| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Microsoft.Windows.RedirectedHostsWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
23.09.2012, 15:45
| #1 |
 |  Microsoft.Windows.RedirectedHosts Hallo, ich habe schon geschaut, ob ich was passendes finde, aber weiterhelfen konnte mir bisher leider nichts. habe einen besch..eidenen O2 Stick INternet Anschluss, aber seit ein paar Tagen brauch dieses lange um sich ins Internet einzuwählen. Desweiteren hab ich mit Spybot Search & Destroy die Warnung erhalten: Microsoft.Windows.RedirectingHosts .. kann dieses aber nicht löschen oder sonstiges. ZoneAlarm hat nichts gefunden. Könnt ihr mir bitte helfen? |
|
24.09.2012, 06:27
| #2 |
| /// the machine /// TB-Ausbilder    | Microsoft.Windows.RedirectedHosts Hi,
__________________http://www.trojaner-board.de/69886-a...-beachten.html Bitte alle Punkte hier abarbeiten und die Logfiles posten.
__________________ |
|
24.09.2012, 08:15
| #3 |
| | Microsoft.Windows.RedirectedHosts Hi schrauber,
__________________schonmal Danke für deine Hilfe. Hier die Logfiles: defogger_disable by jpshortstuff (23.02.10.1) Log created at 08:40 on 24/09/2012 (BeautifulMistake) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- ____________________________________________OTL Logfile: Code:
ATTFilter OTL logfile created on: 24.09.2012 09:03:20 - Run 1 OTL by OldTimer - Version 3.2.66.2 Folder = C:\Users\BeautifulMistake\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 1,42 Gb Available Physical Memory | 36,78% Memory free 7,71 Gb Paging File | 5,02 Gb Available in Paging File | 65,15% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 74,52 Gb Total Space | 23,87 Gb Free Space | 32,02% Space Free | Partition Type: NTFS Drive D: | 204,04 Gb Total Space | 203,93 Gb Free Space | 99,95% Space Free | Partition Type: NTFS Drive E: | 597,18 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive F: | 8,06 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: MEIN-PC | User Name: BeautifulMistake | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.24 08:41:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\BeautifulMistake\Desktop\OTL.exe PRC - [2012.09.24 08:39:54 | 000,050,477 | ---- | M] () -- C:\Users\BeautifulMistake\Desktop\Defogger.exe PRC - [2012.08.30 04:58:46 | 001,229,848 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2012.08.29 16:17:06 | 002,445,880 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe PRC - [2012.02.15 11:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe PRC - [2010.11.08 03:23:39 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe PRC - [2010.08.18 00:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe PRC - [2010.07.02 23:36:26 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe PRC - [2010.06.09 19:55:54 | 001,080,448 | ---- | M] (asus) -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe PRC - [2010.05.04 00:45:50 | 000,182,912 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe PRC - [2010.05.04 00:41:46 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe PRC - [2009.12.15 20:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe PRC - [2009.11.12 21:01:16 | 000,202,024 | ---- | M] (CyberLink) -- C:\Program Files (x86)\ASUS\AI TouchMedia\AI TouchMedia\Kernel\CLML\CLMLSvc.exe PRC - [2009.10.01 05:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.10.01 05:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.08.12 22:32:56 | 000,365,936 | ---- | M] (Boingo Wireless, Inc.) -- C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe PRC - [2009.07.31 20:38:24 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe PRC - [2009.06.19 20:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe PRC - [2009.06.19 20:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe PRC - [2009.06.16 03:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe PRC - [2008.12.23 03:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe PRC - [2008.03.31 12:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe PRC - [2008.02.27 20:49:46 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe PRC - [2007.11.30 21:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ========== Modules (No Company Name) ========== MOD - [2012.09.24 08:39:54 | 000,050,477 | ---- | M] () -- C:\Users\BeautifulMistake\Desktop\Defogger.exe MOD - [2012.08.30 04:58:45 | 000,442,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll MOD - [2012.08.30 04:58:44 | 012,237,336 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll MOD - [2012.08.30 04:58:42 | 003,997,720 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\pdf.dll MOD - [2012.08.30 04:57:27 | 000,526,872 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\libglesv2.dll MOD - [2012.08.30 04:57:26 | 000,104,984 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\libegl.dll MOD - [2012.08.30 04:57:15 | 000,144,424 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\avutil-51.dll MOD - [2012.08.30 04:57:13 | 000,266,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\avformat-54.dll MOD - [2012.08.30 04:57:12 | 002,480,680 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\avcodec-54.dll MOD - [2012.06.16 19:52:21 | 014,325,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\517358eb2fd962a942dd1ea6afc5b93e\PresentationFramework.ni.dll MOD - [2012.06.16 19:51:48 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll MOD - [2012.06.16 19:51:37 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll MOD - [2012.06.16 19:51:27 | 012,218,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\e9d0ba41128f363f2390c7e630129c2b\PresentationCore.ni.dll MOD - [2012.05.12 05:41:56 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\3f9dee1ce0ccb42145293a5bfcbe7205\System.Management.ni.dll MOD - [2012.05.12 05:31:02 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\fc626095c194be137bceb219934b06a7\PresentationFramework.Aero.ni.dll MOD - [2012.05.12 05:29:46 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll MOD - [2012.05.12 05:29:41 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll MOD - [2012.05.12 05:29:37 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll MOD - [2012.05.12 05:29:36 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll MOD - [2012.05.12 05:29:27 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010.07.02 23:36:26 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe MOD - [2010.02.24 01:14:22 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll MOD - [2010.02.24 01:14:18 | 000,041,472 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\HelpFunc.dll MOD - [2010.02.24 01:14:10 | 000,050,688 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\P4GControl.dll MOD - [2010.02.24 01:12:22 | 000,186,880 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll MOD - [2010.02.24 01:11:46 | 000,076,288 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll MOD - [2009.11.12 21:01:18 | 000,873,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI TouchMedia\AI TouchMedia\Kernel\CLML\CLMediaLibrary.dll MOD - [2009.11.12 21:01:12 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI TouchMedia\AI TouchMedia\Kernel\CLML\CLMLSvcPS.dll MOD - [2009.08.04 