|
Plagegeister aller Art und deren Bekämpfung: GVU-TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
03.06.2013, 19:45 | #16 |
/// the machine /// TB-Ausbilder | GVU-Trojaner http://download.bleepingcomputer.com...sta/wscsvc.reg http://download.bleepingcomputer.com...ta/Winmgmt.reg Beides laden und ausführen mit Rechtsklick > Zusammenführen. Reboot und neues FSS log sowie ein frisches OTL log bitte. Komplettes Log von Avira wäre nett, in dem obigen seh ich gar nix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
03.06.2013, 19:51 | #17 |
| GVU-Trojaner Hier erstmal das Log von Avira.
__________________Code:
ATTFilter Avira Free Antivirus Erstellungsdatum der Reportdatei: Montag, 3. Juni 2013 19:50 Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira Free Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows Vista (TM) Home Premium Windowsversion : (Service Pack 2) [6.0.6002] Boot Modus : Normal gebootet Benutzername : SYSTEM Computername : SONDERMANLAPTOP Versionsinformationen: BUILD.DAT : 13.0.0.3640 54852 Bytes 18.04.2013 13:29:00 AVSCAN.EXE : 13.6.0.1262 636984 Bytes 03.06.2013 14:20:28 AVSCANRC.DLL : 13.4.0.360 64800 Bytes 16.03.2013 17:30:48 LUKE.DLL : 13.6.0.1262 65080 Bytes 03.06.2013 14:20:36 AVSCPLR.DLL : 13.6.0.1262 92216 Bytes 03.06.2013 14:20:28 AVREG.DLL : 13.6.0.1262 247864 Bytes 03.06.2013 14:20:27 avlode.dll : 13.6.2.1262 432184 Bytes 03.06.2013 14:20:27 avlode.rdf : 13.0.1.12 25921 Bytes 03.06.2013 14:20:39 VBASE000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 14:20:11 VBASE001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 14:20:14 VBASE002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 14:20:16 VBASE003.VDF : 7.11.80.61 2048 Bytes 28.05.2013 14:20:16 VBASE004.VDF : 7.11.80.62 2048 Bytes 28.05.2013 14:20:16 VBASE005.VDF : 7.11.80.63 2048 Bytes 28.05.2013 14:20:16 VBASE006.VDF : 7.11.80.64 2048 Bytes 28.05.2013 14:20:16 VBASE007.VDF : 7.11.80.65 2048 Bytes 28.05.2013 14:20:16 VBASE008.VDF : 7.11.80.66 2048 Bytes 28.05.2013 14:20:16 VBASE009.VDF : 7.11.80.67 2048 Bytes 28.05.2013 14:20:16 VBASE010.VDF : 7.11.80.68 2048 Bytes 28.05.2013 14:20:16 VBASE011.VDF : 7.11.80.69 2048 Bytes 28.05.2013 14:20:16 VBASE012.VDF : 7.11.80.70 2048 Bytes 28.05.2013 14:20:16 VBASE013.VDF : 7.11.80.71 2048 Bytes 28.05.2013 14:20:16 VBASE014.VDF : 7.11.81.57 145408 Bytes 29.05.2013 14:20:17 VBASE015.VDF : 7.11.81.137 130048 Bytes 30.05.2013 14:20:17 VBASE016.VDF : 7.11.81.255 207360 Bytes 31.05.2013 14:20:17 VBASE017.VDF : 7.11.82.91 156160 Bytes 03.06.2013 14:20:17 VBASE018.VDF : 7.11.82.92 2048 Bytes 03.06.2013 14:20:18 VBASE019.VDF : 7.11.82.93 2048 Bytes 03.06.2013 14:20:18 VBASE020.VDF : 7.11.82.94 2048 Bytes 03.06.2013 14:20:18 VBASE021.VDF : 7.11.82.95 2048 Bytes 03.06.2013 14:20:18 VBASE022.VDF : 7.11.82.96 2048 Bytes 03.06.2013 14:20:18 VBASE023.VDF : 7.11.82.97 2048 Bytes 03.06.2013 14:20:18 VBASE024.VDF : 7.11.82.98 2048 Bytes 03.06.2013 14:20:18 VBASE025.VDF : 7.11.82.99 2048 Bytes 03.06.2013 14:20:18 VBASE026.VDF : 7.11.82.100 2048 Bytes 03.06.2013 14:20:18 VBASE027.VDF : 7.11.82.101 2048 Bytes 03.06.2013 14:20:19 VBASE028.VDF : 7.11.82.102 2048 Bytes 03.06.2013 14:20:19 VBASE029.VDF : 7.11.82.103 2048 Bytes 03.06.2013 14:20:19 VBASE030.VDF : 7.11.82.104 2048 Bytes 03.06.2013 14:20:19 VBASE031.VDF : 7.11.82.146 50688 Bytes 03.06.2013 16:20:20 Engineversion : 8.2.12.50 AEVDF.DLL : 8.1.2.10 102772 Bytes 11.07.2012 21:01:54 AESCRIPT.DLL : 8.1.4.118 487805 Bytes 03.06.2013 14:20:25 AESCN.DLL : 8.1.10.4 131446 Bytes 26.03.2013 19:29:10 AESBX.DLL : 8.2.5.12 606578 Bytes 18.06.2012 14:42:00 AERDL.DLL : 8.2.0.88 643444 Bytes 16.03.2013 16:20:32 AEPACK.DLL : 8.3.2.12 754040 Bytes 03.06.2013 14:20:24 AEOFFICE.DLL : 8.1.2.56 205180 Bytes 16.03.2013 16:20:31 AEHEUR.DLL : 8.1.4.386 5947769 Bytes 03.06.2013 14:20:24 AEHELP.DLL : 8.1.25.10 258425 Bytes 03.06.2013 14:20:21 AEGEN.DLL : 8.1.7.4 442741 Bytes 03.06.2013 14:20:21 AEEXP.DLL : 8.4.0.32 201078 Bytes 03.06.2013 14:20:25 AEEMU.DLL : 8.1.3.2 393587 Bytes 11.07.2012 21:01:52 AECORE.DLL : 8.1.31.2 201080 Bytes 16.03.2013 16:20:26 AEBB.DLL : 8.1.1.4 53619 Bytes 16.03.2013 16:20:26 AVWINLL.DLL : 13.6.0.480 26480 Bytes 16.03.2013 17:30:07 AVPREF.DLL : 13.6.0.480 51056 Bytes 16.03.2013 17:30:47 AVREP.DLL : 13.6.0.480 178544 Bytes 16.03.2013 17:31:48 AVARKT.DLL : 13.6.0.1262 258104 Bytes 03.06.2013 14:20:25 AVEVTLOG.DLL : 13.6.0.1262 164920 Bytes 03.06.2013 14:20:27 SQLITE3.DLL : 3.7.0.1 397704 Bytes 16.03.2013 17:31:29 AVSMTP.DLL : 13.6.0.480 62832 Bytes 16.03.2013 17:30:49 NETNT.DLL : 13.6.0.480 16240 Bytes 16.03.2013 17:31:19 RCIMAGE.DLL : 13.4.0.360 4780832 Bytes 16.03.2013 17:30:09 RCTEXT.DLL : 13.6.0.976 69344 Bytes 29.03.2013 19:10:36 Konfiguration für den aktuellen Suchlauf: Job Name..............................: AVGuardAsyncScan Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_51acd62a\guard_slideup.avp Protokollierung.......................: standard Primäre Aktion........................: interaktiv Sekundäre Aktion......................: quarantäne Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: aus Durchsuche aktive Programme...........: ein Durchsuche Registrierung..............: aus Suche nach Rootkits...................: aus Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: vollständig Beginn des Suchlaufs: Montag, 3. Juni 2013 19:50 Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'avscan.exe' - '94' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchFilterHost.exe' - '35' Modul(e) wurden durchsucht Durchsuche Prozess 'notepad.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'vssvc.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '45' Modul(e) wurden durchsucht Durchsuche Prozess 'conime.exe' - '24' Modul(e) wurden durchsucht Durchsuche Prozess 'FSS.exe' - '48' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchProtocolHost.exe' - '57' Modul(e) wurden durchsucht Durchsuche Prozess 'mscorsvw.exe' - '31' Modul(e) wurden durchsucht Durchsuche Prozess 'SSUPDATE.EXE' - '61' Modul(e) wurden durchsucht Durchsuche Prozess 'unsecapp.exe' - '35' Modul(e) wurden durchsucht Durchsuche Prozess 'FlashPlayerPlugin_11_7_700_202.exe' - '50' Modul(e) wurden durchsucht Durchsuche Prozess 'FlashPlayerPlugin_11_7_700_202.exe' - '46' Modul(e) wurden durchsucht Durchsuche Prozess 'plugin-container.exe' - '74' Modul(e) wurden durchsucht Durchsuche Prozess 'Skype.exe' - '117' Modul(e) wurden durchsucht Durchsuche Prozess 'sapisvr.exe' - '81' Modul(e) wurden durchsucht Durchsuche Prozess 'ehmsas.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'SUPERANTISPYWARE.EXE' - '61' Modul(e) wurden durchsucht Durchsuche Prozess 'ehtray.exe' - '31' Modul(e) wurden durchsucht Durchsuche Prozess 'Apntex.exe' - '27' Modul(e) wurden durchsucht Durchsuche Prozess 'jusched.exe' - '27' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '78' Modul(e) wurden durchsucht Durchsuche Prozess 'PMVService.exe' - '44' Modul(e) wurden durchsucht Durchsuche Prozess 'mwlDaemon.exe' - '98' Modul(e) wurden durchsucht Durchsuche Prozess 'HidFind.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'EgisUpdate.exe' - '36' Modul(e) wurden durchsucht Durchsuche Prozess 'BackupManagerTray.exe' - '38' Modul(e) wurden durchsucht Durchsuche Prozess 'LManager.exe' - '54' Modul(e) wurden durchsucht Durchsuche Prozess 'ApMsgFwd.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'firefox.exe' - '109' Modul(e) wurden durchsucht Durchsuche Prozess 'AVWEBGRD.EXE' - '59' Modul(e) wurden durchsucht Durchsuche Prozess 'avshadow.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'taskeng.exe' - '83' Modul(e) wurden durchsucht Durchsuche Prozess 'RtkBtMnt.exe' - '34' Modul(e) wurden durchsucht Durchsuche Prozess 'BrowserDefender.exe' - '31' Modul(e) wurden durchsucht Durchsuche Prozess 'Apoint.exe' - '40' Modul(e) wurden durchsucht Durchsuche Prozess 'PLFSetI.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'RtHDVCpl.exe' - '50' Modul(e) wurden durchsucht Durchsuche Prozess 'AmIcoSinglun.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'rundll32.exe' - '40' Modul(e) wurden durchsucht Durchsuche Prozess 'CLMLSvc.exe' - '46' Modul(e) wurden durchsucht Durchsuche Prozess 'ArcadeDeluxeAgent.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'taskeng.exe' - '53' Modul(e) wurden durchsucht Durchsuche Prozess 'Explorer.EXE' - '145' Modul(e) wurden durchsucht Durchsuche Prozess 'Dwm.exe' - '43' Modul(e) wurden durchsucht Durchsuche Prozess 'mbamgui.exe' - '38' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchIndexer.exe' - '64' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '46' Modul(e) wurden durchsucht Durchsuche Prozess 'c2c_service.exe' - '38' Modul(e) wurden durchsucht Durchsuche Prozess 'RS_Service.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '47' Modul(e) wurden durchsucht Durchsuche Prozess 'SchedulerSvc.exe' - '44' Modul(e) wurden durchsucht Durchsuche Prozess 'IScheduleSvc.exe' - '66' Modul(e) wurden durchsucht Durchsuche Prozess 'MWLService.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'mbamservice.exe' - '46' Modul(e) wurden durchsucht Durchsuche Prozess 'mbamscheduler.exe' - '37' Modul(e) wurden durchsucht Durchsuche Prozess 'ePowerSvc.exe' - '41' Modul(e) wurden durchsucht Durchsuche Prozess 'CLHNService.exe' - '32' Modul(e) wurden durchsucht Durchsuche Prozess 'BrowserDefender.exe' - '34' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '71' Modul(e) wurden durchsucht Durchsuche Prozess 'agrsmsvc.exe' - '24' Modul(e) wurden durchsucht Durchsuche Prozess 'armsvc.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'SASCORE.EXE' - '22' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '65' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'spoolsv.exe' - '85' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '94' Modul(e) wurden durchsucht Durchsuche Prozess 'rundll32.exe' - '46' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '82' Modul(e) wurden durchsucht Durchsuche Prozess 'SLsvc.exe' - '23' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '44' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '140' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '114' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '57' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '47' Modul(e) wurden durchsucht Durchsuche Prozess 'nvvsvc.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '46' Modul(e) wurden durchsucht Durchsuche Prozess 'winlogon.exe' - '38' Modul(e) wurden durchsucht Durchsuche Prozess 'lsm.exe' - '31' Modul(e) wurden durchsucht Durchsuche Prozess 'lsass.exe' - '65' Modul(e) wurden durchsucht Durchsuche Prozess 'services.exe' - '47' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht Durchsuche Prozess 'wininit.exe' - '35' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\Users\Sonderman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B7WJWZW2\about[1].dll' C:\Users\Sonderman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B7WJWZW2\about[1].dll [FUND] Ist das Trojanische Pferd TR/Crypt.ZPACK.Gen8 Beginne mit der Desinfektion: C:\Users\Sonderman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B7WJWZW2\about[1].dll [FUND] Ist das Trojanische Pferd TR/Crypt.ZPACK.Gen8 [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '57537676.qua' verschoben! Ende des Suchlaufs: Montag, 3. Juni 2013 19:53 Benötigte Zeit: 00:10 Minute(n) Der Suchlauf wurde vollständig durchgeführt. 0 Verzeichnisse wurden überprüft 646 Dateien wurden geprüft 1 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 1 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 645 Dateien ohne Befall 4 Archive wurden durchsucht 0 Warnungen 1 Hinweise Die Suchergebnisse werden an den Guard übermittelt. |
03.06.2013, 19:59 | #18 |
/// the machine /// TB-Ausbilder | GVU-Trojaner Das sind nur Tempdateien, die löschen wir noch
__________________
__________________ |
03.06.2013, 20:09 | #19 |
| GVU-Trojaner Hier das FSS-Log: Code:
ATTFilter Farbar Service Scanner Version: 31-05-2013 01 Ran by Sonderman (administrator) on 03-06-2013 at 20:56:36 Running from "C:\Users\Sonderman\Downloads" Windows Vista (TM) Home Premium Service Pack 2 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Attempt to access Yahoo IP returned error. Yahoo IP is offline Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ wscsvc Service is not running. Checking service configuration: The start type of wscsvc service is OK. The ImagePath of wscsvc service is OK. The ServiceDll of wscsvc service is OK. Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist. Windows Update: ============ wuauserv Service is not running. Checking service configuration: The start type of wuauserv service is OK. The ImagePath of wuauserv service is OK. The ServiceDll of wuauserv service is OK. Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is OK. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\system32\nsisvc.dll => MD5 is legit C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit C:\Windows\system32\dhcpcsvc.dll => MD5 is legit C:\Windows\system32\Drivers\afd.sys => MD5 is legit C:\Windows\system32\Drivers\tdx.sys => MD5 is legit C:\Windows\system32\Drivers\tcpip.sys [2013-03-16 18:37] - [2013-01-04 13:28] - 0905576 ____A (Microsoft Corporation) 74E2D020C47BB2B2FCCBA29A518A7EB4 C:\Windows\system32\dnsrslvr.dll => MD5 is legit C:\Windows\system32\mpssvc.dll => MD5 is legit C:\Windows\system32\bfe.dll => MD5 is legit C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit C:\Windows\system32\SDRSVC.dll => MD5 is legit C:\Windows\system32\vssvc.exe => MD5 is legit C:\Windows\system32\wscsvc.dll => MD5 is legit C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\system32\wuaueng.dll => MD5 is legit C:\Windows\system32\qmgr.dll => MD5 is legit C:\Windows\system32\es.dll => MD5 is legit C:\Windows\system32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit **** End of log **** Code:
