| |
| |||||||
Log-Analyse und Auswertung: Virus im Ordner Windows/system32/drivers - Hijackthis logfileWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
17.06.2010, 15:19
| #1 |
 |  Virus im Ordner Windows/system32/drivers - Hijackthis logfile Hallo, ich habe auf meinem Computer (Windows Vista) einen Virus den ich nicht löschen kann. Ich wollte den Computer neu aufsetzen aber leider habe ich keine Windows Vista CD sondern nur eine XP CD. Leider habe ich auch keinen Wiederherstellungspunkt... bitte um hilfe! lg g HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:13:06, on 17.06.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18904) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Acer\Empowering Technology\SysMonitor.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Windows\System32\rundll32.exe C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\NETGEAR\WN111\wn111.exe C:\Program Files\NETGEAR\WN111v2\WN111v2.exe C:\Program Files\Lexmark 5600-6600 Series\lxduMsdMon.exe C:\Windows\System32\rundll32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\Program Files\NETGEAR\WN111v2\WN111v2AdvTool.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Windows\system32\rundll32.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\NETGEAR\WPN111\WPN111.exe C:\Windows\system32\wermgr.exe C:\Users\agentscotty\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://at.msn.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.orf.at/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [lxdumon.exe] "C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe" O4 - HKLM\..\Run: [lxduamon] "C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user') O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Empowering Technology Launcher.lnk = ? O4 - Global Startup: NETGEAR WN111 Smart Wizard.lnk = C:\Program Files\NETGEAR\WN111\wn111.exe O4 - Global Startup: NETGEAR WN111v2 Setup-Assistent.lnk = C:\Program Files\NETGEAR\WN111v2\WN111v2.exe O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ? O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\agentscotty\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: Google Update Service (gupdate1cada6fde6ae1a0) (gupdate1cada6fde6ae1a0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: lxduCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxduserv.exe O23 - Service: lxdu_device - - C:\Windows\system32\lxducoms.exe -- End of file - 11951 bytes |
|
17.06.2010, 15:31
| #2 |
| /// Malware-holic   |  Virus im Ordner Windows/system32/drivers - Hijackthis logfile ootl:
__________________Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "run Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt poste beide logs. |
|
17.06.2010, 16:27
| #3 |
| | Virus im Ordner Windows/system32/drivers - Hijackthis logfile danke erstmal
__________________und hier meine 2 logs: OTL: OTL Logfile: Code:
ATTFilter OTL logfile created on: 17.06.2010 17:09:15 - Run 1 OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\agentscotty\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 1.023,00 Mb Total Physical Memory | 230,00 Mb Available Physical Memory | 22,00% Memory free 2,00 Gb Paging File | 0,00 Gb Available in Paging File | 8,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 113,20 Gb Total Space | 17,38 Gb Free Space | 15,35% Space Free | Partition Type: NTFS Drive D: | 112,85 Gb Total Space | 112,76 Gb Free Space | 99,92% Space Free | Partition Type: NTFS Drive E: | 479,95 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: C Current User Name: agentscotty Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\agentscotty\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\agentscotty\Desktop\HiJackThis.exe (Trend Micro Inc.) PRC - C:\Programme\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios) PRC - C:\Programme\Avira\AntiVir Desktop\avscan.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Skype\Toolbars\Shared\SkypeNames2.exe (Skype Technologies S.A.) PRC - C:\Programme\Windows Media Player\wmplayer.exe (Microsoft Corporation) PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.) PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Live\Toolbar\wltuser.exe (Microsoft Corporation) PRC - C:\Programme\NETGEAR\WN111v2\WN111v2.exe (NETGEAR) PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - C:\Programme\Lexmark 5600-6600 Series\lxdumon.exe () PRC - C:\Programme\Lexmark 5600-6600 Series\lxdumsdmon.exe () PRC - C:\Windows\System32\lxducoms.exe ( ) PRC - C:\Programme\NETGEAR\WN111v2\WN111v2AdvTool.exe (NETGEAR) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Windows\System32\wermgr.exe (Microsoft Corporation) PRC - C:\Programme\NETGEAR\WN111\wn111.exe () PRC - C:\Programme\NETGEAR\WPN111\WPN111.exe (NETGEAR) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT) PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST) PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\SysMonitor.exe () PRC - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe () PRC - C:\Programme\Adobe\Acrobat 7.0\Reader\AcroRd32.exe (Adobe Systems Incorporated) ========== Modules (SafeList) ========== MOD - C:\Users\agentscotty\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (CLTNetCnService) -- File not found SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (lxdu_device) -- C:\Windows\System32\lxducoms.exe ( ) SRV - (lxduCATSCustConnectService) -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe () SRV - (jswpsapi) -- C:\Programme\NETGEAR\WN111v2\jswpsapi.exe (Atheros Communications, Inc.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT) SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe () ========== Driver Services (SafeList) ========== DRV - (cpuz132) -- File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (jswpslwf) -- C:\Windows\System32\drivers\jswpslwf.sys (Atheros Communications, Inc.) DRV - (WN111v2) -- C:\Windows\System32\drivers\WN111v2v.sys (Atheros Communications, Inc.) DRV - (Mrvleap) -- C:\Windows\System32\drivers\mrveap32.sys (Windows (R) Codename Longhorn DDK provider) DRV - (WPN111) -- C:\Windows\System32\drivers\WPN111v.sys (Atheros Communications, Inc.) DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (libusb0) -- C:\Windows\System32\drivers\libusb0.sys (hxxp://libusb-win32.sourceforge.net) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (PSDNServ) -- C:\Windows\system32\drivers\PSDNServ.sys (HiTRUST) DRV - (psdvdisk) -- C:\Windows\system32\drivers\psdvdisk.sys (HiTRUST) DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (HiTRUST) DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation) DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys () DRV - (DNISp50) -- C:\Windows\System32\drivers\DNISP50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (DNIMp50) -- C:\Windows\System32\drivers\DNIMP50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (DCamUSBNW800) CIF USB Camera (2110) -- C:\Windows\System32\drivers\pcam800.sys (Divio Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-678187322-1588869377-2606183595-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://at.msn.com/ IE - HKU\S-1-5-21-678187322-1588869377-2606183595-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-678187322-1588869377-2606183595-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.live.com [binary data] IE - HKU\S-1-5-21-678187322-1588869377-2606183595-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://www.google.com IE - HKU\S-1-5-21-678187322-1588869377-2606183595-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-678187322-1588869377-2606183595-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKU\S-1-5-21-678187322-1588869377-2606183595-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKU\S-1-5-21-678187322-1588869377-2606183595-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.at/ [binary data] IE - HKU\S-1-5-21-678187322-1588869377-2606183595-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.orf.at/ IE - HKU\S-1-5-21-678187322-1588869377-2606183595-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-678187322-1588869377-2606183595-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-678187322-1588869377-2606183595-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\S-1-5-21-678187322-1588869377-2606183595-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found IE - HKU\S-1-5-21-678187322-1588869377-2606183595-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-678187322-1588869377-2606183595-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [2010.03.26 22:57:26 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\mozilla\Extensions [2009.03.25 20:15:36 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKU\S-1-5-21-678187322-1588869377-2606183595-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKU\S-1-5-21-678187322-1588869377-2606183595-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-678187322-1588869377-2606183595-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe () O4 - HKLM..\Run: [Acer Tour] File not found O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [lxduamon] C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe () O4 - HKLM..\Run: [lxdumon.exe] C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios) O4 - HKU\.DEFAULT..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.) O4 - HKU\S-1-5-18..