11:50:05 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll MOD - [2008.02.27 20:49:46 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe MOD - [2008.02.27 20:48:58 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\LocaleMgrPlugin.dll MOD - [2008.02.27 20:48:22 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\SMSPlugin.dll MOD - [2008.02.27 20:47:32 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\NotifyServicePlugin.dll MOD - [2008.02.27 20:45:36 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\ConfigFilePlugin.dll MOD - [2008.02.27 20:44:32 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\DeviceMgrPlugin.dll MOD - [2008.02.27 20:42:28 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\NetInfoPlugin.dll MOD - [2008.02.27 20:40:30 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\DialUpPlugin.dll MOD - [2008.02.27 20:39:30 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\DeviceMgrUIPlugin.dll MOD - [2008.02.25 11:54:40 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Mobile Partner\DetectDev.dll MOD - [2008.02.25 11:54:40 | 000,045,056 | R--- | M] () -- C:\Program Files (x86)\Mobile Partner\DeviceOperate.dll MOD - [2008.02.25 11:54:40 | 000,041,472 | R--- | M] () -- C:\Program Files (x86)\Mobile Partner\XCodec.dll MOD - [2008.02.25 11:54:38 | 000,491,520 | R--- | M] () -- C:\Program Files (x86)\Mobile Partner\atcomm.dll MOD - [2008.02.25 11:54:38 | 000,090,112 | R--- | M] () -- C:\Program Files (x86)\Mobile Partner\FileManager.dll MOD - [2008.02.25 11:54:34 | 000,014,848 | R--- | M] () -- C:\Program Files (x86)\Mobile Partner\isaputrace.dll MOD - [2007.11.30 21:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe MOD - [2007.06.15 20:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll MOD - [2007.06.02 03:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.08.30 13:05:28 | 000,827,560 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc) SRV:64bit: - [2010.08.11 15:44:45 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010.06.22 21:20:42 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent) SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2012.08.29 16:17:06 | 002,445,880 | ---- | M] (Check Point Software Technologies LTD) [Auto | Stopped] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.11.17 18:39:02 | 003,993,576 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.15 20:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2009.10.01 05:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009.10.01 05:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009.06.16 03:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.03.31 12:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [On_Demand | Running] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.08.30 13:05:42 | 000,033,712 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL) DRV:64bit: - [2012.03.08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.01.09 18:59:32 | 000,485,680 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2012.01.09 18:59:30 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1) DRV:64bit: - [2012.01.09 18:59:30 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2) DRV:64bit: - [2011.05.07 17:51:32 | 000,454,232 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant) DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.08 03:23:30 | 000,035,384 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm) DRV:64bit: - [2010.11.08 02:56:02 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.08.11 16:15:49 | 007,765,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.08.11 15:11:07 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.07.15 02:47:41 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2010.07.14 08:17:27 | 000,735,360 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2010.06.08 04:33:13 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.04.13 12:15:03 | 000,135,560 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2010.03.02 10:45:23 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010.02.25 05:26:57 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\JME.sys -- (JME) DRV:64bit: - [2009.09.17 22:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.08.20 04:41:37 | 001,800,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) DRV:64bit: - [2009.08.18 10:23:31 | 000,143,472 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR) DRV:64bit: - [2009.07.20 11:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.05.13 19:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor) DRV:64bit: - [2008.05.24 03:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV:64bit: - [2008.02.25 11:59:14 | 000,112,512 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.03 03:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) DRV - [2004.12.31 08:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dsl-start.computerbild.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = about:blank [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ASUT_de___DE423 IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={19EA2F00-C3E7-40E1-9963-691DAA920106}&mid=543066ce4b7847d688b8f1867637dece-024aaf0b2d5be5810c9e55ab48b435f0c399463c&lang=de&ds=AVG&pr=fr&d=2012-08-26 12:21:18&v=10.0.0.7&sap=dsp&q={searchTerms} IE - HKCU\..\SearchScopes\{B67697C7-3AE2-4DB3-96BB-AC45D654D20B}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms} IE - HKCU\..\SearchScopes\{BF537260-1789-4245-A36B-A12E63E1763A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=OSDSRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.startskins.com/startpage/8244573775/" FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.8 FF - prefs.js..extensions.enabledAddons: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.2.6 FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7B9cdfb136-1ea1-4593-ad15-c39f1207f7b0%7D&mid=543066ce4b7847d688b8f1867637dece-024aaf0b2d5be5810c9e55ab48b435f0c399463c&ds=AVG&v=11.1.0.7&lang=de&pr=pa&d=2011-12-07%2008%3A26%3A23&sap=ku&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\BeautifulMistake\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2012.09.21 13:07:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2012.09.21 13:07:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 13:28:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.23 12:24:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2011.07.10 18:43:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BeautifulMistake\AppData\Roaming\mozilla\Extensions [2012.08.24 15:25:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BeautifulMistake\AppData\Roaming\mozilla\Firefox\Profiles\9hv1s26a.default\extensions [2011.09.01 17:31:57 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\BeautifulMistake\AppData\Roaming\mozilla\Firefox\Profiles\9hv1s26a.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.06.19 15:58:39 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\BeautifulMistake\AppData\Roaming\mozilla\Firefox\Profiles\9hv1s26a.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2012.05.12 21:22:19 | 000,258,567 | ---- | M] () (No name found) -- C:\Users\BeautifulMistake\AppData\Roaming\mozilla\firefox\profiles\9hv1s26a.