ATTFilter OTL logfile created on: 03.06.2013 20:57:14 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sonderman\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,67 Gb Available Physical Memory | 55,93% Memory free 6,19 Gb Paging File | 4,73 Gb Available in Paging File | 76,55% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 452,99 Gb Total Space | 311,47 Gb Free Space | 68,76% Space Free | Partition Type: NTFS Computer Name: SONDERMANLAPTOP | User Name: Sonderman | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Sonderman\Downloads\FSS.exe (Farbar) PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Users\Sonderman\Downloads\OTL.exe (OldTimer Tools) PRC - C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe () PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\SUPERAntiSpyware\SSUPDATE.EXE (SUPERAntiSpyware.com) PRC - C:\Programme\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com) PRC - C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com) PRC - C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Users\SONDER~1\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.) PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerTray.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerEvent.exe (Acer Incorporated) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Programme\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Programme\Apoint2K\Hidfind.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) PRC - C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) PRC - C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () PRC - C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) PRC - C:\Programme\EgisTec Egis Software Update\EgisUpdate.exe (EgisTec Inc.) PRC - C:\Programme\EgisTec\MyWinLocker 3\x86\MWLService.exe (EgisTec Inc.) PRC - C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (EgisTec Inc.) PRC - C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.) PRC - C:\Windows\PLFSetI.exe () PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe () MOD - c:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll () MOD - C:\Programme\NewTech Infosystems\Acer Backup Manager\sqlite3.dll () MOD - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll () MOD - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll () MOD - C:\Windows\PLFSetI.exe () MOD - C:\Programme\Launch Manager\PowerUtl.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) SRV - (BrowserDefendert) -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe () SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated) SRV - (NTI IScheduleSvc) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () SRV - (RS_Service) -- C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) SRV - (MWLService) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe () SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (int15) -- c:\Windows\system32\drivers\int15.sys File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (FPSensor) -- C:\Windows\System32\drivers\FPSensor.sys (Egis) DRV - (mwlPSDVDisk) -- C:\Windows\System32\drivers\mwlPSDVDisk.sys (Egis Incorporated.) DRV - (mwlPSDFilter) -- C:\Windows\System32\drivers\mwlPSDFilter.sys (Egis Incorporated.) DRV - (mwlPSDNServ) -- C:\Windows\System32\drivers\mwlPSDNserv.sys (Egis Incorporated.) DRV - (hidshim) -- C:\Windows\System32\drivers\hidshim.sys (Windows (R) Codename Longhorn DDK provider) DRV - (nuvotonhidgeneric) -- C:\Windows\System32\drivers\nuvotonhidgeneric.sys (Nuvoton Technology Corporation) DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Windows (R) Codename Longhorn DDK provider) DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia) DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Windows (R) Codename Longhorn DDK provider) DRV - (k57nd60x) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia) DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_7738 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_7738 IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.delta-search.com/?affID=119357&tt=gc_&babsrc=HP_ss&mntrId=A45C0022FA1F2928 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-search.com/?affID=119357&tt=gc_&babsrc=HP_ss&mntrId=A45C0022FA1F2928 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119357&tt=gc_&babsrc=SP_ss&mntrId=A45C0022FA1F2928 IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.order.1: "Delta Search" FF - prefs.js..browser.search.selectedEngine: "Delta Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.delta-search.com/?affID=119357&tt=gc_&babsrc=HP_ss&mntrId=A45C0022FA1F2928" FF - prefs.js..extensions.enabledAddons: %7B888d99e7-e8b5-46a3-851e-1ec45da1e644%7D:17.0.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:5.0.0 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.6.0.10 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.06.03 15:17:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.06.03 18:46:29 | 000,000,000 | ---D | M] [2009.11.03 21:02:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sonderman\AppData\Roaming\mozilla\Extensions [2013.06.03 18:40:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sonderman\AppData\Roaming\mozilla\Firefox\Profiles\91f59sou.default\extensions [2011.08.15 21:03:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sonderman\AppData\Roaming\mozilla\Firefox\Profiles\91f59sou.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013.06.03 18:40:29 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\Sonderman\AppData\Roaming\mozilla\Firefox\Profiles\91f59sou.default\extensions\ffxtlbr@delta.com [2013.03.18 19:18:55 | 000,030,502 | ---- | M] () (No name found) -- C:\Users\Sonderman\AppData\Roaming\mozilla\firefox\profiles\91f59sou.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2013.06.03 18:40:21 | 000,006,503 | ---- | M] () -- C:\Users\Sonderman\AppData\Roaming\mozilla\firefox\profiles\91f59sou.default\searchplugins\babylon.xml [2013.06.03 18:40:38 | 000,001,294 | ---- | M] () -- C:\Users\Sonderman\AppData\Roaming\mozilla\firefox\profiles\91f59sou.default\searchplugins\delta.xml [2012.02.05 15:57:48 | 000,000,950 | ---- | M] () -- C:\Users\Sonderman\AppData\Roaming\mozilla\firefox\profiles\91f59sou.default\searchplugins\icqplugin-4.xml [2012.11.12 20:13:41 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.03.16 23:58:09 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013.03.16 23:58:09 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.06.03 15:17:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions [2013.06.03 15:17:48 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2012.04.23 20:05:50 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Programme\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Programme\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com) O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated) O4 - HKLM..\Run: [AmIcoSinglun] C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (EgisTec Inc.) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [mwlDaemon] C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (EgisTec Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer) O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Sonderman\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.100.206 80.69.100.182 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41A1FAE7-3F78-47B1-A6B7-3E7108844ED5}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F70D14E-127E-459B-9EE1-874EB24B4020}: DhcpNameServer = 80.69.100.206 80.69.100.182 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O24 - Desktop WallPaper: C:\Users\Sonderman\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Sonderman\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{27a3b835-c3f2-11de-ad1f-001f16a3d226}\Shell - "" = AutoRun O33 - MountPoints2\{27a3b835-c3f2-11de-ad1f-001f16a3d226}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.06.03 19:53:45 | 000,000,000 | ---D | C] -- C:\FRST [2013.06.03 19:10:42 | 000,000,000 | ---D | C] -- C:\Users\Sonderman\AppData\Local\Macromedia [2013.06.03 18:45:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2013.06.03 18:45:51 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2013.06.03 18:40:54 | 000,000,000 | ---D | C] -- C:\Users\Sonderman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender [2013.06.03 18:40:49 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserDefender [2013.06.03 18:40:32 | 000,000,000 | ---D | C] -- C:\Users\Sonderman\AppData\Roaming\BabSolution [2013.06.03 18:40:29 | 000,000,000 | ---D | C] -- C:\Program Files\Delta [2013.06.03 18:39:56 | 000,000,000 | ---D | C] -- C:\Users\Sonderman\AppData\Roaming\SumatraPDF [2013.06.03 18:38:47 | 000,692,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.06.03 18:38:47 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.06.03 18:38:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013.06.03 18:38:09 | 000,866,720 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2013.06.03 18:38:09 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013.06.03 18:37:56 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.06.03 18:37:56 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.06.03 18:37:56 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.06.03 18:37:45 | 000,000,000 | ---D | C] -- C:\Users\Sonderman\AppData\Roaming\Babylon [2013.06.03 18:37:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2013.06.03 18:37:42 | 000,000,000 | ---D | C] -- C:\Users\Sonderman\AppData\Roaming\DSite [2013.06.03 18:37:36 | 000,000,000 | ---D | C] -- C:\Program Files\PDFReader [2013.06.03 18:37:06 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013.06.03 18:29:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.06.03 18:25:40 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2013.06.03 16:46:51 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.06.03 16:34:04 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.06.03 16:34:03 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.06.03 16:34:03 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.06.03 16:34:03 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.06.03 16:34:02 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.06.03 16:34:01 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.06.03 16:34:00 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.06.03 13:00:01 | 003,603,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013.06.03 13:00:01 | 003,551,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013.06.03 13:00:01 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2013.06.03 13:00:00 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2013.06.03 12:59:55 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.06.03 12:59:53 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2013.06.03 12:37:39 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.06.03 12:34:29 | 000,000,000 | ---D | C] -- C:\JRT ========== Files - Modified Within 30 Days ========== [2013.06.03 21:01:49 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.06.03 21:01:49 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.06.03 21:01:49 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.06.03 21:01:49 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.06.03 20:55:52 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.03 20:55:21 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.03 20:55:21 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.03 20:55:19 | 000,223,275 | ---- | M] () -- C:\ProgramData\nvModes.001 [2013.06.03 20:55:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.03 20:55:06 | 3215,814,656 | -HS- | M] () -- C:\hiberfil.sys [2013.06.03 20:47:35 | 000,007,592 | ---- | M] () -- C:\Users\Sonderman\AppData\Local\d3d9caps.dat [2013.06.03 19:14:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.03 19:02:35 | 000,000,300 | ---- | M] () -- C:\Windows\tasks\DSite.job [2013.06.03 18:46:29 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2013.06.03 18:38:47 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.06.03 18:38:47 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.06.03 18:37:23 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.06.03 18:37:17 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013.06.03 18:37:17 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.06.03 18:37:17 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.06.03 18:37:16 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2013.06.03 18:37:16 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2013.06.03 18:34:07 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.03 16:51:14 | 000,298,088 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.06.03 16:00:00 | 000,890,839 | ---- | M] () -- C:\Users\Sonderman\Desktop\SecurityCheck.exe [2013.06.03 15:26:33 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.06.03 12:05:43 | 000,223,275 | ---- | M] () -- C:\ProgramData\nvModes.dat [2013.05.05 21:12:55 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb ========== Files Created - No Company Name ========== [2013.06.03 18:46:29 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2013.06.03 18:46:29 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2013.06.03 18:38:50 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.03 18:37:43 | 000,000,300 | ---- | C] () -- C:\Windows\tasks\DSite.job [2013.06.03 15:59:59 | 000,890,839 | ---- | C] () -- C:\Users\Sonderman\Desktop\SecurityCheck.exe [2013.06.03 12:05:43 | 000,223,275 | ---- | C] () -- C:\ProgramData\nvModes.dat [2013.06.02 21:36:20 | 3215,814,656 | -HS- | C] () -- C:\hiberfil.sys [2013.04.01 21:25:35 | 000,002,608 | ---- | C] () -- C:\ProgramData\8of7t.js [2010.02.11 16:01:32 | 000,013,312 | ---- | C] () -- C:\Users\Sonderman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.01.21 20:51:41 | 000,007,592 | ---- | C] () -- C:\Users\Sonderman\AppData\Local\d3d9caps.dat [2009.07.27 18:13:55 | 000,223,275 | ---- | C] () -- C:\ProgramData\nvModes.001 ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "ThreadingModel" = Both "" = C:\Users\Sonderman\AppData\Local\{72c0cfa5-fb1a-ed57-c2bc-68af7ec2d004}\n. [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 169 bytes -> C:\ProgramData\Temp:A4AF8D0D @Alternate Data Stream - 168 bytes -> C:\ProgramData\Temp:F84B8DB5 @Alternate Data Stream - 159 bytes -> C:\ProgramData\Temp:A02025CE @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:1ECED34B @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E1982A23 @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:ABE89FFE @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:DCAF903C @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:CDFF58FE @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:798A3728 @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:CE0A077E @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:4F636E25 @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:9E22BBE8 @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:35759C73 @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:41099CE9 @Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:8750DCE4 @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:BB24555F @Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:131C0EE9 < End of report > Und Avira hat wieder Alarm geschlagen, während der OTL-Prüfung: Code:
ATTFilter Avira Free Antivirus Erstellungsdatum der Reportdatei: Montag, 3. Juni 2013 21:02 Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira Free Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows Vista (TM) Home Premium Windowsversion : (Service Pack 2) [6.0.6002] Boot Modus : Normal gebootet Benutzername : SYSTEM Computername : SONDERMANLAPTOP Versionsinformationen: BUILD.DAT : 13.0.0.3640 54852 Bytes 18.04.2013 13:29:00 AVSCAN.EXE : 13.6.0.1262 636984 Bytes 03.06.2013 14:20:28 AVSCANRC.DLL : 13.4.0.360 64800 Bytes 16.03.2013 17:30:48 LUKE.DLL : 13.6.0.1262 65080 Bytes 03.06.2013 14:20:36 AVSCPLR.DLL : 13.6.0.1262 92216 Bytes 03.06.2013 14:20:28 AVREG.DLL : 13.6.0.1262 247864 Bytes 03.06.2013 14:20:27 avlode.dll : 13.6.2.1262 432184 Bytes 03.06.2013 14:20:27 avlode.rdf : 13.0.1.12 25921 Bytes 03.06.2013 14:20:39 VBASE000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 14:20:11 VBASE001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 14:20:14 VBASE002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 14:20:16 VBASE003.VDF : 7.11.80.61 2048 Bytes 28.05.2013 14:20:16 VBASE004.VDF : 7.11.80.62 2048 Bytes 28.05.2013 14:20:16 VBASE005.VDF : 7.11.80.63 2048 Bytes 28.05.2013 14:20:16 VBASE006.VDF : 7.11.80.64 2048 Bytes 28.05.2013 14:20:16 VBASE007.VDF : 7.11.80.65 2048 Bytes 28.05.2013 14:20:16 VBASE008.VDF : 7.11.80.66 2048 Bytes 28.05.2013 14:20:16 VBASE009.VDF : 7.11.80.67 2048 Bytes 28.05.2013 14:20:16 VBASE010.VDF : 7.11.80.68 2048 Bytes 28.05.2013 14:20:16 VBASE011.VDF : 7.11.80.69 2048 Bytes 28.05.2013 14:20:16 VBASE012.VDF : 7.11.80.70 2048 Bytes 28.05.2013 14:20:16 VBASE013.VDF : 7.11.80.71 2048 Bytes 28.05.2013 14:20:16 VBASE014.VDF : 7.11.81.57 145408 Bytes 29.05.2013 14:20:17 VBASE015.VDF : 7.11.81.137 130048 Bytes 30.05.2013 14:20:17 VBASE016.VDF : 7.11.81.255 207360 Bytes 31.05.2013 14:20:17 VBASE017.VDF : 7.11.82.91 156160 Bytes 03.06.2013 14:20:17 VBASE018.VDF : 7.11.82.92 2048 Bytes 03.06.2013 14:20:18 VBASE019.VDF : 7.11.82.93 2048 Bytes 03.06.2013 14:20:18 VBASE020.VDF : 7.11.82.94 2048 Bytes 03.06.2013 14:20:18 VBASE021.VDF : 7.11.82.95 2048 Bytes 03.06.2013 14:20:18 VBASE022.VDF : 7.11.82.96 2048 Bytes 03.06.2013 14:20:18 VBASE023.VDF : 7.11.82.97 2048 Bytes 03.06.2013 14:20:18 VBASE024.VDF : 7.11.82.98 2048 Bytes 03.06.2013 14:20:18 VBASE025.VDF : 7.11.82.99 2048 Bytes 03.06.2013 14:20:18 VBASE026.VDF : 7.11.82.100 2048 Bytes 03.06.2013 14:20:18 VBASE027.VDF : 7.11.82.101 2048 Bytes 03.06.2013 14:20:19 VBASE028.VDF : 7.11.82.102 2048 Bytes 03.06.2013 14:20:19 VBASE029.VDF : 7.11.82.103 2048 Bytes 03.06.2013 14:20:19 VBASE030.VDF : 7.11.82.104 2048 Bytes 03.06.2013 14:20:19 VBASE031.VDF : 7.11.82.146 50688 Bytes 03.06.2013 16:20:20 Engineversion : 8.2.12.50 AEVDF.DLL : 8.1.2.10 102772 Bytes 11.07.2012 21:01:54 AESCRIPT.DLL : 8.1.4.118 487805 Bytes 03.06.2013 14:20:25 AESCN.DLL : 8.1.10.4 131446 Bytes 26.03.2013 19:29:10 AESBX.DLL : 8.2.5.12 606578 Bytes 18.06.2012 14:42:00 AERDL.DLL : 8.2.0.88 643444 Bytes 16.03.2013 16:20:32 AEPACK.DLL : 8.3.2.12 754040 Bytes 03.06.2013 14:20:24 AEOFFICE.DLL : 8.1.2.56 205180 Bytes 16.03.2013 16:20:31 AEHEUR.DLL : 8.1.4.386 5947769 Bytes 03.06.2013 14:20:24 AEHELP.DLL : 8.1.25.10 258425 Bytes 03.06.2013 14:20:21 AEGEN.DLL : 8.1.7.4 442741 Bytes 03.06.2013 14:20:21 AEEXP.DLL : 8.4.0.32 201078 Bytes 03.06.2013 14:20:25 AEEMU.DLL : 8.1.3.2 393587 Bytes 11.07.2012 21:01:52 AECORE.DLL : 8.1.31.2 201080 Bytes 16.03.2013 16:20:26 AEBB.DLL : 8.1.1.4 53619 Bytes 16.03.2013 16:20:26 AVWINLL.DLL : 13.6.0.480 26480 Bytes 16.03.2013 17:30:07 AVPREF.DLL : 13.6.0.480 51056 Bytes 16.03.2013 17:30:47 AVREP.DLL : 13.6.0.480 178544 Bytes 16.03.2013 17:31:48 AVARKT.DLL : 13.6.0.1262 258104 Bytes 03.06.2013 14:20:25 AVEVTLOG.DLL : 13.6.0.1262 164920 Bytes 03.06.2013 14:20:27 SQLITE3.DLL : 3.7.0.1 397704 Bytes 16.03.2013 17:31:29 AVSMTP.DLL : 13.6.0.480 62832 Bytes 16.03.2013 17:30:49 NETNT.DLL : 13.6.0.480 16240 Bytes 16.03.2013 17:31:19 RCIMAGE.DLL : 13.4.0.360 4780832 Bytes 16.03.2013 17:30:09 RCTEXT.DLL : 13.6.0.976 69344 Bytes 29.03.2013 19:10:36 Konfiguration für den aktuellen Suchlauf: Job Name..............................: AVGuardAsyncScan Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_51ace696\guard_slideup.avp Protokollierung.......................: standard Primäre Aktion........................: interaktiv Sekundäre Aktion......................: quarantäne Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: aus Durchsuche aktive Programme...........: ein Durchsuche Registrierung..............: aus Suche nach Rootkits...................: aus Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: vollständig Beginn des Suchlaufs: Montag, 3. Juni 2013 21:02 Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'SearchFilterHost.exe' - '35' Modul(e) wurden durchsucht Durchsuche Prozess 'avscan.exe' - '94' Modul(e) wurden durchsucht Durchsuche Prozess 'avcenter.exe' - '81' Modul(e) wurden durchsucht Durchsuche Prozess 'wmiprvse.exe' - '53' Modul(e) wurden durchsucht Durchsuche Prozess 'mscorsvw.exe' - '31' Modul(e) wurden durchsucht Durchsuche Prozess 'firefox.exe' - '106' Modul(e) wurden durchsucht Durchsuche Prozess 'OTL.exe' - '61' Modul(e) wurden durchsucht Durchsuche Prozess 'SSUPDATE.EXE' - '63' Modul(e) wurden durchsucht Durchsuche Prozess 'vssvc.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '45' Modul(e) wurden durchsucht Durchsuche Prozess 'conime.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchProtocolHost.exe' - '56' Modul(e) wurden durchsucht Durchsuche Prozess 'ePowerEvent.exe' - '27' Modul(e) wurden durchsucht Durchsuche Prozess 'wmiprvse.exe' - '41' Modul(e) wurden durchsucht Durchsuche Prozess 'Skype.exe' - '118' Modul(e) wurden durchsucht Durchsuche Prozess 'unsecapp.exe' - '37' Modul(e) wurden durchsucht Durchsuche Prozess 'ehmsas.exe' - '31' Modul(e) wurden durchsucht Durchsuche Prozess 'sapisvr.exe' - '82' Modul(e) wurden durchsucht Durchsuche Prozess 'Apntex.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'ePowerTray.exe' - '56' Modul(e) wurden durchsucht Durchsuche Prozess 'SUPERANTISPYWARE.EXE' - '65' Modul(e) wurden durchsucht Durchsuche Prozess 'ehtray.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'jusched.exe' - '27' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '78' Modul(e) wurden durchsucht Durchsuche Prozess 'PMVService.exe' - '47' Modul(e) wurden durchsucht Durchsuche Prozess 'mwlDaemon.exe' - '100' Modul(e) wurden durchsucht Durchsuche Prozess 'HidFind.exe' - '32' Modul(e) wurden durchsucht Durchsuche Prozess 'EgisUpdate.exe' - '38' Modul(e) wurden durchsucht Durchsuche Prozess 'BackupManagerTray.exe' - '40' Modul(e) wurden durchsucht Durchsuche Prozess 'LManager.exe' - '55' Modul(e) wurden durchsucht Durchsuche Prozess 'ApMsgFwd.exe' - '31' Modul(e) wurden durchsucht Durchsuche Prozess 'taskeng.exe' - '85' Modul(e) wurden durchsucht Durchsuche Prozess 'taskeng.exe' - '53' Modul(e) wurden durchsucht Durchsuche Prozess 'RtkBtMnt.exe' - '35' Modul(e) wurden durchsucht Durchsuche Prozess 'Apoint.exe' - '41' Modul(e) wurden durchsucht Durchsuche Prozess 'PLFSetI.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'RtHDVCpl.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'BrowserDefender.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'AmIcoSinglun.exe' - '35' Modul(e) wurden durchsucht Durchsuche Prozess 'rundll32.exe' - '41' Modul(e) wurden durchsucht Durchsuche Prozess 'CLMLSvc.exe' - '48' Modul(e) wurden durchsucht Durchsuche Prozess 'ArcadeDeluxeAgent.exe' - '54' Modul(e) wurden durchsucht Durchsuche Prozess 'Explorer.EXE' - '157' Modul(e) wurden durchsucht Durchsuche Prozess 'Dwm.exe' - '45' Modul(e) wurden durchsucht Durchsuche Prozess 'mbamgui.exe' - '40' Modul(e) wurden durchsucht Durchsuche Prozess 'AVWEBGRD.EXE' - '59' Modul(e) wurden durchsucht Durchsuche Prozess 'avshadow.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchIndexer.exe' - '64' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '46' Modul(e) wurden durchsucht Durchsuche Prozess 'c2c_service.exe' - '38' Modul(e) wurden durchsucht Durchsuche Prozess 'RS_Service.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '47' Modul(e) wurden durchsucht Durchsuche Prozess 'SchedulerSvc.exe' - '44' Modul(e) wurden durchsucht Durchsuche Prozess 'IScheduleSvc.exe' - '66' Modul(e) wurden durchsucht Durchsuche Prozess 'MWLService.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'mbamservice.exe' - '46' Modul(e) wurden durchsucht Durchsuche Prozess 'mbamscheduler.exe' - '37' Modul(e) wurden durchsucht Durchsuche Prozess 'ePowerSvc.exe' - '60' Modul(e) wurden durchsucht Durchsuche Prozess 'CLHNService.exe' - '32' Modul(e) wurden durchsucht Durchsuche Prozess 'BrowserDefender.exe' - '34' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '78' Modul(e) wurden durchsucht Durchsuche Prozess 'agrsmsvc.exe' - '24' Modul(e) wurden durchsucht Durchsuche Prozess 'armsvc.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'SASCORE.EXE' - '22' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '63' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '53' Modul(e) wurden durchsucht Durchsuche Prozess 'rundll32.exe' - '47' Modul(e) wurden durchsucht Durchsuche Prozess 'spoolsv.exe' - '85' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '89' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '82' Modul(e) wurden durchsucht Durchsuche Prozess 'SLsvc.exe' - '23' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '44' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '153' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '117' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '70' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '47' Modul(e) wurden durchsucht Durchsuche Prozess 'nvvsvc.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '46' Modul(e) wurden durchsucht Durchsuche Prozess 'winlogon.exe' - '38' Modul(e) wurden durchsucht Durchsuche Prozess 'lsm.exe' - '31' Modul(e) wurden durchsucht Durchsuche Prozess 'lsass.exe' - '65' Modul(e) wurden durchsucht Durchsuche Prozess 'services.exe' - '47' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht Durchsuche Prozess 'wininit.exe' - '35' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\ProgramData\8of7t.js' C:\ProgramData\8of7t.js [FUND] Enthält Erkennungsmuster des Java-Scriptvirus JS/Agent.480412 Beginne mit der Desinfektion: C:\ProgramData\8of7t.js [FUND] Enthält Erkennungsmuster des Java-Scriptvirus JS/Agent.480412 [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5419470d.qua' verschoben! Ende des Suchlaufs: Montag, 3. Juni 2013 21:03 Benötigte Zeit: 00:10 Minute(n) Der Suchlauf wurde vollständig durchgeführt. 0 Verzeichnisse wurden überprüft 688 Dateien wurden geprüft 1 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 1 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 687 Dateien ohne Befall 3 Archive wurden durchsucht 0 Warnungen 1 Hinweise Die Suchergebnisse werden an den Guard übermittelt. |
03.06.2013, 20:37 | #20 |
/// the machine /// TB-Ausbilder | GVU-TrojanerFixen mit OTL
Code:
ATTFilter :files C:\ProgramData\8of7t.js
Downloade dir bitte Windows Repair (All In One) von hier.
und ein frisches FSS und OTL log.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
03.06.2013, 20:58 | #21 |
| GVU-Trojaner Fix mit OTL hat nicht funktioniert, evtl. weil Avira bereits in Qarantäne verschoben hatte !? Code:
ATTFilter ========== FILES ========== File\Folder C:\ProgramData\8of7t.js not found. OTL by OldTimer - Version 3.2.69.0 log created on 06032013_215722 |
03.06.2013, 20:59 | #22 |
/// the machine /// TB-Ausbilder | GVU-Trojaner Dann is auch gut
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
04.06.2013, 09:00 | #23 |
| GVU-Trojaner Moin. Weiter gehts Alle schritte durchgeführt. Hier das FSS: Code:
ATTFilter Farbar Service Scanner Version: 31-05-2013 01 Ran by Sonderman (administrator) on 04-06-2013 at 09:47:31 Running from "C:\Users\Sonderman\Downloads" Windows Vista (TM) Home Premium Service Pack 2 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. There is no connection to network. Attempt to access Google IP returned error. Attempt to access Google.com returned error: Other errors Attempt to access Yahoo IP returned error. Attempt to access Yahoo.com returned error: Other errors Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ Windows Update: ============ wuauserv Service is not running. Checking service configuration: The start type of wuauserv service is OK. The ImagePath of wuauserv service is OK. The ServiceDll of wuauserv service is OK. Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is OK. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\system32\nsisvc.dll => MD5 is legit C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit C:\Windows\system32\dhcpcsvc.dll => MD5 is legit C:\Windows\system32\Drivers\afd.sys => MD5 is legit C:\Windows\system32\Drivers\tdx.sys => MD5 is legit C:\Windows\system32\Drivers\tcpip.sys [2013-03-16 18:37] - [2013-01-04 13:28] - 0905576 ____A (Microsoft Corporation) 74E2D020C47BB2B2FCCBA29A518A7EB4 C:\Windows\system32\dnsrslvr.dll => MD5 is legit C:\Windows\system32\mpssvc.dll => MD5 is legit C:\Windows\system32\bfe.dll => MD5 is legit C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit C:\Windows\system32\SDRSVC.dll => MD5 is legit C:\Windows\system32\vssvc.exe => MD5 is legit C:\Windows\system32\wscsvc.dll => MD5 is legit C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\system32\wuaueng.dll => MD5 is legit C:\Windows\system32\qmgr.dll => MD5 is legit C:\Windows\system32\es.dll => MD5 is legit C:\Windows\system32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit **** End of log **** Code:
ATTFilter OTL logfile created on: 04.06.2013 09:47:58 - Run 5 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sonderman\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,64 Gb Available Physical Memory | 54,65% Memory free 6,18 Gb Paging File | 4,67 Gb Available in Paging File | 75,52% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 452,99 Gb Total Space | 312,70 Gb Free Space | 69,03% Space Free | Partition Type: NTFS Computer Name: SONDERMANLAPTOP | User Name: Sonderman | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Sonderman\Downloads\FSS.exe (Farbar) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\Sonderman\Downloads\OTL.exe (OldTimer Tools) PRC - C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe () PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com) PRC - C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com) PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Users\SONDER~1\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.) PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerTray.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerEvent.exe (Acer Incorporated) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Programme\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Programme\Apoint2K\Hidfind.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) PRC - C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) PRC - C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () PRC - C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) PRC - C:\Programme\EgisTec Egis Software Update\EgisUpdate.exe (EgisTec Inc.) PRC - C:\Programme\EgisTec\MyWinLocker 3\x86\MWLService.exe (EgisTec Inc.) PRC - C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (EgisTec Inc.) PRC - C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.) PRC - C:\Windows\PLFSetI.exe () PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe () MOD - c:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll () MOD - C:\Programme\NewTech Infosystems\Acer Backup Manager\sqlite3.dll () MOD - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll () MOD - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll () MOD - C:\Windows\PLFSetI.exe () MOD - C:\Programme\Launch Manager\PowerUtl.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) SRV - (BrowserDefendert) -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe () SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated) SRV - (NTI IScheduleSvc) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () SRV - (RS_Service) -- C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) SRV - (MWLService) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe () SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (int15) -- c:\Windows\system32\drivers\int15.sys File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (FPSensor) -- C:\Windows\System32\drivers\FPSensor.sys (Egis) DRV - (mwlPSDVDisk) -- C:\Windows\System32\drivers\mwlPSDVDisk.sys (Egis Incorporated.) DRV - (mwlPSDFilter) -- C:\Windows\System32\drivers\mwlPSDFilter.sys (Egis Incorporated.) DRV - (mwlPSDNServ) -- C:\Windows\System32\drivers\mwlPSDNserv.sys (Egis Incorporated.) DRV - (hidshim) -- C:\Windows\System32\drivers\hidshim.sys (Windows (R) Codename Longhorn DDK provider) DRV - (nuvotonhidgeneric) -- C:\Windows\System32\drivers\nuvotonhidgeneric.sys (Nuvoton Technology Corporation) DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Windows (R) Codename Longhorn DDK provider) DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia) DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Windows (R) Codename Longhorn DDK provider) DRV - (k57nd60x) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia) DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_7738 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_7738 IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.delta-search.com/?affID=119357&tt=gc_&babsrc=HP_ss&mntrId=A45C0022FA1F2928 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-search.com/?affID=119357&tt=gc_&babsrc=HP_ss&mntrId=A45C0022FA1F2928 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119357&tt=gc_&babsrc=SP_ss&mntrId=A45C0022FA1F2928 IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.order.1: "Delta Search" FF - prefs.js..browser.search.selectedEngine: "Delta Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.delta-search.com/?affID=119357&tt=gc_&babsrc=HP_ss&mntrId=A45C0022FA1F2928" FF - prefs.js..extensions.enabledAddons: %7B888d99e7-e8b5-46a3-851e-1ec45da1e644%7D:17.0.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:5.0.0 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.6.0.10 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.06.03 15:17:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.06.03 18:46:29 | 000,000,000 | ---D | M] [2009.11.03 21:02:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sonderman\AppData\Roaming\mozilla\Extensions [2013.06.03 18:40:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sonderman\AppData\Roaming\mozilla\Firefox\Profiles\91f59sou.default\extensions [2011.08.15 21:03:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sonderman\AppData\Roaming\mozilla\Firefox\Profiles\91f59sou.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013.06.03 18:40:29 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\Sonderman\AppData\Roaming\mozilla\Firefox\Profiles\91f59sou.default\extensions\ffxtlbr@delta.com [2013.03.18 19:18:55 | 000,030,502 | ---- | M] () (No name found) -- C:\Users\Sonderman\AppData\Roaming\mozilla\firefox\profiles\91f59sou.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2013.06.03 18:40:21 | 000,006,503 | ---- | M] () -- C:\Users\Sonderman\AppData\Roaming\mozilla\firefox\profiles\91f59sou.default\searchplugins\babylon.xml [2013.06.03 18:40:38 | 000,001,294 | ---- | M] () -- C:\Users\Sonderman\AppData\Roaming\mozilla\firefox\profiles\91f59sou.default\searchplugins\delta.xml [2012.02.05 15:57:48 | 000,000,950 | ---- | M] () -- C:\Users\Sonderman\AppData\Roaming\mozilla\firefox\profiles\91f59sou.default\searchplugins\icqplugin-4.xml [2012.11.12 20:13:41 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.03.16 23:58:09 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013.03.16 23:58:09 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.06.03 15:17:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions [2013.06.03 15:17:48 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2012.04.23 20:05:50 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Programme\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Programme\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com) O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated) O4 - HKLM..\Run: [AmIcoSinglun] C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (EgisTec Inc.) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [mwlDaemon] C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (EgisTec Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer) O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Sonderman\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.100.206 80.69.100.182 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41A1FAE7-3F78-47B1-A6B7-3E7108844ED5}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F70D14E-127E-459B-9EE1-874EB24B4020}: DhcpNameServer = 80.69.100.206 80.69.100.182 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O24 - Desktop WallPaper: C:\Users\Sonderman\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Sonderman\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{27a3b835-c3f2-11de-ad1f-001f16a3d226}\Shell - "" = AutoRun O33 - MountPoints2\{27a3b835-c3f2-11de-ad1f-001f16a3d226}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.06.03 22:33:23 | 000,000,000 | ---D | C] -- C:\RegBackup [2013.06.03 22:00:20 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE [2013.06.03 21:56:14 | 000,000,000 | ---D | C] -- C:\_OTL [2013.06.03 19:53:45 | 000,000,000 | ---D | C] -- C:\FRST [2013.06.03 19:10:42 | 000,000,000 | ---D | C] -- C:\Users\Sonderman\AppData\Local\Macromedia [2013.06.03 18:45:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2013.06.03 18:45:51 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2013.06.03 18:40:54 | 000,000,000 | ---D | C] -- C:\Users\Sonderman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender [2013.06.03 18:40:49 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserDefender [2013.06.03 18:40:32 | 000,000,000 | ---D | C] -- C:\Users\Sonderman\AppData\Roaming\BabSolution [2013.06.03 18:40:29 | 000,000,000 | ---D | C] -- C:\Program Files\Delta [2013.06.03 18:39:56 | 000,000,000 | ---D | C] -- C:\Users\Sonderman\AppData\Roaming\SumatraPDF [2013.06.03 18:38:47 | 000,692,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.06.03 18:38:47 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.06.03 18:38:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013.06.03 18:38:09 | 000,866,720 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2013.06.03 18:38:09 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013.06.03 18:37:56 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.06.03 18:37:56 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.06.03 18:37:56 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.06.03 18:37:45 | 000,000,000 | ---D | C] -- C:\Users\Sonderman\AppData\Roaming\Babylon [2013.06.03 18:37:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2013.06.03 18:37:42 | 000,000,000 | ---D | C] -- C:\Users\Sonderman\AppData\Roaming\DSite [2013.06.03 18:37:36 | 000,000,000 | ---D | C] -- C:\Program Files\PDFReader [2013.06.03 18:37:06 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013.06.03 18:29:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.06.03 18:25:40 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2013.06.03 16:46:51 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.06.03 16:34:04 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.06.03 16:34:03 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.06.03 16:34:03 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.06.03 16:34:03 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.06.03 16:34:02 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.06.03 16:34:01 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.06.03 16:34:00 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.06.03 13:00:01 | 003,603,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013.06.03 13:00:01 | 003,551,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013.06.03 13:00:01 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2013.06.03 13:00:00 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2013.06.03 12:59:55 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.06.03 12:59:53 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2013.06.03 12:37:39 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.06.03 12:34:29 | 000,000,000 | ---D | C] -- C:\JRT ========== Files - Modified Within 30 Days ========== [2013.06.04 09:52:50 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.06.04 09:52:50 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.06.04 09:52:50 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.06.04 09:52:50 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.06.04 09:46:08 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.04 09:45:07 | 000,223,275 | ---- | M] () -- C:\ProgramData\nvModes.001 [2013.06.04 09:45:07 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.04 09:45:07 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.04 09:45:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.04 09:44:55 | 3213,729,792 | -HS- | M] () -- C:\hiberfil.sys [2013.06.03 23:04:26 | 000,298,088 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.06.03 22:58:36 | 000,000,042 | ---- | M] () -- C:\repairs_running.dat [2013.06.03 22:58:23 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE [2013.06.03 22:37:00 | 000,000,300 | ---- | M] () -- C:\Windows\tasks\DSite.job [2013.06.03 22:34:04 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.03 22:14:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.03 20:47:35 | 000,007,592 | ---- | M] () -- C:\Users\Sonderman\AppData\Local\d3d9caps.dat [2013.06.03 18:46:29 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2013.06.03 18:38:47 