{3B8E7A41-0524-46A4-B08A-83C3FE954025}" = lport=2869 | protocol=6 | dir=in | app=system | "{3BEEDD3C-8F12-4C9C-BC1C-F2B3AF197196}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{4189BF6C-4190-4290-B283-42029A4B5066}" = lport=2869 | protocol=6 | dir=in | app=system | "{4258B5E2-E2D5-4ACD-ACAF-67ED42DA81CA}" = lport=2869 | protocol=6 | dir=in | app=system | "{44BDCA5B-CF70-43CD-A1A0-CF4240AEDF9C}" = lport=2869 | protocol=6 | dir=in | app=system | "{46872824-70C3-4FFD-A74F-D52105AB41CF}" = lport=2869 | protocol=6 | dir=in | app=system | "{493623DC-A8BE-441B-9EE7-117BCEC11574}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{570DF674-C797-4A47-B084-E4A38CF7BA08}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5D491FD8-67FE-4A5A-8A2C-82EA39C71441}" = lport=2869 | protocol=6 | dir=in | app=system | "{6796F886-E1A4-4C0B-9B70-F6B65024A4B0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{6B6A4666-A3B9-4DED-A0C7-068A79DC097D}" = lport=2869 | protocol=6 | dir=in | app=system | "{6DED261F-4B88-4680-AC67-5A3E8D7F903F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{73620316-CA3D-442A-A125-56CD0B9493DB}" = lport=2869 | protocol=6 | dir=in | app=system | "{7FC1C4C6-773B-4283-9E96-3DADFA677AAC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{81B3CA2F-DFB2-4846-94E4-9D5BA3B1F239}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{8DB3F93F-98F9-4BCB-9731-B12E9710AE69}" = lport=2869 | protocol=6 | dir=in | app=system | "{8EFADE63-A748-4CA4-BC2A-E557C6C15A6E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{92872FCA-C049-4F2B-8FE5-AF4789BC3714}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{93D8BF9F-728F-45F9-BBC0-462CF56DADC0}" = lport=2869 | protocol=6 | dir=in | app=system | "{9E53FD0E-35D0-439D-9CC3-9262EEC9BDC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{A0631FBD-6752-4C6E-9D5F-FCA2192AA6EA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{A0C95452-7440-461A-A537-A1E471B86F39}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{A1080788-F980-4024-919A-3B94BB4F832C}" = lport=2869 | protocol=6 | dir=in | app=system | "{A208B510-BFEC-421C-80CE-F1A632BDAE32}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{A5CE0F80-6F4F-4581-AD59-45C498F93182}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{AD271C0D-7A46-49FD-B65E-35FF1FF3DB29}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{B42E8ADA-034B-4438-93CC-BAE879AC3F1D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{B4960A27-E470-4C6D-B16E-DA4FE052860A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{B4CC46D3-B5B6-49F2-BF79-0482808AF062}" = lport=2869 | protocol=6 | dir=in | app=system | "{B6FCC415-875D-4346-A460-4F93AB515860}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{BAB7ABF2-AD41-4609-A3BB-8BE71C877AD9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{BC50D0A5-1FFD-4A4E-ADA4-26EA4877F952}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{BD1D5428-E512-4866-BB91-6E48AD9FB581}" = lport=2869 | protocol=6 | dir=in | app=system | "{BD75D67C-E48D-4556-A4B0-F6AA636AB49A}" = lport=2869 | protocol=6 | dir=in | app=system | "{BFE0B685-2DE8-4311-97F9-8F081E981B18}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{BFF09C02-BB36-4F63-A950-824CAE1C58C0}" = lport=2869 | protocol=6 | dir=in | app=system | "{C20E1B56-FE3E-4033-B094-03EFFFA6998B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{C4C6BC2D-C2BA-4B36-B834-BE4EA302B5A3}" = lport=10243 | protocol=6 | dir=in | app=system | "{C4E2251E-A5D8-410E-BD50-21AE5F02A7DB}" = lport=2869 | protocol=6 | dir=in | app=system | "{C59F8E40-6432-4642-B559-2C73E33F50F5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{CEC79824-5B11-4C30-9792-420787BDEA1E}" = lport=2869 | protocol=6 | dir=in | app=system | "{D2F6A825-04DD-46B2-A418-0A2FF45D5CF7}" = rport=10243 | protocol=6 | dir=out | app=system | "{D64CFBD9-5AB9-48CA-AB92-A1D95DC4CDD5}" = lport=2869 | protocol=6 | dir=in | app=system | "{D865FC0C-4932-4643-B71D-1E699508F908}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D9E74C1A-2E70-41E7-930C-C057B76B2D42}" = lport=2869 | protocol=6 | dir=in | app=system | "{DA84A3A8-42DB-49F0-81FD-8117D942ABC1}" = lport=2869 | protocol=6 | dir=in | app=system | "{DE7C8110-1EBE-43D6-9D75-D602ED30AE1C}" = lport=2869 | protocol=6 | dir=in | app=system | "{DEEDE401-8938-40C2-9335-8420A665D925}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E491628B-523F-4223-95F2-0071E8392B48}" = lport=2869 | protocol=6 | dir=in | app=system | "{EE9B1426-C40E-48DD-941B-A4E87627F06C}" = lport=2869 | protocol=6 | dir=in | app=system | "{F1782734-D86F-422B-9AA2-91EC4FA59ECA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{FA4812A4-6D14-4D0B-9E92-55A509EE1B5E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{051358FA-9D9E-46FB-9536-4B09D293D3F9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{09BED4DB-AB5B-4E8F-A91F-5978F02D39EA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0FD666DA-8CFA-4A57-99B9-39FC268472D1}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{14705897-C097-49DA-9E3D-814EA7B71A8E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{208E3276-87E2-431D-B3C9-086013E0FEB9}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{22DF2A99-1BA0-47B9-8D3A-DAA948AEF7C1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{230F1C4E-6A18-4F1E-BF54-BE1AA88E8F14}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{28B34F1F-4EE8-431A-AE77-09511DC1C987}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{2BA71F5D-96A0-4552-B18A-47B9D986C499}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{325C944B-D94E-4AA1-9BBC-6493A37DDCE5}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{3CFFF59F-3DAE-4065-B327-BFF0FF3CC1B4}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{3D9CA623-E41A-4286-B82C-B0EAC8DFB334}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{3DD24A5B-7AD2-488A-A5D0-70F20919D745}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{3FD1D06A-F5EC-4C01-934E-645B2AFDAC7B}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{45E4A016-9175-40B2-9380-393F8E05E189}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{4612C640-9845-49A5-873E-C68C5B7FF019}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{48C6B18B-0281-4487-BE9B-26BA2BEF0E54}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{497BD23A-B780-4F8E-9CFB-CF128A1DAA6C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4ADF48C8-644E-468D-B934-5915AE753A57}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{4B0E48C7-23B2-45C9-AFB4-B27EA6FEB127}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{5785845C-0646-44F4-BBE6-799D8A0F7727}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{61CE6370-395D-443A-99F3-6B5777F2A036}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{6DC327C8-1299-41D9-B849-9133E7443AAA}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{704F3941-FCCD-4FB4-8D27-20C28B056B3A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{717CBB6F-A4E0-48D3-BA39-53F1B833771B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{72B83110-2828-480E-BDDA-3B94ED3258E8}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{72FF2703-60E1-41AD-BF4C-14D24B0F35FA}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{73D44748-D2AA-438A-8A87-DD1871106E02}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{76D8BDED-307A-45AE-8F1A-90F7DEFF2778}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{7DC4FE22-8075-4439-A869-31A46C548A1A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{805EC9C9-1B8B-4F36-9535-37C8A20714F2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{8B65B85A-6300-49C1-89E7-8318AB92B2D0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{8B87277A-A424-47E8-89C2-E53E68436551}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{939B57A5-FBE3-4A71-BD3B-739C31B0FE9D}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{9983AE7F-6EBE-4016-AC27-9E24559E8ECD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{9C3D4F07-AFDB-46F1-9B95-E48505A47CF4}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{A01C83CB-266A-4749-89D9-CC9A087D2C83}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{A0F40E12-4817-4E9C-9BE2-940BCA092CB9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{A16A7C67-C6C8-42D1-9CB9-DA08B40D3E2D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{A2E83690-E1DA-4CBC-A373-D9383CD62757}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{A32F75F3-A67E-46A2-B70C-AE394BFD4B18}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{A52EC4CD-0A06-41FB-A9D6-8939FCA9220C}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{A65E9548-93B9-4B8B-82AA-D3AD5F25E0E4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{A7F8AE94-F8BF-45DC-AF94-BC031889E084}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{AB203302-07F1-48C3-9F30-FCDE7DC56236}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{AF120394-9A7A-4432-BB35-BB6A3CE2FE68}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{B1B51401-4390-4981-AE8C-343A93462F7A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{B5768B67-6831-4094-8806-094A092FB3A2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{B733CEA2-C953-4DB7-9CEC-33BA91B38645}" = protocol=6 | dir=out | app=system | "{B79A694A-8A84-44C9-9751-FCF6C525E605}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{BA713261-B124-4605-9632-20DE07517A80}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{BF39CDC4-9FCB-4C15-B489-1960A2C78833}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{C40FFFE5-3183-4BEB-BF8B-CD5589E4982D}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{C66FAB51-B69F-4FF6-AFAC-51F08D2E2921}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{C680C398-3244-4C3A-81AC-9ED29424F0FF}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{CFBB2FA6-3C57-409F-9C55-60FEA9853D4A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{D1824EAC-0E9A-4084-A43F-ED90A8F9C4B6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D1EC57BF-23E3-47BC-9E9B-4FCA31EC061C}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{DBF89169-3ECF-4688-BC09-BEB01C6E6107}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E01171B4-576A-4205-A4EC-7A5CDA469EF8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{E7119B0B-CF47-4085-B9A3-DC826EBD10BF}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{EA19B270-5447-4CD4-9C99-A77DF7EAC890}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{FAA82B90-BFB5-4940-827A-EA0416A20BB1}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{FB035C54-139A-437D-B789-DAE5136AEEEF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{FD4F0CD4-CAA6-479B-B48C-DBF3C90BA635}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{FFABC83D-162D-4B05-8DD1-7370071C2454}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "TCP Query User{19F9942B-B259-4EBA-ACA9-489F151C4E82}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | "TCP Query User{1E2F7093-FF44-4362-B4AF-93A7D030EAC9}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | "TCP Query User{2250E818-FC8C-4401-B4A3-3D0057DE4F93}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | "TCP Query User{443AF89B-EE89-4685-94FF-5C9166E68430}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{482B662C-8CB5-4D2E-91EC-A0E97EFD7CF4}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{61316D33-4C05-4E42-9CC1-476332270387}C:\users\***\desktop\msnmsgr.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\msnmsgr.exe | "TCP Query User{711FF911-61F6-4994-B6FB-B2EAF4321FAC}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "TCP Query User{8100E354-CC22-4D0C-8938-ABC7E9614D4D}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | "TCP Query User{81687D01-309C-4115-AE9F-1D5156D070AF}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "TCP Query User{B3C337AF-501B-46B9-8B4C-AD5EE668A136}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{BBA9F86D-0B81-47AF-9ED5-3D038971901C}C:\program files\voipcheapcom\voipcheapcom.exe" = protocol=6 | dir=in | app=c:\program files\voipcheapcom\voipcheapcom.exe | "TCP Query User{C1B0CFCB-284D-468B-B572-EF4B93B96D93}C:\program files\voipcheapcom\voipcheapcom.exe" = protocol=6 | dir=in | app=c:\program files\voipcheapcom\voipcheapcom.exe | "TCP Query User{C2DCE119-5F24-4A9F-A767-C47019DA6F82}C:\users\***\desktop\msnmsgr.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\msnmsgr.exe | "TCP Query User{D9FDA144-47A4-49BB-93CF-068BF1AC91AB}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | "UDP Query User{03F439AE-12F1-415A-A442-556230DAF28D}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | "UDP Query User{10D3E8E6-E7EB-4B1F-AB84-383B225E0496}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{256DC0B9-02B1-431F-8105-B4572983A32D}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{2C1F0200-0691-403B-9231-1F7F3B5CD7B0}C:\users\***\desktop\msnmsgr.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\msnmsgr.exe | "UDP Query User{36EBE536-C090-4849-8858-6F0B07A9DA62}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{42322A2F-FD97-4B3F-9F33-833487A20E32}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | "UDP Query User{64DF6376-DB12-41AA-A57D-F9C6684319F5}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | "UDP Query User{78870010-414F-4224-BCDB-E79B7BBB1109}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{7F02A13D-5EF4-4ED8-AB75-AC7DC776B792}C:\program files\voipcheapcom\voipcheapcom.exe" = protocol=17 | dir=in | app=c:\program files\voipcheapcom\voipcheapcom.exe | "UDP Query User{9E846DEC-1D2C-4F97-95A4-1F3EE4C0AD8D}C:\program files\voipcheapcom\voipcheapcom.exe" = protocol=17 | dir=in | app=c:\program files\voipcheapcom\voipcheapcom.exe | "UDP Query User{D46323D9-1E38-4759-B0B1-8E77C103F9ED}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{D4FC010A-597B-43D3-8248-9393AFC05B49}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | "UDP Query User{EC67BE5F-875B-41FA-97AF-5454177EDE0B}C:\users\***\desktop\msnmsgr.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\msnmsgr.exe | "UDP Query User{EDFCB969-A96C-4570-A15C-0301EF94C587}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent "{09C468CA-2940-466A-AAE8-DCC0C6E9323C}" = Nokia Software Updater "{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 19 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet "{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine "{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security "{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{48185814-A224-447A-81DA-71BD20580E1B}" = Norton Internet Security "{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack "{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security "{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit "{830D8CBD-C668-49e2-A969-C2C2106332E0}" = Norton AntiVirus "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8CFEBE9C-F29F-4C49-80E0-7106970F8734}" = Power4Gear eXtreme "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007 "{90120000-0015-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007 "{90120000-0015-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007 "{90120000-0015-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007 "{90120000-0016-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007 "{90120000-0016-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007 "{90120000-0016-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007 "{90120000-0018-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007 "{90120000-0018-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007 "{90120000-0018-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007 "{90120000-0019-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007 "{90120000-0019-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007 "{90120000-0019-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007 "{90120000-001A-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007 "{90120000-001A-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007 "{90120000-001A-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007 "{90120000-001B-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007 "{90120000-001B-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007 "{90120000-001B-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007 "{90120000-001F-0401-0000-0000000FF1CE}_PROHYBRIDR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007 "{90120000-001F-0413-0000-0000000FF1CE}_PROHYBRIDR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007 "{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007 "{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007 "{90120000-006E-040C-0000-0000000FF1CE}_PROHYBRIDR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007 "{90120000-006E-0410-0000-0000000FF1CE}_PROHYBRIDR_{0A75DA12-55CB-4DE5-8B6A-74D97847204E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007 "{90120000-006E-0413-0000-0000000FF1CE}_PROHYBRIDR_{89C8E56A-90D8-4598-B0E6-EB28F6270E07}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007 "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{97F32DF8-D66E-446A-A425-C1D7B45C1033}" = Nero 7 Essentials "{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety "{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center "{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = Asus MultiFrame "{9D6D7811-43B3-463C-BC79-5D1755269989}" = Net4Switch "{AC76BA86-7AD7-1033-7B44-A81100000003}" = Adobe Reader 8.1.1 "{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista "{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component "{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component "{DCD22647-6D31-479D-8F97-16D0AA934D9E}" = PC Connectivity Solution "{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security "{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security "{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CCleaner" = CCleaner (remove only) "ERUNT_is1" = ERUNT 1.1j "HDMI" = Intel(R) Graphics Media Accelerator Driver "ImgBurn" = ImgBurn "LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6) "PROHYBRIDR" = 2007 Microsoft Office system "ShockwaveFlash" = Adobe Flash Player 9 ActiveX "SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security (Symantec Corporation) "SynTPDeinstKey" = Synaptics Pointing Device Driver "VLC media player" = VLC media player 1.0.5 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 09.03.2009 07:16:02 | Computer Name = ***-PC | Source = WerSvc | ID = 5007 Description = Error - 09.03.2009 07:20:17 | Computer Name = ***-PC | Source = RasClient | ID = 20227 Description = Error - 09.03.2009 07:26:12 | Computer Name = ***-PC | Source = RasClient | ID = 20227 Description = Error - 09.03.2009 07:35:34 | Computer Name = ***-PC | Source = RasClient | ID = 20227 Description = Error - 09.03.2009 09:04:52 | Computer Name = ***-PC | Source = RasClient | ID = 20227 Description = Error - 09.03.2009 09:06:13 | Computer Name = ***-PC | Source = RasClient | ID = 20227 Description = Error - 09.03.2009 09:07:34 | Computer Name = ***-PC | Source = RasClient | ID = 20227 Description = Error - 09.03.2009 09:08:55 | Computer Name = ***-PC | Source = RasClient | ID = 20227 Description = Error - 11.03.2009 14:31:21 | Computer Name = ***-PC | Source = WerSvc | ID = 5007 Description = Error - 12.03.2009 15:37:38 | Computer Name = ***-PC | Source = WerSvc | ID = 5007 Description = [ Media Center Events ] Error - 18.04.2008 13:41:55 | Computer Name = ***-PC | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight gescheitert. [ System Events ] Error - 05.08.2010 03:31:22 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000 Description = Error - 05.08.2010 03:33:43 | Computer Name = ***-PC | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease 192.168.2.32 für die Netzwerkkarte mit der Netzwerkadresse 0015AF352224 wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 05.08.2010 04:06:57 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7031 Description = Error - 05.08.2010 04:06:57 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7031 Description = Error - 05.08.2010 04:06:57 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7034 Description = Error - 05.08.2010 04:10:45 | Computer Name = ***-PC | Source = HTTP | ID = 15016 Description = Error - 05.08.2010 04:11:43 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000 Description = Error - 05.08.2010 05:01:46 | Computer Name = ***-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 05.08.2010 um 11:00:00 unerwartet heruntergefahren. Error - 05.08.2010 05:01:58 | Computer Name = ***-PC | Source = HTTP | ID = 15016 Description = Error - 05.08.2010 05:02:36 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000 Description = < End of report > mfg |
05.08.2010, 12:37 | #7 | |
/// Selecta Jahrusso | Einige Viren gefunden und ich glaube es werden mehr... Schritt 1 Mehrere Anti-Virus-Programme Code:
ATTFilter Symantec/norton Avira Berichte, für welches Anti-Virus-Programm Du Dich entschieden hast und deinstalliere die anderen. Zitat:
Schritt 2 Versuch GMER bitte im abgesicherten Modus. Entferne rechts die Hacken bei Sections und EAT/IAT Bitte poste in Deiner nächsten Antwort gmer.txt
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
06.08.2010, 11:48 | #8 |
| Einige Viren gefunden und ich glaube es werden mehr... so habe mich für avira entschieden! hier die gewünschte Gmer.txt GMER Logfile: Code:
ATTFilter GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-08-06 12:39:18 Windows 6.0.6002 Service Pack 2 Running: gmer.exe; Driver: C:\Users\***\AppData\Local\Temp\kwlcqpow.sys ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation) Device \FileSystem\fastfat \Fat 9D03BA7A AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation) AttachedDevice \FileSystem\fastfat \Fat InCDrec.SYS (InCD File System Recognizer/Nero AG) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0018f337f16b Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0018f337f16b (not active ControlSet) Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib@Last Counter 5776 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib@Last Help 5777 ---- EOF - GMER 1.0.15 ---- mfg |
06.08.2010, 12:41 | #9 |
/// Selecta Jahrusso | Einige Viren gefunden und ich glaube es werden mehr... Schritt 1 ESET Online Scanner Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
Wenn der Scan beendet wurde
Schritt 2 Downloade Dir bitte SecurityCheck
Poste den Inhalt bitte hier. Schritt 3 Starte bitte OTL.exe. Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
06.08.2010, 15:29 | #10 | ||
| Einige Viren gefunden und ich glaube es werden mehr... hier die gewünschten txts: ESET OnlineScanner Zitat:
SecurityCheck Zitat:
OTL OTL Logfile: Code:
ATTFilter OTL logfile created on: 06.08.2010 16:13:17 - Run 2 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\***\Desktop\MFTools Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18928) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 71,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 89,43 Gb Total Space | 44,62 Gb Free Space | 49,90% Space Free | Partition Type: NTFS Drive D: | 52,78 Gb Total Space | 52,69 Gb Free Space | 99,83% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ***-PC Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010.08.06 11:18:13 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe PRC - [2010.08.06 11:18:10 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010.08.05 09:43:15 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\MFTools\OTL.exe PRC - [2010.04.22 21:36:22 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2010.03.02 10:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.02.24 09:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe PRC - [2009.05.19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2007.08.03 21:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe PRC - [2007.04.19 20:32:08 | 000,225,280 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\Hcontrol.exe PRC - [2007.04.17 05:03:18 | 000,135,168 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe PRC - [2007.03.26 20:43:02 | 000,864,816 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe PRC - [2007.03.26 20:42:38 | 001,057,328 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exe PRC - [2007.02.09 19:38:36 | 000,049,520 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe PRC - [2007.02.06 03:13:14 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe PRC - [2007.01.18 05:41:34 | 000,843,776 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe PRC - [2007.01.18 04:26:36 | 007,708,672 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe PRC - [2006.12.29 20:39:32 | 000,991,600 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe PRC - [2006.12.21 08:03:38 | 001,036,288 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe PRC - [2006.12.19 02:26:26 | 002,420,736 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe PRC - [2006.12.07 19:51:04 | 001,143,152 | ---- | M] (ASUS) -- C:\Program Files\ASUS\Net4Switch\Net4Switch.exe PRC - [2005.07.07 00:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe ========== Modules (SafeList) ========== MOD - [2010.08.05 09:43:15 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\MFTools\OTL.exe MOD - [2009.04.11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll MOD - [2008.01.19 09:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService) SRV - [2010.04.27 13:43:48 | 000,611,840 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010.04.22 21:36:22 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.24 09:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.08.05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2009.05.19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2007.08.03 21:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr) SRV - [2007.03.26 20:43:02 | 000,864,816 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv) SRV - [2007.02.06 03:13:14 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\PRISMA02.sys -- (PRISM_A02) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipswuio.sys -- (ipswuio) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive) DRV - [2010.03.01 09:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010.02.26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2010.02.26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2010.02.26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2010.02.26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2010.02.26 14:21:22 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - [2010.02.26 14:21:22 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc) DRV - [2010.02.16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.08.05 23:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr) DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007.08.03 06:26:21 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio) DRV - [2007.03.26 20:43:00 | 000,039,472 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDRm.sys -- (incdrm) DRV - [2007.03.26 20:42:56 | 000,037,040 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDPass.sys -- (InCDPass) DRV - [2007.03.26 20:42:44 | 000,108,592 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\Windows\System32\drivers\InCDfs.sys -- (InCDfs) DRV - [2007.03.06 06:24:05 | 001,666,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx) DRV - [2007.03.06 06:24:05 | 001,666,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm) DRV - [2007.01.23 05:00:59 | 000,050,176 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2006.12.14 09:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor) DRV - [2006.11.22 07:48:53 | 000,181,304 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP) DRV - [2006.11.14 13:42:45 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2006.11.02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2006.11.02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2006.11.02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2006.11.02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2006.11.02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2006.11.02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2006.11.02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2006.11.02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006.11.02 11:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) DRV - [2006.11.02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006.11.02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2006.11.02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2006.11.02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2) DRV - [2006.11.02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2006.11.02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006.11.02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006.11.02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006.11.02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2006.11.02 11:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2006.11.02 11:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2006.11.02 11:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006.11.02 09:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006.11.02 09:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2006.11.02 09:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R) DRV - [2006.11.02 09:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2006.11.02 09:30:52 | 000,467,456 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2006.10.14 05:04:33 | 004,422,560 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2006.07.24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.06 11:18:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.06 11:50:04 | 000,000,000 | ---D | M] [2009.02.13 21:23:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.08.06 12:43:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\d7v1sep4.default\extensions [2010.05.01 13:33:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\d7v1sep4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.05.01 13:33:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\d7v1sep4.default\extensions\youtube2mp3@mondayx.de [2009.12.23 20:25:53 | 000,002,171 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\d7v1sep4.default\searchplugins\bing.xml [2010.08.05 09:41:46 | 000,000,944 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\d7v1sep4.default\searchplugins\icqplugin.xml [2010.08.06 11:00:14 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009.12.23 20:38:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.08.06 11:00:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.08.06 11:18:16 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.08.06 11:18:16 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.08.06 11:18:16 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.08.06 11:18:16 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.08.06 11:18:16 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{f1aff52f-7591-11dc-8953-001d60a340fa}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.08.06 13:48:28 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2010.08.06 11:36:32 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES [2010.08.06 11:36:32 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES [2010.08.06 11:36:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN [2010.08.06 11:01:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2010.08.06 11:00:10 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2010.08.06 11:00:10 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.08.06 11:00:10 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.08.06 11:00:10 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010.08.06 10:52:00 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2010.08.06 10:38:19 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.08.05 13:04:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell [2010.08.05 11:31:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll [2010.08.05 11:31:19 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe [2010.08.05 11:31:19 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe [2010.08.05 11:31:19 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe [2010.08.05 11:31:17 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll [2010.08.05 11:31:17 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll [2010.08.05 11:31:14 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll [2010.08.05 11:31:14 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe [2010.08.05 11:31:14 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll [2010.08.05 11:31:14 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll [2010.08.05 11:31:14 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll [2010.08.05 11:31:03 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll [2010.08.05 11:31:03 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll [2010.08.05 11:31:02 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll [2010.08.05 11:31:02 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe [2010.08.05 11:31:02 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll [2010.08.05 11:28:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2010.08.05 10:20:24 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010.08.05 10:18:51 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT [2010.08.05 09:50:11 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch [2010.08.05 09:47:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2010.08.05 09:45:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.08.05 09:44:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.08.05 09:44:44 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.08.05 09:44:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.08.05 09:42:56 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\MFTools [2010.08.01 17:08:17 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\***\Desktop\HiJackThis204.exe [2010.08.01 16:22:12 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\*** [2010.08.01 16:14:35 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\*** [2010.08.01 16:09:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ImgBurn [2010.08.01 16:03:53 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\*** [2010.08.01 16:02:43 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn [2010.08.01 09:14:22 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\*** ========== Files - Modified Within 30 Days ========== [2010.08.06 16:12:55 | 003,407,872 | -HS- | M] () -- C:\Users\***\NTUSER.DAT [2010.08.06 16:06:37 | 000,869,051 | ---- | M] () -- C:\Users\***\Desktop\SecurityCheck.exe [2010.08.06 14:41:31 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.08.06 14:41:31 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.08.06 14:06:46 | 003,209,958 | ---- | M] () -- C:\Users\***\Desktop\Se thelo - Kristine.mp3 [2010.08.06 13:48:18 | 002,672,312 | ---- | M] () -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe [2010.08.06 12:47:13 | 001,445,116 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.08.06 12:47:13 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.08.06 12:47:13 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.08.06 12:47:13 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.08.06 12:47:13 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.08.06 12:41:42 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2010.08.06 12:41:36 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.08.06 12:41:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.08.06 12:41:15 | 2138,365,952 | -HS- | M] () -- C:\hiberfil.sys [2010.08.06 12:40:25 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.08.06 12:40:25 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.08.06 11:53:57 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.08.06 11:50:07 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe [2010.08.06 11:44:03 | 000,372,152 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.08.06 10:50:26 | 000,000,680 | ---- | M] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2010.08.06 10:37:18 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EEC096F7-0D97-41BE-87E6-24872796CCD2}.job [2010.08.05 12:44:56 | 003,611,617 | ---- | M] () -- C:\Users\***\Desktop\*** [2010.08.05 11:17:41 | 000,074,886 | ---- | M] () -- C:\Users\***\Desktop\22.jpg [2010.08.05 11:15:50 | 000,099,374 | ---- | M] () -- C:\Users\***\Desktop\11.jpg [2010.08.05 10:18:54 | 000,000,740 | ---- | M] () -- C:\Users\***\Desktop\NTREGOPT.lnk [2010.08.05 10:18:54 | 000,000,721 | ---- | M] () -- C:\Users\***\Desktop\ERUNT.lnk [2010.08.05 09:46:13 | 000,000,825 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.05 09:43:06 | 000,284,915 | ---- | M] () -- C:\Users\***\Desktop\Gmer.zip [2010.08.05 09:38:39 | 000,410,784 | ---- | M] () -- C:\Users\***\Desktop\Load.exe [2010.08.01 17:20:00 | 000,093,943 | ---- | M] () -- C:\Users\***\Desktop\c.jpg [2010.08.01 17:19:27 | 000,094,891 | ---- | M] () -- C:\Users\***\Desktop\a.jpg [2010.08.01 17:18:20 | 000,079,217 | ---- | M] () -- C:\Users\***\Desktop\b.jpg [2010.08.01 17:08:39 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\***\Desktop\HiJackThis204.exe [2010.08.01 16:55:59 | 000,030,720 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.01 16:02:48 | 000,001,657 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk [2010.07.17 05:00:12 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.07.17 05:00:12 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.07.17 05:00:10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll ========== Files Created - No Company Name ========== [2010.08.06 16:06:28 | 000,869,051 | ---- | C] () -- C:\Users\***\Desktop\SecurityCheck.exe [2010.08.06 14:06:33 | 003,209,958 | ---- | C] () -- C:\Users\***\Desktop\*** [2010.08.06 13:48:03 | 002,672,312 | ---- | C] () -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe [2010.08.06 12:41:15 | 2138,365,952 | -HS- | C] () -- C:\hiberfil.sys [2010.08.05 12:44:34 | 003,611,617 | ---- | C] () -- C:\Users\***\Desktop\*** [2010.08.05 11:31:06 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl [2010.08.05 11:31:05 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs [2010.08.05 11:31:05 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml [2010.08.05 11:17:40 | 000,074,886 | ---- | C] () -- C:\Users\***\Desktop\22.jpg [2010.08.05 11:15:49 | 000,099,374 | ---- | C] () -- C:\Users\***\Desktop\11.jpg [2010.08.05 10:39:30 | 000,293,376 | ---- | C] () -- C:\Users\***\Desktop\gmer.exe [2010.08.05 10:18:54 | 000,000,740 | ---- | C] () -- C:\Users\***\Desktop\NTREGOPT.lnk [2010.08.05 10:18:54 | 000,000,721 | ---- | C] () -- C:\Users\***\Desktop\ERUNT.lnk [2010.08.05 09:46:13 | 000,000,825 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.05 09:43:05 | 000,284,915 | ---- | C] () -- C:\Users\***\Desktop\Gmer.zip [2010.08.05 09:38:19 | 000,410,784 | ---- | C] () -- C:\Users\***\Desktop\Load.exe [2010.08.01 17:19:59 | 000,093,943 | ---- | C] () -- C:\Users\***\Desktop\c.jpg [2010.08.01 17:19:27 | 000,094,891 | ---- | C] () -- C:\Users\***\Desktop\a.jpg [2010.08.01 17:18:19 | 000,079,217 | ---- | C] () -- C:\Users\***\Desktop\b.jpg [2010.08.01 16:02:48 | 000,001,657 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk [2010.03.08 21:00:04 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.10.16 16:27:50 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini [2008.03.04 15:49:08 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2008.03.04 15:48:36 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini [2008.02.06 19:52:08 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2008.02.05 21:06:54 | 000,000,231 | ---- | C] () -- C:\Windows\pwcsu.INI [2007.12.25 10:20:09 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2007.10.06 13:36:28 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini [2007.04.18 11:06:01 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini [2007.03.06 06:49:41 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1227.dll [2007.03.06 05:34:09 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.03.09 04:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll < End of report > EXTRAS.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 06.08.2010 16:13:17 - Run 2 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\***\Desktop\MFTools Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18928) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 71,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 89,43 Gb Total Space | 44,62 Gb Free Space | 49,90% Space Free | Partition Type: NTFS Drive D: | 52,78 Gb Total Space | 52,69 Gb Free Space | 99,83% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ***-PC Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 "AutoUpdateDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 1 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{08DDFDFD-5AE5-494F-B9BE-08801EC52E15}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{14B1D9C9-D5F0-4282-8630-3AF445279938}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{182A04F9-AA02-4A4D-91AD-97794CB0503F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{194A6510-70E5-423E-805E-A86D58A89075}" = lport=2869 | protocol=6 | dir=in | app=system | "{1A574C7B-3CC2-481B-8EC4-988C2EA73109}" = lport=2869 | protocol=6 | dir=in | app=system | "{1C502FC8-6279-4D2E-8A45-BC3F8FADDEEE}" = lport=2869 | protocol=6 | dir=in | app=system | "{22ED9560-403C-422A-803D-A0EF2AAF366A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{2902DBD1-C9D7-4F58-BCF1-CCA5CD867698}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{2C30CDB0-D580-4BC3-881B-273138D324C4}" = lport=2869 | protocol=6 | dir=in | app=system | "{2C94E36D-189A-42C8-A3E7-0A9FD136CDA7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{2CB7A6CB-42C4-4347-916E-E596F8D6B0AE}" = lport=2869 | protocol=6 | dir=in | app=system | "{32BBB011-A86A-4329-B3EA-8DF81ADBD227}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{3B8E7A41-0524-46A4-B08A-83C3FE954025}" = lport=2869 | protocol=6 | dir=in | app=system | "{3BEEDD3C-8F12-4C9C-BC1C-F2B3AF197196}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{4189BF6C-4190-4290-B283-42029A4B5066}" = lport=2869 | protocol=6 | dir=in | app=system | "{4258B5E2-E2D5-4ACD-ACAF-67ED42DA81CA}" = lport=2869 | protocol=6 | dir=in | app=system | "{44BDCA5B-CF70-43CD-A1A0-CF4240AEDF9C}" = lport=2869 | protocol=6 | dir=in | app=system | "{46872824-70C3-4FFD-A74F-D52105AB41CF}" = lport=2869 | protocol=6 | dir=in | app=system | "{493623DC-A8BE-441B-9EE7-117BCEC11574}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{570DF674-C797-4A47-B084-E4A38CF7BA08}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5D491FD8-67FE-4A5A-8A2C-82EA39C71441}" = lport=2869 | protocol=6 | dir=in | app=system | "{6796F886-E1A4-4C0B-9B70-F6B65024A4B0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{6B6A4666-A3B9-4DED-A0C7-068A79DC097D}" = lport=2869 | protocol=6 | dir=in | app=system | "{6DED261F-4B88-4680-AC67-5A3E8D7F903F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{73620316-CA3D-442A-A125-56CD0B9493DB}" = lport=2869 | protocol=6 | dir=in | app=system | "{7FC1C4C6-773B-4283-9E96-3DADFA677AAC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{81B3CA2F-DFB2-4846-94E4-9D5BA3B1F239}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{8DB3F93F-98F9-4BCB-9731-B12E9710AE69}" = lport=2869 | protocol=6 | dir=in | app=system | "{8EFADE63-A748-4CA4-BC2A-E557C6C15A6E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{92872FCA-C049-4F2B-8FE5-AF4789BC3714}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{93D8BF9F-728F-45F9-BBC0-462CF56DADC0}" = lport=2869 | protocol=6 | dir=in | app=system | "{9E53FD0E-35D0-439D-9CC3-9262EEC9BDC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{A0631FBD-6752-4C6E-9D5F-FCA2192AA6EA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{A0C95452-7440-461A-A537-A1E471B86F39}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{A1080788-F980-4024-919A-3B94BB4F832C}" = lport=2869 | protocol=6 | dir=in | app=system | "{A208B510-BFEC-421C-80CE-F1A632BDAE32}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{A5CE0F80-6F4F-4581-AD59-45C498F93182}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{AD271C0D-7A46-49FD-B65E-35FF1FF3DB29}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{B42E8ADA-034B-4438-93CC-BAE879AC3F1D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{B4960A27-E470-4C6D-B16E-DA4FE052860A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{B4CC46D3-B5B6-49F2-BF79-0482808AF062}" = lport=2869 | protocol=6 | dir=in | app=system | "{B6FCC415-875D-4346-A460-4F93AB515860}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{BAB7ABF2-AD41-4609-A3BB-8BE71C877AD9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{BC50D0A5-1FFD-4A4E-ADA4-26EA4877F952}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{BD1D5428-E512-4866-BB91-6E48AD9FB581}" = lport=2869 | protocol=6 | dir=in | app=system | "{BD75D67C-E48D-4556-A4B0-F6AA636AB49A}" = lport=2869 | protocol=6 | dir=in | app=system | "{BFE0B685-2DE8-4311-97F9-8F081E981B18}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{BFF09C02-BB36-4F63-A950-824CAE1C58C0}" = lport=2869 | protocol=6 | dir=in | app=system | "{C20E1B56-FE3E-4033-B094-03EFFFA6998B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{C4C6BC2D-C2BA-4B36-B834-BE4EA302B5A3}" = lport=10243 | protocol=6 | dir=in | app=system | "{C4E2251E-A5D8-410E-BD50-21AE5F02A7DB}" = lport=2869 | protocol=6 | dir=in | app=system | "{C59F8E40-6432-4642-B559-2C73E33F50F5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{CEC79824-5B11-4C30-9792-420787BDEA1E}" = lport=2869 | protocol=6 | dir=in | app=system | "{D2F6A825-04DD-46B2-A418-0A2FF45D5CF7}" = rport=10243 | protocol=6 | dir=out | app=system | "{D64CFBD9-5AB9-48CA-AB92-A1D95DC4CDD5}" = lport=2869 | protocol=6 | dir=in | app=system | "{D865FC0C-4932-4643-B71D-1E699508F908}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D9E74C1A-2E70-41E7-930C-C057B76B2D42}" = lport=2869 | protocol=6 | dir=in | app=system | "{DA84A3A8-42DB-49F0-81FD-8117D942ABC1}" = lport=2869 | protocol=6 | dir=in | app=system | "{DE7C8110-1EBE-43D6-9D75-D602ED30AE1C}" = lport=2869 | protocol=6 | dir=in | app=system | "{DEEDE401-8938-40C2-9335-8420A665D925}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E491628B-523F-4223-95F2-0071E8392B48}" = lport=2869 | protocol=6 | dir=in | app=system | "{EE9B1426-C40E-48DD-941B-A4E87627F06C}" = lport=2869 | protocol=6 | dir=in | app=system | "{F1782734-D86F-422B-9AA2-91EC4FA59ECA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{FA4812A4-6D14-4D0B-9E92-55A509EE1B5E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{051358FA-9D9E-46FB-9536-4B09D293D3F9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{09BED4DB-AB5B-4E8F-A91F-5978F02D39EA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0FD666DA-8CFA-4A57-99B9-39FC268472D1}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{14705897-C097-49DA-9E3D-814EA7B71A8E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{208E3276-87E2-431D-B3C9-086013E0FEB9}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{22DF2A99-1BA0-47B9-8D3A-DAA948AEF7C1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{230F1C4E-6A18-4F1E-BF54-BE1AA88E8F14}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{28B34F1F-4EE8-431A-AE77-09511DC1C987}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{2BA71F5D-96A0-4552-B18A-47B9D986C499}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{325C944B-D94E-4AA1-9BBC-6493A37DDCE5}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{3CFFF59F-3DAE-4065-B327-BFF0FF3CC1B4}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{3D9CA623-E41A-4286-B82C-B0EAC8DFB334}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{3DD24A5B-7AD2-488A-A5D0-70F20919D745}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{3FD1D06A-F5EC-4C01-934E-645B2AFDAC7B}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{45E4A016-9175-40B2-9380-393F8E05E189}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{4612C640-9845-49A5-873E-C68C5B7FF019}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{48C6B18B-0281-4487-BE9B-26BA2BEF0E54}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{497BD23A-B780-4F8E-9CFB-CF128A1DAA6C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4ADF48C8-644E-468D-B934-5915AE753A57}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{4B0E48C7-23B2-45C9-AFB4-B27EA6FEB127}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{5785845C-0646-44F4-BBE6-799D8A0F7727}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{61CE6370-395D-443A-99F3-6B5777F2A036}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{6DC327C8-1299-41D9-B849-9133E7443AAA}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{704F3941-FCCD-4FB4-8D27-20C28B056B3A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{717CBB6F-A4E0-48D3-BA39-53F1B833771B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{72B83110-2828-480E-BDDA-3B94ED3258E8}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{72FF2703-60E1-41AD-BF4C-14D24B0F35FA}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{73D44748-D2AA-438A-8A87-DD1871106E02}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{76D8BDED-307A-45AE-8F1A-90F7DEFF2778}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{7DC4FE22-8075-4439-A869-31A46C548A1A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{805EC9C9-1B8B-4F36-9535-37C8A20714F2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{8B65B85A-6300-49C1-89E7-8318AB92B2D0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{8B87277A-A424-47E8-89C2-E53E68436551}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{939B57A5-FBE3-4A71-BD3B-739C31B0FE9D}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{9983AE7F-6EBE-4016-AC27-9E24559E8ECD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{9C3D4F07-AFDB-46F1-9B95-E48505A47CF4}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{A01C83CB-266A-4749-89D9-CC9A087D2C83}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{A0F40E12-4817-4E9C-9BE2-940BCA092CB9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{A16A7C67-C6C8-42D1-9CB9-DA08B40D3E2D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{A2E83690-E1DA-4CBC-A373-D9383CD62757}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{A32F75F3-A67E-46A2-B70C-AE394BFD4B18}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{A52EC4CD-0A06-41FB-A9D6-8939FCA9220C}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{A65E9548-93B9-4B8B-82AA-D3AD5F25E0E4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{A7F8AE94-F8BF-45DC-AF94-BC031889E084}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{AB203302-07F1-48C3-9F30-FCDE7DC56236}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{AF120394-9A7A-4432-BB35-BB6A3CE2FE68}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{B1B51401-4390-4981-AE8C-343A93462F7A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{B5768B67-6831-4094-8806-094A092FB3A2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{B733CEA2-C953-4DB7-9CEC-33BA91B38645}" = protocol=6 | dir=out | app=system | "{B79A694A-8A84-44C9-9751-FCF6C525E605}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{BA713261-B124-4605-9632-20DE07517A80}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{BF39CDC4-9FCB-4C15-B489-1960A2C78833}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{C40FFFE5-3183-4BEB-BF8B-CD5589E4982D}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{C66FAB51-B69F-4FF6-AFAC-51F08D2E2921}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{C680C398-3244-4C3A-81AC-9ED29424F0FF}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{CFBB2FA6-3C57-409F-9C55-60FEA9853D4A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{D1824EAC-0E9A-4084-A43F-ED90A8F9C4B6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D1EC57BF-23E3-47BC-9E9B-4FCA31EC061C}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{DBF89169-3ECF-4688-BC09-BEB01C6E6107}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E01171B4-576A-4205-A4EC-7A5CDA469EF8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{E7119B0B-CF47-4085-B9A3-DC826EBD10BF}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{EA19B270-5447-4CD4-9C99-A77DF7EAC890}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{FAA82B90-BFB5-4940-827A-EA0416A20BB1}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{FB035C54-139A-437D-B789-DAE5136AEEEF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{FD4F0CD4-CAA6-479B-B48C-DBF3C90BA635}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{FFABC83D-162D-4B05-8DD1-7370071C2454}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "TCP Query User{19F9942B-B259-4EBA-ACA9-489F151C4E82}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | "TCP Query User{1E2F7093-FF44-4362-B4AF-93A7D030EAC9}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | "TCP Query User{2250E818-FC8C-4401-B4A3-3D0057DE4F93}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | "TCP Query User{443AF89B-EE89-4685-94FF-5C9166E68430}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{482B662C-8CB5-4D2E-91EC-A0E97EFD7CF4}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{61316D33-4C05-4E42-9CC1-476332270387}C:\users\***\desktop\msnmsgr.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\msnmsgr.exe | "TCP Query User{711FF911-61F6-4994-B6FB-B2EAF4321FAC}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "TCP Query User{8100E354-CC22-4D0C-8938-ABC7E9614D4D}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | "TCP Query User{81687D01-309C-4115-AE9F-1D5156D070AF}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "TCP Query User{B3C337AF-501B-46B9-8B4C-AD5EE668A136}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{BBA9F86D-0B81-47AF-9ED5-3D038971901C}C:\program files\voipcheapcom\voipcheapcom.exe" = protocol=6 | dir=in | app=c:\program files\voipcheapcom\voipcheapcom.exe | "TCP Query User{C1B0CFCB-284D-468B-B572-EF4B93B96D93}C:\program files\voipcheapcom\voipcheapcom.exe" = protocol=6 | dir=in | app=c:\program files\voipcheapcom\voipcheapcom.exe | "TCP Query User{C2DCE119-5F24-4A9F-A767-C47019DA6F82}C:\users\***\desktop\msnmsgr.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\msnmsgr.exe | "TCP Query User{D9FDA144-47A4-49BB-93CF-068BF1AC91AB}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | "UDP Query User{03F439AE-12F1-415A-A442-556230DAF28D}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | "UDP Query User{10D3E8E6-E7EB-4B1F-AB84-383B225E0496}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{256DC0B9-02B1-431F-8105-B4572983A32D}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{2C1F0200-0691-403B-9231-1F7F3B5CD7B0}C:\users\***\desktop\msnmsgr.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\msnmsgr.exe | "UDP Query User{36EBE536-C090-4849-8858-6F0B07A9DA62}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{42322A2F-FD97-4B3F-9F33-833487A20E32}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | "UDP Query User{64DF6376-DB12-41AA-A57D-F9C6684319F5}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | "UDP Query User{78870010-414F-4224-BCDB-E79B7BBB1109}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{7F02A13D-5EF4-4ED8-AB75-AC7DC776B792}C:\program files\voipcheapcom\voipcheapcom.exe" = protocol=17 | dir=in | app=c:\program files\voipcheapcom\voipcheapcom.exe | "UDP Query User{9E846DEC-1D2C-4F97-95A4-1F3EE4C0AD8D}C:\program files\voipcheapcom\voipcheapcom.exe" = protocol=17 | dir=in | app=c:\program files\voipcheapcom\voipcheapcom.exe | "UDP Query User{D46323D9-1E38-4759-B0B1-8E77C103F9ED}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{D4FC010A-597B-43D3-8248-9393AFC05B49}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | "UDP Query User{EC67BE5F-875B-41FA-97AF-5454177EDE0B}C:\users\***\desktop\msnmsgr.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\msnmsgr.exe | "UDP Query User{EDFCB969-A96C-4570-A15C-0301EF94C587}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent "{09C468CA-2940-466A-AAE8-DCC0C6E9323C}" = Nokia Software Updater "{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 21 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine "{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack "{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8CFEBE9C-F29F-4C49-80E0-7106970F8734}" = Power4Gear eXtreme "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007 "{90120000-0015-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007 "{90120000-0015-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007 "{90120000-0015-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007 "{90120000-0016-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007 "{90120000-0016-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007 "{90120000-0016-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007 "{90120000-0018-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007 "{90120000-0018-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007 "{90120000-0018-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007 "{90120000-0019-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007 "{90120000-0019-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007 "{90120000-0019-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007 "{90120000-001A-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007 "{90120000-001A-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007 "{90120000-001A-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007 "{90120000-001B-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007 "{90120000-001B-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007 "{90120000-001B-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007 "{90120000-001F-0401-0000-0000000FF1CE}_PROHYBRIDR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007 "{90120000-001F-0413-0000-0000000FF1CE}_PROHYBRIDR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007 "{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007 "{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007 "{90120000-006E-040C-0000-0000000FF1CE}_PROHYBRIDR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007 "{90120000-006E-0410-0000-0000000FF1CE}_PROHYBRIDR_{0A75DA12-55CB-4DE5-8B6A-74D97847204E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007 "{90120000-006E-0413-0000-0000000FF1CE}_PROHYBRIDR_{89C8E56A-90D8-4598-B0E6-EB28F6270E07}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007 "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{97F32DF8-D66E-446A-A425-C1D7B45C1033}" = Nero 7 Essentials "{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety "{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = Asus MultiFrame "{9D6D7811-43B3-463C-BC79-5D1755269989}" = Net4Switch "{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3 "{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{DCD22647-6D31-479D-8F97-16D0AA934D9E}" = PC Connectivity Solution "{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CCleaner" = CCleaner (remove only) "ERUNT_is1" = ERUNT 1.1j "ESET Online Scanner" = ESET Online Scanner v3 "HDMI" = Intel(R) Graphics Media Accelerator Driver "ImgBurn" = ImgBurn "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8) "PROHYBRIDR" = 2007 Microsoft Office system "ShockwaveFlash" = Adobe Flash Player 9 ActiveX "SynTPDeinstKey" = Synaptics Pointing Device Driver "VLC media player" = VLC media player 1.0.5 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 09.03.2009 07:16:02 | Computer Name = ***-PC | Source = WerSvc | ID = 5007 Description = Error - 09.03.2009 07:20:17 | Computer Name = ***-PC | Source = RasClient | ID = 20227 Description = Error - 09.03.2009 07:26:12 | Computer Name = ***-PC | Source = RasClient | ID = 20227 Description = Error - 09.03.2009 07:35:34 | Computer Name = ***-PC | Source = RasClient | ID = 20227 Description = Error - 09.03.2009 09:04:52 | Computer Name = ***-PC | Source = RasClient | ID = 20227 Description = Error - 09.03.2009 09:06:13 | Computer Name = ***-PC | Source = RasClient | ID = 20227 Description = Error - 09.03.2009 09:07:34 | Computer Name = ***-PC | Source = RasClient | ID = 20227 Description = Error - 09.03.2009 09:08:55 | Computer Name = ***-PC | Source = RasClient | ID = 20227 Description = Error - 11.03.2009 14:31:21 | Computer Name = ***-PC | Source = WerSvc | ID = 5007 Description = Error - 12.03.2009 15:37:38 | Computer Name = ***-PC | Source = WerSvc | ID = 5007 Description = [ Media Center Events ] Error - 18.04.2008 13:41:55 | Computer Name = ***-PC | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight gescheitert. [ System Events ] Error - 06.08.2010 05:57:47 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001 Description = Error - 06.08.2010 05:57:47 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001 Description = Error - 06.08.2010 05:57:47 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026 Description = Error - 06.08.2010 05:57:47 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001 Description = Error - 06.08.2010 05:57:47 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001 Description = Error - 06.08.2010 05:57:52 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001 Description = Error - 06.08.2010 05:57:53 | Computer Name = ***-PC | Source = DCOM | ID = 10005 Description = Error - 06.08.2010 05:57:54 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001 Description = Error - 06.08.2010 06:43:08 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000 Description = Error - 06.08.2010 09:12:32 | Computer Name = ***-PC | Source = BROWSER | ID = 8032 Description = < End of report > |
06.08.2010, 15:52 | #11 |
/// Selecta Jahrusso | Einige Viren gefunden und ich glaube es werden mehr... Logfile ist sauber Hier noch die letzten paar Schritte zur Säuberung Deines Rechners. Schritt 1 Deinstalliere bitte deine aktuelle Version von Adobe Reader Start--> Systemsteuerung--> Software--> Adobe Reader und lade dir die neue Version von Hier herunter Als alternative würde ich dir den schlankeren Foxit Reader empfehlen Flashplayer bitte ebenfalls updaten. Schritt 2 Systemwiederherstellungpunkte leeren Windows +E Taste drücken --> Rechtsklick über Laufwerk C --> Eigenschaften --> Bereinigen --> weitere Optionen --> Systemwiederherstellung und Schattenkopien bereinigen. Schritt 3 Tool CleanUp Starte bitte die OTL.exe. Klicke nun auf den Bereinigung Button. Dies wird die meisten Tools und Logfiles entfernen. Sollte denoch etwas bestehen bleiben, bitte manuell entfernen sowie den Papierkorb leeren. Schritt 4 Automatische Updates Sehen wir nach ob die Updates für Windows sich automatisch downloaden. Das ist der beste Weg um all die Sicherheits- Patches und Fixes zu erhalten. Windows + R Taste drücken. Kopiere nun folgenden Text in die Kommandozeile RunDll32.exe shell32.dll,Control_RunDLL wscui.cpl und klicke auf OK. Stelle sicher das die automatischen Updates aktiviert sind. Schritt 5 Um Dich für die Zukunft vor weiteren Infizierungen zu schützen empfehle ich Dir noch ein paar Programme.
Schritt 6 Tipps für sicheres Surfen Das sind meine Vorschläge. Verwende einen alternativen Browser statt den IE. Ich empfehle Mozilla Firefox. Für Firefox gibt es verschiedenste AddOns um sicher durch das WWW zu kommen.
Don'ts
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen. Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
08.08.2010, 11:05 | #12 |
| Einige Viren gefunden und ich glaube es werden mehr... Hi danke erst einmal ich denke du hast mir wirklich gehoflen. Soweit habe ich auch alle schritte durchgeführt... nur was mich leicht verwirrt was ist nun mit dem.. sind die Viren immer noch auf meinem laptop? |
08.08.2010, 13:20 | #13 |
/// Selecta Jahrusso | Einige Viren gefunden und ich glaube es werden mehr... Ja mit so screenshots kann man höllisch viel anfangen. Lass Avira mal Scannen und poste die Log
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
12.08.2010, 11:34 | #14 | |
| Einige Viren gefunden und ich glaube es werden mehr... so hier die txt: Zitat:
|
12.08.2010, 21:01 | #15 |
/// Selecta Jahrusso | Einige Viren gefunden und ich glaube es werden mehr... Noch Probleme?
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
Themen zu Einige Viren gefunden und ich glaube es werden mehr... |
antivir, antivir guard, avg, avira, bho, browser, defender, desktop, excel, google, helper, highjack this, hijack, hijackthis, internet, internet explorer, logfile, object, plug-in, rundll, security, software, symantec, system, viren, vista, windows |