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2012.08.24 15:25:38 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\BeautifulMistake\AppData\Roaming\mozilla\firefox\profiles\9hv1s26a.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.09.19 15:23:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.02.09 00:56:04 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.02.09 00:56:02 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.26 12:21:16 | 000,003,766 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2012.02.09 00:56:02 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.09 00:56:02 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.09 00:56:02 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.09 00:56:02 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.09 00:56:02 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.de/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.de/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\BeautifulMistake\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: AVG Internet Security (Enabled) = C:\Users\BeautifulMistake\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\BeautifulMistake\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Unity Player (Enabled) = C:\Users\BeautifulMistake\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - Extension: WOT = C:\Users\BeautifulMistake\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.3.1_0\ CHR - Extension: YouTube = C:\Users\BeautifulMistake\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\BeautifulMistake\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Users\BeautifulMistake\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012.09.19 15:52:35 | 001,338,346 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.zzzz1.com O1 - Hosts: 127.0.0.1 zzzz1.com O1 - Hosts: 127.0.0.1 www.baidu345.com O1 - Hosts: 127.0.0.1 baidu345.com O1 - Hosts: 127.0.0.1 www.ttsou.cn O1 - Hosts: 127.0.0.1 ttsou.cn O1 - Hosts: 127.0.0.1 www.zhaomeimei.cn O1 - Hosts: 127.0.0.1 www.511u.com O1 - Hosts: 127.0.0.1 www.37698.com O1 - Hosts: 127.0.0.1 37698.com O1 - Hosts: 127.0.0.1 www.hk0707.com O1 - Hosts: 127.0.0.1 www.hk0909.com O1 - Hosts: 127.0.0.1 www2.99vod.net O1 - Hosts: 127.0.0.1 www.99vod.net O1 - Hosts: 127.0.0.1 www.51mxd.com O1 - Hosts: 127.0.0.1 www.meizi7472831.com O1 - Hosts: 127.0.0.1 www.game929.com O1 - Hosts: 127.0.0.1 www.91d2d.com O1 - Hosts: 127.0.0.1 91d2d.com O1 - Hosts: 127.0.0.1 www.wangxiangad.com O1 - Hosts: 127.0.0.1 music.wangxiangad.com O1 - Hosts: 127.0.0.1 www.59552.com O1 - Hosts: 127.0.0.1 qq.59552.com O1 - Hosts: 127.0.0.1 2007.5ixp.com O1 - Hosts: 47857 more lines... O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4:64bit: - HKLM..\Run: [ISW] File not found O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe () O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe File not found O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk () O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F858300-4F38-4E1F-8F0B-DB16FDF4D77A}: NameServer = 193.189.244.225 193.189.244.206 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.01.31 17:33:31 | 000,000,000 | ---D | M] - E:\AutoPlay -- [ CDFS ] O32 - AutoRun File - [2008.01.31 17:26:38 | 000,000,057 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2008.02.26 19:28:20 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.) - F:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2008.02.26 19:28:20 | 000,000,047 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{144b9e88-80a7-11e0-adb3-20cf30d3373d}\Shell - "" = AutoRun O33 - MountPoints2\{144b9e88-80a7-11e0-adb3-20cf30d3373d}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008.02.26 19:28:20 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\{144b9e8a-80a7-11e0-adb3-20cf30d3373d}\Shell - "" = AutoRun O33 - MountPoints2\{144b9e8a-80a7-11e0-adb3-20cf30d3373d}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008.02.26 19:28:20 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\{292deb12-861c-11e0-bc4d-20cf30d3373d}\Shell - "" = AutoRun O33 - MountPoints2\{292deb12-861c-11e0-bc4d-20cf30d3373d}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008.02.26 19:28:20 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\{292deb14-861c-11e0-bc4d-20cf30d3373d}\Shell - "" = AutoRun O33 - MountPoints2\{292deb14-861c-11e0-bc4d-20cf30d3373d}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008.02.26 19:28:20 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\{34cf80e4-ead5-11df-a717-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{34cf80e4-ead5-11df-a717-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Intro.exe -- [2008.01.31 17:26:38 | 002,410,040 | R--- | M] (o2 (Germany) GmbH & Co. OHG) O33 - MountPoints2\{83699d96-531e-11e0-9bdf-20cf30d3373d}\Shell - "" = AutoRun O33 - MountPoints2\{83699d96-531e-11e0-9bdf-20cf30d3373d}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008.02.26 19:28:20 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\{83699d9a-531e-11e0-9bdf-20cf30d3373d}\Shell - "" = AutoRun O33 - MountPoints2\{83699d9a-531e-11e0-9bdf-20cf30d3373d}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008.02.26 19:28:20 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008.02.26 19:28:20 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.09.24 08:41:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\BeautifulMistake\Desktop\OTL.exe [2012.09.23 23:45:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.09.23 23:45:04 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.09.23 23:45:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.09.23 12:53:13 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys [2012.09.23 12:49:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Terminator [2012.09.23 12:38:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.09.23 12:38:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2012.09.23 12:36:36 | 000,000,000 | ---D | C] -- C:\Users\BeautifulMistake\AppData\Roaming\#ISW.FS# [2012.09.23 12:05:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap [2012.09.23 12:02:48 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations [2012.09.21 13:09:40 | 000,011,864 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kl2.sys [2012.09.21 13:09:35 | 000,460,888 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kl1.sys [2012.09.21 13:09:29 | 000,485,680 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2012.09.21 13:09:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point [2012.09.21 13:07:58 | 000,000,000 | ---D | C] -- C:\Users\BeautifulMistake\Documents\ForceField Shared Files [2012.09.21 13:07:57 | 000,000,000 | ---D | C] -- C:\Users\BeautifulMistake\AppData\Roaming\CheckPoint [2012.09.21 13:07:42 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint [2012.09.21 13:00:10 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint [2012.09.21 13:00:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CheckPoint [2012.09.20 21:51:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.09.20 07:50:19 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2012.09.20 