| |
| |||||||
Log-Analyse und Auswertung: S.M.A.R.T. Repair Virus; Systemwiederherstellung durchgeführt; was bleibt zu tun?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
04.07.2012, 10:55
| #1 |
 |  S.M.A.R.T. Repair Virus; Systemwiederherstellung durchgeführt; was bleibt zu tun? Hallo liebe Leute, ich habe mir gestern den SMART Repair Virus eingefangen. Beim Surfen fragte eine unbekannte .exe-Datei (irgendwas mit aol) nach Erlaubnis, Veränderungen am Computer durchzuführen, bei "Nein" kam die Meldung sofort wieder. Habe dann einen Suchlauf mit Avira durchgeführt, der gleich etwas gefunden und gelöscht hat (habe die Meldung aber jetzt bei den Berichten nicht mehr gefunden), kurz darauf startete dann der SMART Virus mit seiner Show. Ein Avira Durchlauf gab dann nur eine Warnung aus, dass es eine Datei nicht öffnen konnte (ebenjene). Ich habe dann den Computer im sicheren Modus neu gestartet und eine Systemwiederherstellung auf den Stand von vor ein paar Tagen durchgeführt. Jetzt läuft soweit wieder alles, nur sind natürlich alle Daten versteckt (habe den Fix, den ich hier dazu gefunden habe, noch nicht durchgeführt). Ich fürchte, das Problem ist damit aber nicht mit Sicherheit aus der Welt, stimmt das? Muss ich, wenn alles (hoffentlich) bereinigt ist, sonst noch irgendwas beachten? Etwa Passwörter ändern o.ä.? Ich hoffe, ich habe beim Erstellen nichts vergessen.  Vielen Dank im Voraus! Defogger habe ich durchgeführt, Fehlermeldung kam keine. OTL.txt: Code:
ATTFilter OTL logfile created on: 04.07.2012 09:21:06 - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Mathias\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 2,02 Gb Available Physical Memory | 67,37% Memory free 5,99 Gb Paging File | 4,89 Gb Available in Paging File | 81,64% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 455,99 Gb Total Space | 94,43 Gb Free Space | 20,71% Space Free | Partition Type: NTFS Computer Name: MATHIAS-LAPTOP | User Name: Mathias | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.04 09:11:54 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Mathias\Desktop\OTL.exe PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Mathias\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.05.11 09:29:59 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2012.05.11 09:29:59 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.11 09:29:59 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.11 09:29:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.11 09:29:59 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.09.08 15:55:10 | 000,888,488 | ---- | M] ({StringFileInfo_CompanyName}) -- C:\Programme\Ask.com\Updater\Updater.exe PRC - [2011.08.21 21:46:57 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2011.07.16 06:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin PRC - [2009.08.27 06:48:32 | 001,194,504 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe PRC - [2009.08.26 20:07:24 | 000,698,912 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerTray.exe PRC - [2009.08.26 20:07:22 | 000,690,720 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe PRC - [2009.08.26 20:07:20 | 000,469,536 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerEvent.exe PRC - [2009.08.18 02:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2009.08.18 02:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.05.14 23:03:30 | 000,305,448 | ---- | M] (Egis Technology Inc.) -- C:\Programme\EgisTec\MyWinLocker 3\x86\MWLService.exe PRC - [2009.05.14 23:03:18 | 000,345,384 | ---- | M] (Egis Technology Inc.) -- C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe PRC - [2009.05.13 19:39:42 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Programme\EgisTec Egis Software Update\EgisUpdate.exe PRC - [2009.04.11 19:32:06 | 000,249,600 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe PRC - [2009.04.11 19:32:00 | 000,061,184 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe PRC - [2009.01.21 01:41:24 | 000,202,024 | ---- | M] (CyberLink) -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe PRC - [2009.01.21 01:41:18 | 000,156,968 | ---- | M] (CyberLink Corp.) -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe PRC - [2008.12.26 17:30:58 | 000,173,288 | ---- | M] (Acer Corp.) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe PRC - [2008.12.18 14:51:34 | 000,075,048 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ========== Modules (No Company Name) ========== MOD - [2011.08.23 14:38:42 | 000,985,088 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll MOD - [2011.08.21 21:46:57 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe MOD - [2011.05.26 13:42:00 | 000,067,872 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2009.02.02 17:33:56 | 000,460,199 | ---- | M] () -- C:\Programme\NewTech Infosystems\Acer Backup Manager\sqlite3.dll MOD - [2009.01.21 01:41:26 | 000,872,448 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll MOD - [2009.01.21 01:41:22 | 000,007,680 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll MOD - [2009.01.18 16:50:02 | 000,417,792 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\AdobeXMP.dll MOD - [2007.11.16 17:02:18 | 000,479,232 | R--- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\ccme_base.dll MOD - [2007.11.16 17:02:18 | 000,401,408 | R--- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\cryptocme2.dll ========== Win32 Services (SafeList) ========== SRV - [2012.07.03 22:51:35 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.05.11 09:29:59 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2012.05.11 09:29:59 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.11 09:29:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.11 09:18:50 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2011.08.23 00:33:51 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2009.08.26 20:07:22 | 000,690,720 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc) SRV - [2009.08.18 02:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2009.05.14 23:03:30 | 000,305,448 | ---- | M] () [Auto | Running] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService) SRV - [2009.04.11 19:32:00 | 000,061,184 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2009.01.16 20:53:30 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService) SRV - [2008.12.18 14:51:34 | 000,075,048 | ---- | M] () [Auto | Running] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService) SRV - [2007.08.24 04:19:12 | 000,443,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - [2012.05.11 09:29:59 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.11 09:29:59 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.08.18 03:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.07.14 00:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009.06.24 12:23:12 | 000,159,776 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService) DRV - [2009.01.16 20:53:32 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio) DRV - [2008.12.04 18:34:34 | 000,059,952 | ---- | M] (Egis Incorporated.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV - [2008.12.04 18:34:34 | 000,019,504 | ---- | M] (Egis Incorporated.) [File_System | System | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV - [2008.12.04 18:34:34 | 000,016,432 | ---- | M] (Egis Incorporated.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV - [2008.09.04 06:12:56 | 000,223,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=0811&m=aspire_5738 IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=0811&m=aspire_5738 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=0811&m=aspire_5738 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {C4654FC7-7709-4DF2-A65C-B5B887A4ED99} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{C4654FC7-7709-4DF2-A65C-B5B887A4ED99}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_de IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.08.23 20:50:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.03 22:43:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.16 15:32:57 | 000,000,000 | ---D | M] [2011.08.22 23:36:36 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Mathias\AppData\Roaming\mozilla\Extensions [2012.07.03 22:42:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mathias\AppData\Roaming\mozilla\Firefox\Profiles\5pn5sgzq.default\extensions [2012.07.03 22:43:48 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Mathias\AppData\Roaming\mozilla\Firefox\Profiles\5pn5sgzq.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.07.03 22:43:48 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\Mathias\AppData\Roaming\mozilla\Firefox\Profiles\5pn5sgzq.default\extensions\toolbar@ask.com [2012.05.11 16:55:45 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.05.11 09:18:50 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.04.10 19:37:10 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.06.28 08:38:46 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.28 08:38:46 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.28 08:38:46 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.28 08:38:46 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.28 08:38:46 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.28 08:38:46 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName}) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [mwlDaemon] C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKCU..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer) O4 - Startup: C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Mathias\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{124D590A-07D6-4927-9591-6D2570E914EE}: DhcpNameServer = 10.0.0.138 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.04 09:11:54 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Mathias\Desktop\OTL.exe [2012.07.03 20:05:12 | 000,000,000 | -H-D | C] -- C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Recovery [2012.06.25 22:56:42 | 000,000,000 | -H-D | C] -- C:\Users\Mathias\AppData\Local\PDF24 [2012.06.25 22:54:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24 [2012.06.25 22:54:53 | 000,000,000 | ---D | C] -- C:\Program Files\PDF24 [2012.06.22 09:21:46 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\ElevatedDiagnostics [2012.06.22 09:14:22 | 000,000,000 | -H-D | C] -- C:\Users\Mathias\Desktop\Study Aid etc [2012.06.15 08:39:32 | 000,000,000 | -H-D | C] -- C:\Users\Mathias\AppData\Local\Macromedia [2012.06.11 21:34:35 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\AskToolbar ========== Files - Modified Within 30 Days ========== [2012.07.04 09:18:48 | 000,000,000 | ---- | M] () -- C:\Users\Mathias\defogger_reenable [2012.07.04 09:12:32 | 000,302,592 | ---- | M] () -- C:\Users\Mathias\Desktop\vomherxq.exe [2012.07.04 09:11:54 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Mathias\Desktop\OTL.exe [2012.07.04 09:11:43 | 000,050,477 | ---- | M] () -- C:\Users\Mathias\Desktop\Defogger.exe [2012.07.04 09:08:43 | 000,011,104 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.04 09:08:43 | 000,011,104 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.04 09:01:14 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.04 09:01:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.04 09:00:47 | 2411,855,872 | -HS- | M] () -- C:\hiberfil.sys [2012.07.03 20:05:20 | 000,000,136 | -H-- | M] () -- C:\ProgramData\-MYC7NlSPONnkXcr [2012.07.03 20:05:20 | 000,000,000 | -H-- | M] () -- C:\ProgramData\-MYC7NlSPONnkXc [2012.07.03 20:05:08 | 000,000,256 | -H-- | M] () -- C:\ProgramData\MYC7NlSPONnkXc [2012.07.01 21:36:22 | 000,039,914 | -H-- | M] () -- C:\Users\Mathias\Desktop\main;jsessionid=23492252422C1E495BE551A2FA2473B3.pdf [2012.06.14 22:33:58 | 000,361,368 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.06.14 09:40:44 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.06.14 09:40:44 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.06.14 09:40:44 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.06.14 09:40:44 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.06.05 10:07:19 | 000,001,061 | ---- | M] () -- C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.06.05 10:07:09 | 000,001,033 | ---- | M] () -- C:\Users\Mathias\Desktop\Dropbox.lnk ========== Files Created - No Company Name ========== [2012.07.04 09:18:48 | 000,000,000 | ---- | C] () -- C:\Users\Mathias\defogger_reenable [2012.07.04 09:12:32 | 000,302,592 | ---- | C] () -- C:\Users\Mathias\Desktop\vomherxq.exe [2012.07.04 09:11:42 | 000,050,477 | ---- | C] () -- C:\Users\Mathias\Desktop\Defogger.exe [2012.07.03 20:05:20 | 000,000,136 | -H-- | C] () -- C:\ProgramData\-MYC7NlSPONnkXcr [2012.07.03 20:05:19 | 000,000,000 | -H-- | C] () -- C:\ProgramData\-MYC7NlSPONnkXc [2012.07.03 20:05:07 | 000,000,256 | -H-- | C] () -- C:\ProgramData\MYC7NlSPONnkXc [2012.07.01 21:36:22 | 000,039,914 | -H-- | C] () -- C:\Users\Mathias\Desktop\main;jsessionid=23492252422C1E495BE551A2FA2473B3.pdf [2012.06.25 22:20:03 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2012.06.25 22:20:02 | 000,389,120 | ---- | C] () -- C:\Windows\System32\actskn43.ocx [2011.10.07 12:28:40 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.10.07 12:28:40 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD7030.DAT [2011.08.22 23:23:25 | 000,001,496 | R--- | C] () -- C:\Windows\System32\drivers\RtkAcerM.dat [2011.08.22 23:23:24 | 000,000,520 | R--- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat [2011.08.22 23:23:24 | 000,000,520 | R--- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat [2011.08.22 23:23:24 | 000,000,520 | R--- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2011.08.22 06:17:52 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll [2011.08.22 00:10:48 | 000,021,532 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat [2011.08.21 23:57:41 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.08.21 21:47:15 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe [2011.08.21 21:47:15 | 000,000,074 | ---- | C] () -- C:\Windows\PidList.ini [2011.08.21 21:47:13 | 000,106,496 | ---- | C] () -- C:\Windows\FixUVC.exe [2011.08.21 21:45:04 | 000,123,780 | R--- | C] () -- C:\Windows\System32\drivers\RtConvEQ.DAT [2011.08.21 21:45:04 | 000,000,728 | R--- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat [2011.08.21 21:45:04 | 000,000,008 | R--- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat [2011.06.22 10:43:30 | 000,024,064 | ---- | C] () -- C:\Windows\System32\sst2cl3.dll [2011.04.29 03:48:52 | 000,274,432 | ---- | C] () -- C:\Windows\System32\SaMinDrv.dll [2011.04.29 03:48:52 | 000,106,496 | ---- | C] () -- C:\Windows\System32\SaImgFlt.dll [2011.04.29 03:48:52 | 000,090,112 | ---- | C] () -- C:\Windows\System32\SaSegFlt.dll [2011.04.29 03:48:50 | 000,061,440 | ---- | C] () -- C:\Windows\System32\SaErHdlr.dll ========== LOP Check ========== [2012.06.28 23:05:14 | 000,000,000 | -H-D | M] -- C:\Users\Mathias\AppData\Roaming\.anki [2012.06.28 16:23:54 | 000,000,000 | -H-D | M] -- C:\Users\Mathias\AppData\Roaming\.matplotlib [2011.08.22 00:07:43 | 000,000,000 | -H-D | M] -- C:\Users\Mathias\AppData\Roaming\Acer GameZone Console [2012.07.04 09:02:39 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Dropbox [2012.07.03 22:42:38 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\OpenOffice.org [2011.08.22 00:07:44 | 000,000,000 | -H-D | M] -- C:\Users\Mathias\AppData\Roaming\PowerCinema [2009.07.14 06:53:46 | 000,029,170 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 04.07.2012 09:21:06 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Mathias\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 2,02 Gb Available Physical Memory | 67,37% Memory free
5,99 Gb Paging File | 4,89 Gb Available in Paging File | 81,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455,99 Gb Total Space | 94,43 Gb Free Space | 20,71% Space Free | Partition Type: NTFS
Computer Name: MATHIAS-LAPTOP | User Name: Mathias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F00A9D-185A-4D10-9228-C14B00318A8F}" = lport=139 | protocol=6 | dir=in | app=system |
"{0780777C-D603-4F23-8858-FB7DB99401F9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{153C1696-EA3B-4CF0-BBBB-C0B6B0A43231}" = rport=445 | protocol=6 | dir=out | app=system |
"{3F435D3E-12B6-48B1-800D-EFA2D2228933}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{48484C6C-A1E6-47A3-83D3-B9410C03AA11}" = rport=10243 | protocol=6 | dir=out | app=system |
"{520474FF-B823-4E9E-84E8-E33119EF4355}" = lport=137 | protocol=17 | dir=in | app=system |
"{55F3330D-6319-45D3-832E-6E816E844D1E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{56170BA2-551D-435C-BE23-9618798C6CF9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5B5E672C-5D68-4BE8-9323-4918DA8CC8A2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6C382540-1D6A-4F8C-97F4-F7523C1BCE57}" = lport=2869 | protocol=6 | dir=in | app=system |
"{71956D23-D9DF-474F-BB07-08EB1DAF33F8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9253A523-4691-4BE6-8405-F5E5FF113817}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{93AA3420-11D8-40C5-975B-824C5874B4CF}" = lport=138 | protocol=17 | dir=in | app=system |
"{99C2450F-E428-40FE-9DEC-9DC3729ED491}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{9AEDF331-C7AF-48F4-AF3A-6E234DC95A95}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AC79484D-3DB0-49D9-B86C-703F68CD1BD4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B4590DCF-3773-4270-A239-5AC4895B5379}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{BA7724CC-F90E-4D81-B01C-519EDA91AC34}" = rport=137 | protocol=17 | dir=out | app=system |
"{D4FFF1D1-B312-4F41-9A61-07C532F17A0A}" = rport=139 | protocol=6 | dir=out | app=system |
"{D61493B3-FEC3-41E8-8624-66E62DCA1A7F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DF893A1A-2A35-4272-801A-870518F44060}" = rport=138 | protocol=17 | dir=out | app=system |
"{DF8F0146-6A0D-4018-85A2-42AB22D44048}" = lport=445 | protocol=6 | dir=in | app=system |
"{EB066731-22CC-4520-803F-A34E50F4130C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{ECD2B67A-9503-4742-825A-3280DE50B891}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F723BAE0-271F-4B36-A8C9-A206BC02ED99}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01812F4C-05C0-49DE-9EF1-8310566E3AF5}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{0AD63CA4-E4FB-4FCB-9EE2-9E7B8D955EB7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{0DB4F180-E3D0-4029-B3D9-5F5B3AAEAF90}" = protocol=6 | dir=in | app=c:\users\mathias\appdata\roaming\dropbox\bin\dropbox.exe |
"{1313DC88-43E4-43F0-9E0B-E1A24147BF4B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{22955B12-C94D-4F55-A605-2D6BFED9EA8E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2E5F32AD-6497-41BE-A217-CAC31848A3DE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3B75AB01-24D9-4683-B3D1-81A6FC7E9745}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4402DD63-92A1-4298-B39C-DF3856A5C25E}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{44313369-55A3-4DAD-880E-2106C1031AB1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{49F1200A-67B8-41E0-84B8-76A9C39BB436}" = protocol=6 | dir=out | app=system |
"{565654F8-F40D-4390-93C6-8058E1ACD914}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{590C0619-0518-4595-8DDF-19EF077A6A17}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{59D7ECC3-1D25-4D86-A5C5-E7571576410B}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{61846197-4A36-4066-BFBE-5C25B4C62B19}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6904E211-8DA3-4955-A21A-C53989AA85D2}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{6BCD1C50-894C-41C5-A467-41DE5BE77B3D}" = protocol=17 | dir=in | app=c:\users\mathias\appdata\roaming\dropbox\bin\dropbox.exe |
"{6E3A109D-AC1A-485F-800A-32582D09EFA8}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{763F5E67-36E2-44FA-B037-B18A2F7547F6}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{8D514C19-9B7F-4B3D-9039-760270250D49}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{90A932C0-74AD-4B78-A0AE-4542937CF962}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{950EAF1C-9823-49DF-93E1-EB09B259CD74}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A2366D76-05E3-49DA-BCA1-F99553DA6F6E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A2F69815-1078-4016-B1D4-89B6312C28FC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{AE4AF426-0752-41FE-A533-F7886DE302D8}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{B1AD0714-6EC5-4530-B61B-C22794343030}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B2E7A0F8-0B5B-4528-8E35-CEF1D8885FD5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B8EDCBEC-700B-4D19-920E-A674346B4DF7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BEA626B6-140C-4DC4-AD06-572D004D03BF}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{C5EA0BAE-7DE3-4691-A83B-05A0EEFFDEE9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C77CDDAE-17C5-4019-9313-145E140472DD}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{D7E60BED-8C9C-4635-A57F-2F8CBD53D905}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DB2510C8-A74B-4F21-828F-3DAE6BB3B947}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ED6668AE-187A-4388-8840-D6CF18126208}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FAB4A4D9-123F-4A2A-AEF6-71813D6CFCB2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{62C17BEA-48BB-4689-9F62-A51FCB70F01F}C:\users\mathias\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\mathias\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{014349F4-2F45-481C-BDA9-BBFF40927DEE}C:\users\mathias\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\mathias\appdata\roaming\dropbox\bin\dropbox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033F0CE1-B6FC-EC7A-7914-81F14C8DBA0F}" = Catalyst Control Center Core Implementation
"{05B95480-732A-1081-8A94-D924326AF36F}" = CCC Help English
"{0945589B-6CC4-FA00-3CBE-BD6028B26063}" = CCC Help Turkish
"{0EAE6EF9-010E-0734-D0A0-2BB8040F90EA}" = CCC Help French
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{133C8002-B64F-C9E7-7DAC-21BAE58DC041}" = CCC Help Russian
"{150715F0-2800-A3C5-836E-F4F98AE3A775}" = ccc-core-static
"{1D0FDD6D-3C5E-4588-8ED0-02DC88014BF2}" = Upgrade Kit
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22EFABF6-7373-7755-4EA4-5240E7CCEEF7}" = Catalyst Control Center Graphics Previews Vista
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{270629EB-D776-04FC-0631-256177B7A021}" = CCC Help Swedish
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{29D2987A-9FBC-1BD3-E463-12D50D94DBFC}" = Catalyst Control Center Graphics Full New
"{2AB22900-5718-4617-523B-9DFDECB4749D}" = CCC Help Italian
"{3956AEA0-9299-CA45-5BF1-5A721F8E3A21}" = CCC Help Chinese Traditional
"{3C152296-D7E4-59F4-B07E-43587CE985FE}" = CCC Help Norwegian
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{502D4628-92AD-416A-0580-00D64320DBB7}" = ATI Catalyst Install Manager
"{51B83F5C-5660-4B73-AB18-C68993FEDEB3}" = Catalyst Control Center - Branding
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{66CB1DC8-FBA1-7436-08F3-061F7CB72C80}" = Skins
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6C497312-7C1E-BB3C-D143-B8FD0C894CF1}" = CCC Help Polish
"{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files\Acer GameZone\GameConsole
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110184263}" = Puzzle Express
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11037623}" = Tradewinds 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111205743}" = Tri-Peaks Solitaire To Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111232687}" = Ocean Express
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11170417}" = Luxor 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11219217}" = Cradle of Rome
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112270203}" = Dream Day Wedding
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113056167}" = Dream Day Honeymoon
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113297350}" = Cake Mania 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113494430}" = Wedding Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115443300}" = Cooking Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11551977}" = Parking Dash
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{88FC0C01-E4AA-3C3E-4612-3F11E69EF188}" = CCC Help German
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98E3A37D-D424-C725-E06A-71C1151F682A}" = CCC Help Finnish
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{A141F87A-A73B-368D-AB65-A997B3D1D2C4}" = CCC Help Spanish
"{AAD2CA33-F716-4D1B-31F9-B52A847C4AF1}" = CCC Help Hungarian
"{AB104276-19BC-D12E-90EE-D358003A4EAF}" = CCC Help Greek
"{ABBD20D8-60E7-885B-734A-DE745BFDF43B}" = CCC Help Czech
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEE701D3-6AF7-A8D5-145E-D0C01D528FAD}" = ccc-utility
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B5080F69-EE95-49DC-F8A1-B7CBB2B5028D}" = CCC Help Korean
"{B5BCBD49-202F-4238-8398-D83D423A48B4}" = Windows Live Anmelde-Assistent
"{B6CB5308-3B67-9861-97F5-0EB31CE21E63}" = CCC Help Chinese Standard
"{B7020783-0AB1-8D67-E850-673BD0C61E7F}" = CCC Help Thai
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D0354121-07AF-DE06-1D0F-7490EFE2F67A}" = Catalyst Control Center Graphics Full Existing
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.74.216
"{DA163DB8-C795-9EF2-7CF2-8B570BA9E39E}" = CCC Help Portuguese
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E36BE564-B727-A80D-E9F0-7FFEB69120E5}" = CCC Help Dutch
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5A56A6C-7656-969C-457A-E7600A6F169B}" = Catalyst Control Center Graphics Light
"{E5D9A29A-8903-968F-6394-CB8CC151084C}" = Catalyst Control Center Localization All
"{EE03DA2C-2154-7298-4461-F76C615932A9}" = CCC Help Japanese
"{EE9DEA81-3B77-7135-0E5B-B8C3092FE88A}" = CCC Help Danish
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"7-Zip" = 7-Zip 9.20
"Acer Screensaver" = Acer ScreenSaver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Anki" = Anki
"Avira AntiVir Desktop" = Avira Free Antivirus
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"DivX Setup" = DivX-Setup
"DVD Decrypter" = DVD Decrypter (Remove Only)
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"LManager" = Launch Manager
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 03.07.2012 16:52:12 | Computer Name = Mathias-Laptop | Source = ESENT | ID = 488
Description = wlmail (5924) C:\Users\Mathias\AppData\Local\Microsoft\Windows Live
Mail\Calendars\***@hotmail.com\: Versuch, Datei "C:\Users\Mathias\AppData\Local\Microsoft\Windows
Live Mail\Calendars\***@hotmail.com\DBStore\WLCalendarStore.pat" zu
erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen.
Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.
Error - 03.07.2012 16:52:12 | Computer Name = Mathias-Laptop | Source = ESENT | ID = 217
Description = wlmail (5924) C:\Users\Mathias\AppData\Local\Microsoft\Windows Live
Mail\Calendars\***@hotmail.com\: Fehler (-1032) während der Sicherung
einer Datenbank (Datei C:\Users\Mathias\AppData\Local\Microsoft\Windows Live Mail\Calendars\***@hotmail.com\DBStore\WLCalendarStore.edb).
Die Datenbank kann nicht wiederhergestellt werden.
Error - 03.07.2012 16:52:12 | Computer Name = Mathias-Laptop | Source = ESENT | ID = 215
Description = wlmail (5924) C:\Users\Mathias\AppData\Local\Microsoft\Windows Live
Mail\Calendars\***@hotmail.com\: Die Sicherung wurde abgebrochen, weil
sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
wurde.
Error - 03.07.2012 16:52:19 | Computer Name = Mathias-Laptop | Source = ESENT | ID = 488
Description = wlcomm (4276) C:\Users\Mathias\AppData\Local\Microsoft\Windows Live
Contacts\{3f52a837-6ce6-4599-84a1-72a93cfc0969}\: Versuch, Datei "C:\Users\Mathias\AppData\Local\Microsoft\Windows
Live Contacts\{3f52a837-6ce6-4599-84a1-72a93cfc0969}\DBStore\contacts.pat" zu erstellen,
ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler
-1032 (0xfffffbf8) beim Erstellen von Dateien.
Error - 03.07.2012 16:52:19 | Computer Name = Mathias-Laptop | Source = ESENT | ID = 217
Description = wlcomm (4276) C:\Users\Mathias\AppData\Local\Microsoft\Windows Live
Contacts\{3f52a837-6ce6-4599-84a1-72a93cfc0969}\: Fehler (-1032) während der Sicherung
einer Datenbank (Datei C:\Users\Mathias\AppData\Local\Microsoft\Windows Live Contacts\{3f52a837-6ce6-4599-84a1-72a93cfc0969}\DBStore\contacts.edb).
Die Datenbank kann nicht wiederhergestellt werden.
Error - 03.07.2012 16:52:19 | Computer Name = Mathias-Laptop | Source = ESENT | ID = 215
Description = wlcomm (4276) C:\Users\Mathias\AppData\Local\Microsoft\Windows Live
Contacts\{3f52a837-6ce6-4599-84a1-72a93cfc0969}\: Die Sicherung wurde abgebrochen,
weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
wurde.
Error - 03.07.2012 16:52:38 | Computer Name = Mathias-Laptop | Source = ESENT | ID = 488
Description = wlcomm (4276) C:\Users\Mathias\AppData\Local\Microsoft\Windows Live
Contacts\{dbe8a2ef-cbb1-43a9-b858-2b0d62e456e5}\: Versuch, Datei "C:\Users\Mathias\AppData\Local\Microsoft\Windows
Live Contacts\{dbe8a2ef-cbb1-43a9-b858-2b0d62e456e5}\DBStore\contacts.pat" zu erstellen,
ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler
-1032 (0xfffffbf8) beim Erstellen von Dateien.
Error - 03.07.2012 16:52:38 | Computer Name = Mathias-Laptop | Source = ESENT | ID = 217
Description = wlcomm (4276) C:\Users\Mathias\AppData\Local\Microsoft\Windows Live
Contacts\{dbe8a2ef-cbb1-43a9-b858-2b0d62e456e5}\: Fehler (-1032) während der Sicherung
einer Datenbank (Datei C:\Users\Mathias\AppData\Local\Microsoft\Windows Live Contacts\{dbe8a2ef-cbb1-43a9-b858-2b0d62e456e5}\DBStore\contacts.edb).
Die Datenbank kann nicht wiederhergestellt werden.
Error - 03.07.2012 16:52:38 | Computer Name = Mathias-Laptop | Source = ESENT | ID = 215
Description = wlcomm (4276) C:\Users\Mathias\AppData\Local\Microsoft\Windows Live
Contacts\{dbe8a2ef-cbb1-43a9-b858-2b0d62e456e5}\: Die Sicherung wurde abgebrochen,
weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
wurde.
Error - 04.07.2012 03:02:34 | Computer Name = Mathias-Laptop | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 26.03.2012 14:11:10 | Computer Name = Mathias-Laptop | Source = Tcpip | ID = 4199
Description = Das System hat einen Adressenkonflikt der IP-Adresse 10.0.0.2 mit
dem Computer mit der Netzwerkhardwareadresse 00-03-91-B6-E1-E3 ermittelt. Netzwerkvorgänge
könnten daher auf diesem System unterbrochen werden.
Error - 26.03.2012 18:01:04 | Computer Name = Mathias-Laptop | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 27.03.2012 02:49:49 | Computer Name = Mathias-Laptop | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 27.03.2012 02:49:49 | Computer Name = Mathias-Laptop | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 27.03.2012 12:59:38 | Computer Name = Mathias-Laptop | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 27.03.2012 13:42:35 | Computer Name = Mathias-Laptop | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 27.03.2012 13:51:37 | Computer Name = Mathias-Laptop | Source = Tcpip | ID = 4199
Description = Das System hat einen Adressenkonflikt der IP-Adresse 0.0.0.0 mit dem
Computer mit der Netzwerkhardwareadresse 70-1A-04-45-CB-37 ermittelt. Netzwerkvorgänge
könnten daher auf diesem System unterbrochen werden.
Error - 27.03.2012 15:36:12 | Computer Name = Mathias-Laptop | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 27.03.2012 17:12:43 | Computer Name = Mathias-Laptop | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 27.03.2012 18:07:10 | Computer Name = Mathias-Laptop | Source = atikmdag | ID = 43029
Description = Display is not active
< End of report >
Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-04 11:28:43
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0
Running: vomherxq.exe; Driver: C:\Users\Mathias\AppData\Local\Temp\kwriqkog.sys
---- System - GMER 1.0.15 ----
SSDT 900C8A2E ZwCreateSection
SSDT 900C8A38 ZwRequestWaitReplyPort
SSDT 900C8A33 ZwSetContextThread
SSDT 900C8A3D ZwSetSecurityObject
SSDT 900C8A42 ZwSystemDebugControl
SSDT 900C89CF ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackTransaction + 13E9 83290599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 832B5092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 340 832BC990 4 Bytes [2E, 8A, 0C, 90] {MOV CL, CS:[EAX+EDX*4]}
.text ntkrnlpa.exe!RtlSidHashLookup + 69C 832BCCEC 4 Bytes [38, 8A, 0C, 90]
.text ntkrnlpa.exe!RtlSidHashLookup + 6E0 832BCD30 4 Bytes [33, 8A, 0C, 90]
.text ntkrnlpa.exe!RtlSidHashLookup + 75C 832BCDAC 4 Bytes [3D, 8A, 0C, 90]
.text ntkrnlpa.exe!RtlSidHashLookup + 7B0 832BCE00 4 Bytes [42, 8A, 0C, 90] {INC EDX; MOV CL, [EAX+EDX*4]}
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x91431000, 0x2D5378, 0xE8000020]
PAGE peauth.sys A1047B9B 72 Bytes [20, 55, 58, EA, 21, 76, B4, ...]
PAGE peauth.sys A104802C 102 Bytes CALL BE117902
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
|
|
05.07.2012, 14:31
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | S.M.A.R.T. Repair Virus; Systemwiederherstellung durchgeführt; was bleibt zu tun? Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
07.07.2012, 12:16
| #3 |
| | S.M.A.R.T. Repair Virus; Systemwiederherstellung durchgeführt; was bleibt zu tun? Danke für deine Hilfe!
__________________Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.07.05.06 Windows 7 x86 NTFS Internet Explorer 9.0.8112.16421 Mathias :: MATHIAS-LAPTOP [Administrator] 05.07.2012 20:06:09 mbam-log-2012-07-05 (20-06-09).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 406532 Laufzeit: 2 Stunde(n), 5 Minute(n), 28 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=045dd1791f317243a25b1086620cfcb6
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-07 10:56:32
# local_time=2012-07-07 12:56:32 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1792 16777215 100 0 22002185 22002185 0 0
# compatibility_mode=5893 16776574 100 85 94091432 94091432 0 0
# compatibility_mode=8192 67108863 100 0 190 190 0 0
# scanned=217188
# found=1
# cleaned=0
# scan_time=5903
C:\Users\Mathias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\34725bc2-71d673b1 Java/Exploit.CVE-2012-0507.CN trojan (unable to clean) 00000000000000000000000000000000 I
Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Donnerstag, 05. Juli 2012 20:35
Es wird nach 3831448 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (plain) [6.1.7600]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : MATHIAS-LAPTOP
Versionsinformationen:
BUILD.DAT : 12.0.0.1125 41829 Bytes 02.05.2012 16:34:00
AVSCAN.EXE : 12.3.0.15 466896 Bytes 11.05.2012 07:29:59
AVSCAN.DLL : 12.3.0.15 66256 Bytes 11.05.2012 07:29:59
LUKE.DLL : 12.3.0.15 68304 Bytes 11.05.2012 07:29:59
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 11.05.2012 07:29:59
AVREG.DLL : 12.3.0.17 232200 Bytes 11.05.2012 07:29:59
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 09:07:39
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 18:17:51
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 14:59:31
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 19:57:29
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 15:37:48
VBASE006.VDF : 7.11.34.117 2048 Bytes 29.06.2012 15:37:48
VBASE007.VDF : 7.11.34.118 2048 Bytes 29.06.2012 15:37:48
VBASE008.VDF : 7.11.34.119 2048 Bytes 29.06.2012 15:37:48
VBASE009.VDF : 7.11.34.120 2048 Bytes 29.06.2012 15:37:48
VBASE010.VDF : 7.11.34.121 2048 Bytes 29.06.2012 15:37:48
VBASE011.VDF : 7.11.34.122 2048 Bytes 29.06.2012 15:37:48
VBASE012.VDF : 7.11.34.123 2048 Bytes 29.06.2012 15:37:48
VBASE013.VDF : 7.11.34.124 2048 Bytes 29.06.2012 15:37:48
VBASE014.VDF : 7.11.34.201 169472 Bytes 02.07.2012 19:27:08
VBASE015.VDF : 7.11.34.202 2048 Bytes 02.07.2012 19:27:08
VBASE016.VDF : 7.11.34.203 2048 Bytes 02.07.2012 19:27:08
VBASE017.VDF : 7.11.34.204 2048 Bytes 02.07.2012 19:27:08
VBASE018.VDF : 7.11.34.205 2048 Bytes 02.07.2012 19:27:08
VBASE019.VDF : 7.11.34.206 2048 Bytes 02.07.2012 19:27:08
VBASE020.VDF : 7.11.34.207 2048 Bytes 02.07.2012 19:27:08
VBASE021.VDF : 7.11.34.208 2048 Bytes 02.07.2012 19:27:08
VBASE022.VDF : 7.11.34.209 2048 Bytes 02.07.2012 19:27:08
VBASE023.VDF : 7.11.34.210 2048 Bytes 02.07.2012 19:27:08
VBASE024.VDF : 7.11.34.211 2048 Bytes 02.07.2012 19:27:08
VBASE025.VDF : 7.11.34.212 2048 Bytes 02.07.2012 19:27:08
VBASE026.VDF : 7.11.34.213 2048 Bytes 02.07.2012 19:27:08
VBASE027.VDF : 7.11.34.214 2048 Bytes 02.07.2012 19:27:09
VBASE028.VDF : 7.11.34.215 2048 Bytes 02.07.2012 19:27:09
VBASE029.VDF : 7.11.34.216 2048 Bytes 02.07.2012 19:27:09
VBASE030.VDF : 7.11.34.217 2048 Bytes 02.07.2012 19:27:09
VBASE031.VDF : 7.11.35.2 70144 Bytes 03.07.2012 21:23:50
Engineversion : 8.2.10.102
AEVDF.DLL : 8.1.2.8 106867 Bytes 02.06.2012 07:34:55
AESCRIPT.DLL : 8.1.4.28 455035 Bytes 03.07.2012 21:23:54
AESCN.DLL : 8.1.8.2 131444 Bytes 28.01.2012 12:21:33
AESBX.DLL : 8.2.5.12 606578 Bytes 14.06.2012 19:56:00
AERDL.DLL : 8.1.9.15 639348 Bytes 08.09.2011 21:16:06
AEPACK.DLL : 8.2.16.22 807288 Bytes 03.07.2012 21:23:54
AEOFFICE.DLL : 8.1.2.40 201082 Bytes 03.07.2012 21:23:53
AEHEUR.DLL : 8.1.4.58 4993399 Bytes 03.07.2012 21:23:53
AEHELP.DLL : 8.1.23.2 258422 Bytes 03.07.2012 21:23:50
AEGEN.DLL : 8.1.5.30 422261 Bytes 14.06.2012 19:53:54
AEEXP.DLL : 8.1.0.58 82292 Bytes 03.07.2012 21:23:55
AEEMU.DLL : 8.1.3.0 393589 Bytes 01.09.2011 21:46:01
AECORE.DLL : 8.1.25.10 201080 Bytes 01.06.2012 07:35:51
AEBB.DLL : 8.1.1.0 53618 Bytes 01.09.2011 21:46:01
AVWINLL.DLL : 12.3.0.15 27344 Bytes 11.05.2012 07:29:58
AVPREF.DLL : 12.3.0.15 51920 Bytes 11.05.2012 07:29:59
AVREP.DLL : 12.3.0.15 179208 Bytes 11.05.2012 07:29:59
AVARKT.DLL : 12.3.0.15 211408 Bytes 11.05.2012 07:29:59
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 11.05.2012 07:29:59
SQLITE3.DLL : 3.7.0.1 398288 Bytes 11.05.2012 07:29:59
AVSMTP.DLL : 12.3.0.15 63440 Bytes 11.05.2012 07:29:59
NETNT.DLL : 12.3.0.15 17104 Bytes 11.05.2012 07:29:59
RCIMAGE.DLL : 12.3.0.15 4447952 Bytes 11.05.2012 07:29:58
RCTEXT.DLL : 12.3.0.15 98512 Bytes 11.05.2012 07:29:58
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4ff41162\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: reparieren
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig
Beginn des Suchlaufs: Donnerstag, 05. Juli 2012 20:35
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbam.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wuauclt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ePowerEvent.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'unsecapp.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ePowerTray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iPodService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.bin' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ISUSPM.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AdobeARM.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DivXUpdate.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Updater.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPHelper.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'LManager.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AVWEBGRD.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'PLFSetI.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'PMVService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mwlDaemon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'EgisUpdate.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CLMLSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'BackupManagerTray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ArcadeDeluxeAgent.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtHDVCpl.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SchedulerSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IScheduleSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'MWLService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ePowerSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CLHNService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'atieclxx.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'atiesrxx.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '1' Modul(e) wurden durchsucht
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\Users\Mathias\AppData\Local\Temp\584ioR0RkNv5fs.exe.tmp'
C:\Users\Mathias\AppData\Local\Temp\584ioR0RkNv5fs.exe.tmp
[FUND] Ist das Trojanische Pferd TR/FakeSysdef.A.6
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '550870c1.qua' verschoben!
Ende des Suchlaufs: Donnerstag, 05. Juli 2012 20:36
Benötigte Zeit: 00:21 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
0 Verzeichnisse wurden überprüft
70 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
69 Dateien ohne Befall
0 Archive wurden durchsucht
0 Warnungen
1 Hinweise
|
|
09.07.2012, 10:17
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | S.M.A.R.T. Repair Virus; Systemwiederherstellung durchgeführt; was bleibt zu tun? Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt? Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.07.2012, 17:15
| #5 |
| | S.M.A.R.T. Repair Virus; Systemwiederherstellung durchgeführt; was bleibt zu tun? Das war der erste Scan mit Malwarebytes, im entsprechenden Reiter scheint auch nur jenes auf, das ich oben gepostet habe. Avira hat die Meldung übrigens vor (oder während, weiß ich leider nicht mehr) dem Malwarebytes-Scan abgegeben und die Datei in Quarantäne verschoben. |
|
10.07.2012, 08:58
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | S.M.A.R.T. Repair Virus; Systemwiederherstellung durchgeführt; was bleibt zu tun? Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ --> S.M.A.R.T. Repair Virus; Systemwiederherstellung durchgeführt; was bleibt zu tun? |
|
10.07.2012, 16:56
| #7 |
| | S.M.A.R.T. Repair Virus; Systemwiederherstellung durchgeführt; was bleibt zu tun? Hier ist die Log-Datei: Code:
ATTFilter # AdwCleaner v1.701 - Logfile created 07/10/2012 at 17:45:15
# Updated 02/07/2012 by Xplode
# Operating system : Windows 7 Home Premium (32 bits)
# User : Mathias - MATHIAS-LAPTOP
# Running from : C:\Users\Mathias\Desktop\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
Folder Found : C:\Users\Mathias\AppData\Local\AskToolbar
Folder Found : C:\Users\Mathias\AppData\Local\Temp\AskSearch
Folder Found : C:\Users\Mathias\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Mathias\AppData\Roaming\Mozilla\Firefox\Profiles\5pn5sgzq.default\extensions\toolbar@ask.com
Folder Found : C:\Program Files\Ask.com
Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registry] *****
Key Found : HKCU\Software\APN
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\AskToolbar
Key Found : HKLM\SOFTWARE\APN
Key Found : HKLM\SOFTWARE\AskToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
***** [Registre - GUID] *****
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Mozilla Firefox v12.0 (de)
Profile name : default
File : C:\Users\Mathias\AppData\Roaming\Mozilla\Firefox\Profiles\5pn5sgzq.default\prefs.js
Found : user_pref("extensions.asktb.AviraIDW-TS", "1319701434568");
Found : user_pref("extensions.asktb.AviraIDW-XML", "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\r\n<button xm[...]
Found : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
Found : user_pref("extensions.asktb.cbid", "JM");
Found : user_pref("extensions.asktb.config-updated", true);
Found : user_pref("extensions.asktb.crumb", "2011.08.21+14.44.42-toolbar001iad-AT-Vmllbm5hLEF1c3RyaWE%3D");
Found : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}[...]
Found : user_pref("extensions.asktb.dtid", "YYYYYYYYAT");
Found : user_pref("extensions.asktb.fresh-install", false);
Found : user_pref("extensions.asktb.guid", "be26886d-d368-4784-ab17-684f2c44a485");
Found : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Found : user_pref("extensions.asktb.if", "first");
Found : user_pref("extensions.asktb.l", "dis");
Found : user_pref("extensions.asktb.last-config-req", "1338370809198");
Found : user_pref("extensions.asktb.last-search-timestamp", "1314051615670");
Found : user_pref("extensions.asktb.last-v", "3.13.1.100008");
Found : user_pref("extensions.asktb.locale", "de_US");
Found : user_pref("extensions.asktb.location", "Vienna,Austria");
Found : user_pref("extensions.asktb.notification-shown", true);
Found : user_pref("extensions.asktb.o", "100000080");
Found : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Found : user_pref("extensions.asktb.qsrc", "2871");
Found : user_pref("extensions.asktb.r", "3");
Found : user_pref("extensions.asktb.sa", "NO");
Found : user_pref("extensions.asktb.search-history-queries", "test");
Found : user_pref("extensions.asktb.search-suggestions-enabled", true);
Found : user_pref("extensions.asktb.silent-upgrade", true);
Found : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Found : user_pref("extensions.asktb.themeid", "");
Found : user_pref("extensions.asktb.to", "");
Found : user_pref("extensions.asktb.v", "3.13.1.100012");
*************************
AdwCleaner[R1].txt - [5679 octets] - [10/07/2012 17:45:15]
########## EOF - C:\AdwCleaner[R1].txt - [5807 octets] ##########
|
|
10.07.2012, 21:27
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | S.M.A.R.T. Repair Virus; Systemwiederherstellung durchgeführt; was bleibt zu tun? adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.07.2012, 16:52
| #9 |
| | S.M.A.R.T. Repair Virus; Systemwiederherstellung durchgeführt; was bleibt zu tun? Bei der nun deinstallierten Avira-Toolbar war ja auch der Browserschutz integriert. Brauche ich den nicht? Code:
ATTFilter # AdwCleaner v1.701 - Logfile created 07/11/2012 at 17:47:04
# Updated 02/07/2012 by Xplode
# Operating system : Windows 7 Home Premium (32 bits)
# User : Mathias - MATHIAS-LAPTOP
# Running from : C:\Users\Mathias\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Users\Mathias\AppData\Local\AskToolbar
Folder Deleted : C:\Users\Mathias\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\Mathias\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Mathias\AppData\Roaming\Mozilla\Firefox\Profiles\5pn5sgzq.default\extensions\toolbar@ask.com
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registry] *****
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
***** [Registre - GUID] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Mozilla Firefox v12.0 (de)
Profile name : default
File : C:\Users\Mathias\AppData\Roaming\Mozilla\Firefox\Profiles\5pn5sgzq.default\prefs.js
Deleted : user_pref("extensions.asktb.AviraIDW-TS", "1319701434568");
Deleted : user_pref("extensions.asktb.AviraIDW-XML", "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\r\n<button xm[...]
Deleted : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
Deleted : user_pref("extensions.asktb.cbid", "JM");
Deleted : user_pref("extensions.asktb.config-updated", true);
Deleted : user_pref("extensions.asktb.crumb", "2011.08.21+14.44.42-toolbar001iad-AT-Vmllbm5hLEF1c3RyaWE%3D");
Deleted : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}[...]
Deleted : user_pref("extensions.asktb.dtid", "YYYYYYYYAT");
Deleted : user_pref("extensions.asktb.fresh-install", false);
Deleted : user_pref("extensions.asktb.guid", "be26886d-d368-4784-ab17-684f2c44a485");
Deleted : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Deleted : user_pref("extensions.asktb.if", "first");
Deleted : user_pref("extensions.asktb.l", "dis");
Deleted : user_pref("extensions.asktb.last-config-req", "1338370809198");
Deleted : user_pref("extensions.asktb.last-search-timestamp", "1314051615670");
Deleted : user_pref("extensions.asktb.last-v", "3.13.1.100008");
Deleted : user_pref("extensions.asktb.locale", "de_US");
Deleted : user_pref("extensions.asktb.location", "Vienna,Austria");
Deleted : user_pref("extensions.asktb.notification-shown", true);
Deleted : user_pref("extensions.asktb.o", "100000080");
Deleted : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Deleted : user_pref("extensions.asktb.qsrc", "2871");
Deleted : user_pref("extensions.asktb.r", "3");
Deleted : user_pref("extensions.asktb.sa", "NO");
Deleted : user_pref("extensions.asktb.search-history-queries", "test");
Deleted : user_pref("extensions.asktb.search-suggestions-enabled", true);
Deleted : user_pref("extensions.asktb.silent-upgrade", true);
Deleted : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Deleted : user_pref("extensions.asktb.themeid", "");
Deleted : user_pref("extensions.asktb.to", "");
Deleted : user_pref("extensions.asktb.v", "3.13.1.100012");
*************************
AdwCleaner[R1].txt - [5808 octets] - [10/07/2012 17:45:15]
AdwCleaner[S1].txt - [5749 octets] - [11/07/2012 17:47:04]
########## EOF - C:\AdwCleaner[S1].txt - [5877 octets] ##########
|
|
11.07.2012, 22:10
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | S.M.A.R.T. Repair Virus; Systemwiederherstellung durchgeführt; was bleibt zu tun? Ich finde den Browserschutz ziemlich unnötig, v.a. weil der an so einer dämlichen Toolbar gekoppelt ist  Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.07.2012, 17:22
| #11 |
| | S.M.A.R.T. Repair Virus; Systemwiederherstellung durchgeführt; was bleibt zu tun? Ok, dann habe ich keine Bedenken. 1.) Bin seit der Systemwiederherstellung uneingeschränkt im normalen Modus unterwegs. 2.) Im Startmenü scheint nichts zu fehlen, habe keine leeren Ordner entdeckt. Nur die ganzen anderen Daten sind eben versteckt (habe den Fix, den ich hier dazu gefunden habe, noch nicht durchgeführt). |
|
12.07.2012, 19:22
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | S.M.A.R.T. Repair Virus; Systemwiederherstellung durchgeführt; was bleibt zu tun? Das Dateien wurde von der Ransomware versteckt, wenn überhaupt kannst du mit unhide noch was wiederherstellen. Wenn nicht bist du ohne Backup angeschmiert Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.07.2012, 21:24
| #13 |
| | S.M.A.R.T. Repair Virus; Systemwiederherstellung durchgeführt; was bleibt zu tun? Hab ich gemacht, hat auch geklappt, danke. Muss ich wegen den Funden von ESET und Avira noch was machen? Ich mache an diesem Computer auch alle sensiblen Dinge wie Onlinebanking, Einkauf, Amtswege, darum möchte ich sichergehen, dass er wirklich sauber ist. |
|
13.07.2012, 22:08
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | S.M.A.R.T. Repair Virus; Systemwiederherstellung durchgeführt; was bleibt zu tun? Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.07.2012, 22:38
| #15 |
| | S.M.A.R.T. Repair Virus; Systemwiederherstellung durchgeführt; was bleibt zu tun?Code:
ATTFilter OTL logfile created on: 13.07.2012 23:17:46 - Run 2 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Mathias\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,96 Gb Available Physical Memory | 65,44% Memory free 5,99 Gb Paging File | 4,77 Gb Available in Paging File | 79,62% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 455,99 Gb Total Space | 93,91 Gb Free Space | 20,59% Space Free | Partition Type: NTFS Computer Name: MATHIAS-LAPTOP | User Name: Mathias | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.13 23:15:25 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Mathias\Desktop\OTL.exe PRC - [2012.05.11 09:29:59 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2012.05.11 09:29:59 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.11 09:29:59 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.11 09:29:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.11 09:29:59 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.08.21 21:46:57 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2011.07.16 06:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin PRC - [2009.08.27 06:48:32 | 001,194,504 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe PRC - [2009.08.26 20:07:24 | 000,698,912 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerTray.exe PRC - [2009.08.26 20:07:22 | 000,690,720 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe PRC - [2009.08.26 20:07:20 | 000,469,536 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerEvent.exe PRC - [2009.08.18 02:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2009.08.18 02:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.05.14 23:03:30 | 000,305,448 | ---- | M] (Egis Technology Inc.) -- C:\Programme\EgisTec\MyWinLocker 3\x86\MWLService.exe PRC - [2009.05.14 23:03:18 | 000,345,384 | ---- | M] (Egis Technology Inc.) -- C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe PRC - [2009.05.13 19:39:42 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Programme\EgisTec Egis Software Update\EgisUpdate.exe PRC - [2009.04.11 19:32:06 | 000,249,600 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe PRC - [2009.04.11 19:32:00 | 000,061,184 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe PRC - [2009.01.21 01:41:24 | 000,202,024 | ---- | M] (CyberLink) -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe PRC - [2009.01.21 01:41:18 | 000,333,096 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe PRC - [2009.01.21 01:41:18 | 000,156,968 | ---- | M] (CyberLink Corp.) -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe PRC - [2008.12.26 17:30:58 | 000,173,288 | ---- | M] (Acer Corp.) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe PRC - [2008.12.18 14:51:34 | 000,075,048 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ========== Modules (No Company Name) ========== MOD - [2011.08.23 14:38:42 | 000,985,088 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll MOD - [2011.08.21 21:46:57 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe MOD - [2011.05.26 13:42:00 | 000,067,872 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2009.02.02 17:33:56 | 000,460,199 | ---- | M] () -- C:\Programme\NewTech Infosystems\Acer Backup Manager\sqlite3.dll MOD - [2009.01.21 01:41:36 | 000,167,936 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\System\_PyMediaLib.dll MOD - [2009.01.21 01:41:32 | 000,012,288 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\System\_PyPCMSvrInfo.dll MOD - [2009.01.21 01:41:30 | 000,036,864 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\System\_PyPCMAgentInfo.dll MOD - [2009.01.21 01:41:26 | 000,872,448 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll MOD - [2009.01.21 01:41:22 | 000,007,680 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll MOD - [2009.01.21 01:41:18 | 000,065,536 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\zlib.pyd MOD - [2009.01.21 01:41:14 | 000,692,224 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Koan\_bsddb.pyd MOD - [2009.01.21 01:41:14 | 000,479,232 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Koan\_ssl.pyd MOD - [2009.01.21 01:41:14 | 000,135,168 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Koan\pyexpat.pyd MOD - [2009.01.21 01:41:14 | 000,049,152 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Koan\_socket.pyd ========== Win32 Services (SafeList) ========== SRV - [2012.07.12 18:15:45 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.05.11 09:29:59 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2012.05.11 09:29:59 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.11 09:29:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.11 09:18:50 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2011.08.23 00:33:51 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2009.08.26 20:07:22 | 000,690,720 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc) SRV - [2009.08.18 02:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2009.05.14 23:03:30 | 000,305,448 | ---- | M] () [Auto | Running] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService) SRV - [2009.04.11 19:32:00 | 000,061,184 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2009.01.16 20:53:30 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService) SRV - [2008.12.18 14:51:34 | 000,075,048 | ---- | M] () [Auto | Running] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService) SRV - [2007.08.24 04:19:12 | 000,443,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - [2012.05.11 09:29:59 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.11 09:29:59 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.08.18 03:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.07.14 00:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009.06.24 12:23:12 | 000,159,776 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService) DRV - [2009.01.16 20:53:32 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio) DRV - [2008.12.04 18:34:34 | 000,059,952 | ---- | M] (Egis Incorporated.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV - [2008.12.04 18:34:34 | 000,019,504 | ---- | M] (Egis Incorporated.) [File_System | System | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV - [2008.12.04 18:34:34 | 000,016,432 | ---- | M] (Egis Incorporated.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV - [2008.09.04 06:12:56 | 000,223,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=0811&m=aspire_5738 IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-870723337-732186457-395206212-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=0811&m=aspire_5738 IE - HKU\S-1-5-21-870723337-732186457-395206212-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKU\S-1-5-21-870723337-732186457-395206212-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-870723337-732186457-395206212-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data] IE - HKU\S-1-5-21-870723337-732186457-395206212-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=0811&m=aspire_5738 IE - HKU\S-1-5-21-870723337-732186457-395206212-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-870723337-732186457-395206212-1000\..\SearchScopes,DefaultScope = {C4654FC7-7709-4DF2-A65C-B5B887A4ED99} IE - HKU\S-1-5-21-870723337-732186457-395206212-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-870723337-732186457-395206212-1000\..\SearchScopes\{C4654FC7-7709-4DF2-A65C-B5B887A4ED99}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_de IE - HKU\S-1-5-21-870723337-732186457-395206212-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-870723337-732186457-395206212-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.08.23 20:50:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.03 22:43:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.16 15:32:57 | 000,000,000 | ---D | M] [2011.08.22 23:36:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mathias\AppData\Roaming\mozilla\Extensions [2012.07.11 17:47:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mathias\AppData\Roaming\mozilla\Firefox\Profiles\5pn5sgzq.default\extensions [2012.07.03 22:43:48 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Mathias\AppData\Roaming\mozilla\Firefox\Profiles\5pn5sgzq.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.05.11 16:55:45 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.05.11 09:18:50 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.04.10 19:37:10 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.06.28 08:38:46 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.28 08:38:46 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.28 08:38:46 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.28 08:38:46 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.28 08:38:46 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.28 08:38:46 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [mwlDaemon] C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKU\S-1-5-21-870723337-732186457-395206212-1000..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Mathias\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{124D590A-07D6-4927-9591-6D2570E914EE}: DhcpNameServer = 10.0.0.138 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.07.13 20:51:50 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Mathias\Desktop\unhide.exe [2012.07.07 11:14:59 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.07.07 11:14:37 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Mathias\Desktop\esetsmartinstaller_enu.exe [2012.07.05 20:00:35 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\Malwarebytes [2012.07.05 20:00:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.05 20:00:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.05 20:00:31 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.07.05 20:00:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.07.05 19:57:53 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Mathias\Desktop\mbam-setup-1.61.0.1400.exe [2012.07.04 09:11:54 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Mathias\Desktop\OTL.exe [2012.07.03 20:05:12 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Recovery [2012.06.25 22:56:42 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\PDF24 [2012.06.25 22:54:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24 [2012.06.25 22:54:53 | 000,000,000 | ---D | C] -- C:\Program Files\PDF24 [2012.06.22 09:21:46 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\ElevatedDiagnostics [2012.06.22 09:14:22 | 000,000,000 | ---D | C] -- C:\Users\Mathias\Desktop\Study Aid etc [2012.06.15 08:39:32 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\Macromedia ========== Files - Modified Within 30 Days ========== [2012.07.13 23:15:25 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Mathias\Desktop\OTL.exe [2012.07.13 22:51:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.13 20:52:19 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Mathias\Desktop\unhide.exe [2012.07.13 20:51:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.11 17:55:55 | 000,011,104 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.11 17:55:55 | 000,011,104 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.11 17:48:19 | 2411,855,872 | -HS- | M] () -- C:\hiberfil.sys [2012.07.10 17:43:56 | 000,618,655 | ---- | M] () -- C:\Users\Mathias\Desktop\adwcleaner.exe [2012.07.07 11:14:38 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Mathias\Desktop\esetsmartinstaller_enu.exe [2012.07.05 20:00:32 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.05 19:58:12 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Mathias\Desktop\mbam-setup-1.61.0.1400.exe [2012.07.04 09:18:48 | 000,000,000 | ---- | M] () -- C:\Users\Mathias\defogger_reenable [2012.07.04 09:12:32 | 000,302,592 | ---- | M] () -- C:\Users\Mathias\Desktop\vomherxq.exe [2012.07.04 09:11:43 | 000,050,477 | ---- | M] () -- C:\Users\Mathias\Desktop\Defogger.exe [2012.07.03 20:05:20 | 000,000,136 | ---- | M] () -- C:\ProgramData\-MYC7NlSPONnkXcr [2012.07.03 20:05:20 | 000,000,000 | ---- | M] () -- C:\ProgramData\-MYC7NlSPONnkXc [2012.07.03 20:05:08 | 000,000,256 | ---- | M] () -- C:\ProgramData\MYC7NlSPONnkXc [2012.07.01 21:36:22 | 000,039,914 | ---- | M] () -- C:\Users\Mathias\Desktop\main;jsessionid=23492252422C1E495BE551A2FA2473B3.pdf [2012.06.14 22:33:58 | 000,361,368 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.06.14 09:40:44 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.06.14 09:40:44 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.06.14 09:40:44 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.06.14 09:40:44 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat ========== Files Created - No Company Name ========== [2012.07.10 17:43:55 | 000,618,655 | ---- | C] () -- C:\Users\Mathias\Desktop\adwcleaner.exe [2012.07.05 20:00:32 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.04 09:18:48 | 000,000,000 | ---- | C] () -- C:\Users\Mathias\defogger_reenable [2012.07.04 09:12:32 | 000,302,592 | ---- | C] () -- C:\Users\Mathias\Desktop\vomherxq.exe [2012.07.04 09:11:42 | 000,050,477 | ---- | C] () -- C:\Users\Mathias\Desktop\Defogger.exe [2012.07.03 20:05:20 | 000,000,136 | ---- | C] () -- C:\ProgramData\-MYC7NlSPONnkXcr [2012.07.03 20:05:19 | 000,000,000 | ---- | C] () -- C:\ProgramData\-MYC7NlSPONnkXc [2012.07.03 20:05:07 | 000,000,256 | ---- | C] () -- C:\ProgramData\MYC7NlSPONnkXc [2012.07.01 21:36:22 | 000,039,914 | ---- | C] () -- C:\Users\Mathias\Desktop\main;jsessionid=23492252422C1E495BE551A2FA2473B3.pdf [2012.06.25 22:20:03 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2012.06.25 22:20:02 | 000,389,120 | ---- | C] () -- C:\Windows\System32\actskn43.ocx [2011.10.07 12:28:40 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.10.07 12:28:40 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD7030.DAT [2011.08.22 23:23:25 | 000,001,496 | R--- | C] () -- C:\Windows\System32\drivers\RtkAcerM.dat [2011.08.22 23:23:24 | 000,000,520 | R--- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat [2011.08.22 23:23:24 | 000,000,520 | R--- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat [2011.08.22 23:23:24 | 000,000,520 | R--- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2011.08.22 06:17:52 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll [2011.08.22 00:10:48 | 000,021,532 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat [2011.08.21 23:57:41 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.08.21 21:47:15 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe [2011.08.21 21:47:15 | 000,000,074 | ---- | C] () -- C:\Windows\PidList.ini [2011.08.21 21:47:13 | 000,106,496 | ---- | C] () -- C:\Windows\FixUVC.exe [2011.08.21 21:45:04 | 000,123,780 | R--- | C] () -- C:\Windows\System32\drivers\RtConvEQ.DAT [2011.08.21 21:45:04 | 000,000,728 | R--- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat [2011.08.21 21:45:04 | 000,000,008 | R--- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat [2011.06.22 10:43:30 | 000,024,064 | ---- | C] () -- C:\Windows\System32\sst2cl3.dll [2011.04.29 03:48:52 | 000,274,432 | ---- | C] () -- C:\Windows\System32\SaMinDrv.dll [2011.04.29 03:48:52 | 000,106,496 | ---- | C] () -- C:\Windows\System32\SaImgFlt.dll [2011.04.29 03:48:52 | 000,090,112 | ---- | C] () -- C:\Windows\System32\SaSegFlt.dll [2011.04.29 03:48:50 | 000,061,440 | ---- | C] () -- C:\Windows\System32\SaErHdlr.dll ========== LOP Check ========== [2011.08.22 00:08:07 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console [2011.08.22 00:08:07 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console [2012.06.28 23:05:14 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\.anki [2012.06.28 16:23:54 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\.matplotlib [2011.08.22 00:07:43 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Acer GameZone Console [2012.07.11 17:49:18 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Dropbox [2012.07.03 22:42:38 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\OpenOffice.org [2012.07.12 18:19:27 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\PowerCinema [2009.07.14 06:53:46 | 000,029,674 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.06.28 23:05:14 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\.anki [2012.06.28 16:23:54 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\.matplotlib [2011.08.22 00:07:43 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Acer GameZone Console [2012.07.03 22:42:23 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Adobe [2011.11.04 12:34:18 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Apple Computer [2011.08.22 00:07:43 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\ATI [2011.10.26 19:35:57 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Avira [2011.11.07 16:48:31 | 000,000,000 | R--D | M] -- C:\Users\Mathias\AppData\Roaming\Brother [2012.07.11 17:49:18 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Dropbox [2011.08.21 21:44:10 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Google [2011.08.22 23:53:29 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Identities [2012.07.03 22:43:47 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\InstallShield [2011.08.22 00:07:43 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Macromedia [2012.07.05 20:00:35 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Malwarebytes [2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Media Center Programs [2012.07.03 23:23:14 | 000,000,000 | --SD | M] -- C:\Users\Mathias\AppData\Roaming\Microsoft [2012.07.03 22:42:33 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Mozilla [2012.07.03 22:42:38 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\OpenOffice.org [2012.07.12 18:19:27 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\PowerCinema [2012.07.03 22:43:48 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\vlc < %APPDATA%\*.exe /s > [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Mathias\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012.05.24 20:39:24 | 000,872,144 | ---- | M] (Dropbox, Inc.) -- C:\Users\Mathias\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe [2012.05.24 20:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\Mathias\AppData\Roaming\Dropbox\bin\Uninstall.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTOR.SYS > [2009.02.12 18:26:18 | 000,407,576 | ---- | M] (Intel Corporation) MD5=1ADAA4F16073FD0C7270F451FD024E97 -- C:\Acer\Preload\Autorun\DRV\AHCI\X64\IaStor.sys [2009.02.12 18:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Acer\Preload\Autorun\DRV\AHCI\X86\IaStor.sys [2009.02.12 18:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_e0c941a8b0e04b56\iaStor.sys [2009.02.12 18:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_x86_neutral_7009a7672ee571e2\iaStor.sys [2009.06.04 12:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys [2009.06.04 12:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_4f144d6467fc7c22\iaStor.sys [2009.06.04 12:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_x86_neutral_10aa509d6843c6fc\iaStor.sys < MD5 for: IASTORV.SYS > [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys [2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys [2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > < End of report > |
|
| Themen zu S.M.A.R.T. Repair Virus; Systemwiederherstellung durchgeführt; was bleibt zu tun? |
| 7-zip, antivir, avira, avira searchfree toolbar, bho, bonjour, computer, error, firefox, flash player, helper, home, install.exe, ip-adresse, launch, locker, logfile, microsoft office word, mozilla, mywinlocker, nicht öffnen, plug-in, popup, problem, realtek, registry, scan, searchscopes, security, senden, software, svchost.exe, usb 2.0, virus, warnung, windows, zugriff verweigert, ändern |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