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.06.03 18:38:47 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.06.03 18:37:23 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.06.03 18:37:17 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013.06.03 18:37:17 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.06.03 18:37:17 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.06.03 18:37:16 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2013.06.03 18:37:16 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2013.06.03 16:00:00 | 000,890,839 | ---- | M] () -- C:\Users\Sonderman\Desktop\SecurityCheck.exe [2013.06.03 15:26:33 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.06.03 12:05:43 | 000,223,275 | ---- | M] () -- C:\ProgramData\nvModes.dat [2013.05.05 21:12:55 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb ========== Files Created - No Company Name ========== [2013.06.03 22:34:44 | 000,000,042 | ---- | C] () -- C:\repairs_running.dat [2013.06.03 18:46:29 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2013.06.03 18:46:29 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2013.06.03 18:38:50 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.03 18:37:43 | 000,000,300 | ---- | C] () -- C:\Windows\tasks\DSite.job [2013.06.03 15:59:59 | 000,890,839 | ---- | C] () -- C:\Users\Sonderman\Desktop\SecurityCheck.exe [2013.06.03 12:05:43 | 000,223,275 | ---- | C] () -- C:\ProgramData\nvModes.dat [2013.06.02 21:36:20 | 3213,729,792 | -HS- | C] () -- C:\hiberfil.sys [2010.02.11 16:01:32 | 000,013,312 | ---- | C] () -- C:\Users\Sonderman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.01.21 20:51:41 | 000,007,592 | ---- | C] () -- C:\Users\Sonderman\AppData\Local\d3d9caps.dat [2009.07.27 18:13:55 | 000,223,275 | ---- | C] () -- C:\ProgramData\nvModes.001 ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "ThreadingModel" = Both "" = C:\Users\Sonderman\AppData\Local\{72c0cfa5-fb1a-ed57-c2bc-68af7ec2d004}\n. [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\Windows\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\Windows\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 169 bytes -> C:\ProgramData\Temp:A4AF8D0D @Alternate Data Stream - 168 bytes -> C:\ProgramData\Temp:F84B8DB5 @Alternate Data Stream - 159 bytes -> C:\ProgramData\Temp:A02025CE @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:1ECED34B @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E1982A23 @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:ABE89FFE @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:DCAF903C @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:CDFF58FE @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:798A3728 @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:CE0A077E @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:4F636E25 @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:9E22BBE8 @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:35759C73 @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:41099CE9 @Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:8750DCE4 @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:BB24555F @Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:131C0EE9 < End of report > Code:
ATTFilter OTL Extras logfile created on: 04.06.2013 09:47:58 - Run 5 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sonderman\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,64 Gb Available Physical Memory | 54,65% Memory free 6,18 Gb Paging File | 4,67 Gb Available in Paging File | 75,52% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 452,99 Gb Total Space | 312,70 Gb Free Space | 69,03% Space Free | Partition Type: NTFS Computer Name: SONDERMANLAPTOP | User Name: Sonderman | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{048EC4B1-7B9B-437D-ACD9-6F0C3128D682}" = rport=138 | protocol=17 | dir=out | app=system | "{11D27B1E-3D22-45A1-A792-C6484291267C}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | "{2B213D14-A65C-46B6-B066-6C1B7843C635}" = lport=138 | protocol=17 | dir=in | app=system | "{2E02E9DA-D954-4502-8331-E95B17684843}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{496CF423-FB8D-46B0-A63C-7B49312EC362}" = lport=137 | protocol=17 | dir=in | app=system | "{69FA9359-4FD6-4D79-94A4-4114EDA3DB7D}" = lport=139 | protocol=6 | dir=in | app=system | "{70CF4561-E1B3-4FBA-B14C-90523A30E461}" = rport=445 | protocol=6 | dir=out | app=system | "{99C2450F-E428-40FE-9DEC-9DC3729ED491}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{AE1EBFCD-3117-4EB4-BDCE-313F967BFDDE}" = rport=137 | protocol=17 | dir=out | app=system | "{BDF430FD-B21A-4D1C-885C-5555463D2AED}" = lport=445 | protocol=6 | dir=in | app=system | "{DA546AB9-3098-4805-A138-E77E85AD1612}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{EB066731-22CC-4520-803F-A34E50F4130C}" = lport=2869 | protocol=6 | dir=in | app=system | "{EF865607-324A-4F83-A40E-B1FA6DB570CE}" = rport=139 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{039E6E55-21B3-40BF-9336-E3B76A05589F}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe | "{0AD63CA4-E4FB-4FCB-9EE2-9E7B8D955EB7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{0B1DD347-DC33-413A-9BBE-7E63034E3C31}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe | "{13352222-CB9A-4F74-B0B2-1ED6BD48139B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{170A91A9-579E-4BD1-8F90-6D34FF225AE9}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe | "{328389CB-203D-4100-A554-F87D0FCD1467}" = protocol=17 | dir=in | app=e:\world of warcraft\launcher.exe | "{378B80E9-2A8D-4FD0-926A-D6677162BF5C}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe | "{4105454E-4FEB-4FF1-9EEC-4E5DC7FF9F37}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe | "{4402DD63-92A1-4298-B39C-DF3856A5C25E}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{44313369-55A3-4DAD-880E-2106C1031AB1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{4740E26C-5308-45C4-8205-60B66089AE2E}" = protocol=6 | dir=in | app=e:\world of warcraft\launcher.exe | "{565654F8-F40D-4390-93C6-8058E1ACD914}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{58CD69B3-14BF-4BB6-B220-D02DC923DC96}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe | "{590C0619-0518-4595-8DDF-19EF077A6A17}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{59D7ECC3-1D25-4D86-A5C5-E7571576410B}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{6E3A109D-AC1A-485F-800A-32582D09EFA8}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | "{6FFD73E5-A029-4EC2-AD3C-B7A38BF62F27}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{763F5E67-36E2-44FA-B037-B18A2F7547F6}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{84A6B385-7143-42FC-8CE0-893372F40F71}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{8D514C19-9B7F-4B3D-9039-760270250D49}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{AE4AF426-0752-41FE-A533-F7886DE302D8}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{B7CC9ED9-04F6-40D2-9775-C505A78792E2}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe | "{BEA626B6-140C-4DC4-AD06-572D004D03BF}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | "{C30B8662-FC5D-4C3C-BEF4-1EDCAF4A2790}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C8640299-448B-47D9-B1A3-F8D1DEE5C293}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe | "{D5D2C593-7C37-4852-8635-C9460666493D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{EC211817-D644-41AB-8B64-28143005B4D0}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe | "TCP Query User{F24961FB-F071-41BE-8C7F-86660C186474}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{8B802AD8-F2D5-4224-9056-B59E81D7EDF3}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI "{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}" = Nokia Connectivity Cable Driver "{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserDefender "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21 "{2FA28330-2028-4033-BD10-425C87EB4D54}" = Nokia Software Updater "{302E9B7B-2B6A-4C29-9A02-9F2110649779}" = Nuvoton EC Generic HID Driver "{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update "{4AE48A64-6C6A-4E5A-95FA-55F5131DECF9}" = Nokia Ovi One Touch Access "{4BA54459-7721-4FC4-B22C-E9A75CC89CCF}" = Titanic Mystery "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1 "{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI "{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI "{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail "{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion "{60356853-8141-8377-6786-288431479053}" = Jewel Empire-Hidden Secrets "{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works "{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI "{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker "{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie "{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files\Acer GameZone\GameConsole "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic "{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI "{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110184263}" = Puzzle Express "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11037623}" = Tradewinds 2 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111205743}" = Tri-Peaks Solitaire To Go "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111232687}" = Ocean Express "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113494430}" = Wedding Dash "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11551977}" = Parking Dash "{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call "{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger "{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI "{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver "{A4E0CA0F-1903-440A-9B98-FEA6CB049999}" = Nokia Flashing Cable Driver "{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch "{B5BCBD49-202F-4238-8398-D83D423A48B4}" = Windows Live Anmelde-Assistent "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI "{BF91B300-EEBC-4223-96F3-0FCBF7241B50}" = AmIcoSingLun "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI "{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration "{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Acer Screensaver" = Acer ScreenSaver "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Agere Systems Soft Modem" = Agere Systems HDA Modem "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17 "Avira AntiVir Desktop" = Avira Free Antivirus "BFG-Mystery Case Files - Dire Grove" = Mystery Case Files®: Dire Grove™ "CCleaner" = CCleaner "delta" = Delta toolbar "Delta Chrome Toolbar" = Delta Chrome Toolbar "ESET Online Scanner" = ESET Online Scanner v3 "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7 "GridVista" = Acer GridVista "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager "InstallShield_{BF91B300-EEBC-4223-96F3-0FCBF7241B50}" = AmIcoSingLun "InterActual Player" = InterActual Player "Jäger des Geisterhauses_is1" = Jäger des Geisterhauses "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de) "Natalie Brooks" = Natalie Brooks "Natalie Brooks 2" = Natalie Brooks 2 "Nokia Ovi One Touch Access" = Nokia Ovi One Touch Access 6.85.3011 "NVIDIA Drivers" = NVIDIA Drivers "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 1.0.5 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "YTdetect" = Yahoo! Detect ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "DSite" = Update for PDF Reader ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 03.06.2013 12:21:56 | Computer Name = SondermanLaptop | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung ePowerTray.exe, Version 4.1.3013.0, Zeitstempel 0x49e597c8, fehlerhaftes Modul ePowerTray.exe, Version 4.1.3013.0, Zeitstempel 0x49e597c8, Ausnahmecode 0xc0000005, Fehleroffset 0x00002cc0, Prozess-ID 0xb28, Anwendungsstartzeit 01ce60765d098ef0. Error - 03.06.2013 13:07:11 | Computer Name = SondermanLaptop | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung ePowerTray.exe, Version 4.1.3013.0, Zeitstempel 0x49e597c8, fehlerhaftes Modul ePowerTray.exe, Version 4.1.3013.0, Zeitstempel 0x49e597c8, Ausnahmecode 0xc0000005, Fehleroffset 0x00002cc0, Prozess-ID 0xdf0, Anwendungsstartzeit 01ce607cb0c6f110. Error - 03.06.2013 13:46:16 | Computer Name = SondermanLaptop | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung ePowerTray.exe, Version 4.1.3013.0, Zeitstempel 0x49e597c8, fehlerhaftes Modul ePowerTray.exe, Version 4.1.3013.0, Zeitstempel 0x49e597c8, Ausnahmecode 0xc0000005, Fehleroffset 0x00002cc0, Prozess-ID 0xaec, Anwendungsstartzeit 01ce608229c28732. Error - 03.06.2013 14:48:17 | Computer Name = SondermanLaptop | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung ePowerTray.exe, Version 4.1.3013.0, Zeitstempel 0x49e597c8, fehlerhaftes Modul ePowerTray.exe, Version 4.1.3013.0, Zeitstempel 0x49e597c8, Ausnahmecode 0xc0000005, Fehleroffset 0x00002cc0, Prozess-ID 0x6f4, Anwendungsstartzeit 01ce608ad4d61c3b. Error - 03.06.2013 14:56:04 | Computer Name = SondermanLaptop | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung ePowerTray.exe, Version 4.1.3013.0, Zeitstempel 0x49e597c8, fehlerhaftes Modul ePowerTray.exe, Version 4.1.3013.0, Zeitstempel 0x49e597c8, Ausnahmecode 0xc0000005, Fehleroffset 0x0000c0c6, Prozess-ID 0xf34, Anwendungsstartzeit 01ce608bf8dd5376. Error - 03.06.2013 16:08:29 | Computer Name = SondermanLaptop | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung ePowerTray.exe, Version 4.1.3013.0, Zeitstempel 0x49e597c8, fehlerhaftes Modul ePowerTray.exe, Version 4.1.3013.0, Zeitstempel 0x49e597c8, Ausnahmecode 0xc0000005, Fehleroffset 0x0000c0c6, Prozess-ID 0xe6c, Anwendungsstartzeit 01ce6096176f7d0a. Error - 03.06.2013 16:27:18 | Computer Name = SondermanLaptop | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung ePowerTray.exe, Version 4.1.3013.0, Zeitstempel 0x49e597c8, fehlerhaftes Modul ePowerTray.exe, Version 4.1.3013.0, Zeitstempel 0x49e597c8, Ausnahmecode 0xc0000005, Fehleroffset 0x0000c0c6, Prozess-ID 0xe48, Anwendungsstartzeit 01ce6098b5b6875f. Error - 03.06.2013 16:53:57 | Computer Name = SondermanLaptop | Source = WinMgmt | ID = 4 Description = Error - 03.06.2013 16:56:03 | Computer Name = SondermanLaptop | Source = WinMgmt | ID = 4 Description = Error - 04.06.2013 03:46:53 | Computer Name = SondermanLaptop | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung ePowerTray.exe, Version 4.1.3013.0, Zeitstempel 0x49e597c8, fehlerhaftes Modul ePowerTray.exe, Version 4.1.3013.0, Zeitstempel 0x49e597c8, Ausnahmecode 0xc0000005, Fehleroffset 0x0000c0c6, Prozess-ID 0xaec, Anwendungsstartzeit 01ce60f79260d0e8. [ System Events ] Error - 03.06.2013 16:08:26 | Computer Name = SondermanLaptop | Source = Service Control Manager | ID = 7000 Description = Error - 03.06.2013 16:08:26 | Computer Name = SondermanLaptop | Source = Service Control Manager | ID = 7000 Description = Error - 03.06.2013 16:27:14 | Computer Name = SondermanLaptop | Source = Service Control Manager | ID = 7000 Description = Error - 03.06.2013 16:27:14 | Computer Name = SondermanLaptop | Source = Service Control Manager | ID = 7000 Description = Error - 03.06.2013 17:04:18 | Computer Name = SondermanLaptop | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 03.06.2013 um 22:58:27 unerwartet heruntergefahren. Error - 03.06.2013 17:05:06 | Computer Name = SondermanLaptop | Source = Service Control Manager | ID = 7000 Description = Error - 03.06.2013 17:05:06 | Computer Name = SondermanLaptop | Source = Service Control Manager | ID = 7000 Description = Error - 04.06.2013 03:46:34 | Computer Name = SondermanLaptop | Source = Service Control Manager | ID = 7000 Description = Error - 04.06.2013 03:46:34 | Computer Name = SondermanLaptop | Source = Service Control Manager | ID = 7000 Description = Error - 04.06.2013 03:49:04 | Computer Name = SondermanLaptop | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease 192.168.1.102 für die Netzwerkkarte mit der Netzwerkadresse 0022FA1F2928 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). < End of report > |
04.06.2013, 09:34 | #24 |
/// the machine /// TB-Ausbilder | GVU-Trojaner Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
04.06.2013, 11:47 | #25 |
| GVU-Trojaner Hab nochmal die neueste Version von SUPERAntiSpyware laufen lassen.. ist fündig geworden. Kennst du das Programm? wenn ja, was hältst du von dem? Hier das Log: Code:
ATTFilter SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 06/04/2013 at 12:17 PM Application Version : 5.6.1020 Core Rules Database Version : 10481 Trace Rules Database Version: 8293 Scan type : Complete Scan Total Scan Time : 01:41:16 Operating System Information Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002) UAC On - Limited User (Administrator User) Memory items scanned : 736 Memory threats detected : 0 Registry items scanned : 37813 Registry threats detected : 30 File items scanned : 36245 File threats detected : 6 PUP.bProtector HKU\S-1-5-21-1949824788-1683066341-565755642-1000\Software\Microsoft\Internet Explorer\Main#bProtector Start Page [ hxxp://www.delta-search.com/?affID=119357&tt=gc_&babsrc=HP_ss&mntrId=A45C0022FA1F2928 ] HKU\S-1-5-21-1949824788-1683066341-565755642-1000\Software\Microsoft\Internet Explorer\SearchScopes#bProtectorDefaultScope [ {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} ] HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}#DisplayName HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}#UninstallString HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}#UninstalLinkPath HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}#Publisher HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}#URLInfoAbout HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}#HelpLink PUP.DeltaSearch HKLM\Software\Microsoft\Internet Explorer\Toolbar#{82E1477C-B154-48D3-9891-33D83C26BCD3} HKCR\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3} HKCR\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3} HKCR\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}#AppID HKCR\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}\InprocServer32 HKCR\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}\InprocServer32#ThreadingModel HKCR\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}\ProgID HKCR\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}\Programmable HKCR\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}\TypeLib HKCR\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}\VersionIndependentProgID HKCR\delta.deltadskBnd.1 HKCR\delta.deltadskBnd.1\CLSID HKCR\delta.deltadskBnd HKCR\delta.deltadskBnd\CLSID HKCR\delta.deltadskBnd\CurVer HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0 HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0\0 HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0\0\win32 HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0\FLAGS HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0\HELPDIR C:\PROGRAM FILES\DELTA\DELTA\1.8.21.5\DELTATLBR.DLL C:\PROGRAM FILES\DELTA\DELTA\1.8.21.5\BH\DELTA.DLL C:\PROGRAM FILES\DELTA\DELTA\1.8.21.5\DELTAAPP.DLL C:\PROGRAM FILES\DELTA\DELTA\1.8.21.5\DELTASRV.EXE Trojan.Agent/Gen-Kryptik C:\FRST\QUARANTINE\T7FO8.DAT C:\USERS\SONDERMAN\APPDATA\LOCAL\TEMP\WPBT0.DLL Hab jetzt mal noch Avira deinstalliert und Avast heruntergeladen. Avast Scan läuft noch. Ansonsten keine Probleme, läuft alles normal auf dem Rechner Ahh ich seh grad, Superantispyware es wurde in meinem Beitrag automatisch verlinkt, ihr habt das also auch im Angebot hier Wie soll ich weiter machen? Hab Malewarebytes noch durchlaufen lassen, hoffe das ist ok!? Hier das Log: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.06.03.06 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Sonderman :: SONDERMANLAPTOP [Administrator] 04.06.2013 10:38:27 mbam-log-2013-06-04 (10-38-27).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 340277 Laufzeit: 2 Stunde(n), 43 Minute(n), 38 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Daten: C:\Users\Sonderman\AppData\Local\{72c0cfa5-fb1a-ed57-c2bc-68af7ec2d004}\n. -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\Users\Sonderman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 3 C:\FRST\Quarantine\t7fo8.dat (Trojan.Agent.NR) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sonderman\AppData\Local\Temp\wpbt0.dll (Trojan.Agent.NR) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sonderman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
04.06.2013, 12:52 | #26 |
/// the machine /// TB-Ausbilder | GVU-Trojaner Funde löschen lassen von MBAM, reboot und neuer Quickscan bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
04.06.2013, 13:18 | #27 |
| GVU-Trojaner irgendwas ist hier noch faul. nach dem Reboot, fährt er nun windows hoch. Er lädt nach der Anmeldung ziemlich lange. Dann erscheint irgendeine meldung (ging so schnell ich hab es nicht erkannt) und er fäht (ziemlich schnell) runter, wie wenn man energiesparen drückt. 2. versuch des hochfahrens. Windows geladen. Ich starte MBAM, Quicksan. Während des quickscans fährt die kiste wieder runter von allein. beim 3. versuch das gleiche... ich schreibe jetzt wieder über meinen zweitrechner... Achja, mir ist noch aufgefallen, dass nach dem ersten Neustart die Desktop Icons kleiner geworden sind, im Vergleich zu vorher So, irgendwie hat es beim 4. versuch hingehauen. normal gebootet, nicht unerwartet runtergefahren und MBAM ist durchgekommen im Quckscan: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.06.03.06 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Sonderman :: SONDERMANLAPTOP [Administrator] 04.06.2013 14:36:29 mbam-log-2013-06-04 (14-36-29).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 201012 Laufzeit: 5 Minute(n), 39 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
04.06.2013, 14:32 | #28 |
/// the machine /// TB-Ausbilder | GVU-Trojaner Komisch, bitte öffne OTL, setze bei Extra Registrierung den Haken bei Benutze Safe List und drück Scan, poste bitte beide Logfiles.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
04.06.2013, 15:14 | #29 |
| GVU-Trojaner Ok hier die Logs: Code:
ATTFilter OTL logfile created on: 04.06.2013 15:51:39 - Run 6 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sonderman\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 56,23% Memory free 6,19 Gb Paging File | 4,82 Gb Available in Paging File | 77,85% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 452,99 Gb Total Space | 311,45 Gb Free Space | 68,75% Space Free | Partition Type: NTFS Computer Name: SONDERMANLAPTOP | User Name: Sonderman | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com) PRC - C:\Users\Sonderman\Downloads\OTL.exe (OldTimer Tools) PRC - C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe () PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Programme\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com) PRC - C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Programme\Adobe\Reader 10.0\Reader\reader_sl.exe (Adobe Systems Incorporated) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Users\SONDER~1\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.) PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerTray.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerEvent.exe (Acer Incorporated) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Programme\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Programme\Apoint2K\Hidfind.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) PRC - C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) PRC - C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () PRC - C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) PRC - C:\Programme\EgisTec Egis Software Update\EgisUpdate.exe (EgisTec Inc.) PRC - C:\Programme\EgisTec\MyWinLocker 3\x86\MWLService.exe (EgisTec Inc.) PRC - C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (EgisTec Inc.) PRC - C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.) PRC - C:\Windows\PLFSetI.exe () PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe () MOD - c:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll () MOD - C:\Programme\NewTech Infosystems\Acer Backup Manager\sqlite3.dll () MOD - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll () MOD - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll () MOD - C:\Windows\PLFSetI.exe () MOD - C:\Programme\Launch Manager\PowerUtl.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (BrowserDefendert) -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe () SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated) SRV - (NTI IScheduleSvc) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () SRV - (RS_Service) -- C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) SRV - (MWLService) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe () SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (int15) -- c:\Windows\system32\drivers\int15.sys File not found DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswVmm) -- C:\Windows\System32\drivers\aswVmm.sys () DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswRvrt) -- C:\Windows\System32\drivers\aswRvrt.sys () DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software) DRV - (AswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software) DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (FPSensor) -- C:\Windows\System32\drivers\FPSensor.sys (Egis) DRV - (mwlPSDVDisk) -- C:\Windows\System32\drivers\mwlPSDVDisk.sys (Egis Incorporated.) DRV - (mwlPSDFilter) -- C:\Windows\System32\drivers\mwlPSDFilter.sys (Egis Incorporated.) DRV - (mwlPSDNServ) -- C:\Windows\System32\drivers\mwlPSDNserv.sys (Egis Incorporated.) DRV - (hidshim) -- C:\Windows\System32\drivers\hidshim.sys (Windows (R) Codename Longhorn DDK provider) DRV - (nuvotonhidgeneric) -- C:\Windows\System32\drivers\nuvotonhidgeneric.sys (Nuvoton Technology Corporation) DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Windows (R) Codename Longhorn DDK provider) DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia) DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Windows (R) Codename Longhorn DDK provider) DRV - (k57nd60x) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia) DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_7738 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_7738 IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-search.com/?affID=119357&tt=gc_&babsrc=HP_ss&mntrId=A45C0022FA1F2928 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119357&tt=gc_&babsrc=SP_ss&mntrId=A45C0022FA1F2928 IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.order.1: "Delta Search" FF - prefs.js..browser.search.selectedEngine: "Delta Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.delta-search.com/?affID=119357&tt=gc_&babsrc=HP_ss&mntrId=A45C0022FA1F2928" FF - prefs.js..extensions.enabledAddons: %7B888d99e7-e8b5-46a3-851e-1ec45da1e644%7D:17.0.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:5.0.0 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.6.0.10 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.06.04 10:29:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.06.03 15:17:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.06.03 18:46:29 | 000,000,000 | ---D | M] [2009.11.03 21:02:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sonderman\AppData\Roaming\mozilla\Extensions [2013.06.03 18:40:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sonderman\AppData\Roaming\mozilla\Firefox\Profiles\91f59sou.default\extensions [2011.08.15 21:03:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sonderman\AppData\Roaming\mozilla\Firefox\Profiles\91f59sou.