07:49:34 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2012.09.20 07:49:34 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2012.09.15 17:26:24 | 000,000,000 | ---D | C] -- C:\Users\BeautifulMistake\AppData\Local\{E47126F1-C084-4D1F-AEFD-A5D3D1293D20} [2012.09.04 14:50:11 | 000,000,000 | ---D | C] -- C:\Users\BeautifulMistake\AppData\Local\{56FFC349-404E-4985-920E-EFEBD7FAD21B} [2012.08.26 13:40:29 | 000,000,000 | ---D | C] -- C:\Users\BeautifulMistake\AppData\Local\Macromedia [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.09.24 08:44:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.09.24 08:41:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\BeautifulMistake\Desktop\OTL.exe [2012.09.24 08:40:36 | 000,000,000 | ---- | M] () -- C:\Users\BeautifulMistake\defogger_reenable [2012.09.24 08:39:54 | 000,050,477 | ---- | M] () -- C:\Users\BeautifulMistake\Desktop\Defogger.exe [2012.09.23 19:15:59 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.23 19:15:59 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.23 19:09:01 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.09.23 19:08:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.23 19:08:39 | 3105,259,520 | -HS- | M] () -- C:\hiberfil.sys [2012.09.23 14:27:13 | 000,001,799 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini [2012.09.23 14:26:54 | 000,002,522 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini [2012.09.23 14:24:54 | 000,175,940 | ---- | M] () -- C:\Users\BeautifulMistake\Documents\cc_20120923_142449.reg [2012.09.23 12:53:13 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys [2012.09.21 13:18:41 | 000,415,877 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml [2012.09.20 21:06:01 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2012.09.20 06:43:26 | 000,309,528 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.09.19 15:52:35 | 001,338,346 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.09.17 19:38:39 | 000,051,592 | ---- | M] () -- C:\Users\BeautifulMistake\Documents\cc_20120917_193834.reg [2012.09.15 00:41:47 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.09.15 00:41:47 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.09.15 00:41:47 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.09.15 00:41:47 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.09.15 00:41:47 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.09.14 22:13:57 | 000,047,347 | ---- | M] () -- C:\Users\BeautifulMistake\Desktop\Termine.pdf [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.09.24 08:40:36 | 000,000,000 | ---- | C] () -- C:\Users\BeautifulMistake\defogger_reenable [2012.09.24 08:40:03 | 000,050,477 | ---- | C] () -- C:\Users\BeautifulMistake\Desktop\Defogger.exe [2012.09.23 14:24:51 | 000,175,940 | ---- | C] () -- C:\Users\BeautifulMistake\Documents\cc_20120923_142449.reg [2012.09.21 13:09:44 | 000,415,877 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml [2012.09.20 07:50:19 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt [2012.09.17 19:38:38 | 000,051,592 | ---- | C] () -- C:\Users\BeautifulMistake\Documents\cc_20120917_193834.reg [2012.09.14 22:14:03 | 000,047,347 | ---- | C] () -- C:\Users\BeautifulMistake\Desktop\Termine.pdf [2012.06.25 19:04:28 | 000,002,147 | ---- | C] () -- C:\Users\BeautifulMistake\.recently-used.xbel [2011.11.13 22:22:38 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat [2011.11.13 22:22:38 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat [2011.06.10 07:52:02 | 001,527,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.05.19 10:31:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.03.19 12:08:21 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini [2010.11.08 03:24:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.11.08 03:15:18 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010.11.08 03:02:37 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.09.23 12:36:43 | 000,000,000 | ---D | M] -- C:\Users\BeautifulMistake\AppData\Roaming\#ISW.FS# [2012.09.20 07:30:04 | 000,000,000 | ---D | M] -- C:\Users\BeautifulMistake\AppData\Roaming\Asus WebStorage [2011.11.24 18:09:13 | 000,000,000 | ---D | M] -- C:\Users\BeautifulMistake\AppData\Roaming\Big Fish Games [2011.12.07 14:52:34 | 000,000,000 | ---D | M] -- C:\Users\BeautifulMistake\AppData\Roaming\BOM [2012.09.21 13:07:57 | 000,000,000 | ---D | M] -- C:\Users\BeautifulMistake\AppData\Roaming\CheckPoint [2012.08.26 13:31:03 | 000,000,000 | ---D | M] -- C:\Users\BeautifulMistake\AppData\Roaming\DesktopIconForAmazon [2012.02.07 19:53:33 | 000,000,000 | ---D | M] -- C:\Users\BeautifulMistake\AppData\Roaming\DVDVideoSoft [2012.08.26 13:31:50 | 000,000,000 | ---D | M] -- C:\Users\BeautifulMistake\AppData\Roaming\DVDVideoSoftIEHelpers [2012.06.27 18:13:45 | 000,000,000 | ---D | M] -- C:\Users\BeautifulMistake\AppData\Roaming\gtk-2.0 [2012.09.23 19:53:28 | 000,000,000 | ---D | M] -- C:\Users\BeautifulMistake\AppData\Roaming\ICQ [2011.06.17 22:52:38 | 000,000,000 | ---D | M] -- C:\Users\BeautifulMistake\AppData\Roaming\OCS [2011.03.27 16:59:56 | 000,000,000 | ---D | M] -- C:\Users\BeautifulMistake\AppData\Roaming\ooVoo Details [2011.12.18 11:41:57 | 000,000,000 | ---D | M] -- C:\Users\BeautifulMistake\AppData\Roaming\OpenOffice.org [2011.06.17 22:52:42 | 000,000,000 | ---D | M] -- C:\Users\BeautifulMistake\AppData\Roaming\Opera [2011.03.18 23:19:13 | 000,000,000 | ---D | M] -- C:\Users\BeautifulMistake\AppData\Roaming\PowerCinema [2012.02.28 23:01:08 | 000,000,000 | ---D | M] -- C:\Users\BeautifulMistake\AppData\Roaming\SoftGrid Client [2011.06.10 07:52:41 | 000,000,000 | ---D | M] -- C:\Users\BeautifulMistake\AppData\Roaming\TP [2012.01.13 01:32:42 | 000,000,000 | ---D | M] -- C:\Users\BeautifulMistake\AppData\Roaming\TS3Client [2011.09.15 17:44:05 | 000,000,000 | ---D | M] -- C:\Users\BeautifulMistake\AppData\Roaming\TuneUp Software [2012.07.26 20:53:00 | 000,000,000 | ---D | M] -- C:\Users\BeautifulMistake\AppData\Roaming\Windows Live Writer [2011.07.10 23:23:31 | 000,000,000 | ---D | M] -- C:\Users\BeautifulMistake\AppData\Roaming\WindSolutions ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 169 bytes -> C:\ProgramData\Temp:A4AF8D0D @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:A724744F @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:115CEE00 < End of report > ________________________________________________ OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 24.09.2012 09:03:20 - Run 1
OTL by OldTimer - Version 3.2.66.2 Folder = C:\Users\BeautifulMistake\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,86 Gb Total Physical Memory | 1,42 Gb Available Physical Memory | 36,78% Memory free
7,71 Gb Paging File | 5,02 Gb Available in Paging File | 65,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74,52 Gb Total Space | 23,87 Gb Free Space | 32,02% Space Free | Partition Type: NTFS
Drive D: | 204,04 Gb Total Space | 203,93 Gb Free Space | 99,95% Space Free | Partition Type: NTFS
