| |
| |||||||
Log-Analyse und Auswertung: Interseiten öffnen sich automatischWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
08.07.2010, 10:43
| #1 |
 |  Interseiten öffnen sich automatisch Wenn ich mit Firefox im Internet bin öffnet sich manchmal einfach eine Seite automatisch. Die beginnt meist mit: hxxp://adserving.favorit-network.com/ Ich habe mal Spybot Search & Destroy durchlaufen lassen und nun wird die Werbung immerhin nicht mehr angezeigt sondern es kommt nur noch ein Seiten-Ladefehler. Hier ist mal mein HiJackThis-LogFile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:27:56, on 08.07.2010 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18470) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\rundll32.exe C:\Windows\PLFSetI.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Users\XXX\AppData\Local\Temp\RtkBtMnt.exe C:\Windows\ehome\ehtray.exe C:\Users\XXX\AppData\Local\treeig.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\XXX\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/skins7/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll R3 - URLSearchHook: (no name) - - (no file) O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe" O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE Systemboot O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [treeig] "c:\users\dennis\appdata\local\treeig.exe" treeig O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Windows System Updates] C:\Users\Public\winvsrnc.exe O4 - HKCU\..\Run: [QNB2EB90WX] C:\Users\Dennis\AppData\Local\Temp\Ebv.exe O4 - HKCU\..\Run: [WinSysControls] \Users\Dennis\winrsncd.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{82131D18-0A32-4582-8C62-3809AAB7DDBA}: NameServer = 192.168.0.1 O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 12126 bytes |
|
08.07.2010, 10:49
| #2 |
| | Interseiten öffnen sich automatisch 1. einfach: firefox add-on adblock plus
__________________2. normal: malwarebytes antimalware einen systemscan machen lassen und hier posten 3.normal: lad dir a-squared free herunter und lass es/ihn (XD) einen scan machen und poste das ergebnis 4. normal: lade dir CCleaner runter und lösch deine registry sowie deinen internet-cache und die temporären dateien ein schritt nach dem anderen dann klappts bestimmt  und fix mit HijackThis diesen eintrag: O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab Geändert von Breedfight (08.07.2010 um 10:55 Uhr) |
|
08.07.2010, 10:58
| #3 |
| /// Malware-holic   | Interseiten öffnen sich automatisch 1. deinstaliere vorläufig spybot, der teatimer könnte sonst für probleme sorgen.
__________________2. starte neu. 3. deinstaliere die ask toolbar, starte neu. 4. ootl: Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt poste bitte den inhalt beider. |
|
08.07.2010, 11:51
| #4 |
| | Interseiten öffnen sich automatisch Habe nun den Scan mit OTL gemacht. OTL.txt: Code:
ATTFilter OTL logfile created on: 08.07.2010 12:21:32 - Run 1 OTL by OldTimer - Version 3.2.8.1 Folder = C:\Users\Dennis\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 47,00% Memory free 5,00 Gb Paging File | 4,00 Gb Available in Paging File | 67,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 111,44 Gb Total Space | 44,41 Gb Free Space | 39,85% Space Free | Partition Type: NTFS Drive D: | 232,88 Gb Total Space | 232,14 Gb Free Space | 99,68% Space Free | Partition Type: NTFS Drive E: | 111,44 Gb Total Space | 111,35 Gb Free Space | 99,92% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DENNIS-PC Current User Name: Dennis Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Dennis\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\Dennis\AppData\Local\treeig.exe (revelatory) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) PRC - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) PRC - C:\Program Files\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) PRC - C:\Users\Dennis\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.) PRC - C:\Windows\PLFSetI.exe () PRC - C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) PRC - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) PRC - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) PRC - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) PRC - C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) PRC - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.) PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe () PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe () PRC - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe () PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () PRC - C:\ACER\Mobility Center\MobilityService.exe () PRC - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock) ========== Modules (SafeList) ========== MOD - C:\Users\Dennis\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) MOD - C:\Windows\System32\SysHook.dll () MOD - C:\Windows\System32\powrprof.dll (Microsoft Corporation) MOD - C:\Windows\System32\wtsapi32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation) MOD - C:\Program Files\Stardock\ObjectDock\DockShellHook.dll () ========== Win32 Services (SafeList) ========== SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (ICQ Service) -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe () SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) SRV - (eDataSecurity Service) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) SRV - (NTIBackupSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.) SRV - (NTISchedulerSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe () SRV - (ETService) -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe () SRV - (BUNAgentSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (CLHNService) -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe () ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (ZTEusbnet) -- C:\Windows\System32\drivers\ZTEusbnet.sys (ZTE Corporation) DRV - (ZTEusbvoice) -- C:\Windows\System32\drivers\zteusbvoice.sys (ZTE Incorporated) DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.) DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.) DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (psdvdisk) -- C:\Windows\System32\drivers\PSDVdisk.sys (Egis Incorporated) DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (Egis Incorporated) DRV - (PSDNServ) -- C:\Windows\System32\drivers\PSDNServ.sys (Egis Incorporated) DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl (Cyberlink Corp.) DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (Ltn_stk7070P) -- C:\Windows\System32\drivers\Ltn_stk7070P.sys (LiteOn) DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV - (UBHelper) -- C:\Windows\System32\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (NTIPPKernel) -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys (Cyberlink Corp.) DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation) DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2259126044-174994911-749800222-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKU\S-1-5-21-2259126044-174994911-749800222-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data] IE - HKU\S-1-5-21-2259126044-174994911-749800222-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/skins7/ IE - HKU\S-1-5-21-2259126044-174994911-749800222-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2259126044-174994911-749800222-1000\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKU\S-1-5-21-2259126044-174994911-749800222-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKU\S-1-5-21-2259126044-174994911-749800222-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2259126044-174994911-749800222-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "toolbartv Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT694331&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2 FF - prefs.js..extensions.enabledItems: {8b86149f-01fb-4842-9dd8-4d7eb02fd055}:0.21.1 FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.11 FF - prefs.js..extensions.enabledItems: autopager@mozilla.org:0.6.1.18 FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.1 FF - prefs.js..extensions.enabledItems: fmscene@sozone.de:4.3.0 FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.7 FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.3 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3 FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.0.6 FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:4.4 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 4 FF - prefs.js..extensions.enabledItems: 9 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: tabscope@xuldev.org:0.3.2 FF - prefs.js..extensions.enabledItems: {7762a897-2a75-4e3f-a3a7-55bd098b9879}:2.5.6.0 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=skins7&tb_ver=2.0.0.2&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.06.25 19:16:28 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.06.25 19:16:28 | 000,000,000 | ---D | M] [2008.11.07 21:02:49 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\mozilla\Extensions [2010.07.08 11:52:36 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\3dx3g72g.default\extensions [2010.01.21 17:39:45 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\3dx3g72g.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d} [2010.07.07 18:56:13 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\3dx3g72g.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2010.04.28 18:58:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\3dx3g72g.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.01.26 22:44:34 | 000,000,000 | ---D | M] (toolbartv Toolbar) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\3dx3g72g.default\extensions\{7762a897-2a75-4e3f-a3a7-55bd098b9879} [2010.06.20 19:06:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\3dx3g72g.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.04.13 19:06:14 | 000,000,000 | ---D | M] (All-in-One Gestures) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\3dx3g72g.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055} [2010.07.08 11:52:27 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\3dx3g72g.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.01.26 22:44:34 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\3dx3g72g.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} [2010.06.23 18:36:43 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\3dx3g72g.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6} [2010.06.23 18:36:12 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\3dx3g72g.default\extensions\autopager@mozilla.org [2010.02.12 23:52:44 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\3dx3g72g.default\extensions\de-DE@dictionaries.addons.mozilla.org [2009.11.11 20:22:51 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\3dx3g72g.default\extensions\firefox@tvunetworks.com [2009.07.20 22:59:25 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\3dx3g72g.default\extensions\fmscene@sozone.de [2010.04.06 20:43:26 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\3dx3g72g.default\extensions\isreaditlater@ideashower.com [2010.04.13 19:06:15 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\3dx3g72g.default\extensions\personas@christopher.beard [2010.04.17 12:44:34 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\3dx3g72g.default\extensions\tabscope@xuldev.org [2009.03.25 09:20:46 | 000,000,878 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\FireFox\Profiles\3dx3g72g.default\searchplugins\conduit.xml [2010.07.07 17:37:12 | 000,000,961 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\FireFox\Profiles\3dx3g72g.default\searchplugins\icqplugin-1.xml [2009.07.23 18:50:51 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\FireFox\Profiles\3dx3g72g.default\searchplugins\icqplugin-10.xml [2009.08.06 22:56:32 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\FireFox\Profiles\3dx3g72g.default\searchplugins\icqplugin-11.xml [2009.09.12 16:15:21 | 000,000,961 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\FireFox\Profiles\3dx3g72g.default\searchplugins\icqplugin-12.xml [2010.02.19 16:42:42 | 000,000,961 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\FireFox\Profiles\3dx3g72g.default\searchplugins\icqplugin-13.xml [2010.04.01 11:22:41 | 000,000,961 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\FireFox\Profiles\3dx3g72g.default\searchplugins\icqplugin-14.xml [2010.06.20 19:08:49 | 000,000,961 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\FireFox\Profiles\3dx3g72g.default\searchplugins\icqplugin-15.xml [2008.11.15 16:05:11 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\FireFox\Profiles\3dx3g72g.default\searchplugins\icqplugin-2.xml [2008.12.17 22:27:37 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\FireFox\Profiles\3dx3g72g.default\searchplugins\icqplugin-3.xml [2009.02.05 17:03:17 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\FireFox\Profiles\3dx3g72g.default\searchplugins\icqplugin-4.xml [2009.03.09 16:15:32 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\FireFox\Profiles\3dx3g72g.default\searchplugins\icqplugin-5.xml [2009.03.30 18:53:00 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\FireFox\Profiles\3dx3g72g.default\searchplugins\icqplugin-6.xml [2009.04.26 18:49:52 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\FireFox\Profiles\3dx3g72g.default\searchplugins\icqplugin-7.xml [2009.04.30 20:39:40 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\FireFox\Profiles\3dx3g72g.default\searchplugins\icqplugin-8.xml [2009.06.13 18:57:09 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\FireFox\Profiles\3dx3g72g.default\searchplugins\icqplugin-9.xml [2010.06.20 19:06:50 | 000,000,168 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\FireFox\Profiles\3dx3g72g.default\searchplugins\icqplugin.gif [2010.06.20 19:06:50 | 000,000,618 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\FireFox\Profiles\3dx3g72g.default\searchplugins\icqplugin.src [2010.04.22 13:33:22 | 000,000,945 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\FireFox\Profiles\3dx3g72g.default\searchplugins\icqplugin.xml [2010.07.08 11:52:36 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010.01.19 20:23:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2009.07.31 00:59:14 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2009.07.31 00:59:14 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2009.07.31 00:59:14 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2009.09.12 16:14:59 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2009.07.31 00:59:14 | 000,000,801 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.07.07 18:55:35 | 000,411,917 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 14236 more lines... O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKU\S-1-5-21-2259126044-174994911-749800222-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKU\S-1-5-21-2259126044-174994911-749800222-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe () O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.) O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-2259126044-174994911-749800222-1000..\Run: [QNB2EB90WX] C:\Users\Dennis\AppData\Local\Temp\Ebv.exe File not found O4 - HKU\S-1-5-21-2259126044-174994911-749800222-1000..\Run: [treeig] c:\users\dennis\appdata\local\treeig.exe (revelatory) O4 - HKU\S-1-5-21-2259126044-174994911-749800222-1000..\Run: [Windows System Updates] C:\Users\Public\winvsrnc.exe File not found O4 - HKU\S-1-5-21-2259126044-174994911-749800222-1000..\Run: [WinSysControls] File not found O4 - Startup: C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O4 - Startup: C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Dennis\Desktop\Meine Dateien\BVB\BVB Bilder\barrioskopie.jpg O24 - Desktop BackupWallPaper: C:\Users\Dennis\Desktop\Meine Dateien\BVB\BVB Bilder\barrioskopie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{a02377c1-bd74-11de-911e-00a0c6000000}\Shell - "" = AutoRun O33 - MountPoints2\{a02377c1-bd74-11de-911e-00a0c6000000}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org) Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2010.07.08 12:18:28 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Dennis\Desktop\OTL.exe [2010.07.08 11:55:18 | 083,704,128 | ---- | C] (Emsi Software GmbH ) -- C:\Users\Dennis\Desktop\a2FreeSetup27.exe [2010.07.08 11:54:26 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Dennis\Desktop\mbam146-setup.exe [2010.07.08 11:23:23 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\Dennis\Desktop\HiJackThis.exe [2010.07.08 11:23:05 | 000,000,000 | ---D | C] -- C:\Program Files\HiJackThis [2010.06.27 19:52:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2010.06.27 19:52:32 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2010.06.24 18:43:12 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2010.06.24 18:43:12 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax [2010.06.24 18:43:02 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll [2010.06.24 18:42:44 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax [2010.06.24 18:42:43 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2010.06.24 18:42:06 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe [2010.06.24 18:42:06 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll [2010.06.24 18:42:05 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll [2010.06.23 22:31:31 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll [2010.06.23 22:31:30 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2010.06.21 19:12:56 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2010.06.21 19:05:46 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2010.06.17 18:42:12 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Malwarebytes [2010.06.17 18:41:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.06.16 18:54:42 | 000,548,864 | ---- | C] (revelatory) -- C:\Users\Dennis\AppData\Local\treeig.exe [2010.06.10 23:18:18 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll [2010.06.10 23:18:16 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2010.06.10 23:18:16 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2010.06.10 23:18:15 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll [2010.06.10 23:18:10 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2010.06.10 23:18:09 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.06.10 23:18:09 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.06.10 23:18:09 | 000,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.06.10 23:18:09 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2010.06.10 23:18:09 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.06.10 23:18:09 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2010.06.10 23:18:09 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.06.10 23:18:09 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2010.06.10 23:18:09 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.06.10 23:18:09 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010.06.10 23:18:04 | 002,036,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys ========== Files - Modified Within 30 Days ========== [2010.07.08 12:25:06 | 000,004,176 | ---- | M] () -- C:\Users\Dennis\AppData\Local\treeig_navps.dat [2010.07.08 12:24:30 | 000,003,372 | ---- | M] () -- C:\Users\Dennis\AppData\Local\treeig.dat [2010.07.08 12:21:10 | 006,553,600 | -HS- | M] () -- C:\Users\Dennis\NTUSER.DAT [2010.07.08 12:18:33 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Dennis\Desktop\OTL.exe [2010.07.08 12:15:10 | 000,027,934 | ---- | M] () -- C:\ProgramData\nvModes.001 [2010.07.08 12:15:03 | 000,000,090 | ---- | M] () -- C:\Users\Dennis\AppData\Local\treeig.bat [2010.07.08 12:14:44 | 000,000,434 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics [2010.07.08 12:14:41 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.07.08 12:14:22 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.07.08 12:14:22 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.07.08 12:14:17 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.07.08 12:14:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.07.08 12:14:09 | 2682,679,296 | -HS- | M] () -- C:\hiberfil.sys [2010.07.08 12:13:19 | 000,524,288 | -HS- | M] () -- C:\Users\Dennis\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2010.07.08 12:13:19 | 000,065,536 | -HS- | M] () -- C:\Users\Dennis\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.07.08 12:13:13 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.07.08 12:13:04 | 002,968,132 | -H-- | M] () -- C:\Users\Dennis\AppData\Local\IconCache.db [2010.07.08 11:58:05 | 083,704,128 | ---- | M] (Emsi Software GmbH ) -- C:\Users\Dennis\Desktop\a2FreeSetup27.exe [2010.07.08 11:54:43 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Dennis\Desktop\mbam146-setup.exe [2010.07.08 11:52:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.07.08 11:23:26 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\Dennis\Desktop\HiJackThis.exe [2010.07.07 18:55:35 | 000,411,917 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts [2010.07.07 17:26:07 | 000,027,934 | ---- | M] () -- C:\ProgramData\nvModes.dat [2010.06.29 12:26:02 | 001,418,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.06.29 12:26:02 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.06.29 12:26:02 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.06.29 12:26:02 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.06.29 12:26:02 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.06.28 14:54:53 | 000,008,268 | ---- | M] () -- C:\Users\Dennis\AppData\Local\d3d9caps.dat [2010.06.27 20:39:19 | 000,000,095 | ---- | M] () -- C:\Windows\wininit.ini [2010.06.27 20:05:59 | 000,408,580 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100707-185535.backup [2010.06.27 13:39:46 | 000,000,090 | ---- | M] () -- C:\Users\Dennis\AppData\Local\wkqks.bat [2010.06.27 13:38:28 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2010.06.23 19:27:19 | 003,714,435 | ---- | M] () -- C:\Users\Dennis\Desktop\Flo Rida feat. David Guetta - Club Can't Handle Me.mp3 [2010.06.23 19:16:31 | 004,962,578 | ---- | M] () -- C:\Users\Dennis\Desktop\Bushido feat. Kay One - Fackeln im Wind.mp3 [2010.06.23 18:34:52 | 000,243,057 | ---- | M] () -- C:\Users\Dennis\AppData\Local\treeig_nav.dat [2010.06.20 22:00:46 | 004,642,304 | ---- | M] () -- C:\Users\Dennis\Desktop\B.o.B feat. Hayley Williams & Eminem - Airplanes.mp3 [2010.06.20 19:06:47 | 000,032,768 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\chrtmp [2010.06.19 21:00:46 | 003,602,422 | ---- | M] () -- C:\Users\Dennis\Desktop\Die Atzen - Das geht ab (WM Song).mp3 [2010.06.17 20:46:50 | 000,016,091 | ---- | M] () -- C:\Users\Dennis\Desktop\Vorberichte.docx [2010.06.16 18:54:42 | 000,548,864 | ---- | M] (revelatory) -- C:\Users\Dennis\AppData\Local\treeig.exe [2010.06.12 14:29:01 | 002,233,192 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2010.06.27 20:39:19 | 000,000,095 | ---- | C] () -- C:\Windows\wininit.ini [2010.06.27 14:58:48 | 000,000,090 | ---- | C] () -- C:\Users\Dennis\AppData\Local\treeig.bat [2010.06.26 12:40:32 | 000,032,768 | ---- | C] () -- C:\Users\Dennis\AppData\Roaming\chrtmp [2010.06.23 19:27:15 | 003,714,435 | ---- | C] () -- C:\Users\Dennis\Desktop\Flo Rida feat. David Guetta - Club Can't Handle Me.mp3 [2010.06.23 19:15:47 | 004,962,578 | ---- | C] () -- C:\Users\Dennis\Desktop\Bushido feat. Kay One - Fackeln im Wind.mp3 [2010.06.20 22:00:39 | 004,642,304 | ---- | C] () -- C:\Users\Dennis\Desktop\B.o.B feat. Hayley Williams & Eminem - Airplanes.mp3 [2010.06.19 21:00:41 | 003,602,422 | ---- | C] () -- C:\Users\Dennis\Desktop\Die Atzen - Das geht ab (WM Song).mp3 [2010.06.16 18:54:44 | 000,004,166 | ---- | C] () -- C:\Users\Dennis\AppData\Local\treeig_navps.dat [2010.06.16 18:54:43 | 000,243,057 | ---- | C] () -- C:\Users\Dennis\AppData\Local\treeig_nav.dat [2010.06.16 18:54:43 | 000,003,458 | ---- | C] () -- C:\Users\Dennis\AppData\Local\treeig.dat [2010.05.26 21:12:54 | 000,006,393 | ---- | C] () -- C:\Windows\hpdj5600.ini [2009.02.07 23:16:17 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2008.12.19 20:35:58 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll [2008.12.19 20:34:38 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll [2008.08.21 02:07:35 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll [2008.08.21 02:07:35 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini [2008.05.16 04:24:58 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.04.01 10:39:14 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll [2008.04.01 10:39:14 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll [2008.04.01 10:14:24 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll [2008.04.01 10:09:50 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll [2008.04.01 09:59:39 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== LOP Check ========== [2008.04.01 10:35:21 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console [2008.04.01 10:35:21 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console [2008.12.17 16:50:08 | 000,000,000 | -HSD | M] -- C:\Users\Dennis\AppData\Roaming\.# [2008.04.01 10:35:21 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Acer GameZone Console [2008.12.19 20:36:11 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Atari [2009.07.20 23:29:05 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\FileZilla [2010.07.07 19:44:00 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\ICQ [2008.11.08 20:02:53 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\IrfanView [2008.11.14 21:12:35 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Nettalk [2010.05.31 19:53:38 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\temp [2009.03.22 21:16:41 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Thunderbird [2009.10.20 14:45:16 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Vodafone [2010.07.08 12:13:13 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2008.12.17 16:50:08 | 000,000,000 | -HSD | M] -- C:\Users\Dennis\AppData\Roaming\.# [2008.04.01 10:35:21 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Acer GameZone Console [2010.02.23 22:17:19 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Adobe [2010.06.06 14:13:48 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Apple Computer [2008.12.19 20:36:11 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Atari [2008.11.07 19:58:09 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\CyberLink [2009.12.29 16:46:13 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\DivX [2009.12.29 16:50:14 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\FastStone [2009.07.20 23:29:05 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\FileZilla [2009.10.20 14:58:27 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\FLEXnet [2010.07.07 19:44:00 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\ICQ [2008.11.07 17:51:30 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Identities [2008.11.08 20:02:53 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\IrfanView [2008.11.07 17:52:32 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Macromedia [2010.06.17 18:42:12 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Malwarebytes [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Media Center Programs [2009.12.05 15:37:32 | 000,000,000 | --SD | M] -- C:\Users\Dennis\AppData\Roaming\Microsoft [2009.03.22 21:16:42 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Mozilla [2008.11.14 21:12:35 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Nettalk [2008.11.07 23:06:21 | 000,000,000 | RH-D | M] -- C:\Users\Dennis\AppData\Roaming\SecuROM [2010.05.31 19:53:38 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\temp [2009.03.22 21:16:41 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Thunderbird [2010.06.29 13:08:41 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\vlc [2009.10.20 14:45:16 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Vodafone [2008.11.08 20:03:45 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\WinRAR [2008.11.07 19:36:47 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Yahoo! < %APPDATA%\*.exe /s > [2009.01.23 21:29:17 | 000,003,584 | R--- | M] () -- C:\Users\Dennis\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe [2009.07.04 23:36:11 | 000,040,960 | R--- | M] (Acresso Software Inc.) -- C:\Users\Dennis\AppData\Roaming\Microsoft\Installer\{CF2D9590-457B-4842-912D-8D16A69ECC43}\ARPPRODUCTICON.exe [2009.07.04 23:36:11 | 000,040,960 | R--- | M] (Acresso Software Inc.) -- C:\Users\Dennis\AppData\Roaming\Microsoft\Installer\{CF2D9590-457B-4842-912D-8D16A69ECC43}\powerteacher1_F3ECF7C00EB742CBA846CD9C2B5791B4.exe [2009.07.04 23:36:11 | 000,040,960 | R--- | M] (Acresso Software Inc.) -- C:\Users\Dennis\AppData\Roaming\Microsoft\Installer\{CF2D9590-457B-4842-912D-8D16A69ECC43}\powerteacher_C16DA77BBBB04A698406A46901D42736.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\agp440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\ACER\Preload\Acer\Recovery\HPartition\Windows\System32\drivers\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\ACER\Preload\Acer\Recovery\HPartition\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\ACER\Preload\Acer\Recovery\HPartition\Windows\System32\drivers\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\ACER\Preload\Acer\Recovery\HPartition\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\ACER\Preload\Acer\Recovery\HPartition\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\ACER\Preload\Acer\Recovery\HPartition\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2007.01.12 22:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\Cyberlink\PowerDirector\EventLog.dll < MD5 for: IASTORV.SYS > [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\ACER\Preload\Acer\Recovery\HPartition\Windows\System32\drivers\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\ACER\Preload\Acer\Recovery\HPartition\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\ACER\Preload\Acer\Recovery\HPartition\Windows\System32\netlogon.dll [2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\ACER\Preload\Acer\Recovery\HPartition\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll [2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\ACER\Preload\Acer\Recovery\HPartition\Windows\System32\drivers\nvstor.sys [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\ACER\Preload\Acer\Recovery\HPartition\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: NVSTOR32.SYS > [2008.05.26 15:13:00 | 000,140,832 | ---- | M] (NVIDIA Corporation) MD5=7DF63192BCF9C20EC2F7492E7F7544F9 -- C:\ACER\Preload\Autorun\DRV\nVidia NB Chipset NVMCP77MH\IDE\WinVista\sataraid\nvstor32.sys [2008.05.26 15:13:00 | 000,140,832 | ---- | M] (NVIDIA Corporation) MD5=FA7B8ECA6E845B244B7E30A9DCD82C6C -- C:\ACER\Preload\Autorun\DRV\nVidia NB Chipset NVMCP77MH\IDE\WinVista\sata_ide\nvstor32.sys < MD5 for: SCECLI.DLL > [2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll [2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\ACER\Preload\Acer\Recovery\HPartition\Windows\System32\scecli.dll [2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\ACER\Preload\Acer\Recovery\HPartition\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USERINIT.EXE > [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\ACER\Preload\Acer\Recovery\HPartition\Windows\System32\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\ACER\Preload\Acer\Recovery\HPartition\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\ACER\Preload\Acer\Recovery\HPartition\Windows\System32\drivers\ws2ifsl.sys [2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\ACER\Preload\Acer\Recovery\HPartition\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2008.01.21 04:24:26 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll [2008.01.21 04:24:26 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll [2008.01.21 04:24:42 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll [2008.01.21 04:24:38 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:A9662AE0 < End of report > |
|
08.07.2010, 11:52
| #5 |
| | Interseiten öffnen sich automatisch Extras.txt: Code:
ATTFilter OTL Extras logfile created on: 08.07.2010 12:21:32 - Run 1
OTL by OldTimer - Version 3.2.8.1 Folder = C:\Users\Dennis\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 47,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,44 Gb Total Space | 44,41 Gb Free Space | 39,85% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 232,14 Gb Free Space | 99,68% Space Free | Partition Type: NTFS
Drive E: | 111,44 Gb Total Space | 111,35 Gb Free Space | 99,92% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: DENNIS-PC
Current User Name: Dennis
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.js [@ = JSFile] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-2259126044-174994911-749800222-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Public\winvsrnc.exe" = C:\Users\Public\winvsrnc.exe:*:Enabled:Windows System Updates -- File not found
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{102D0F5A-15C1-4C82-8598-9A8DD4842AA8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{13A03CAF-CE2F-4694-ACBA-A954BFB6B854}" = lport=2869 | protocol=6 | dir=in | app=system |
"{17754248-5A9F-4D44-B1A8-B5A06A320A2D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1B0AA8C6-5C6B-4ACF-B95B-381CED44FDE1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{35834865-036A-47F0-AE89-F0F7958352D6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{398F9FBD-0A1D-4CC0-B228-3D5C5324EE7B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3B2DA517-1B38-4BF6-A66B-AF68C5D02D65}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{44F14FF9-522B-4A5F-8C54-30D3FA9707BA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{46ACD958-7CB0-46D5-BBCD-F675F017E59B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{47862B8E-B01D-4AC3-8348-A8B32282B6C8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4D525C2B-4E28-4DDF-B81C-8E8624231A1B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4D80B09D-BC4E-4E10-90D0-E73BE41DA36E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4DB6C6CB-3207-4FE9-92DC-609E8C4EA7CA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5B6F7433-5D36-4386-BE16-9AFDB05DB52D}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{5FE19A6C-2F0F-432E-A510-C4BEA4A90A03}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{628B83FA-1C0F-4E35-A1D1-BD5933CC8A08}" = rport=10243 | protocol=6 | dir=out | app=system |
"{62D124E8-B4D0-4B1D-A79B-9AB49106F1FD}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{6338DE8B-069A-42A7-B723-DCD1F8FC419B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{644F7A56-939E-4E7D-A4DB-407BEC8A5407}" = lport=2869 | protocol=6 | dir=in | app=system |
"{64B6A80C-7121-40DA-AD51-BFF00BE5A551}" = lport=3390 | protocol=6 | dir=in | app=system |
"{683C106F-D83D-4525-B3E4-A677E6833196}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6CCD7146-DB12-48C2-95B6-C6B7CF5E9D51}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6FC08CA4-F0FD-4CD0-BB2C-FCADD0147F57}" = lport=10243 | protocol=6 | dir=in | app=system |
"{714DF8E1-8267-4CFF-B370-844B49C1BB28}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{72D95D91-765F-4D40-8C18-93C36AF7F20F}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{781E9523-0750-42C8-B8A1-2C6482A49FBB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7B7DF0B5-7B95-4A74-B5BD-A598D3255DDC}" = rport=10244 | protocol=6 | dir=out | app=system |
"{7BF9F25D-F874-42E8-8342-CA18B5ADE38D}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{99B74A78-B545-4C55-B5BD-A201CD874E80}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9C600F34-B5D2-43B6-A8D1-B58BCC2B0FA2}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{B23DCAD1-C1E9-43AD-BA33-4C69972004C1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CA200D5F-030B-4A98-94D0-BAC1779472E8}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{CB2FEFBC-01C9-4855-A97C-C22E92DB681A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CCF42B35-EF02-4401-BB83-BF5CBDD6A5E1}" = rport=2869 | protocol=6 | dir=out | app=system |
"{D4BA998A-E4B7-498F-8C30-56FA58859AA3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D87CA9BE-0C9C-40F2-A98A-630522D52129}" = lport=10244 | protocol=6 | dir=in | app=system |
"{D97041FF-266E-4729-BC46-E5C0E002A6DB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{DB921D52-F67D-410B-8101-ADD1F59D7CB4}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{DC2A0D78-8725-4B76-BE42-EA075452D61C}" = lport=10244 | protocol=6 | dir=in | app=system |
"{DE421FEC-013E-4D04-939E-333B05977863}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E4968C65-35E3-4C5B-BA6A-360B9EB4312A}" = rport=10244 | protocol=6 | dir=out | app=system |
"{ED862BA9-E2DB-46DF-B520-FDAB5590471F}" = lport=3390 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1B6B66C3-975B-4F31-8FDE-2156F079B714}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{230B3936-A5F0-41D5-95B2-7D8E8A08ACEF}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{2889DCB8-68B9-4B57-9060-BBDBD2AD642F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{2DBB4D3A-FDA8-463C-A663-05AB747D10FF}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{2DD17C57-B3FC-4E46-9641-9350F6B2A3BC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2E95EE66-2A46-4DB5-86F6-30B0B48D6753}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2EB5A4F7-2E6D-4A99-83E4-9B1C008DD3F6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{388DFBA2-F5DA-4B0A-A85A-F82FCCE97223}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3A5E2B85-761B-4068-82E5-629C82AC0BC6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3ECC8D88-7B43-400F-8166-CB8A6A6FDF5B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5BAD03CE-FEBF-40E3-9D3D-253117CDAC9F}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{5BFEADFF-4E9B-4D9D-945B-67B10E725382}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{5C6611D7-9CC4-4BEB-A707-261D9BAE05C6}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{5F29BF08-443F-4F79-9E8C-142290702BDE}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{611D27E6-38A5-4668-B9E8-644F19268587}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7279CA3A-33DE-4DD6-86B6-36F4F431D38C}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{732D98B5-658B-45BD-BDE2-65345664786E}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{738FFAEF-FF43-4E51-A90B-494BB7DE2FE3}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{768A5488-0E37-40DC-8ECD-6E433355E928}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{7BED6096-0406-4187-873B-150C28B9B5C4}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{7D63ED19-6D5E-41CE-BE93-9A92AE8EEAD3}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{800FB58C-B5A7-46C2-80C8-48823BFCB8F9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{82C01BDA-7027-4AF0-95B7-B1523CC2402A}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{8508037C-ABA3-478C-8EE9-FDDDD52358F0}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{88D50DA0-F8EF-42C2-BD9D-2515B34F600A}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{8A6F2F23-ACFC-4361-BA59-F0F93EA4C7F6}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{8D6C1D5D-6D67-48D8-88DD-6525294C7F1A}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{9359BE8D-47CB-45E1-8C04-EC1B4EEDFFD6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{95E68FA7-7048-4B5A-98E1-A9DB9DC15528}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{99D70FE4-7DC4-42BA-85CE-56C7B0ACB03E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A16CC7A0-A379-4AB1-829A-E11AB35FC9D0}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{A2C2B696-599F-4616-B7A3-189C20B34C0A}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{A2D83693-8B1E-46A8-A084-DB0E2DCD6595}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{A875B24A-41DD-418F-B109-16C9E7568013}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{A9A93441-E3F1-4DD1-AA9B-CD7D21248783}" = protocol=6 | dir=out | app=system |
"{AE70899C-90CE-4525-B4FD-3016DB3B1D0B}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{AEFA4D21-DFF3-4F8B-B8BC-5E5D2BF004BF}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{B2E07B66-652C-495F-8183-B9EDC7FBDEB1}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{BC49553C-3B2C-45B8-BCD4-BB80B0FDB3AE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{BFBB0C67-3191-4912-B30C-DE8F68805101}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C0167C73-06A6-4B1F-9968-0E1BC76D1876}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{C6F5CDB9-127B-4F90-A3BC-ABC723629BC6}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{C9CF7FFE-E0FF-459A-ABEA-64C61FF41038}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CB681403-74CC-4452-A944-AAC83CCC6AA6}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{CC8F1DA4-9A50-4F91-B095-D18787D5B7E7}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{CD8FBF0E-4CE3-41D7-A92C-3F6F6790BF53}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{CF0049C8-20FD-4161-A21D-B66ED4EA6F57}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{D34C6108-DFE6-4AAD-88BD-E36D4E89B1BE}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{D6AA8252-32D6-49CE-BEF4-88B601C06324}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{D98861E1-7A13-4FFE-B4EC-F1E0CE8D184A}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{DED1C8D3-BB74-4570-A197-49C7795AB562}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E1B09E4A-DC39-4934-8DE0-3676D12BCFE8}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{E5389A15-F0EE-497A-86BA-FDD963AA229D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F6B88DB2-68E2-4C26-B08F-27B813346269}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{FAEF9054-37B6-439D-874B-81F606B4765A}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{FC3F67B8-71E5-4AB7-8784-EFBBB2C56C66}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{FD708D3B-B3D5-405D-950E-FE2A15C42F1B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{0AC33DB8-1B30-4095-8A0E-DAAC2D99E9AA}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{21A32BC8-65EA-489F-8CD8-44CF9713503F}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{3A094121-7097-4529-9199-D7ACEE19D99C}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{480C6B29-2155-4CCA-BA80-52DB291E070D}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{62D1F5E1-18EB-4D38-80D7-AFF11A0242CF}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{6C053565-298B-4639-9DFA-274ECD0C63F1}C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe |
"TCP Query User{FCFF91E5-217B-451D-AF09-ECCF8C4658A8}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{1AF05DAA-4774-4955-B56B-619401E13A2B}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{2B017F90-F29A-4830-9612-CF5E10BA0C46}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{68DBE0B4-39D3-42B2-ADC7-BA97668E1591}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{691FF6CA-AD9F-4BD2-A6CB-6B967D7CA809}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{9FC2214D-263F-42EA-BE11-47EA6CCEBD6D}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{A4968C63-DB85-4B37-8516-A41DC11B2B3A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{B847AF55-0E93-4F3B-84FF-81B3591AF983}C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 13
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{52210D57-0B1F-4681-90DD-8659DF4BCC40}" = Moorhuhn Remake
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91C82FED-477B-4AF1-88FB-F967BB0D7F10}" = Winbond CIR Device Drivers
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{961034C0-58DF-11DF-97FD-005056806466}" = Google Earth Plug-in
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.8.3
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CF2D9590-457B-4842-912D-8D16A69ECC43}" = PowerTeacher GL
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3B99F3D-9856-482A-9048-305E28E2510C}" = Vodafone Mobile Connect Lite
"{EA926717-CE5A-4CB4-AB21-9E6E9565A458}" = RCT3 Soaked
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"FastStone Image Viewer" = FastStone Image Viewer 4.0
"FileZilla Client" = FileZilla Client 3.2.4.1
"FUSSBALL MANAGER 09" = FUSSBALL MANAGER 09
"FUSSBALL MANAGER 10 DEMO" = FUSSBALL MANAGER 10 DEMO
"GridVista" = Acer GridVista
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"IrfanView" = IrfanView (remove only)
"LManager" = Launch Manager
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.5.10)" = Mozilla Firefox (3.5.10)
"Nettalk_is1" = Nettalk 6.5
"NVIDIA Drivers" = NVIDIA Drivers
"ObjectDock" = ObjectDock
"RollerCoaster Tycoon Setup" = Roll
"SopCast" = SopCast 3.2.9
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"treeig" = Favorit
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.17
"VLC media player" = VLC media player 1.0.3
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2259126044-174994911-749800222-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Städtebilder Eredivisie" = Städtebilder Eredivisie
"Städtebilder LFP 1ª División" = Städtebilder LFP 1ª División
"TV Sponsoren Deutschland" = TV Sponsoren Deutschland
"UnityWebPlayer" = Unity Web Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 27.06.2010 08:58:33 | Computer Name = Dennis-PC | Source = WinMgmt | ID = 10
Description =
Error - 27.06.2010 08:59:47 | Computer Name = Dennis-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung 54984.exe, Version 0.0.0.0, Zeitstempel 0x49d28ea1,
fehlerhaftes Modul 54984.exe, Version 0.0.0.0, Zeitstempel 0x49d28ea1, Ausnahmecode
0xc0000005, Fehleroffset 0x00006d1a, Prozess-ID 0xe68, Anwendungsstartzeit 01cb15f89d48974d.
Error - 27.06.2010 13:15:30 | Computer Name = Dennis-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 27.06.2010 13:15:41 | Computer Name = Dennis-PC | Source = WinMgmt | ID = 10
Description =
Error - 27.06.2010 13:55:00 | Computer Name = Dennis-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 27.06.2010 13:55:09 | Computer Name = Dennis-PC | Source = WinMgmt | ID = 10
Description =
Error - 27.06.2010 13:57:22 | Computer Name = Dennis-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung firefox.exe, Version 1.9.1.3776, Zeitstempel
0x4be05389, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x03272899, Prozess-ID 0xa30, Anwendungsstartzeit
01cb16222765e26b.
Error - 27.06.2010 14:41:27 | Computer Name = Dennis-PC | Source = Application Hang | ID = 1002
Description = Programm SpybotSD.exe, Version 1.6.2.46 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 1724 Anfangszeit: 01cb16284cbba08b Zeitpunkt der Beendigung:
11
Error - 27.06.2010 14:45:33 | Computer Name = Dennis-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 27.06.2010 14:45:33 | Computer Name = Dennis-PC | Source = Windows Search Service | ID = 3013
Description =
[ Media Center Events ]
Error - 20.03.2010 12:10:02 | Computer Name = Dennis-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.SqmFlushSession failed;
Win32 GetLastError returned 0D Prozess: DefaultDomain Objektname: Media Center Guide
Error - 20.03.2010 12:19:25 | Computer Name = Dennis-PC | Source = Mcx2Dvcs | ID = 401
Description =
Error - 20.03.2010 12:19:44 | Computer Name = Dennis-PC | Source = Mcx2Dvcs | ID = 401
Description =
Error - 20.03.2010 12:20:01 | Computer Name = Dennis-PC | Source = Mcx2Dvcs | ID = 401
Description =
Error - 20.03.2010 12:25:58 | Computer Name = Dennis-PC | Source = Mcx2Dvcs | ID = 405
Description =
Error - 20.03.2010 12:28:21 | Computer Name = Dennis-PC | Source = Mcx2Dvcs | ID = 405
Description =
Error - 20.03.2010 12:31:14 | Computer Name = Dennis-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
[ System Events ]
Error - 07.07.2010 16:55:24 | Computer Name = Dennis-PC | Source = HTTP | ID = 15016
Description =
Error - 07.07.2010 16:55:55 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 08.07.2010 04:57:06 | Computer Name = Dennis-PC | Source = HTTP | ID = 15016
Description =
Error - 08.07.2010 04:57:38 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 08.07.2010 06:05:26 | Computer Name = Dennis-PC | Source = HTTP | ID = 15016
Description =
Error - 08.07.2010 06:05:53 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 08.07.2010 06:10:25 | Computer Name = Dennis-PC | Source = HTTP | ID = 15016
Description =
Error - 08.07.2010 06:11:02 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 08.07.2010 06:14:17 | Computer Name = Dennis-PC | Source = HTTP | ID = 15016
Description =
Error - 08.07.2010 06:14:42 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
|
|
08.07.2010, 12:38
| #6 |
| /// Malware-holic | Interseiten öffnen sich automatisch Fixen mit OTL • Starte bitte die OTL.exe. Vista-User mit Rechtsklick "als Administrator starten" • Kopiere nun das Folgende in die Textbox. :OTL PRC - C:\Users\Dennis\AppData\Local\treeig.exe (revelatory) O4 - HKU\S-1-5-21-2259126044-174994911-749800222-1000..\Run: [QNB2EB90WX] C:\Users\Dennis\AppData\Local\Temp\Ebv.exe File not found O4 - HKU\S-1-5-21-2259126044-174994911-749800222-1000..\Run: [treeig] c:\users\dennis\appdata\local\treeig.exe (revelatory) O4 - HKU\S-1-5-21-2259126044-174994911-749800222-1000..\Run: [Windows System Updates] C:\Users\Public\winvsrnc.exe File not found O4 - HKU\S-1-5-21-2259126044-174994911-749800222-1000..\Run: [WinSysControls] File not found [2010.06.27 13:39:46 | 000,000,090 | ---- | M] () -- C:\Users\Dennis\AppData\Local\wkqks.bat [2010.07.08 12:24:30 | 000,003,372 | ---- | M] () -- C:\Users\Dennis\AppData\Local\treeig.dat [2010.07.08 12:15:03 | 000,000,090 | ---- | M] () -- C:\Users\Dennis\AppData\Local\treeig.bat :Files c:\users\dennis\appdata\local\treeig.exe C:\Users\Dennis\AppData\Local\treeig.exe :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8 @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP  FC5A2B2• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument dieses posten nutze den ccleaner, bereinige dateien + registry: http://www.trojaner-board.de/51464-a...-ccleaner.html nutze navilog: Navilog wähle erst e für englisch und dann den automatic mode. poste das ergebniss. öffne arbeitsplatz, c: dort gibts nen ordner _otl rechtsklick, zu _otl.rar oder zip hinzufügen, das archiv an uns senden: http://www.trojaner-board.de/54791-a...ner-board.html wie unter punkt2. gib bescheid, wenn das erledigt ist. download malwarebytes: Malwarebytes instalieren, öffnen, registerkarte aktualisierung, und das programm updaten. nun schalte alle laufenden programme ab, auch den avira guard, durch rechtsklick auf den schirm, dann deaktiviren. trenne außerdem die internetverbindung durch das ziehen des netzwerkkabels, bzw durch deaktiviren von wlan. starte nun mit Malwarebytes einen komplett scan, bei dem du nicht am pc arbeiten darfst, lösche die funde, poste das log. berichte, wie der pc läuft. |
|
08.07.2010, 14:11
| #7 |
| | Interseiten öffnen sich automatisch OTL: Code:
ATTFilter All processes killed
========== OTL ==========
No active process named treeig.exe was found!
Registry value HKEY_USERS\S-1-5-21-2259126044-174994911-749800222-1000\Software\Microsoft\Windows\CurrentVersion\Run\\QNB2EB90WX deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2259126044-174994911-749800222-1000\Software\Microsoft\Windows\CurrentVersion\Run\\treeig deleted successfully.
c:\users\dennis\appdata\local\treeig.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-2259126044-174994911-749800222-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Windows System Updates deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2259126044-174994911-749800222-1000\Software\Microsoft\Windows\CurrentVersion\Run\\WinSysControls deleted successfully.
C:\Users\Dennis\AppData\Local\wkqks.bat moved successfully.
C:\Users\Dennis\AppData\Local\treeig.dat moved successfully.
C:\Users\Dennis\AppData\Local\treeig.bat moved successfully.
========== FILES ==========
File\Folder c:\users\dennis\appdata\local\treeig.exe not found.
File\Folder C:\Users\Dennis\AppData\Local\treeig.exe not found.
========== COMMANDS ==========
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Dennis
->Flash cache emptied: 1298 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Dennis
->Temp folder emptied: 4298182 bytes
->Temporary Internet Files folder emptied: 17816896 bytes
->Java cache emptied: 100831330 bytes
->FireFox cache emptied: 38606270 bytes
->Google Chrome cache emptied: 6276723 bytes
->Flash cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 1403662 bytes
Total Files Cleaned = 161,00 mb
Error: Unable to interpret <@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2> in the current context!
OTL by OldTimer - Version 3.2.8.1 log created on 07082010_144058
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Navilog: Code:
ATTFilter Fix Navipromo version 4.0.9 began on 08.07.2010 14:55:52,35
!!! Warning, this report may include legitimate files/programs!!!
!!! Post this report on the forum you are being helped !!!
Fix running from C:\navilog1
Updated on 21.06.2010 at 18h00 by IL-MAFIOSO
Microsoft® Windows Vista™ Home Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : AMD Turion(tm) X2 Dual-Core Mobile RM-70 )
BIOS : v1.3344
USER : Dennis ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:111 Go (Free:44 Go)
D:\ (Local Disk) - NTFS - Total:232 Go (Free:232 Go)
E:\ (Local Disk) - NTFS - Total:111 Go (Free:111 Go)
F:\ (CD or DVD)
Search done in normal mode
Cleanning stage done on Reboot
C:\Users\Dennis\AppData\Local\treeig_nav.dat deleted !
C:\Users\Dennis\AppData\Local\treeig_navps.dat deleted !
Cleaning of C:\Windows\Temp done !
Cleaning of C:\Users\Dennis\AppData\Local\Temp done !
*** Copy Registry to Safebackup folder ***
Backing up Registry done !
*** Cleaning Registry ***
Registry cleaned successfully
*** Scan completed 08.07.2010 15:01:31,54 ***
|
|
08.07.2010, 14:24
| #8 |
| /// Malware-holic | Interseiten öffnen sich automatisch ok, sieht aber schon mal gut aus. |
|
08.07.2010, 16:01
| #9 |
| | Interseiten öffnen sich automatisch Der Suchlauf hat jetzt ca. 115.000 Objekte durchsucht. Das in ca. 1 Stunde 45 Minuten. Spybot hat immer so ca. 1,2 mio. Objekte durchsucht. Sind das bei Malwarebytes auch so viel? Weil das dauert ja Tage bis der dann fertig ist. Oeder würde auch der Fix-Scan reichen? |
|
08.07.2010, 16:04
| #10 |
| /// Malware-holic | Interseiten öffnen sich automatisch ich hoffe du hast die internetverbindung getrennt und alle programme ausgeschalten? und spybot zeigt nicht die menge der files an wenn ich mich recht erinnere sondern nur, nach welcher malware grad gesucht wird. lass den scan also laufen und arbeite, wie gesagt nicht am pc und beende alle programme. |
|
08.07.2010, 16:07
| #11 |
| | Interseiten öffnen sich automatisch Bei Spybot steht unten links in der Ecke immer (XXXX/YYYY). Interverbindung ist getrennt und Programme sind auch geschlossen. Dann warte ich einfach mal ab. |
|
08.07.2010, 17:13
| #12 |
| | Interseiten öffnen sich automatisch Malwarebytes direkt nach dem Scan: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4291
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
08.07.2010 18:03:35
mbam-log-2010-07-08 (18-03-35).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 288438
Laufzeit: 2 Stunde(n), 26 Minute(n), 16 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\QNB2EB90WX (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\RZDVL2F27W (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Users\Dennis\AppData\Roaming\chrtmp (Malware.Trace) -> No action taken.
Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4291
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
08.07.2010 18:03:58
mbam-log-2010-07-08 (18-03-58).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 288438
Laufzeit: 2 Stunde(n), 26 Minute(n), 16 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\QNB2EB90WX (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RZDVL2F27W (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Users\Dennis\AppData\Roaming\chrtmp (Malware.Trace) -> Quarantined and deleted successfully.
|
|
08.07.2010, 17:16
| #13 |
| /// Malware-holic | Interseiten öffnen sich automatisch besuche jetzt die windows update seite, spiele vista servicepack 2 auf und den internet explorer 8, selbst wenn du nen andern browser verwendest. wenn das erledigt ist, eine neue otl.txt posten, die extras.txt benötige ich nicht. |
|
08.07.2010, 17:44
| #14 |
| | Interseiten öffnen sich automatisch Soll ich bei OTL genau die gleichen Angaben machen wie beim ersten Mal? Auch das in der Textbox? |
|
08.07.2010, 17:45
| #15 |
| /// Malware-holic | Interseiten öffnen sich automatisch nein das in der textbox brauchen wir nicht. |
|
| Themen zu Interseiten öffnen sich automatisch |
| adobe, antivir, antivir guard, ask toolbar, askbar, avg, avira, bho, bonjour, defender, desktop, explorer, firefox, google, gupdate, hijack, internet, internet explorer, launch, local\temp, mozilla, plug-in, popup, rundll, senden, sich automatisch, software, system, temp, vista, vodafone, werbung, windows, windows system |
Linear-Darstellung