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-678187322-1588869377-2606183595-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKU\S-1-5-21-678187322-1588869377-2606183595-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O7 - HKU\S-1-5-21-678187322-1588869377-2606183595-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\agentscotty\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest.jpg O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2001.08.18 14:00:00 | 000,000,112 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{bd07eedc-09bb-11df-a8a0-001921eb6cc7}\Shell - "" = AutoRun O33 - MountPoints2\{bd07eedc-09bb-11df-a8a0-001921eb6cc7}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias [2009.01.07 19:03:20 | 000,000,000 | ---D | M] NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: hitmanpro35 - Reg Error: Value error. SafeBootNet: hitmanpro35.sys - Reg Error: Value error. SafeBootNet: HitmanPro35Crusader - Reg Error: Value error. SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5CA109D3-A084-47E8-A9CB-D497322E3F50} - Silverlight 2.0 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - ActiveX: >{b655e83a-ad28-402a-9f14-da77fbdc6550} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: VIDC.JPGL - C:\Windows\JPGL.DLL () Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: vidc.xvid - xvidvfw.dll File not found Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2010.06.17 16:59:15 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Users\agentscotty\Desktop\OTL.exe [2010.06.17 16:46:59 | 000,000,000 | ---D | C] -- C:\Users\agentscotty\Klaviernoten [2010.06.17 11:05:56 | 000,000,000 | ---D | C] -- C:\Users\agentscotty\AppData\Roaming\InstallShield [2010.06.17 11:04:34 | 000,000,000 | ---D | C] -- C:\Windows\LastGood [2010.06.17 11:04:16 | 000,870,400 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\WPN111v.sys [2010.06.17 11:00:53 | 009,755,046 | ---- | C] (Macrovision Corporation) -- C:\Users\agentscotty\Desktop\wpn111_2_0_setup.exe [2010.06.17 10:52:18 | 000,000,000 | ---D | C] -- C:\ProgramData\UAB [2010.06.17 10:52:14 | 000,000,000 | ---D | C] -- C:\Users\agentscotty\AppData\Local\PC_Drivers_Headquarters [2010.06.17 10:49:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Driver Whiz [2010.06.17 10:48:18 | 000,000,000 | ---D | C] -- C:\Programme\Driver Whiz [2010.06.17 10:46:07 | 001,046,736 | ---- | C] (Driver Whiz ) -- C:\Users\agentscotty\Desktop\Driverwhiz.exe [2010.06.16 13:36:18 | 000,000,000 | ---D | C] -- C:\Users\agentscotty\Tracing [2010.06.14 19:06:05 | 000,000,000 | ---D | C] -- C:\Users\agentscotty\AppData\Roaming\DVDVideoSoftIEHelpers [2010.06.14 19:02:33 | 017,905,214 | ---- | C] (DVDVideoSoft Limited. ) -- C:\Users\agentscotty\Desktop\FreeYouTubeToMp3Converter.exe [2010.06.12 23:55:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Last.fm [2010.06.12 23:54:06 | 000,000,000 | ---D | C] -- C:\Users\agentscotty\AppData\Local\Last.fm [2010.06.12 23:54:00 | 000,000,000 | ---D | C] -- C:\Programme\Last.fm [2010.06.12 23:53:12 | 005,287,682 | ---- | C] (Last.fm ) -- C:\Users\agentscotty\Desktop\Last.fm-1.5.4.24567.exe [2010.06.12 15:35:15 | 000,000,000 | ---D | C] -- C:\Users\agentscotty\AppData\Local\Help [2010.06.06 02:13:56 | 000,563,040 | ---- | C] (Google Inc.) -- C:\Users\agentscotty\Desktop\googleupdatesetup.exe [2010.06.04 16:06:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro [2010.06.04 16:06:08 | 000,000,000 | ---D | C] -- C:\Programme\Hitman Pro 3.5 [2010.06.04 16:05:23 | 005,937,984 | ---- | C] (SurfRight B.V.) -- C:\Users\agentscotty\Desktop\HitmanPro35.exe [2010.06.04 15:46:25 | 000,000,000 | ---D | C] -- C:\Users\agentscotty\AppData\Roaming\WinPatrol [2010.06.04 15:45:50 | 000,000,000 | ---D | C] -- C:\Programme\BillP Studios [2010.06.04 15:43:03 | 001,066,672 | ---- | C] (BillP Studios) -- C:\Users\agentscotty\Desktop\setupde.exe [2010.06.04 14:17:27 | 000,000,000 | ---D | C] -- C:\Users\agentscotty\Desktop\backups [2010.06.04 14:08:34 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\agentscotty\Desktop\HiJackThis.exe [2009.04.04 20:02:52 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\LXDUhcp.dll [2009.04.04 20:02:51 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\lxduusb1.dll [2009.04.04 20:02:51 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxduinpa.dll [2009.04.04 20:02:51 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxduiesc.dll [2009.04.04 20:02:50 | 001,069,056 | ---- | C] ( ) -- C:\Windows\System32\lxduserv.dll [2009.04.04 20:02:50 | 000,651,264 | ---- | C] ( ) -- C:\Windows\System32\lxdupmui.dll [2009.04.04 20:02:50 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxdulmpm.dll [2009.04.04 20:02:49 | 000,679,936 | ---- | C] ( ) -- C:\Windows\System32\lxduhbn3.dll [2009.04.04 20:02:47 | 000,765,952 | ---- | C] ( ) -- C:\Windows\System32\lxducomc.dll [2009.04.04 20:02:47 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxducomm.dll [2007.04.18 05:42:52 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll [4 C:\*.tmp files -> C:\*.tmp -> ] [19 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [19 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.06.17 17:11:45 | 000,823,808 | ---- | M] () -- C:\Windows\System32\drivers\mjezb.sys [2010.06.17 17:08:37 | 003,407,872 | -HS- | M] () -- C:\Users\agentscotty\ntuser.dat [2010.06.17 16:59:31 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\agentscotty\Desktop\OTL.exe [2010.06.17 16:02:16 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.06.17 16:02:16 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.06.17 11:57:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.06.17 11:09:41 | 001,418,612 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.06.17 11:09:41 | 000,618,204 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.06.17 11:09:41 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.06.17 11:09:41 | 000,122,442 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.06.17 11:09:41 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.06.17 11:06:08 | 000,001,503 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WPN111 Smart Wizard.lnk [2010.06.17 11:06:08 | 000,001,485 | ---- | M] () -- C:\Users\Public\Desktop\NETGEAR WPN111 Smart Wizard.lnk [2010.06.17 11:01:16 | 009,755,046 | ---- | M] (Macrovision Corporation) -- C:\Users\agentscotty\Desktop\wpn111_2_0_setup.exe [2010.06.17 10:48:37 | 000,002,135 | ---- | M] () -- C:\Users\Public\Desktop\Driver Whiz.lnk [2010.06.17 10:46:13 | 001,046,736 | ---- | M] (Driver Whiz ) -- C:\Users\agentscotty\Desktop\Driverwhiz.exe [2010.06.17 10:05:57 | 000,015,944 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys [2010.06.17 10:05:20 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{9F7D36C6-0CE3-499A-A2FE-7360D14C5B78}.job [2010.06.17 10:01:56 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.06.17 10:01:17 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.06.17 10:01:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.06.16 22:16:16 | 000,524,288 | -HS- | M] () -- C:\Users\agentscotty\NTUSER.DAT{21455311-f909-11dd-9b54-001921eb6cc7}.TMContainer00000000000000000001.regtrans-ms [2010.06.16 22:16:16 | 000,065,536 | -HS- | M] () -- C:\Users\agentscotty\NTUSER.DAT{21455311-f909-11dd-9b54-001921eb6cc7}.TM.blf [2010.06.16 22:14:02 | 004,136,773 | -H-- | M] () -- C:\Users\agentscotty\AppData\Local\IconCache.db [2010.06.16 18:00:00 | 000,000,486 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan for agentscotty.job [2010.06.14 19:20:22 | 002,418,816 | ---- | M] () -- C:\Users\agentscotty\Documents\Reinventing Your Exit - Aaron Gillespie.mp3 [2010.06.14 19:05:58 | 000,001,036 | ---- | M] () -- C:\Users\agentscotty\Desktop\DVDVideoSoft Free Studio.lnk [2010.06.14 19:04:10 | 017,905,214 | ---- | M] (DVDVideoSoft Limited. ) -- C:\Users\agentscotty\Desktop\FreeYouTubeToMp3Converter.exe [2010.06.13 23:17:13 | 000,002,631 | ---- | M] () -- C:\Users\agentscotty\Desktop\Microsoft Office Word 2007.lnk [2010.06.12 23:54:04 | 000,000,737 | ---- | M] () -- C:\Users\Public\Desktop\Last.fm.lnk [2010.06.12 23:53:40 | 005,287,682 | ---- | M] (Last.fm ) -- C:\Users\agentscotty\Desktop\Last.fm-1.5.4.24567.exe [2010.06.12 15:34:32 | 001,106,435 | ---- | M] () -- C:\Users\agentscotty\Desktop\BIOS_R01-C0.zip [2010.06.10 18:43:27 | 000,000,488 | ---- | M] () -- C:\Windows\System32\.crusader [2010.06.10 12:58:36 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2010.06.06 02:16:55 | 000,002,077 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2010.06.06 02:14:13 | 000,563,040 | ---- | M] (Google Inc.) -- C:\Users\agentscotty\Desktop\googleupdatesetup.exe [2010.06.05 13:33:33 | 000,059,904 | ---- | M] () -- C:\Users\agentscotty\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.06.04 16:06:11 | 000,001,789 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk [2010.06.04 16:05:36 | 005,937,984 | ---- | M] (SurfRight B.V.) -- C:\Users\agentscotty\Desktop\HitmanPro35.exe [2010.06.04 15:44:31 | 001,066,672 | ---- | M] (BillP Studios) -- C:\Users\agentscotty\Desktop\setupde.exe [2010.06.04 14:08:48 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\agentscotty\Desktop\HiJackThis.exe [2010.06.02 21:50:38 | 000,000,680 | ---- | M] () -- C:\Users\agentscotty\AppData\Local\d3d9caps.dat [2010.05.24 16:11:44 | 000,000,310 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job [2010.05.19 17:59:16 | 000,029,184 | ---- | M] () -- C:\Users\agentscotty\Documents\Daphne Handout..doc [2010.05.19 17:56:17 | 000,012,122 | ---- | M] () -- C:\Users\agentscotty\Documents\Daphne Handout.docx [2010.05.18 20:32:14 | 000,000,162 | -H-- | M] () -- C:\Users\agentscotty\Documents\~$phne Handout.docx [4 C:\*.tmp files -> C:\*.tmp -> ] [19 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [19 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.06.17 11:06:08 | 000,001,503 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WPN111 Smart Wizard.lnk [2010.06.17 11:06:08 | 000,001,485 | ---- | C] () -- C:\Users\Public\Desktop\NETGEAR WPN111 Smart Wizard.lnk [2010.06.17 10:48:37 | 000,002,135 | ---- | C] () -- C:\Users\Public\Desktop\Driver Whiz.lnk [2010.06.14 19:19:39 | 002,418,816 | ---- | C] () -- C:\Users\agentscotty\Documents\Reinventing Your Exit - Aaron Gillespie.mp3 [2010.06.14 19:05:49 | 000,001,036 | ---- | C] () -- C:\Users\agentscotty\Desktop\DVDVideoSoft Free Studio.lnk [2010.06.12 23:54:04 | 000,000,737 | ---- | C] () -- C:\Users\Public\Desktop\Last.fm.lnk [2010.06.12 15:33:27 | 001,106,435 | ---- | C] () -- C:\Users\agentscotty\Desktop\BIOS_R01-C0.zip [2010.06.06 02:18:09 | 000,001,975 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2010.06.06 02:16:55 | 000,002,077 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2010.06.04 16:23:57 | 000,000,488 | ---- | C] () -- C:\Windows\System32\.crusader [2010.06.04 16:07:01 | 000,015,944 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys [2010.06.04 16:06:11 | 000,001,789 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk [2010.05.19 17:56:34 | 000,029,184 | ---- | C] () -- C:\Users\agentscotty\Documents\Daphne Handout..doc [2010.05.18 20:32:14 | 000,000,162 | -H-- | C] () -- C:\Users\agentscotty\Documents\~$phne Handout.docx [2010.05.18 20:32:11 | 000,012,122 | ---- | C] () -- C:\Users\agentscotty\Documents\Daphne Handout.docx [2010.05.17 18:03:49 | 000,823,808 | ---- | C] () -- C:\Windows\System32\drivers\mjezb.sys [2010.02.19 19:27:41 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2010.02.19 19:27:41 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2010.02.09 16:23:25 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2009.08.09 19:08:05 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.04.29 13:16:29 | 000,000,105 | ---- | C] () -- C:\Windows\WININIT.INI [2009.04.04 20:17:17 | 000,360,448 | ---- | C] () -- C:\Windows\System32\lxducoin.dll [2009.04.04 20:15:22 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxduvs.dll [2009.04.04 20:08:37 | 001,036,288 | ---- | C] () -- C:\Windows\System32\lxdudrs.dll [2009.04.04 20:08:37 | 000,081,920 | ---- | C] () -- C:\Windows\System32\lxducaps.dll [2009.04.04 20:08:37 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxducnv4.dll [2009.04.04 20:04:57 | 000,000,044 | ---- | C] () -- C:\Windows\System32\lxdurwrd.ini [2009.04.04 20:02:52 | 000,389,120 | ---- | C] () -- C:\Windows\System32\LXDUinst.dll [2009.04.04 20:02:48 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdugrd.dll [2008.12.14 23:29:12 | 001,310,772 | ---- | C] () -- C:\Windows\System32\FLICKER.dll [2008.12.14 23:29:11 | 000,036,864 | R--- | C] () -- C:\Windows\JPGL.DLL [2008.12.14 23:29:11 | 000,032,768 | R--- | C] () -- C:\Windows\DIV_IYUV.DLL [2008.12.06 13:51:17 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini [2008.12.06 13:51:17 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini [2008.11.21 23:47:52 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.11.21 23:45:16 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest [2008.11.21 23:45:16 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest [2008.11.21 23:44:16 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll [2007.04.18 15:30:23 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll [2007.04.18 13:58:48 | 000,000,593 | ---- | C] () -- C:\Windows\generic.ini [2007.04.18 13:58:48 | 000,000,107 | ---- | C] () -- C:\Windows\Alaunch.ini [2007.04.18 05:42:52 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll [2007.02.06 23:58:10 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll [2007.02.06 23:57:58 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll [2007.02.06 23:57:20 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll [2007.02.06 23:56:30 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll [2007.02.06 23:56:28 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll [2007.02.06 23:52:08 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll [2006.12.25 15:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== LOP Check ========== [2010.05.15 01:32:57 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\Azureus [2010.02.19 19:17:28 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\DiskAid [2010.06.14 19:06:05 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\DVDVideoSoftIEHelpers [2010.05.24 23:17:54 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\EBC9999A1CA4AC94C8A20ED045F81494 [2008.12.09 00:53:57 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\eSobi [2008.12.13 19:31:54 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\FloodLightGames [2008.12.08 21:06:18 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\GHISLER [2010.03.30 16:09:49 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\gtk-2.0 [2008.12.18 21:17:28 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\InfraRecorder [2010.02.19 19:28:34 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\iPodtoComputer [2009.04.05 11:15:01 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\Lexmark Productivity Studio [2009.05.27 22:49:44 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\LimeWire [2009.04.29 15:44:15 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\log [2010.02.09 16:31:48 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\MAGIX [2008.12.06 19:11:31 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\Nokia [2008.12.06 18:51:00 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\PC Suite [2009.12.29 19:15:55 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\TuneAid [2009.12.21 18:18:28 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\uTorrent [2009.04.29 15:44:37 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\Vso [2009.12.29 19:00:45 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\WindSolutions [2010.06.04 15:46:26 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\WinPatrol [2010.06.17 12:24:00 | 000,032,636 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.06.17 10:05:20 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{9F7D36C6-0CE3-499A-A2FE-7360D14C5B78}.job [2010.05.24 16:11:44 | 000,000,310 | -H-- | M] () -- C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2008.12.08 21:26:14 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\Adobe [2008.12.17 18:17:59 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\AdobeUM [2009.09.15 15:06:15 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\Apple Computer [2010.03.26 22:59:13 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\Avira [2010.05.15 01:32:57 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\Azureus [2010.02.19 19:17:28 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\DiskAid [2008.12.07 19:55:41 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\DivX [2010.06.14 19:06:05 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\DVDVideoSoftIEHelpers [2010.05.24 23:17:54 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\EBC9999A1CA4AC94C8A20ED045F81494 [2008.12.09 00:53:57 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\eSobi [2008.12.13 19:31:54 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\FloodLightGames [2008.12.08 21:06:18 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\GHISLER [2009.04.23 16:47:49 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\Google [2010.03.30 16:09:49 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\gtk-2.0 [2008.12.06 13:47:38 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\Identities [2008.12.18 21:17:28 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\InfraRecorder [2010.06.17 11:05:56 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\InstallShield [2010.02.19 19:28:34 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\iPodtoComputer [2009.04.05 11:15:01 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\Lexmark Productivity Studio [2009.05.27 22:49:44 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\LimeWire [2009.04.29 15:44:15 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\log [2008.12.06 13:48:28 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\Macromedia [2010.02.09 16:31:48 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\MAGIX [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\Media Center Programs [2010.06.04 13:50:50 | 000,000,000 | --SD | M] -- C:\Users\agentscotty\AppData\Roaming\Microsoft [2010.03.26 22:57:26 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\Mozilla [2008.12.06 19:11:31 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\Nokia [2008.12.06 18:51:00 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\PC Suite [2010.06.17 17:07:01 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\Skype [2010.06.17 16:01:48 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\skypePM [2009.12.29 19:15:55 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\TuneAid [2009.12.21 18:18:28 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\uTorrent [2010.06.07 22:38:40 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\vlc [2009.04.29 15:44:37 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\Vso [2009.12.29 19:00:45 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\WindSolutions [2010.06.04 15:46:26 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\WinPatrol [2008.12.08 21:57:15 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2009.04.29 15:44:31 | 000,087,608 | ---- | M] () -- C:\Users\agentscotty\AppData\Roaming\inst.exe [2010.05.14 22:58:34 | 008,463,808 | ---- | M] (Vuze Inc.) -- C:\Users\agentscotty\AppData\Roaming\Azureus\tmp\AZU8073969255010286257.tmp\Vuze_4.4.0.4_win32.exe [2009.03.25 20:15:07 | 000,163,840 | ---- | M] (Mozilla Foundation) -- C:\Users\agentscotty\AppData\Roaming\LimeWire\browser\xulrunner\crashreporter.exe [2009.03.25 20:15:11 | 000,196,608 | ---- | M] (Mozilla Foundation) -- C:\Users\agentscotty\AppData\Roaming\LimeWire\browser\xulrunner\updater.exe [2009.03.25 20:15:11 | 000,014,848 | ---- | M] () -- C:\Users\agentscotty\AppData\Roaming\LimeWire\browser\xulrunner\xpcshell.exe [2009.03.25 20:15:11 | 000,077,824 | ---- | M] (Mozilla Foundation) -- C:\Users\agentscotty\AppData\Roaming\LimeWire\browser\xulrunner\xpicleanup.exe [2009.03.25 20:15:11 | 000,266,240 | ---- | M] (Mozilla Foundation) -- C:\Users\agentscotty\AppData\Roaming\LimeWire\browser\xulrunner\xpidl.exe [2009.03.25 20:15:11 | 000,018,432 | ---- | M] () -- C:\Users\agentscotty\AppData\Roaming\LimeWire\browser\xulrunner\xpt_dump.exe [2009.03.25 20:15:11 | 000,014,336 | ---- | M] () -- C:\Users\agentscotty\AppData\Roaming\LimeWire\browser\xulrunner\xpt_link.exe [2009.03.25 20:15:14 | 000,073,728 | ---- | M] (Mozilla Foundation) -- C:\Users\agentscotty\AppData\Roaming\LimeWire\browser\xulrunner\xulrunner-stub.exe [2009.03.25 20:15:14 | 000,102,400 | ---- | M] (Mozilla Foundation) -- C:\Users\agentscotty\AppData\Roaming\LimeWire\browser\xulrunner\xulrunner.exe [2009.06.12 12:06:28 | 000,010,134 | R--- | M] () -- C:\Users\agentscotty\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\agp440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.12.06 16:11:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008.12.06 16:11:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008.12.06 16:11:10 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTORV.SYS > [2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: NVSTOR32.SYS > [2007.01.27 11:21:04 | 000,101,160 | ---- | M] (NVIDIA Corporation) MD5=4A9A6368BEF61C9608FE7CC21B1F8886 -- C:\Windows\System32\drivers\nvstor32.sys [2007.01.27 11:21:04 | 000,101,160 | ---- | M] (NVIDIA Corporation) MD5=4A9A6368BEF61C9608FE7CC21B1F8886 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_54ba863a\nvstor32.sys < MD5 for: SCECLI.DLL > [2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USERINIT.EXE > [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2010.06.17 17:21:38 | 000,000,000 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\mjezb.sys < %systemroot%\System32\config\*.sav > [2007.04.18 13:59:24 | 006,664,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2007.04.18 13:59:22 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2007.04.18 13:59:24 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2007.04.18 13:59:33 | 015,720,448 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2007.04.18 13:59:35 | 006,008,832 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.03.08 13:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll [2009.03.08 13:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll [2008.01.19 09:35:15 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\msvbvm60.dll [2009.04.11 08:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll [2009.04.11 08:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:55F44B88 < End of report > Extras: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 17.06.2010 17:09:15 - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\agentscotty\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
1.023,00 Mb Total Physical Memory | 230,00 Mb Available Physical Memory | 22,00% Memory free
2,00 Gb Paging File | 0,00 Gb Available in Paging File | 8,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 113,20 Gb Total Space | 17,38 Gb Free Space | 15,35% Space Free | Partition Type: NTFS
Drive D: | 112,85 Gb Total Space | 112,76 Gb Free Space | 99,92% Space Free | Partition Type: NTFS
Drive E: | 479,95 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: COLLY
Current User Name: agentscotty
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" [2009.09.22 15:07:44 | 000,000,000 | ---D | M]
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0243755B-9F14-4947-A0B2-55828736C507}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0718FF47-3F91-4910-9608-2D66B6B7B0C4}" = rport=10243 | protocol=6 | dir=out | app=system |
"{1338890F-F52A-45B2-BC6A-A02F2BAFC325}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1C66FC1B-F6CB-42EF-BE2A-A25126851A91}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{206C046B-228C-4749-AFB2-CB4E0E22D35E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3AEEEC10-CF45-40ED-9D42-47AF5E347C02}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{4B9DEB82-2D6D-4DB8-AAEE-5498B46D6066}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5272FC29-8976-47F1-AD6C-9EF241F62134}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5BABB72B-7A15-4B89-AFD7-5E437D552CD5}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{6A595D31-B7E7-46D8-94B3-9C52064F8167}" = rport=2869 | protocol=6 | dir=out | app=system |
"{7264A4AB-43BF-43CA-BA73-43B92747D7F8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{76200CD9-217F-45AF-885F-91A3B6443A4E}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{819982B8-B2B7-4C1F-9017-AFE7340B48B4}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{9E2532EF-4338-4576-91B4-E58578AB7DB4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BACCCD75-BC74-48FC-921A-2A330D72BDCC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BBD7C480-527D-46FC-931A-3332CA322A8F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{CE7D6AFA-469B-40E8-8161-C471EFFB07DC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{DD7791B5-C727-4267-99AF-7542275D4773}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E64D2B08-0228-4F34-B5B2-6B79690522A5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F4C26245-BDB3-47D2-A4C2-B2BB68D972DD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F81EAB3-5335-4E5B-A963-E749202E755E}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdupswx.exe |
"{1153BA60-F195-489A-B629-3685AB53A9B7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{15740078-091D-4F12-81C5-335BE56E2C08}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{16750821-CDD9-484A-BA1E-7717AD0F85D6}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{1831A3EC-5A4E-479B-8053-F20C7C67B1F0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{1832AB3D-85B1-4BDA-94A5-C007CE5F7466}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{1E624577-FD36-4692-B60D-7CB050E82748}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{2902D261-49E3-4E50-BEE4-036AE835B532}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2FAC21B1-34E5-47AE-AC55-8B8B995C15C2}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{31F06469-B8E7-437B-888B-5012FF7708C4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{34336509-2B3D-4B41-B60E-1095C82CB44B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3DE1FCD2-D4E8-4EC6-AA43-4753037EAC89}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{49339966-28D5-4166-ACF8-02F31BCF84D2}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdupswx.exe |
"{4945021A-B73E-4786-93EA-ACAB4F0C906A}" = protocol=6 | dir=in | app=c:\windows\system32\lxducoms.exe |
"{56D6F439-2825-4A99-B152-0021B61DCED7}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{5BE12E67-B725-4A53-ABF6-5268BF51CA5D}" = protocol=6 | dir=in | app=c:\program files\lexmark 5600-6600 series\lxduamon.exe |
"{5F826B1C-51D4-4BCC-AEE8-3658ABF92987}" = protocol=17 | dir=in | app=c:\program files\acer zone\acer zone main page\mce deluxe suite.exe |
"{61246319-3A7A-49BF-A3E0-3C0D9C2F4997}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{641718CD-F51E-4B54-A27C-F9A7FB07145F}" = dir=in | app=c:\program files\acer zone\acer picture slide dvd\component\clsldvd.exe |
"{65F89FFD-3601-4E01-9030-A98E04913AC8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{66BA09A5-929A-466B-80E5-95593437FED2}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{673465F7-3628-46BB-8052-71BF8916939E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{68C3BA2A-4AEA-4E80-9C99-CA80DAC4711B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6915620F-04F3-4A26-B4F8-32AD62A99AFD}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{6B2EE266-5826-473B-9D1F-237030955C3A}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{7F0847B0-AAA4-4E6A-90F2-9C26BA3623F6}" = dir=in | app=c:\program files\acer zone\acer plug and record\component\dvax2process.exe |
"{7F4C1BCA-D0CA-4B25-A73A-0D9C4BC2F523}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{846B0FED-BCE2-49CD-893C-AABDC1D95883}" = protocol=6 | dir=in | app=c:\windows\system32\lxducoms.exe |
"{8AF31179-CAB6-4FF2-862D-FD6F93F9DDFC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8FBB02FF-B23A-4D9E-A412-F848206B9135}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A302A310-E2BC-4A18-90E8-BB899BEFDC94}" = protocol=17 | dir=in | app=c:\windows\system32\lxducoms.exe |
"{AA00F4BC-C92B-4539-A6EE-140B457122C8}" = protocol=6 | dir=in | app=c:\program files\acer zone\acer zone main page\mce deluxe suite.exe |
"{AF127A8B-7CB4-4F24-961C-8324AF1C21F0}" = protocol=17 | dir=in | app=c:\windows\system32\lxducoms.exe |
"{AF971C6D-0684-48D0-AB38-8D89EE77C8C4}" = protocol=17 | dir=in | app=c:\program files\lexmark 5600-6600 series\lxduamon.exe |
"{B4390FFD-98D7-498C-BAA7-96E9275A7EBF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B6A4FCB1-7BB1-4164-9916-7A0BEF3DFCC9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B7B98DB1-A8DB-4FB9-B778-FA71DE5A4180}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BA9A1687-E074-4EDF-B8FA-A77FF1845658}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{BCF4D522-48B4-440F-BD20-6D85B373B8FD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C04C860E-D2B5-4996-BA11-6C3345E3C928}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C0F111E8-50A7-45BE-80D2-893B0418F8CE}" = protocol=17 | dir=in | app=c:\program files\lexmark 5600-6600 series\frun.exe |
"{CA27DB44-E897-425B-83BA-BBB24FDD7045}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CBA72569-5D4F-438D-9302-01D23B0D50F3}" = protocol=6 | dir=in | app=c:\program files\lexmark 5600-6600 series\frun.exe |
"{D47CA079-1A9E-48DF-AE6D-9D219ECCC839}" = protocol=6 | dir=out | app=system |
"{DD823B78-8837-4BE2-90A3-79D15AAF513E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{DD97244E-9F28-4737-8543-0DDA6A3954DD}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{EE5EB8DA-9CC4-472B-B1D0-62C90BA371C6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F07C8C5A-D0EE-4B91-A6FE-1A2DE9858604}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F61F56A9-412F-418A-A551-DA8B6112DF4C}" = dir=in | app=c:\program files\acer zone\acer plug and record\component\arawp.exe |
"{F684E6AC-E844-4404-98C4-A0C363855B09}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"TCP Query User{019AD5D7-A679-4D83-B12B-8C5F5E9BF5FE}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"TCP Query User{149C2FE2-8E39-4A8D-889F-4D3C72F38A72}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"TCP Query User{3CDF66B1-D702-4D70-8367-90038BE990B2}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{4E55FD3F-3F55-4E49-BC0F-A67FB31493C9}C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\english\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\english\setup.exe |
"TCP Query User{69F149AA-8663-4EA9-811D-72200FC9BC77}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{7F42E1FB-BBC4-442E-9A15-59AC9EFDC9EF}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{9D6AF151-311B-4C3F-9F0E-8884D7CA41BF}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{BD082803-7C3D-4DC4-B132-4BEBDEC1972D}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{BFD9AA06-36F9-4BB1-A4FC-EE898F36DE21}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{CB4DDC88-29FB-4637-9349-9FF3AAE899F1}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{D234FAB4-79F2-445A-8183-B418FA8105DF}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{E1F678E9-3703-4E03-85D6-D465F14E9357}C:\program files\air mouse\air mouse\air mouse.exe" = protocol=6 | dir=in | app=c:\program files\air mouse\air mouse\air mouse.exe |
"UDP Query User{1D30612C-9C8F-43D3-B629-06BA09E44DFA}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{29FF31B1-B723-425C-9E0A-381023C95733}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{2C28EFD6-063F-400F-B3E2-2E1745CBE641}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{49D2F9AE-7C2E-4E77-B1BB-E9B0F2E9F37B}C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\english\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\english\setup.exe |
"UDP Query User{6D03922D-B3E0-4D2D-A306-910F3AD24E37}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{B03199B1-FEAB-4F8C-8191-DC463DE3D641}C:\program files\air mouse\air mouse\air mouse.exe" = protocol=17 | dir=in | app=c:\program files\air mouse\air mouse\air mouse.exe |
"UDP Query User{BBCED9ED-3BA3-4ACC-B166-C5AC9762BF53}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"UDP Query User{C674EC0C-64E1-4A6B-8D7A-23447D858616}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{D50A93B2-F032-4F20-9AFF-D647B7691291}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{DD4DE872-D08B-477B-B81F-70D6D61B8987}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"UDP Query User{E2C2201F-7ACC-440F-A51D-6CAA5EFD9D81}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{FF79FA40-6073-4AEC-A595-D5C3D1200140}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}" = WN111v2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer Picture Slide DVD
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{48EE6C79-1CE2-4CE8-B511-F2140B6781D6}" = Google Earth Pro
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{582E9125-32B6-4CBA-AB48-3E33CE3DB389}" = NETGEAR RangeMax(TM) Wireless USB 2.0 Adapter WPN111
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{676B241C-AED4-400B-98FF-267773B94B11}_is1" = QuickFreedom 1.1.0
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}" = Driver Whiz
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{99A40651-0BC2-4095-8F9A-A40FAB224FEF}" = PC Connectivity Solution
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1031-7B44-A70000000000}" = Adobe Reader 7.0 - Deutsch
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{AFCE4D19-D385-4232-9B0E-809D85A25A10}" = NETGEAR WN111 wireless USB 2.0 adapter
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF9E33AD-BB0E-48E5-B8A2-410A2EA31941}" = TRUST 120SPACEC@M
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark
"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Zone Main Page
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer Plug and Record
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows-Treiberpaket - Nokia Modem (02/15/2007 3.1)
"4077F884D1BB007055BDB83B621D87220A73F30F" = Windows-Treiberpaket - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"B726756F5B5A5AA9D798B399386FC6205A45F19E" = Windows-Treiberpaket - Nokia Modem (02/15/2007 3.1)
"CIF USB Camera (2110)" = CIF USB Camera (2110)
"EADM" = EA Download Manager
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.3
"Free Video to iPhone Converter_is1" = Free Video to iPhone Converter version 2.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.5
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"HitmanPro35" = Hitman Pro 3.5
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}" = RangeMax Wireless-N USB Adapter WN111v2
"InstallShield_{AFCE4D19-D385-4232-9B0E-809D85A25A10}" = NETGEAR WN111 wireless USB 2.0 adapter
"LastFM_is1" = Last.fm 1.5.4.24567
"Lexmark 5600-6600 Series" = Lexmark 5600-6600 Series
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.12.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"ST6UNST #1" = GDS-RAM2Free
"UnderCoverXP_is1" = UnderCoverXP 1.08
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.1
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPatrol" = WinPatrol
"WinRAR archiver" = WinRAR
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
|
|
17.06.2010, 17:09
| #4 |
| /// Malware-holic | Virus im Ordner Windows/system32/drivers - Hijackthis logfile bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix |
|
17.06.2010, 22:20
| #5 |
| | Virus im Ordner Windows/system32/drivers - Hijackthis logfile Combofix Logfile: Code:
ATTFilter ComboFix 10-06-16.04 - agentscotty 17.06.2010 18:43:50.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.43.1031.18.1023.200 [GMT 2:00]
ausgeführt von:: c:\users\agentscotty\Desktop\ComboFix.exe
SP: Windows-Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\acer\AcerTour\Reminder.exe
c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe
c:\acer\Empowering Technology\SysMonitor.exe
c:\acer\WR_PopUp\WarReg_PopUp.exe
C:\ARK69EB.tmp
C:\ARKDC98.tmp
C:\ARKE15A.tmp
C:\ARKE985.tmp
c:\program files\iTunes\iTunesHelper.exe
c:\program files\Java\jre6\bin\jusched.exe
c:\program files\Lexmark 5600-6600 Series\lxduamon.exe
c:\program files\Lexmark 5600-6600 Series\lxdumon.exe
c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
c:\program files\QuickTime\QTTask.exe
c:\users\AGENTS~1\FAVORI~1\Games.url
c:\users\agentscotty\AppData\Roaming\inst.exe
c:\users\agentscotty\AppData\Roaming\Microsoft\Windows\Recent\o[SUMOTorrent.pif
c:\users\agentscotty\Favorites\Games.url
c:\windows\system32\win.com
|
|
18.06.2010, 10:13
| #6 |
| /// Malware-holic | Virus im Ordner Windows/system32/drivers - Hijackthis logfile klicke: start, programme, zubehör, editor, kopiere ein: Killall:: Rootkit:: C:\windows\system32\drivers\mjezb.sys Driver:: mjezb Folder:: c:\programdata\UAB Registry:: [-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mjezb] Datei speichern unter, typ alle dateien. name: cfscript.txt speicherort, dort wo sich combofix.exe befindet. ziehe cfscript auf combofix, programm startet, log posten. |
|
18.06.2010, 19:04
| #7 |
| | Virus im Ordner Windows/system32/drivers - Hijackthis logfile Combofix Logfile: Code:
ATTFilter ComboFix 10-06-17.02 - agentscotty 18.06.2010 19:37:44.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.43.1031.18.1023.414 [GMT 2:00]
ausgeführt von:: c:\users\agentscotty\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\agentscotty\Desktop\cfscript.txt
SP: Windows-Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\UAB
c:\windows\Fonts\GQ3W2.com
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MJEZB
-------\Service_mjezb
((((((((((((((((((((((( Dateien erstellt von 2010-05-18 bis 2010-06-18 ))))))))))))))))))))))))))))))
.
2010-06-18 17:48 . 2010-06-18 17:52 -------- d-----w- c:\users\agentscotty\AppData\Local\temp
2010-06-18 17:48 . 2010-06-18 17:48 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-06-18 17:48 . 2010-06-18 17:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-17 21:54 . 2010-06-17 21:54 -------- d-----w- c:\program files\iPod
2010-06-17 21:47 . 2010-06-17 21:47 -------- d-----w- c:\program files\Bonjour
2010-06-17 14:46 . 2010-06-17 16:07 -------- d-----w- c:\users\agentscotty\Klaviernoten
2010-06-17 09:05 . 2010-06-17 09:05 -------- d-----w- c:\users\agentscotty\AppData\Roaming\InstallShield
2010-06-17 09:04 . 2007-06-01 16:36 870400 ----a-w- c:\windows\system32\drivers\WPN111v.sys
2010-06-17 08:52 . 2010-06-17 08:52 -------- d-----w- c:\users\agentscotty\AppData\Local\PC_Drivers_Headquarters
2010-06-17 08:49 . 2010-06-17 08:49 -------- d-----w- c:\programdata\Driver Whiz
2010-06-17 08:48 . 2010-06-17 08:48 -------- d-----w- c:\program files\Driver Whiz
2010-06-16 11:36 . 2010-06-16 11:36 -------- d-----w- c:\users\agentscotty\Tracing
2010-06-14 17:06 . 2010-06-14 17:06 -------- d-----w- c:\users\agentscotty\AppData\Roaming\DVDVideoSoftIEHelpers
2010-06-12 21:55 . 2010-06-12 21:55 -------- d-----w- c:\programdata\Last.fm
2010-06-12 21:54 . 2010-06-12 21:54 -------- d-----w- c:\users\agentscotty\AppData\Local\Last.fm
2010-06-12 21:54 . 2010-06-12 21:54 -------- d-----w- c:\program files\Last.fm
2010-06-12 13:35 . 2010-06-12 13:35 -------- d-----w- c:\users\agentscotty\AppData\Local\Help
2010-06-04 14:07 . 2010-06-18 15:01 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-06-04 14:06 . 2010-06-04 14:23 -------- d-----w- c:\programdata\Hitman Pro
2010-06-04 14:06 . 2010-06-04 14:06 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-06-04 13:46 . 2010-06-04 13:46 -------- d-----w- c:\users\agentscotty\AppData\Roaming\WinPatrol
2010-06-04 13:45 . 2010-06-04 13:45 -------- d-----w- c:\program files\BillP Studios
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-18 17:49 . 2010-05-17 16:03 823808 ----a-w- c:\windows\system32\drivers\mjezb.sys
2010-06-18 14:45 . 2006-11-02 15:33 618204 ----a-w- c:\windows\system32\perfh007.dat
2010-06-18 14:45 . 2006-11-02 15:33 122442 ----a-w- c:\windows\system32\perfc007.dat
2010-06-17 21:55 . 2010-05-06 19:38 -------- d-----w- c:\program files\iTunes
2010-06-17 21:54 . 2008-12-06 16:06 -------- d-----w- c:\program files\Common Files\Apple
2010-06-17 21:38 . 2010-06-17 21:38 72504 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-17 16:58 . 2010-03-31 11:05 -------- d-----w- c:\program files\QuickTime
2010-06-17 16:58 . 2009-04-04 18:02 -------- d-----w- c:\program files\Lexmark 5600-6600 Series
2010-06-17 16:42 . 2010-06-17 16:42 3557283 ----a-w- c:\programdata\SPLDE0F.tmp
2010-06-17 16:31 . 2007-04-18 04:05 116480 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-06-17 16:31 . 2009-04-04 18:24 -------- d-----w- c:\programdata\Lx_cats
2010-06-17 16:20 . 2010-06-17 16:20 3557283 ----a-w- c:\programdata\SPLF0C3.tmp
2010-06-17 16:01 . 2010-04-12 18:42 -------- d-----w- c:\users\agentscotty\AppData\Roaming\Skype
2010-06-17 14:01 . 2010-04-12 18:45 -------- d-----w- c:\users\agentscotty\AppData\Roaming\skypePM
2010-06-17 09:06 . 2008-12-06 11:59 -------- d-----w- c:\program files\NETGEAR
2010-06-17 09:06 . 2007-04-18 03:27 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-14 17:05 . 2008-12-08 19:05 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-06-14 17:05 . 2008-12-08 19:05 -------- d-----w- c:\program files\DVDVideoSoft
2010-06-12 21:55 . 2010-06-12 21:55 683801 ----a-w- c:\programdata\Last.fm\Client\UninstITW\unins000.exe
2010-06-12 21:55 . 2010-06-12 21:55 54 ----a-w- c:\programdata\Last.fm\Client\uninst2.bat
2010-06-07 20:38 . 2009-08-28 20:43 -------- d-----w- c:\users\agentscotty\AppData\Roaming\vlc
2010-06-06 00:18 . 2008-12-08 19:59 -------- d-----w- c:\program files\Google
2010-06-02 19:50 . 2008-12-13 16:57 680 ----a-w- c:\users\agentscotty\AppData\Local\d3d9caps.dat
2010-05-24 21:17 . 2010-05-17 16:02 -------- d-----w- c:\users\agentscotty\AppData\Roaming\EBC9999A1CA4AC94C8A20ED045F81494
2010-05-21 12:14 . 2009-10-07 12:58 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 14:35 . 2010-05-18 14:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 14:35 . 2010-05-18 14:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-14 23:32 . 2010-02-19 17:07 -------- d-----w- c:\users\agentscotty\AppData\Roaming\Azureus
2010-05-14 20:58 . 2010-05-14 20:58 8463808 ----a-w- c:\users\agentscotty\AppData\Roaming\Azureus\tmp\AZU8073969255010286257.tmp\Vuze_4.4.0.4_win32.exe
2010-05-13 16:35 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-13 16:35 . 2007-04-18 03:55 -------- d-----w- c:\programdata\Microsoft Help
2010-05-09 16:28 . 2010-05-09 15:16 -------- d-----w- c:\programdata\Lexmark 5600-6600 Series
2010-04-12 18:45 . 2010-04-12 18:45 56 ---ha-w- c:\programdata\ezsidmv.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-10 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 4390912]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2007-01-24 319488]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 464168]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-15 151552]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-06 136600]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-04-06 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-06 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-06 81920]
"lxdumon.exe"="c:\program files\Lexmark 5600-6600 Series\lxdumon.exe" [2008-05-30 676520]
"lxduamon"="c:\program files\Lexmark 5600-6600 Series\lxduamon.exe" [2008-05-30 16040]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2010-05-31 323976]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-15 151552]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader - Schnellstart.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-4-18 528384]
NETGEAR WN111 Smart Wizard.lnk - c:\program files\NETGEAR\WN111\wn111.exe [2007-10-30 1777664]
NETGEAR WN111v2 Setup-Assistent.lnk - c:\program files\NETGEAR\WN111v2\WN111v2.exe [2008-12-2 1728512]
NETGEAR WPN111 Smart Wizard.lnk - c:\program files\NETGEAR\WPN111\wpn111.exe [2010-6-17 995328]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):b8,3a,78,60,9b,b7,ca,01
R2 gupdate1cada6fde6ae1a0;Google Update Service (gupdate1cada6fde6ae1a0);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-12 133104]
R2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxduserv.exe [2008-05-24 98984]
R3 DCamUSBNW800;CIF USB Camera (2110);c:\windows\system32\DRIVERS\pcam800.sys [2002-07-27 210792]
R3 DNIMp50;DNIMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\DNIMp50.sys [2006-11-16 21504]
R3 DNISp50;DNISp50 NDIS Protocol Driver;c:\windows\system32\Drivers\DNISp50.sys [2006-11-16 20480]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WN111v2\jswpsapi.exe [2008-02-29 942080]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2008-10-01 20384]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe [2008-05-24 594600]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2010-06-18 15944]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2007-03-20 28672]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
2010-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-12 18:42]
2010-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-12 18:42]
2010-06-18 c:\windows\Tasks\User_Feed_Synchronization-{9F7D36C6-0CE3-499A-A2FE-7360D14C5B78}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.orf.at/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://de.intl.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Free YouTube to Mp3 Converter - c:\users\agentscotty\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-06-18 19:52
Windows 6.0.6002 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Hitman Pro 3.5\HitmanPro35.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-06-18 20:02:36 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-06-18 18:02
ComboFix2.txt 2010-06-17 17:05
Vor Suchlauf: 16 Verzeichnis(se), 16.195.522.560 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 15.726.407.680 Bytes frei
- - End Of File - - 4CB630C5F28FDE29B91902022759704A
|
|
18.06.2010, 19:11
| #8 |
| /// Malware-holic | Virus im Ordner Windows/system32/drivers - Hijackthis logfile rechtsklick auf den avira guard, (schirm) wähle deaktivieren. öffne arbeitsplatz, c: dort suche den ordner qoobox, rechtsklick und zu qoobox.rar oder zip hinzufügen. http://www.trojaner-board.de/54791-a...ner-board.html das archiv dann wie unter punkt2 an uns hochladen, gib bescheid wenn fertig. dann starte den pc neu und erstelle ein neues otl log wie in meinem ersten post. die extras.txt brauche ich diesmal nicht. poste also die otl.txt |
|
18.06.2010, 19:36
| #9 |
| | Virus im Ordner Windows/system32/drivers - Hijackthis logfile wenn ich versuche qoobox zu qoobox.rar hinzuzufügen kommt eine fehlermeldung.. zugriff verweigert und es konnte qoobox.rar nicht erstellen |
|
18.06.2010, 19:43
| #10 |
| /// Malware-holic | Virus im Ordner Windows/system32/drivers - Hijackthis logfile starte den pc neu, dann f8 drücken, damit solltest du ein menü erhalten, dort abgesicherter modus mit netzwerk auswählen, dann sollte es klappen. von dort aus auch hochladen. |
|
18.06.2010, 19:50
| #11 |
| /// Selecta Jahrusso | Virus im Ordner Windows/system32/drivers - Hijackthis logfile Sorry aber Code:
ATTFilter (((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-18 17:49 . 2010-05-17 16:03 823808 ----a-w- c:\windows\system32\drivers\mjezb.sys
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
18.06.2010, 19:51
| #12 |
| /// Malware-holic | Virus im Ordner Windows/system32/drivers - Hijackthis logfile jo mach ich dann mit dem avenger |
|
18.06.2010, 20:11
| #13 |
| | Virus im Ordner Windows/system32/drivers - Hijackthis logfile qoobox.rar soll ich hochladen? |
|
18.06.2010, 20:13
| #14 |
| /// Malware-holic | Virus im Ordner Windows/system32/drivers - Hijackthis logfile ja bitte. dazu musst du natürlich den ordner qoobox erst mit winzip oder rar packen, rechtsklick auf den ordner, dann solltest du die entsprechenden möglichkeiten erhalten. |
|
18.06.2010, 20:35
| #15 |
| | Virus im Ordner Windows/system32/drivers - Hijackthis logfile ok gut.. hab qoobox.rar auch schon hochgeladen OTL Logfile: Code:
ATTFilter OTL logfile created on: 18.06.2010 21:24:39 - Run 2 OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\agentscotty Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 1.023,00 Mb Total Physical Memory | 474,00 Mb Available Physical Memory | 46,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 113,20 Gb Total Space | 21,38 Gb Free Space | 18,89% Space Free | Partition Type: NTFS Drive D: | 112,85 Gb Total Space | 112,76 Gb Free Space | 99,92% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: COLLY Current User Name: agentscotty Logged in as Administrator. Current Boot Mode: SafeMode with Networking Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\agentscotty\OTL.exe (OldTimer Tools) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\agentscotty\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (CLTNetCnService) -- File not found SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (lxdu_device) -- C:\Windows\System32\lxducoms.exe ( ) SRV - (lxduCATSCustConnectService) -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe () SRV - (jswpsapi) -- C:\Programme\NETGEAR\WN111v2\jswpsapi.exe (Atheros Communications, Inc.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT) SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe () ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (jswpslwf) -- C:\Windows\System32\drivers\jswpslwf.sys (Atheros Communications, Inc.) DRV - (WN111v2) -- C:\Windows\System32\drivers\WN111v2v.sys (Atheros Communications, Inc.) DRV - (Mrvleap) -- C:\Windows\System32\drivers\mrveap32.sys (Windows (R) Codename Longhorn DDK provider) DRV - (WPN111) -- C:\Windows\System32\drivers\WPN111v.sys (Atheros Communications, Inc.) DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (libusb0) -- C:\Windows\System32\drivers\libusb0.sys (hxxp://libusb-win32.sourceforge.net) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (PSDNServ) -- C:\Windows\system32\drivers\PSDNServ.sys (HiTRUST) DRV - (psdvdisk) -- C:\Windows\system32\drivers\psdvdisk.sys (HiTRUST) DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (HiTRUST) DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation) DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys () DRV - (DNISp50) -- C:\Windows\System32\drivers\DNISP50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (DNIMp50) -- C:\Windows\System32\drivers\DNIMP50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (DCamUSBNW800) CIF USB Camera (2110) -- C:\Windows\System32\drivers\pcam800.sys (Divio Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-678187322-1588869377-2606183595-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-678187322-1588869377-2606183595-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.live.com [binary data] IE - HKU\S-1-5-21-678187322-1588869377-2606183595-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://www.google.com IE - HKU\S-1-5-21-678187322-1588869377-2606183595-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-678187322-1588869377-2606183595-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKU\S-1-5-21-678187322-1588869377-2606183595-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKU\S-1-5-21-678187322-1588869377-2606183595-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.orf.at/ IE - HKU\S-1-5-21-678187322-1588869377-2606183595-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-678187322-1588869377-2606183595-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-678187322-1588869377-2606183595-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\S-1-5-21-678187322-1588869377-2606183595-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found IE - HKU\S-1-5-21-678187322-1588869377-2606183595-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-678187322-1588869377-2606183595-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [2010.03.26 22:57:26 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\mozilla\Extensions [2009.03.25 20:15:36 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org O1 HOSTS File: ([2010.06.18 19:51:46 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKU\S-1-5-21-678187322-1588869377-2606183595-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKU\S-1-5-21-678187322-1588869377-2606183595-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-678187322-1588869377-2606183595-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe () O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST) O4 - HKLM..\Run: [lxduamon] C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe () O4 - HKLM..\Run: [lxdumon.exe] C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios) O4 - HKU\.DEFAULT..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.) O4 - HKU\S-1-5-18..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.) O4 - HKU\S-1-5-21-678187322-1588869377-2606183595-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKU\S-1-5-21-678187322-1588869377-2606183595-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-678187322-1588869377-2606183595-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-678187322-1588869377-2606183595-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O7 - HKU\S-1-5-21-678187322-1588869377-2606183595-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\agentscotty\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest.jpg O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias [2009.01.07 19:03:20 | 000,000,000 | ---D | M] NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: hitmanpro35 - Reg Error: Value error. SafeBootNet: hitmanpro35.sys - Reg Error: Value error. SafeBootNet: HitmanPro35Crusader - Reg Error: Value error. SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5CA109D3-A084-47E8-A9CB-D497322E3F50} - Silverlight 2.0 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - ActiveX: >{b655e83a-ad28-402a-9f14-da77fbdc6550} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: VIDC.JPGL - C:\Windows\JPGL.DLL () Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: vidc.xvid - xvidvfw.dll File not found Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2010.06.18 21:23:20 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Users\agentscotty\OTL.exe [2010.06.18 20:02:39 | 000,000,000 | ---D | C] -- C:\Windows\temp [2010.06.18 20:02:39 | 000,000,000 | ---D | C] -- C:\Users\agentscotty\AppData\Local\temp [2010.06.18 19:51:53 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2010.06.18 19:35:34 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2010.06.17 23:54:18 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2010.06.17 23:47:21 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour [2010.06.17 23:47:17 | 000,000,000 | ---D | C] -- C:\Config.Msi [2010.06.17 18:33:31 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2010.06.17 18:33:31 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2010.06.17 18:33:31 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2010.06.17 18:33:17 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010.06.17 18:32:30 | 000,000,000 | ---D | C] -- C:\Qoobox [2010.06.17 16:59:15 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Users\agentscotty\Desktop\OTL.exe [2010.06.17 16:46:59 | 000,000,000 | ---D | C] -- C:\Users\agentscotty\Klaviernoten [2010.06.17 11:05:56 | 000,000,000 | ---D | C] -- C:\Users\agentscotty\AppData\Roaming\InstallShield [2010.06.17 11:04:16 | 000,870,400 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\WPN111v.sys [2010.06.17 11:00:53 | 009,755,046 | ---- | C] (Macrovision Corporation) -- C:\Users\agentscotty\Desktop\wpn111_2_0_setup.exe [2010.06.17 10:52:14 | 000,000,000 | ---D | C] -- C:\Users\agentscotty\AppData\Local\PC_Drivers_Headquarters [2010.06.17 10:49:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Driver Whiz [2010.06.17 10:48:18 | 000,000,000 | ---D | C] -- C:\Programme\Driver Whiz [2010.06.17 10:46:07 | 001,046,736 | ---- | C] (Driver Whiz ) -- C:\Users\agentscotty\Desktop\Driverwhiz.exe [2010.06.16 13:36:18 | 000,000,000 | ---D | C] -- C:\Users\agentscotty\Tracing [2010.06.14 19:06:05 | 000,000,000 | ---D | C] -- C:\Users\agentscotty\AppData\Roaming\DVDVideoSoftIEHelpers [2010.06.12 23:55:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Last.fm [2010.06.12 23:54:06 | 000,000,000 | ---D | C] -- C:\Users\agentscotty\AppData\Local\Last.fm [2010.06.12 23:54:00 | 000,000,000 | ---D | C] -- C:\Programme\Last.fm [2010.06.12 23:53:12 | 005,287,682 | ---- | C] (Last.fm ) -- C:\Users\agentscotty\Desktop\Last.fm-1.5.4.24567.exe [2010.06.12 15:35:15 | 000,000,000 | ---D | C] -- C:\Users\agentscotty\AppData\Local\Help [2010.06.06 02:13:56 | 000,563,040 | ---- | C] (Google Inc.) -- C:\Users\agentscotty\Desktop\googleupdatesetup.exe [2010.06.04 16:06:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro [2010.06.04 16:06:08 | 000,000,000 | ---D | C] -- C:\Programme\Hitman Pro 3.5 [2010.06.04 16:05:23 | 005,937,984 | ---- | C] (SurfRight B.V.) -- C:\Users\agentscotty\Desktop\HitmanPro35.exe [2010.06.04 15:46:25 | 000,000,000 | ---D | C] -- C:\Users\agentscotty\AppData\Roaming\WinPatrol [2010.06.04 15:45:50 | 000,000,000 | ---D | C] -- C:\Programme\BillP Studios [2010.06.04 15:43:03 | 001,066,672 | ---- | C] (BillP Studios) -- C:\Users\agentscotty\Desktop\setupde.exe [2010.06.04 14:17:27 | 000,000,000 | ---D | C] -- C:\Users\agentscotty\Desktop\backups [2010.06.04 14:08:34 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\agentscotty\Desktop\HiJackThis.exe [2009.04.04 20:02:52 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\LXDUhcp.dll [2009.04.04 20:02:51 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\lxduusb1.dll [2009.04.04 20:02:51 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxduinpa.dll [2009.04.04 20:02:51 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxduiesc.dll [2009.04.04 20:02:50 | 001,069,056 | ---- | C] ( ) -- C:\Windows\System32\lxduserv.dll [2009.04.04 20:02:50 | 000,651,264 | ---- | C] ( ) -- C:\Windows\System32\lxdupmui.dll [2009.04.04 20:02:50 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxdulmpm.dll [2009.04.04 20:02:49 | 000,679,936 | ---- | C] ( ) -- C:\Windows\System32\lxduhbn3.dll [2009.04.04 20:02:47 | 000,765,952 | ---- | C] ( ) -- C:\Windows\System32\lxducomc.dll [2009.04.04 20:02:47 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxducomm.dll [2007.04.18 05:42:52 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll [21 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [21 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.06.18 21:23:58 | 003,407,872 | -HS- | M] () -- C:\Users\agentscotty\ntuser.dat [2010.06.18 21:23:27 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\agentscotty\OTL.exe [2010.06.18 21:01:52 | 000,808,446 | ---- | M] () -- C:\Qoobox.rar [2010.06.18 21:00:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.06.18 20:54:36 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.06.18 20:54:35 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.06.18 20:54:31 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.06.18 20:52:24 | 000,524,288 | -HS- | M] () -- C:\Users\agentscotty\NTUSER.DAT{21455311-f909-11dd-9b54-001921eb6cc7}.TMContainer00000000000000000001.regtrans-ms [2010.06.18 20:52:24 | 000,065,536 | -HS- | M] () -- C:\Users\agentscotty\NTUSER.DAT{21455311-f909-11dd-9b54-001921eb6cc7}.TM.blf [2010.06.18 20:51:38 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{9F7D36C6-0CE3-499A-A2FE-7360D14C5B78}.job [2010.06.18 20:47:13 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.06.18 20:44:32 | 004,142,573 | -H-- | M] () -- C:\Users\agentscotty\AppData\Local\IconCache.db [2010.06.18 20:05:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.06.18 19:54:10 | 000,015,944 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys [2010.06.18 19:52:17 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini [2010.06.18 19:51:46 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2010.06.18 19:49:56 | 000,823,808 | ---- | M] () -- C:\Windows\System32\drivers\mjezb.sys [2010.06.18 16:50:07 | 003,714,040 | R--- | M] () -- C:\Users\agentscotty\Desktop\ComboFix.exe [2010.06.18 16:45:52 | 000,618,204 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.06.18 16:45:52 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.06.18 16:45:52 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.06.18 16:45:51 | 001,418,612 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.06.18 16:45:51 | 000,122,442 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.06.17 23:55:14 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.06.17 18:31:54 | 000,116,480 | ---- | M] () -- C:\Windows\System32\GDIPFONTCACHEV1.DAT [2010.06.17 16:59:31 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\agentscotty\Desktop\OTL.exe [2010.06.17 11:06:08 | 000,001,503 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WPN111 Smart Wizard.lnk [2010.06.17 11:06:08 | 000,001,485 | ---- | M] () -- C:\Users\Public\Desktop\NETGEAR WPN111 Smart Wizard.lnk [2010.06.17 11:01:16 | 009,755,046 | ---- | M] (Macrovision Corporation) -- C:\Users\agentscotty\Desktop\wpn111_2_0_setup.exe [2010.06.17 10:46:13 | 001,046,736 | ---- | M] (Driver Whiz ) -- C:\Users\agentscotty\Desktop\Driverwhiz.exe [2010.06.14 19:20:22 | 002,418,816 | ---- | M] () -- C:\Users\agentscotty\Documents\Reinventing Your Exit - Aaron Gillespie.mp3 [2010.06.14 19:05:58 | 000,001,036 | ---- | M] () -- C:\Users\agentscotty\Desktop\DVDVideoSoft Free Studio.lnk [2010.06.13 23:17:13 | 000,002,631 | ---- | M] () -- C:\Users\agentscotty\Desktop\Microsoft Office Word 2007.lnk [2010.06.12 23:53:40 | 005,287,682 | ---- | M] (Last.fm ) -- C:\Users\agentscotty\Desktop\Last.fm-1.5.4.24567.exe [2010.06.12 15:34:32 | 001,106,435 | ---- | M] () -- C:\Users\agentscotty\Desktop\BIOS_R01-C0.zip [2010.06.10 18:43:27 | 000,000,488 | ---- | M] () -- C:\Windows\System32\.crusader [2010.06.06 02:16:55 | 000,002,077 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2010.06.06 02:14:13 | 000,563,040 | ---- | M] (Google Inc.) -- C:\Users\agentscotty\Desktop\googleupdatesetup.exe [2010.06.05 13:33:33 | 000,059,904 | ---- | M] () -- C:\Users\agentscotty\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.06.04 16:06:11 | 000,001,789 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk [2010.06.04 16:05:36 | 005,937,984 | ---- | M] (SurfRight B.V.) -- C:\Users\agentscotty\Desktop\HitmanPro35.exe [2010.06.04 15:44:31 | 001,066,672 | ---- | M] (BillP Studios) -- C:\Users\agentscotty\Desktop\setupde.exe [2010.06.04 14:08:48 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\agentscotty\Desktop\HiJackThis.exe [2010.06.02 21:50:38 | 000,000,680 | ---- | M] () -- C:\Users\agentscotty\AppData\Local\d3d9caps.dat [2010.05.21 14:14:28 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [21 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [21 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.06.18 21:01:50 | 000,808,446 | ---- | C] () -- C:\Qoobox.rar [2010.06.17 23:55:14 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.06.17 18:33:31 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2010.06.17 18:33:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2010.06.17 18:33:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2010.06.17 18:33:31 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe [2010.06.17 18:33:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2010.06.17 18:27:44 | 003,714,040 | R--- | C] () -- C:\Users\agentscotty\Desktop\ComboFix.exe [2010.06.17 11:06:08 | 000,001,503 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WPN111 Smart Wizard.lnk [2010.06.17 11:06:08 | 000,001,485 | ---- | C] () -- C:\Users\Public\Desktop\NETGEAR WPN111 Smart Wizard.lnk [2010.06.14 19:19:39 | 002,418,816 | ---- | C] () -- C:\Users\agentscotty\Documents\Reinventing Your Exit - Aaron Gillespie.mp3 [2010.06.14 19:05:49 | 000,001,036 | ---- | C] () -- C:\Users\agentscotty\Desktop\DVDVideoSoft Free Studio.lnk [2010.06.12 15:33:27 | 001,106,435 | ---- | C] () -- C:\Users\agentscotty\Desktop\BIOS_R01-C0.zip [2010.06.06 02:16:55 | 000,002,077 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2010.06.04 16:23:57 | 000,000,488 | ---- | C] () -- C:\Windows\System32\.crusader [2010.06.04 16:07:01 | 000,015,944 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys [2010.06.04 16:06:11 | 000,001,789 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk [2010.05.17 18:03:49 | 000,823,808 | ---- | C] () -- C:\Windows\System32\drivers\mjezb.sys [2010.02.19 19:27:41 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2010.02.19 19:27:41 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2010.02.09 16:23:25 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2009.08.09 19:08:05 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.04.29 13:16:29 | 000,000,105 | ---- | C] () -- C:\Windows\WININIT.INI [2009.04.04 20:17:17 | 000,360,448 | ---- | C] () -- C:\Windows\System32\lxducoin.dll [2009.04.04 20:15:22 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxduvs.dll [2009.04.04 20:08:37 | 001,036,288 | ---- | C] () -- C:\Windows\System32\lxdudrs.dll [2009.04.04 20:08:37 | 000,081,920 | ---- | C] () -- C:\Windows\System32\lxducaps.dll [2009.04.04 20:08:37 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxducnv4.dll [2009.04.04 20:04:57 | 000,000,044 | ---- | C] () -- C:\Windows\System32\lxdurwrd.ini [2009.04.04 20:02:52 | 000,389,120 | ---- | C] () -- C:\Windows\System32\LXDUinst.dll [2009.04.04 20:02:48 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdugrd.dll [2008.12.14 23:29:12 | 001,310,772 | ---- | C] () -- C:\Windows\System32\FLICKER.dll [2008.12.14 23:29:11 | 000,036,864 | R--- | C] () -- C:\Windows\JPGL.DLL [2008.12.14 23:29:11 | 000,032,768 | R--- | C] () -- C:\Windows\DIV_IYUV.DLL [2008.12.06 13:51:17 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini [2008.12.06 13:51:17 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini [2008.11.21 23:47:52 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.11.21 23:45:16 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest [2008.11.21 23:45:16 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest [2008.11.21 23:44:16 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll [2007.04.18 15:30:23 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll [2007.04.18 13:58:48 | 000,000,593 | ---- | C] () -- C:\Windows\generic.ini [2007.04.18 13:58:48 | 000,000,107 | ---- | C] () -- C:\Windows\Alaunch.ini [2007.04.18 05:42:52 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll [2007.02.06 23:58:10 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll [2007.02.06 23:57:58 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll [2007.02.06 23:57:20 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll [2007.02.06 23:56:30 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll [2007.02.06 23:56:28 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll [2007.02.06 23:52:08 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll [2006.12.25 15:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== LOP Check ========== [2010.05.15 01:32:57 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\Azureus [2010.02.19 19:17:28 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\DiskAid [2010.06.14 19:06:05 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\DVDVideoSoftIEHelpers [2010.05.24 23:17:54 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\EBC9999A1CA4AC94C8A20ED045F81494 [2008.12.09 00:53:57 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\eSobi [2008.12.13 19:31:54 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\FloodLightGames [2008.12.08 21:06:18 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\GHISLER [2010.03.30 16:09:49 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\gtk-2.0 [2008.12.18 21:17:28 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\InfraRecorder [2010.02.19 19:28:34 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\iPodtoComputer [2009.04.05 11:15:01 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\Lexmark Productivity Studio [2009.05.27 22:49:44 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\LimeWire [2009.04.29 15:44:15 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\log [2010.02.09 16:31:48 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\MAGIX [2008.12.06 19:11:31 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\Nokia [2008.12.06 18:51:00 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\PC Suite [2009.12.29 19:15:55 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\TuneAid [2009.12.21 18:18:28 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\uTorrent [2009.04.29 15:44:37 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\Vso [2009.12.29 19:00:45 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\WindSolutions [2010.06.04 15:46:26 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\WinPatrol [2010.06.18 20:52:32 | 000,032,636 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.06.18 20:51:38 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{9F7D36C6-0CE3-499A-A2FE-7360D14C5B78}.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2008.12.08 21:26:14 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\Adobe [2008.12.17 18:17:59 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\AdobeUM [2009.09.15 15:06:15 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\Apple Computer [2010.03.26 22:59:13 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\Avira [2010.05.15 01:32:57 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\Azureus [2010.02.19 19:17:28 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\DiskAid [2008.12.07 19:55:41 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\DivX [2010.06.14 19:06:05 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\DVDVideoSoftIEHelpers [2010.05.24 23:17:54 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\EBC9999A1CA4AC94C8A20ED045F81494 [2008.12.09 00:53:57 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\eSobi [2008.12.13 19:31:54 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\FloodLightGames [2008.12.08 21:06:18 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\GHISLER [2009.04.23 16:47:49 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\Google [2010.03.30 16:09:49 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\gtk-2.0 [2008.12.06 13:47:38 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\Identities [2008.12.18 21:17:28 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\InfraRecorder [2010.06.17 11:05:56 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\InstallShield [2010.02.19 19:28:34 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\iPodtoComputer [2009.04.05 11:15:01 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\Lexmark Productivity Studio [2009.05.27 22:49:44 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\LimeWire [2009.04.29 15:44:15 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\log [2008.12.06 13:48:28 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\Macromedia [2010.02.09 16:31:48 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\MAGIX [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\Media Center Programs [2010.06.04 13:50:50 | 000,000,000 | --SD | M] -- C:\Users\agentscotty\AppData\Roaming\Microsoft [2010.03.26 22:57:26 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\Mozilla [2008.12.06 19:11:31 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\Nokia [2008.12.06 18:51:00 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\PC Suite [2010.06.17 18:01:17 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\Skype [2010.06.17 16:01:48 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\skypePM [2009.12.29 19:15:55 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\TuneAid [2009.12.21 18:18:28 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\uTorrent [2010.06.07 22:38:40 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\vlc [2009.04.29 15:44:37 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\Vso [2009.12.29 19:00:45 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\WindSolutions [2010.06.04 15:46:26 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\WinPatrol [2008.12.08 21:57:15 | 000,000,000 | ---D | M] -- C:\Users\agentscotty\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2010.05.14 22:58:34 | 008,463,808 | ---- | M] (Vuze Inc.) -- C:\Users\agentscotty\AppData\Roaming\Azureus\tmp\AZU8073969255010286257.tmp\Vuze_4.4.0.4_win32.exe [2009.03.25 20:15:07 | 000,163,840 | ---- | M] (Mozilla Foundation) -- C:\Users\agentscotty\AppData\Roaming\LimeWire\browser\xulrunner\crashreporter.exe [2009.03.25 20:15:11 | 000,196,608 | ---- | M] (Mozilla Foundation) -- C:\Users\agentscotty\AppData\Roaming\LimeWire\browser\xulrunner\updater.exe [2009.03.25 20:15:11 | 000,014,848 | ---- | M] () -- C:\Users\agentscotty\AppData\Roaming\LimeWire\browser\xulrunner\xpcshell.exe [2009.03.25 20:15:11 | 000,077,824 | ---- | M] (Mozilla Foundation) -- C:\Users\agentscotty\AppData\Roaming\LimeWire\browser\xulrunner\xpicleanup.exe [2009.03.25 20:15:11 | 000,266,240 | ---- | M] (Mozilla Foundation) -- C:\Users\agentscotty\AppData\Roaming\LimeWire\browser\xulrunner\xpidl.exe [2009.03.25 20:15:11 | 000,018,432 | ---- | M] () -- C:\Users\agentscotty\AppData\Roaming\LimeWire\browser\xulrunner\xpt_dump.exe [2009.03.25 20:15:11 | 000,014,336 | ---- | M] () -- C:\Users\agentscotty\AppData\Roaming\LimeWire\browser\xulrunner\xpt_link.exe [2009.03.25 20:15:14 | 000,073,728 | ---- | M] (Mozilla Foundation) -- C:\Users\agentscotty\AppData\Roaming\LimeWire\browser\xulrunner\xulrunner-stub.exe [2009.03.25 20:15:14 | 000,102,400 | ---- | M] (Mozilla Foundation) -- C:\Users\agentscotty\AppData\Roaming\LimeWire\browser\xulrunner\xulrunner.exe [2009.06.12 12:06:28 | 000,010,134 | R--- | M] () -- C:\Users\agentscotty\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\ERDNT\cache\agp440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\agp440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.12.06 16:11:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008.12.06 16:11:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008.12.06 16:11:10 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTORV.SYS > [2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: NVSTOR32.SYS > [2007.01.27 11:21:04 | 000,101,160 | ---- | M] (NVIDIA Corporation) MD5=4A9A6368BEF61C9608FE7CC21B1F8886 -- C:\Windows\System32\drivers\nvstor32.sys [2007.01.27 11:21:04 | 000,101,160 | ---- | M] (NVIDIA Corporation) MD5=4A9A6368BEF61C9608FE7CC21B1F8886 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_54ba863a\nvstor32.sys < MD5 for: SCECLI.DLL > [2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USERINIT.EXE > [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2007.04.18 13:59:24 | 006,664,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2007.04.18 13:59:22 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2007.04.18 13:59:24 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2007.04.18 13:59:33 | 015,720,448 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2007.04.18 13:59:35 | 006,008,832 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.03.08 13:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll [2009.03.08 13:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:55F44B88 < End of report > |
|
| Themen zu Virus im Ordner Windows/system32/drivers - Hijackthis logfile |
| antivir, antivir guard, avira, bho, bitte um hilfe, bonjour, browser, computer, converter, desktop, google, gupdate, hijack, hijackthis, hijackthis logfile, hkus\s-1-5-18, internet explorer, logfile, mp3, neu aufsetzen, plug-in, pop-up-blocker, popup, senden, software, symantec, system, virus, vista, windows |
Linear-Darstellung