Drive E: | 597,18 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 8,06 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: MEIN-PC | User Name: BeautifulMistake | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1B4F78CB-78C5-482E-8F7C-5EC2B604FA03}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{4CADDB0D-47F4-4F38-9F94-72A4639582A7}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary |
"{6CE10F92-0C91-4157-89D2-E4C3548EF100}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B1C6D9F3-76F4-4C1C-9A29-E1CF30C9B79E}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary |
"{B42EDEDE-025A-4DFD-8E30-AAE3D058A62E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{C3AE2179-5648-41BD-A7AA-01C7860EBDE5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B63A3F6-0DA3-4905-9F54-7E5559B8ABBC}" = dir=in | app=c:\program files (x86)\asus\ai touchmedia\playmovie\playmovie.exe |
"{1A4783A9-0AFE-40A9-BF29-B3EEB41A7B5B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{21435C73-29B8-4152-AB8B-494420205583}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{29FA2E23-E361-4FC2-B04E-E2912AAE163C}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{2ED2AB66-BED1-43D2-92B8-ED7DD05D3715}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{3EB60FA8-F9E2-4EC7-8542-B87DAEDFD19F}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{46ABE917-9E57-466B-9758-B12049D19341}" = dir=in | app=c:\program files (x86)\asus\ai touchmedia\playmovie\pmvservice.exe |
"{492B2BAB-6582-487E-84B8-25597A605533}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{5372371D-8FA4-4228-9350-BD5351A487B6}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{56C5FE46-57BF-41E6-9ACA-B9B0B937DE2E}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{669B5682-AB24-4209-A063-30F69CC0808D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{6D4E91A5-A2BE-47F7-9D03-46782C5F2902}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{9738236A-66C1-4E67-A412-63FB8934AD2A}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{99B92DDF-158B-4B27-829D-EE150ED0ADCA}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{A2F4102E-C873-4BD0-8AE0-229D889673DF}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{BDA56436-C65E-48B4-92FE-9080A8928993}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{C3FE84B1-F149-48A7-95D0-979665AE75C3}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{C4C1FB79-7ECB-405A-BEC7-D8B33335C28D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{C839D9B6-A381-4267-8C9F-655B82A3FEDD}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{CFB26C98-F35C-4B2B-8F04-B82094B3C20A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F22ABBC6-7E8E-459F-B594-17919CCE7F18}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{F47CDD19-1F26-43F0-8205-483A35306E63}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F6CA0BC2-1276-4DCA-ADBC-536282E724C1}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{2E414A76-E6A7-3504-4235-29EAB3FE1F7A}" = ATI AVIVO64 Codecs
"{41BC9E31-0D39-462E-8E4C-767B21A3B1C3}" = MobileMe Control Panel
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96CCD84C-3F80-C618-6202-568608213C7E}" = ccc-utility64
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FDB61EAE-7C1D-7EB6-E1EE-14528E3EB266}" = ATI Catalyst Install Manager
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Elantech" = ETDWare PS/2-x64 7.0.5.11_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"USB2.0 UVC VGA WebCam" = USB2.0 UVC VGA WebCam
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{011162D5-6853-9D60-2BD4-1F3D01966A59}" = CCC Help English
"{05CF7905-AD18-769E-7717-1DC8AF388BEA}" = CCC Help Hungarian
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{1382CAD9-2A6A-F826-96DF-27CC6CC7B3B0}" = CCC Help Czech
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F4C4124-6D6C-4282-63B8-F9468E4404BC}" = Catalyst Control Center InstallProxy
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = AI TouchMedia
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{28452235-8D43-464B-EDB2-18DA5542722D}" = CCC Help Portuguese
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{33013398-9228-42D7-A92A-38CA478F4D57}" = ZoneAlarm Security
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3BD37E91-C31A-CB8A-C48C-21CE58723AEF}" = CCC Help Polish
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{47A1A0D5-37DE-7A02-F411-8DFBA338CCC2}" = CCC Help Swedish
"{47B4F3BD-1FCB-914B-397A-7220136A175F}" = CCC Help Japanese
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D38B420-FDA9-282A-DBBA-3E8E9158A5F4}" = Catalyst Control Center Localization All
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{597535B3-348A-8FBF-1C39-C21E634C1E8A}" = CCC Help Norwegian
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6749B472-63E5-49B4-964A-4B76A33BC768}" = ZoneAlarm Firewall
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69A7B958-4617-9924-F32B-7C1FF3C7EE6C}" = Catalyst Control Center Graphics Previews Common
"{6D5D1791-756B-4C79-98DF-3505C45FDD2F}" = ZoneAlarm Antivirus
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73AA1842-2960-328C-E51E-CEC0B23950C2}" = Catalyst Control Center Graphics Previews Vista
"{75CE15F1-3508-D4AA-6EB4-AB9D55FAD076}" = CCC Help Russian
"{76246D4D-C095-5B94-9EFA-0F6DFF804BB1}" = CCC Help Greek
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77CC4640-98F0-603A-2CDB-A981F09FED6D}" = CCC Help French
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7D1C43EB-EAE9-5D8C-FEF4-E00AF6B9500F}" = CCC Help Finnish
"{81BEA2F5-4F9B-4AF5-A9B2-3210F71931D3}" = Catalyst Control Center - Branding
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{886EA01E-D4B4-D2E1-CEA2-213E9C06DFF5}" = CCC Help Spanish
"{88799CBD-90A6-67FB-310E-79CAB1479F0F}" = CCC Help Chinese Traditional
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}" = JMicron Ethernet Adapter NDIS Driver
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9D8847D7-DF68-2325-250A-96BE101FCF69}" = CCC Help Italian
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA8F54E5-393C-B09B-B641-7CE1D1E1933F}" = CCC Help Dutch
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.2 MUI
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B653A2EC-D816-4498-A4FD-651047AB9DC9}" = Boingo Wi-Fi
"{B8174E5B-B515-3423-1273-4B4B6B483C4B}" = CCC Help Chinese Standard
"{C1234B72-5EAF-807C-46E8-59A1C9FEF6CA}" = CCC Help Turkish
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5CCDB0C-00B7-3A4F-3877-6C57920F05D8}" = CCC Help Korean
"{DA8D3A2D-5FD5-82D1-C9A8-801079EE0FD0}" = CCC Help Thai
"{DAB623DC-33F2-E22E-7B24-2270E8AB1EB3}" = ccc-core-static
"{DDA92568-FE0E-E2F4-35A5-7CD99ADACF26}" = CCC Help Danish
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EC6A04DE-135E-AC5C-AA19-8E350AA5B6D4}" = CCC Help German
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASUS AP Bank_is1" = ASUS AP Bank
"ASUS WebStorage" = ASUS WebStorage
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Google Chrome" = Google Chrome
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = AI TouchMedia
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso
"K_Series_ScreenSaver_EN" = K_Series_ScreenSaver_EN
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"ZoneAlarm Free Antivirus + Firewall" = ZoneAlarm Free Antivirus + Firewall
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich.
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 20.09.2012 00:48:45 | Computer Name = Mein-PC | Source = RasClient | ID = 20227
Description =
Error - 20.09.2012 00:48:46 | Computer Name = Mein-PC | Source = RasClient | ID = 20227
Description =
Error - 20.09.2012 00:48:54 | Computer Name = Mein-PC | Source = RasClient | ID = 20227
Description =
Error - 20.09.2012 00:49:59 | Computer Name = Mein-PC | Source = RasClient | ID = 20227
Description =
Error - 20.09.2012 00:55:52 | Computer Name = Mein-PC | Source = RasClient | ID = 20227
Description =
Error - 20.09.2012 01:07:12 | Computer Name = Mein-PC | Source = System Restore | ID = 8204
Description =
Error - 20.09.2012 01:10:15 | Computer Name = Mein-PC | Source = RasClient | ID = 20227
Description =
Error - 20.09.2012 01:10:28 | Computer Name = Mein-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_RasMan, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7600.16930,
Zeitstempel: 0x4eeb01e3 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000016cb
ID
des fehlerhaften Prozesses: 0x240 Startzeit der fehlerhaften Anwendung: 0x01cd96edb35d2ed9
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe Pfad des fehlerhaften
Moduls: C:\Windows\system32\msvcrt.dll Berichtskennung: 7d87a3c0-02e1-11e2-b280-20cf30d3373d
Error - 20.09.2012 01:12:15 | Computer Name = Mein-PC | Source = McLogEvent | ID = 5051
Description =
Error - 20.09.2012 01:23:43 | Computer Name = Mein-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_RasMan, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7600.16930,
Zeitstempel: 0x4eeb01e3 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000016cb
ID
des fehlerhaften Prozesses: 0x23c Startzeit der fehlerhaften Anwendung: 0x01cd96ef74e64b75
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe Pfad des fehlerhaften
Moduls: C:\Windows\system32\msvcrt.dll Berichtskennung: 57e46267-02e3-11e2-ae51-20cf30d3373d
[ Media Center Events ]
Error - 30.04.2012 11:26:41 | Computer Name = Mein-PC | Source = MCUpdate | ID = 0
Description = 17:26:40 - Fehler beim Herstellen der Internetverbindung. 17:26:40
- Serververbindung konnte nicht hergestellt werden..
Error - 01.05.2012 10:59:30 | Computer Name = Mein-PC | Source = MCUpdate | ID = 0
Description = 16:59:30 - Fehler beim Herstellen der Internetverbindung. 16:59:30
- Serververbindung konnte nicht hergestellt werden..
Error - 01.05.2012 10:59:43 | Computer Name = Mein-PC | Source = MCUpdate | ID = 0
Description = 16:59:35 - Fehler beim Herstellen der Internetverbindung. 16:59:35
- Serververbindung konnte nicht hergestellt werden..
Error - 08.05.2012 09:10:08 | Computer Name = Mein-PC | Source = MCUpdate | ID = 0
Description = 15:10:08 - Fehler beim Herstellen der Internetverbindung. 15:10:08
- Serververbindung konnte nicht hergestellt werden..
Error - 08.05.2012 09:10:22 | Computer Name = Mein-PC | Source = MCUpdate | ID = 0
Description = 15:10:13 - Fehler beim Herstellen der Internetverbindung. 15:10:13
- Serververbindung konnte nicht hergestellt werden..
Error - 09.05.2012 10:36:15 | Computer Name = Mein-PC | Source = MCUpdate | ID = 0
Description = 16:36:15 - Fehler beim Herstellen der Internetverbindung. 16:36:15
- Serververbindung konnte nicht hergestellt werden..
Error - 11.05.2012 21:53:52 | Computer Name = Mein-PC | Source = MCUpdate | ID = 0
Description = 03:53:48 - Fehler beim Herstellen der Internetverbindung. 03:53:48
- Serververbindung konnte nicht hergestellt werden..
Error - 11.05.2012 22:53:58 | Computer Name = Mein-PC | Source = MCUpdate | ID = 0
Description = 04:53:57 - Fehler beim Herstellen der Internetverbindung. 04:53:57
- Serververbindung konnte nicht hergestellt werden..
Error - 11.05.2012 23:54:05 | Computer Name = Mein-PC | Source = MCUpdate | ID = 0
Description = 05:54:03 - Fehler beim Herstellen der Internetverbindung. 05:54:03
- Serververbindung konnte nicht hergestellt werden..
Error - 12.05.2012 00:54:11 | Computer Name = Mein-PC | Source = MCUpdate | ID = 0
Description = 06:54:10 - Fehler beim Herstellen der Internetverbindung. 06:54:10
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 23.09.2012 08:27:36 | Computer Name = Mein-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-1073473535.
Error - 23.09.2012 08:27:36 | Computer Name = Mein-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 23.09.2012 08:27:54 | Computer Name = Mein-PC | Source = DCOM | ID = 10005
Description =
Error - 23.09.2012 08:27:54 | Computer Name = Mein-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Search erreicht.
Error - 23.09.2012 08:27:54 | Computer Name = Mein-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 23.09.2012 13:08:54 | Computer Name = Mein-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SBRE
Error - 23.09.2012 13:17:27 | Computer Name = Mein-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Dnscache erreicht.
Error - 23.09.2012 17:30:18 | Computer Name = Mein-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Dnscache erreicht.
Error - 24.09.2012 01:46:48 | Computer Name = Mein-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Dnscache erreicht.
Error - 24.09.2012 01:51:39 | Computer Name = Mein-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Dnscache erreicht.
< End of report >
|
|
24.09.2012, 08:17
| #4 |
| /// the machine /// TB-Ausbilder | Microsoft.Windows.RedirectedHosts Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
24.09.2012, 08:43
| #5 |
| | Microsoft.Windows.RedirectedHosts aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Run date: 2012-09-24 09:24:04 ----------------------------- 09:24:04.412 OS Version: Windows x64 6.1.7600 09:24:04.412 Number of processors: 4 586 0x2505 09:24:04.412 ComputerName: MEIN-PC UserName: 09:24:05.114 Initialize success 09:27:50.582 AVAST engine defs: 12092400 09:27:58.405 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 09:27:58.410 Disk 0 Vendor: ST932032 0003 Size: 305245MB BusType: 3 09:27:58.424 Disk 0 MBR read successfully 09:27:58.428 Disk 0 MBR scan 09:27:58.437 Disk 0 Windows 7 default MBR code 09:27:58.443 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 20000 MB offset 64 09:27:58.460 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76311 MB offset 40960064 09:27:58.467 Disk 0 Partition - 00 0F Extended LBA 208933 MB offset 197246254 09:27:58.488 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 208932 MB offset 197248302 09:27:58.515 Disk 0 scanning C:\Windows\system32\drivers 09:28:10.616 Service scanning 09:28:35.900 Modules scanning 09:28:35.917 Disk 0 trace - called modules: 09:28:35.929 09:28:36.657 AVAST engine scan C:\Windows 09:28:38.824 AVAST engine scan C:\Windows\system32 09:32:06.996 AVAST engine scan C:\Windows\system32\drivers 09:32:25.061 AVAST engine scan C:\Users\BeautifulMistake 09:38:56.575 AVAST engine scan C:\ProgramData 09:41:53.573 Scan finished successfully 09:42:09.391 Disk 0 MBR has been saved successfully to "C:\Users\BeautifulMistake\Desktop\MBR.dat" 09:42:09.391 The log file has been saved successfully to "C:\Users\BeautifulMistake\Desktop\aswMBR.txt" |
|
24.09.2012, 08:48
| #6 | |
| /// the machine /// TB-Ausbilder | Microsoft.Windows.RedirectedHostsCombofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ --> Microsoft.Windows.RedirectedHosts |
|
24.09.2012, 09:12
| #7 |
| | Microsoft.Windows.RedirectedHosts Während Combofix lief ist mein Laptop abgestürzt (blauer Bildschirm). Nochmal versuchen? |
|
24.09.2012, 09:16
| #8 |
| /// the machine /// TB-Ausbilder | Microsoft.Windows.RedirectedHosts Jep, wenns nit klappt kurz Bescheid geben, dann ändern wir was an der Einstellung.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
24.09.2012, 09:50
| #9 |
| | Microsoft.Windows.RedirectedHosts Combofix Logfile: Code:
ATTFilter ComboFix 12-09-23.03 - BeautifulMistake 24.09.2012 10:19:09.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3949.2546 [GMT 2:00]
ausgeführt von:: c:\users\BeautifulMistake\Desktop\ComboFix.exe
AV: ZoneAlarm Antivirus *Disabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
FW: ZoneAlarm Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\esupport\eDriver\Software\ASUS\MultiFrame\XP32_Vista32_Vista64_Win7_32_Win7_64_1.0.0021\Desktop_.ini
c:\programdata\FullRemove.exe
c:\windows\msvcr71.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-08-24 bis 2012-09-24 ))))))))))))))))))))))))))))))
.
.
2012-09-24 08:29 . 2012-09-24 08:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-23 21:45 . 2012-09-23 21:45 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-23 21:45 . 2012-09-07 15:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-23 10:53 . 2012-09-23 10:53 51496 ----a-w- c:\windows\system32\drivers\stflt.sys
2012-09-23 10:38 . 2012-09-23 21:39 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-09-23 10:38 . 2012-09-23 21:08 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-09-23 10:36 . 2012-09-23 10:36 -------- d-----w- c:\users\BeautifulMistake\AppData\Roaming\#ISW.FS#
2012-09-23 10:02 . 2012-09-23 10:02 -------- d-----w- c:\windows\Downloaded Installations
2012-09-22 12:35 . 2012-08-24 10:09 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-09-22 12:35 . 2012-08-24 06:43 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-09-22 07:55 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2740D2D1-8F63-44C7-98E1-6CDE1D9F07F2}\mpengine.dll
2012-09-21 11:09 . 2012-01-09 16:59 11864 ----a-w- c:\windows\system32\drivers\kl2.sys
2012-09-21 11:09 . 2012-01-09 16:59 460888 ----a-w- c:\windows\system32\drivers\kl1.sys
2012-09-21 11:09 . 2012-01-09 16:59 485680 ----a-w- c:\windows\system32\drivers\klif.sys
2012-09-21 11:08 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-21 11:07 . 2012-09-21 11:07 -------- d-----w- c:\users\BeautifulMistake\AppData\Roaming\CheckPoint
2012-09-21 11:07 . 2012-09-21 11:07 -------- d-----w- c:\program files\CheckPoint
2012-09-21 11:00 . 2012-09-21 11:09 -------- d-----w- c:\program files (x86)\CheckPoint
2012-09-21 11:00 . 2012-09-21 11:00 -------- d-----w- c:\programdata\CheckPoint
2012-09-21 05:50 . 2012-09-21 05:50 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-20 19:51 . 2012-09-20 19:51 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-09-20 05:50 . 2012-08-21 09:12 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-09-20 05:49 . 2012-09-20 19:28 -------- d-----w- c:\programdata\AVAST Software
2012-09-20 05:49 . 2012-09-20 05:49 -------- d-----w- c:\program files\AVAST Software
2012-09-11 19:49 . 2012-08-02 17:55 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-11 19:49 . 2012-08-02 17:05 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-08-26 11:40 . 2012-08-26 11:40 -------- d-----w- c:\users\BeautifulMistake\AppData\Local\Macromedia
2012-08-26 10:33 . 2012-05-31 10:25 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-21 05:50 . 2012-07-14 17:49 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-21 05:50 . 2011-09-18 17:45 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-13 06:25 . 2011-03-19 10:15 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-08-26 10:30 . 2012-03-30 11:04 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-26 10:30 . 2011-06-20 14:16 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-18 17:31 . 2012-08-15 18:41 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-07-04 22:04 . 2012-08-15 18:42 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:01 . 2012-08-15 18:42 58880 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:01 . 2012-08-15 18:42 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:23 . 2012-08-15 18:42 41472 ----a-w- c:\windows\SysWow64\browcli.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Boingo Wi-Fi"="c:\program files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-11-08 2429]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-12 98304]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-05-03 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-07-02 1597440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2012-08-29 73392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start hxxp://www.avg.de/de.special-uninstallation-feedback-lsf?lic=OUxTRlJFRS1WUFVaNy1HMkNNWC1SWFBXQS1QM05aSC05RDIwQy0zN1RT&inst=NzctMTQyNDc3MTk1Mi1WSVArMS1GTDEwKzEtVFVHKzMtRERUKzE1NDYwLUxTRCsyLUREMTBGKzEtU1QxMEZBUFArMS1TMTBGRERGKzEtRlVJKzItRjEwVEIrMi1TVDEwVEJGKzEtRjEwTTEyUisxLVZJUDEyKzEtVTEwKzEtVEwrMS1GMTBNMTJSMisx&prod=55&ver=10.0.1424" [?]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-11-8 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"PlayMovie"="c:\program files (x86)\ASUS\AI TouchMedia\PlayMovie\PMVService.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"AppleSyncNotifier"=c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
"RemoteControl9"="c:\program files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-08 135664]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-08 135664]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\nmwcdx64.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2012-01-09 11864]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2010-06-22 379520]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-08-11 203264]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2012-08-30 33712]
S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2012-08-30 827560]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-08-11 7765504]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-08-11 279040]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-07-15 116240]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-04-13 135560]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-08-18 143472]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [2010-02-25 115312]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-08 00:51]
.
2012-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-08 00:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uLocal Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files (x86)\ICQ7M\ICQ.exe
TCP: Interfaces\{1F858300-4F38-4E1F-8F0B-DB16FDF4D77A}: NameServer = 193.189.244.225 193.189.244.206
FF - ProfilePath - c:\users\BeautifulMistake\AppData\Roaming\Mozilla\Firefox\Profiles\9hv1s26a.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.startskins.com/startpage/8244573775/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B9cdfb136-1ea1-4593-ad15-c39f1207f7b0%7D&mid=543066ce4b7847d688b8f1867637dece-024aaf0b2d5be5810c9e55ab48b435f0c399463c&ds=AVG&v=11.1.0.7&lang=de&pr=pa&d=2011-12-07%2008%3A26%3A23&sap=ku&q=
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
HKLM-Run-ISW - (no file)
HKLM-Run-SpywareTerminatorShield - c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
HKLM-Run-SpywareTerminatorUpdater - c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
AddRemove-K_Series_ScreenSaver_EN - c:\windows\system32\K_Series_ScreenSaver_EN.scr
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\program files (x86)\ASUS\AI TouchMedia\AI TouchMedia\Kernel\CLML\CLMLSvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeck.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-09-24 10:44:08 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-09-24 08:44
.
Vor Suchlauf: 9 Verzeichnis(se), 25.371.578.368 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 25.306.701.824 Bytes frei
.
- - End Of File - - 6BCCB041A0B8046A8FB1F9535F629716
|
|
24.09.2012, 10:02
| #10 |
| /// the machine /// TB-Ausbilder | Microsoft.Windows.RedirectedHosts Hi, Downloade Dir bitte Malwarebytes
Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
24.09.2012, 10:17
| #11 |
| | Microsoft.Windows.RedirectedHosts Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.09.24.03 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 BeautifulMistake :: MEIN-PC [Administrator] 24.09.2012 11:11:35 mbam-log-2012-09-24 (11-11-35).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 200165 Laufzeit: 3 Minute(n), 14 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) _________________________________________________________ # AdwCleaner v2.003 - Datei am 09/24/2012 um 11:16:00 erstellt # Aktualisiert am 23/09/2012 von Xplode # Betriebssystem : Windows 7 Home Premium (64 bits) # Benutzer : BeautifulMistake - MEIN-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\BeautifulMistake\Desktop\adwcleaner.exe # Option [Suche] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml Ordner Gefunden : C:\ProgramData\Partner Ordner Gefunden : C:\Users\BeautifulMistake\AppData\Local\AVG Secure Search ***** [Registrierungsdatenbank] ***** Schlüssel Gefunden : HKCU\Software\Softonic Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} Schlüssel Gefunden : HKU\S-1-5-21-1804320887-2524827780-1195087152-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v9.0.1 (de) Profilname : default Datei : C:\Users\BeautifulMistake\AppData\Roaming\Mozilla\Firefox\Profiles\9hv1s26a.default\prefs.js Gefunden : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7B9cdfb136-1ea1-4593-ad15-c39f1207f7b0%[...] -\\ Google Chrome v [Version kann nicht ermittelt werden] Datei : C:\Users\BeautifulMistake\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [2368 octets] - [24/09/2012 11:16:00] ########## EOF - C:\AdwCleaner[R1].txt - [2428 octets] ########## immerhin geht mein stick wieder direkt ins internet (: danke |
|
24.09.2012, 10:55
| #12 |
| /// the machine /// TB-Ausbilder | Microsoft.Windows.RedirectedHosts Büdde 
ESET Online Scanner
Starte bitte nochmal OTL und poste ein frisches Logfile. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
24.09.2012, 16:59
| #13 |
| | Microsoft.Windows.RedirectedHosts # AdwCleaner v2.003 - Datei am 09/24/2012 um 17:22:40 erstellt # Aktualisiert am 23/09/2012 von Xplode # Betriebssystem : Windows 7 Home Premium (64 bits) # Benutzer : BeautifulMistake - MEIN-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\BeautifulMistake\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml Ordner Gelöscht : C:\ProgramData\Partner Ordner Gelöscht : C:\Users\BeautifulMistake\AppData\Local\AVG Secure Search ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16421 Wiederhergestellt : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] -\\ Mozilla Firefox v9.0.1 (de) Profilname : default Datei : C:\Users\BeautifulMistake\AppData\Roaming\Mozilla\Firefox\Profiles\9hv1s26a.default\prefs.js C:\Users\BeautifulMistake\AppData\Roaming\Mozilla\Firefox\Profiles\9hv1s26a.default\user.js ... Gelöscht ! Gelöscht : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7B9cdfb136-1ea1-4593-ad15-c39f1207f7b0%[...] -\\ Google Chrome v [Version kann nicht ermittelt werden] Datei : C:\Users\BeautifulMistake\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [2489 octets] - [24/09/2012 11:16:00] AdwCleaner[S1].txt - [2835 octets] - [24/09/2012 17:22:40] ########## EOF - C:\AdwCleaner[S1].txt - [2895 octets] ########## Rest kommt gleich, wenns fertig ist  |
|
24.09.2012, 17:01
| #14 |
| /// the machine /// TB-Ausbilder | Microsoft.Windows.RedirectedHosts alles klar
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
24.09.2012, 18:36
| #15 |
| | Microsoft.Windows.RedirectedHosts hm, also irgendwie konnte ich nichts anklicken, als der Online Scan fertig war. nur finish und eine txt datei hat das ding auch nicht ausgespuckt. jetzt mach ich das nochmal, oder? |
|
| Themen zu Microsoft.Windows.RedirectedHosts |
| anschluss, brauch, destroy, erhalte, erhalten, gefunde, inter, interne, internet, konnte, lange, löschen, nicht löschen, search, spybot, stick, tagen, warnung, weiterhelfen |
Linear-Darstellung