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013.06.03 18:40:29 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\Sonderman\AppData\Roaming\mozilla\Firefox\Profiles\91f59sou.default\extensions\ffxtlbr@delta.com [2013.03.18 19:18:55 | 000,030,502 | ---- | M] () (No name found) -- C:\Users\Sonderman\AppData\Roaming\mozilla\firefox\profiles\91f59sou.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2013.06.03 18:40:21 | 000,006,503 | ---- | M] () -- C:\Users\Sonderman\AppData\Roaming\mozilla\firefox\profiles\91f59sou.default\searchplugins\babylon.xml [2013.06.03 18:40:38 | 000,001,294 | ---- | M] () -- C:\Users\Sonderman\AppData\Roaming\mozilla\firefox\profiles\91f59sou.default\searchplugins\delta.xml [2012.02.05 15:57:48 | 000,000,950 | ---- | M] () -- C:\Users\Sonderman\AppData\Roaming\mozilla\firefox\profiles\91f59sou.default\searchplugins\icqplugin-4.xml [2012.11.12 20:13:41 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.03.16 23:58:09 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013.03.16 23:58:09 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.06.03 15:17:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions [2013.06.03 15:17:48 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2012.04.23 20:05:50 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.21.5\bh\delta.dll File not found O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated) O4 - HKLM..\Run: [AmIcoSinglun] C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (EgisTec Inc.) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [mwlDaemon] C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (EgisTec Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer) O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Sonderman\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.100.206 80.69.100.182 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41A1FAE7-3F78-47B1-A6B7-3E7108844ED5}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F70D14E-127E-459B-9EE1-874EB24B4020}: DhcpNameServer = 80.69.100.206 80.69.100.182 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O24 - Desktop WallPaper: C:\Users\Sonderman\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Sonderman\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{27a3b835-c3f2-11de-ad1f-001f16a3d226}\Shell - "" = AutoRun O33 - MountPoints2\{27a3b835-c3f2-11de-ad1f-001f16a3d226}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.06.04 10:30:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2013.06.04 10:30:14 | 000,368,944 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2013.06.04 10:30:14 | 000,029,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2013.06.04 10:30:11 | 000,049,760 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys [2013.06.04 10:30:10 | 000,056,080 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2013.06.04 10:30:09 | 000,765,736 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2013.06.04 10:30:04 | 000,229,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2013.06.04 10:30:04 | 000,066,336 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2013.06.04 10:28:23 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2013.06.04 10:27:45 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2013.06.04 10:25:56 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2013.06.03 22:33:23 | 000,000,000 | ---D | C] -- C:\RegBackup [2013.06.03 22:00:20 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE [2013.06.03 21:56:14 | 000,000,000 | ---D | C] -- C:\_OTL [2013.06.03 19:53:45 | 000,000,000 | ---D | C] -- C:\FRST [2013.06.03 19:10:42 | 000,000,000 | ---D | C] -- C:\Users\Sonderman\AppData\Local\Macromedia [2013.06.03 18:45:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2013.06.03 18:45:51 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2013.06.03 18:40:54 | 000,000,000 | ---D | C] -- C:\Users\Sonderman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender [2013.06.03 18:40:49 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserDefender [2013.06.03 18:40:32 | 000,000,000 | ---D | C] -- C:\Users\Sonderman\AppData\Roaming\BabSolution [2013.06.03 18:40:29 | 000,000,000 | ---D | C] -- C:\Program Files\Delta [2013.06.03 18:39:56 | 000,000,000 | ---D | C] -- C:\Users\Sonderman\AppData\Roaming\SumatraPDF [2013.06.03 18:38:47 | 000,692,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.06.03 18:38:47 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.06.03 18:38:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013.06.03 18:38:09 | 000,866,720 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2013.06.03 18:38:09 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013.06.03 18:37:56 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.06.03 18:37:56 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.06.03 18:37:56 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.06.03 18:37:45 | 000,000,000 | ---D | C] -- C:\Users\Sonderman\AppData\Roaming\Babylon [2013.06.03 18:37:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2013.06.03 18:37:42 | 000,000,000 | ---D | C] -- C:\Users\Sonderman\AppData\Roaming\DSite [2013.06.03 18:37:36 | 000,000,000 | ---D | C] -- C:\Program Files\PDFReader [2013.06.03 18:37:06 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013.06.03 18:25:40 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2013.06.03 16:46:51 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.06.03 16:34:04 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.06.03 16:34:03 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.06.03 16:34:03 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.06.03 16:34:03 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.06.03 16:34:02 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.06.03 16:34:01 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.06.03 16:34:00 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.06.03 13:00:01 | 003,603,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013.06.03 13:00:01 | 003,551,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013.06.03 13:00:01 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2013.06.03 13:00:00 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2013.06.03 12:59:55 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.06.03 12:59:53 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2013.06.03 12:37:39 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.06.03 12:34:29 | 000,000,000 | ---D | C] -- C:\JRT ========== Files - Modified Within 30 Days ========== [2013.06.04 15:56:04 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.06.04 15:56:04 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.06.04 15:56:04 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.06.04 15:56:04 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.06.04 15:49:42 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.04 15:49:22 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.04 15:49:21 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.04 15:49:19 | 000,223,275 | ---- | M] () -- C:\ProgramData\nvModes.001 [2013.06.04 15:49:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.04 15:49:09 | 3215,814,656 | -HS- | M] () -- C:\hiberfil.sys [2013.06.04 14:37:00 | 000,000,300 | ---- | M] () -- C:\Windows\tasks\DSite.job [2013.06.04 14:34:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.04 14:14:25 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.04 10:30:15 | 000,001,833 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013.06.04 10:30:04 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2013.06.03 23:04:26 | 000,298,088 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.06.03 22:58:36 | 000,000,042 | ---- | M] () -- C:\repairs_running.dat [2013.06.03 22:58:23 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE [2013.06.03 20:47:35 | 000,007,592 | ---- | M] () -- C:\Users\Sonderman\AppData\Local\d3d9caps.dat [2013.06.03 18:46:29 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2013.06.03 18:38:47 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.06.03 18:38:47 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.06.03 18:37:23 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.06.03 18:37:17 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013.06.03 18:37:17 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.06.03 18:37:17 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.06.03 18:37:16 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2013.06.03 18:37:16 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2013.06.03 16:00:00 | 000,890,839 | ---- | M] () -- C:\Users\Sonderman\Desktop\SecurityCheck.exe [2013.06.03 15:26:33 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.06.03 12:05:43 | 000,223,275 | ---- | M] () -- C:\ProgramData\nvModes.dat [2013.05.09 10:59:10 | 000,765,736 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2013.05.09 10:59:10 | 000,368,944 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2013.05.09 10:59:10 | 000,174,664 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys [2013.05.09 10:59:10 | 000,056,080 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2013.05.09 10:59:10 | 000,049,376 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys [2013.05.09 10:59:09 | 000,066,336 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2013.05.09 10:59:09 | 000,049,760 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys [2013.05.09 10:59:08 | 000,029,816 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2013.05.09 10:58:37 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2013.05.09 10:58:28 | 000,229,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2013.05.05 21:12:55 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb ========== Files Created - No Company Name ========== [2013.06.04 10:30:15 | 000,001,833 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013.06.04 10:30:08 | 000,174,664 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys [2013.06.04 10:30:07 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys [2013.06.03 22:34:44 | 000,000,042 | ---- | C] () -- C:\repairs_running.dat [2013.06.03 18:46:29 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2013.06.03 18:46:29 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2013.06.03 18:38:50 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.03 18:37:43 | 000,000,300 | ---- | C] () -- C:\Windows\tasks\DSite.job [2013.06.03 15:59:59 | 000,890,839 | ---- | C] () -- C:\Users\Sonderman\Desktop\SecurityCheck.exe [2013.06.03 12:05:43 | 000,223,275 | ---- | C] () -- C:\ProgramData\nvModes.dat [2013.06.02 21:36:20 | 3215,814,656 | -HS- | C] () -- C:\hiberfil.sys [2010.02.11 16:01:32 | 000,013,312 | ---- | C] () -- C:\Users\Sonderman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.01.21 20:51:41 | 000,007,592 | ---- | C] () -- C:\Users\Sonderman\AppData\Local\d3d9caps.dat [2009.07.27 18:13:55 | 000,223,275 | ---- | C] () -- C:\ProgramData\nvModes.001 ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\Windows\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\Windows\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 169 bytes -> C:\ProgramData\Temp:A4AF8D0D @Alternate Data Stream - 168 bytes -> C:\ProgramData\Temp:F84B8DB5 @Alternate Data Stream - 159 bytes -> C:\ProgramData\Temp:A02025CE @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:1ECED34B @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E1982A23 @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:ABE89FFE @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:DCAF903C @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:CDFF58FE @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:798A3728 @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:CE0A077E @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:4F636E25 @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:9E22BBE8 @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:35759C73 @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:41099CE9 @Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:8750DCE4 @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:BB24555F @Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:131C0EE9 < End of report > Code:
ATTFilter OTL Extras logfile created on: 04.06.2013 15:51:39 - Run 6 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sonderman\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 56,23% Memory free 6,19 Gb Paging File | 4,82 Gb Available in Paging File | 77,85% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 452,99 Gb Total Space | 311,45 Gb Free Space | 68,75% Space Free | Partition Type: NTFS Computer Name: SONDERMANLAPTOP | User Name: Sonderman | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{048EC4B1-7B9B-437D-ACD9-6F0C3128D682}" = rport=138 | protocol=17 | dir=out | app=system | "{11D27B1E-3D22-45A1-A792-C6484291267C}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | "{2B213D14-A65C-46B6-B066-6C1B7843C635}" = lport=138 | protocol=17 | dir=in | app=system | "{2E02E9DA-D954-4502-8331-E95B17684843}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{496CF423-FB8D-46B0-A63C-7B49312EC362}" = lport=137 | protocol=17 | dir=in | app=system | "{69FA9359-4FD6-4D79-94A4-4114EDA3DB7D}" = lport=139 | protocol=6 | dir=in | app=system | "{70CF4561-E1B3-4FBA-B14C-90523A30E461}" = rport=445 | protocol=6 | dir=out | app=system | "{99C2450F-E428-40FE-9DEC-9DC3729ED491}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{AE1EBFCD-3117-4EB4-BDCE-313F967BFDDE}" = rport=137 | protocol=17 | dir=out | app=system | "{BDF430FD-B21A-4D1C-885C-5555463D2AED}" = lport=445 | protocol=6 | dir=in | app=system | "{DA546AB9-3098-4805-A138-E77E85AD1612}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{EB066731-22CC-4520-803F-A34E50F4130C}" = lport=2869 | protocol=6 | dir=in | app=system | "{EF865607-324A-4F83-A40E-B1FA6DB570CE}" = rport=139 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{039E6E55-21B3-40BF-9336-E3B76A05589F}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe | "{0AD63CA4-E4FB-4FCB-9EE2-9E7B8D955EB7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{0B1DD347-DC33-413A-9BBE-7E63034E3C31}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe | "{13352222-CB9A-4F74-B0B2-1ED6BD48139B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{170A91A9-579E-4BD1-8F90-6D34FF225AE9}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe | "{328389CB-203D-4100-A554-F87D0FCD1467}" = protocol=17 | dir=in | app=e:\world of warcraft\launcher.exe | "{378B80E9-2A8D-4FD0-926A-D6677162BF5C}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe | "{4105454E-4FEB-4FF1-9EEC-4E5DC7FF9F37}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe | "{4402DD63-92A1-4298-B39C-DF3856A5C25E}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{44313369-55A3-4DAD-880E-2106C1031AB1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{4740E26C-5308-45C4-8205-60B66089AE2E}" = protocol=6 | dir=in | app=e:\world of warcraft\launcher.exe | "{565654F8-F40D-4390-93C6-8058E1ACD914}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{58CD69B3-14BF-4BB6-B220-D02DC923DC96}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe | "{590C0619-0518-4595-8DDF-19EF077A6A17}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{59D7ECC3-1D25-4D86-A5C5-E7571576410B}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{6E3A109D-AC1A-485F-800A-32582D09EFA8}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | "{6FFD73E5-A029-4EC2-AD3C-B7A38BF62F27}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{763F5E67-36E2-44FA-B037-B18A2F7547F6}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{84A6B385-7143-42FC-8CE0-893372F40F71}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{8D514C19-9B7F-4B3D-9039-760270250D49}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{AE4AF426-0752-41FE-A533-F7886DE302D8}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{B7CC9ED9-04F6-40D2-9775-C505A78792E2}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe | "{BEA626B6-140C-4DC4-AD06-572D004D03BF}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | "{C30B8662-FC5D-4C3C-BEF4-1EDCAF4A2790}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C8640299-448B-47D9-B1A3-F8D1DEE5C293}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe | "{D5D2C593-7C37-4852-8635-C9460666493D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{EC211817-D644-41AB-8B64-28143005B4D0}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe | "TCP Query User{F24961FB-F071-41BE-8C7F-86660C186474}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{8B802AD8-F2D5-4224-9056-B59E81D7EDF3}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI "{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}" = Nokia Connectivity Cable Driver "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21 "{2FA28330-2028-4033-BD10-425C87EB4D54}" = Nokia Software Updater "{302E9B7B-2B6A-4C29-9A02-9F2110649779}" = Nuvoton EC Generic HID Driver "{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update "{4AE48A64-6C6A-4E5A-95FA-55F5131DECF9}" = Nokia Ovi One Touch Access "{4BA54459-7721-4FC4-B22C-E9A75CC89CCF}" = Titanic Mystery "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1 "{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI "{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI "{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail "{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion "{60356853-8141-8377-6786-288431479053}" = Jewel Empire-Hidden Secrets "{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works "{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI "{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker "{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie "{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files\Acer GameZone\GameConsole "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic "{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI "{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110184263}" = Puzzle Express "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11037623}" = Tradewinds 2 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111205743}" = Tri-Peaks Solitaire To Go "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111232687}" = Ocean Express "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113494430}" = Wedding Dash "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11551977}" = Parking Dash "{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call "{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger "{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI "{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver "{A4E0CA0F-1903-440A-9B98-FEA6CB049999}" = Nokia Flashing Cable Driver "{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch "{B5BCBD49-202F-4238-8398-D83D423A48B4}" = Windows Live Anmelde-Assistent "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI "{BF91B300-EEBC-4223-96F3-0FCBF7241B50}" = AmIcoSingLun "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI "{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration "{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Acer Screensaver" = Acer ScreenSaver "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Agere Systems Soft Modem" = Agere Systems HDA Modem "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17 "avast" = avast! Free Antivirus "BFG-Mystery Case Files - Dire Grove" = Mystery Case Files®: Dire Grove™ "CCleaner" = CCleaner "delta" = Delta toolbar "Delta Chrome Toolbar" = Delta Chrome Toolbar "ESET Online Scanner" = ESET Online Scanner v3 "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7 "GridVista" = Acer GridVista "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager "InstallShield_{BF91B300-EEBC-4223-96F3-0FCBF7241B50}" = AmIcoSingLun "InterActual Player" = InterActual Player "Jäger des Geisterhauses_is1" = Jäger des Geisterhauses "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de) "Natalie Brooks" = Natalie Brooks "Natalie Brooks 2" = Natalie Brooks 2 "Nokia Ovi One Touch Access" = Nokia Ovi One Touch Access 6.85.3011 "NVIDIA Drivers" = NVIDIA Drivers "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 1.0.5 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "YTdetect" = Yahoo! Detect ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "DSite" = Update for PDF Reader ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 03.06.2013 16:08:29 | Computer Name = SondermanLaptop | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung ePowerTray.exe, Version 4.1.3013.0, Zeitstempel 0x49e597c8, fehlerhaftes Modul ePowerTray.exe, Version 4.1.3013.0, Zeitstempel 0x49e597c8, Ausnahmecode 0xc0000005, Fehleroffset 0x0000c0c6, Prozess-ID 0xe6c, Anwendungsstartzeit 01ce6096176f7d0a. Error - 03.06.2013 16:27:18 | Computer Name = SondermanLaptop | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung ePowerTray.exe, Version 4.1.3013.0, Zeitstempel 0x49e597c8, fehlerhaftes Modul ePowerTray.exe, Version 4.1.3013.0, Zeitstempel 0x49e597c8, Ausnahmecode 0xc0000005, Fehleroffset 0x0000c0c6, Prozess-ID 0xe48, Anwendungsstartzeit 01ce6098b5b6875f. Error - 03.06.2013 16:53:57 | Computer Name = SondermanLaptop | Source = WinMgmt | ID = 4 Description = Error - 03.06.2013 16:56:03 | Computer Name = SondermanLaptop | Source = WinMgmt | ID = 4 Description = Error - 04.06.2013 03:46:53 | Computer Name = SondermanLaptop | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung ePowerTray.exe, Version 4.1.3013.0, Zeitstempel 0x49e597c8, fehlerhaftes Modul ePowerTray.exe, Version 4.1.3013.0, Zeitstempel 0x49e597c8, Ausnahmecode 0xc0000005, Fehleroffset 0x0000c0c6, Prozess-ID 0xaec, Anwendungsstartzeit 01ce60f79260d0e8. Error - 04.06.2013 04:24:37 | Computer Name = SondermanLaptop | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung ePowerTray.exe, Version 4.1.3013.0, Zeitstempel 0x49e597c8, fehlerhaftes Modul ePowerTray.exe, Version 4.1.3013.0, Zeitstempel 0x49e597c8, Ausnahmecode 0xc0000005, Fehleroffset 0x0000c0c6, Prozess-ID 0xe5c, Anwendungsstartzeit 01ce60fcf0cad9db. Error - 04.06.2013 08:07:58 | Computer Name = SondermanLaptop | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung ePowerTray.exe, Version 4.1.3013.0, Zeitstempel 0x49e597c8, fehlerhaftes Modul ePowerTray.exe, Version 4.1.3013.0, Zeitstempel 0x49e597c8, Ausnahmecode 0xc0000005, Fehleroffset 0x0000c0c6, Prozess-ID 0xe88, Anwendungsstartzeit 01ce611c01b6a27b. Error - 04.06.2013 08:14:12 | Computer Name = SondermanLaptop | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung ePowerTray.exe, Version 4.1.3013.0, Zeitstempel 0x49e597c8, fehlerhaftes Modul ePowerTray.exe, Version 4.1.3013.0, Zeitstempel 0x49e597c8, Ausnahmecode 0xc0000005, Fehleroffset 0x0000c0c6, Prozess-ID 0x688, Anwendungsstartzeit 01ce611ce11e77b4. Error - 04.06.2013 08:33:43 | Computer Name = SondermanLaptop | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung ePowerTray.exe, Version 4.1.3013.0, Zeitstempel 0x49e597c8, fehlerhaftes Modul ePowerTray.exe, Version 4.1.3013.0, Zeitstempel 0x49e597c8, Ausnahmecode 0xc0000005, Fehleroffset 0x0000c0c6, Prozess-ID 0xfcc, Anwendungsstartzeit 01ce611fa801ed11. Error - 04.06.2013 09:50:10 | Computer Name = SondermanLaptop | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung ePowerTray.exe, Version 4.1.3013.0, Zeitstempel 0x49e597c8, fehlerhaftes Modul ePowerTray.exe, Version 4.1.3013.0, Zeitstempel 0x49e597c8, Ausnahmecode 0xc0000005, Fehleroffset 0x0000c0c6, Prozess-ID 0xce0, Anwendungsstartzeit 01ce612a6a99fb9b. [ System Events ] Error - 04.06.2013 08:06:52 | Computer Name = SondermanLaptop | Source = Service Control Manager | ID = 7000 Description = Error - 04.06.2013 08:10:08 | Computer Name = SondermanLaptop | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 04.06.2013 um 14:08:18 unerwartet heruntergefahren. Error - 04.06.2013 08:12:02 | Computer Name = SondermanLaptop | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 04.06.2013 um 14:10:08 unerwartet heruntergefahren. Error - 04.06.2013 08:13:41 | Computer Name = SondermanLaptop | Source = Service Control Manager | ID = 7000 Description = Error - 04.06.2013 08:13:41 | Computer Name = SondermanLaptop | Source = Service Control Manager | ID = 7000 Description = Error - 04.06.2013 08:31:10 | Computer Name = SondermanLaptop | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 04.06.2013 um 14:16:02 unerwartet heruntergefahren. Error - 04.06.2013 08:32:44 | Computer Name = SondermanLaptop | Source = Service Control Manager | ID = 7000 Description = Error - 04.06.2013 08:32:44 | Computer Name = SondermanLaptop | Source = Service Control Manager | ID = 7000 Description = Error - 04.06.2013 09:50:07 | Computer Name = SondermanLaptop | Source = Service Control Manager | ID = 7000 Description = Error - 04.06.2013 09:50:07 | Computer Name = SondermanLaptop | Source = Service Control Manager | ID = 7000 Description = < End of report > |
04.06.2013, 17:15 | #30 |
/// the machine /// TB-Ausbilder | GVU-Trojaner Hi, Fixen mit OTL
Code:
ATTFilter :OTL IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-search.com/?affID=119357&tt=gc_&babsrc=HP_ss&mntrId=A45C0022FA1F2928 FF - prefs.js..browser.search.order.1: "Delta Search" FF - prefs.js..browser.search.selectedEngine: "Delta Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.delta-search.com/?affID=119357&tt=gc_&babsrc=HP_ss&mntrId=A45C0022FA1F2928" [2013.06.03 18:40:29 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\Sonderman\AppData\Roaming\mozilla\Firefox\Profiles\91f59sou.default\extensions\ffxtlbr@delta.com O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.21.5\bh\delta.dll File not found [2013.06.03 18:40:54 | 000,000,000 | ---D | C] -- C:\Users\Sonderman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender [2013.06.03 18:40:49 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserDefender [2013.06.03 18:40:32 | 000,000,000 | ---D | C] -- C:\Users\Sonderman\AppData\Roaming\BabSolution [2013.06.03 18:40:29 | 000,000,000 | ---D | C] -- C:\Program Files\Delta [2013.06.03 18:37:45 | 000,000,000 | ---D | C] -- C:\Users\Sonderman\AppData\Roaming\Babylon [2013.06.03 18:37:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2013.06.03 12:05:43 | 000,223,275 | ---- | M] () -- C:\ProgramData\nvModes.dat [2009.07.27 18:13:55 | 000,223,275 | ---- | C] () -- C:\ProgramData\nvModes.001 @Alternate Data Stream - 169 bytes -> C:\ProgramData\Temp:A4AF8D0D @Alternate Data Stream - 168 bytes -> C:\ProgramData\Temp:F84B8DB5 @Alternate Data Stream - 159 bytes -> C:\ProgramData\Temp:A02025CE @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:1ECED34B @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E1982A23 @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:ABE89FFE @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:DCAF903C @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:CDFF58FE @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:798A3728 @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:CE0A077E @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:4F636E25 @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:9E22BBE8 @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:35759C73 @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:41099CE9 @Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:8750DCE4 @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:BB24555F @Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:131C0EE9 :Commands [emptytemp]
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |