| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Antivir findet "TR/Spy.Browse.A" / Onelinebanking-AttackeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
07.08.2010, 09:52
| #1 |
 |  Antivir findet "TR/Spy.Browse.A" / Onelinebanking-Attacke Hallo, Vor einigen Tagen habe ich die Internetseite meiner Bank wegen einer Oneline-Überweisung besucht und wurde dort aufgefordert zur "zusätzlichen Autorisierung" 20 TAN-Nummern einzugeben. Das habe ich natürlich nicht getan, habe stattdessen die Internet-hotline der Bank und das Bundesamt für Datenschutz angerufen. Erstere wollen seit Tagen zurückrufen, zweitere rieten mir, Avira zu benutzen. Ich hatte Antivir schon installiert, aber das Update nicht regelmäßig durchgeführt. Nachdem ich das tat, kam die Warnung: TR/Spy.Browse.A gefunden, ich habe mich für die Aktion "löschen" entschieden. Da es hier einige Beiträge zu ähnlichem Problem gibt, wollte ich vorgehen, wie unter dem Post "Der Trojaner TR/Spy.Browse.A ist bei mir auf dem Rechner" beschrieben, d.h. zunächst Malwarebytes, dann OTL ausführen. Leider kann mein browser auf w*w.Filepony.de nicht zugreifen - sonst funktionieren alle Seiten. Was kann ich machen? Viele Grüße und Danke schonmal, Dan |
|
07.08.2010, 10:41
| #2 |
| /// Helfer-Team  | Antivir findet "TR/Spy.Browse.A" / Onelinebanking-Attacke Geht das auch nicht im abgesicherten Modus mit Netzwerktreibern?
__________________ |
|
07.08.2010, 10:41
| #3 |
| /// Selecta Jahrusso  | Antivir findet "TR/Spy.Browse.A" / Onelinebanking-Attacke Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Schritt 1 Downloade Dir bitte Load.exe
Nach dem Neustart findest Du einen Ordner MFTools auf dem Desktop. Darin befindet sich eine Anleitung.pdf. Diese bitte öffnen und die darin beschriebenen Schritte abarbeiten.
__________________ |
|
07.08.2010, 14:52
| #4 |
| | Antivir findet "TR/Spy.Browse.A" / Onelinebanking-Attacke Hi Larusso, danke für Deine Hilfe! Ich habe begonnen die Schritte auszuführen. Beim Sichern der Registry (Schritt 2 der pdf-Anleitung) bleibe ich aber hängen: Es werden Fehlermeldungen ausgegeben: Beim Sichern der Datei C:\Windows\ERDNT\07.08.2010\SYSTEM ist ein Fehler aufgetreten! Mit der nächsten Datei fortfahren? [RegCreateKeyEx: 5 - Zugriffverweigert] (an dieser Stelle: wie kann ich eigentlich einen screenshot einfügen?) Wählt man "Ja", erscheint der nächste Fehler, usf. NAch etwa 10 Fehlermeldungen ähnlicher Art kommt am Ende trotz allem das Fenster mit der Meldung: Sichern der Registrierung abgeschlossen. Kann ich einfach mit dem nächsten Schritt der Anleitung fortfahren? Viele Grüße, Daniel |
|
07.08.2010, 14:56
| #5 |
| /// Selecta Jahrusso | Antivir findet "TR/Spy.Browse.A" / Onelinebanking-Attacke Ja, fahre bitte fort. Gehe sicher das, falls Vista oder WIn7, alles als Admin gestartet wird. AUch im AdminKonto
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
09.08.2010, 08:13
| #6 |
| | Antivir findet "TR/Spy.Browse.A" / Onelinebanking-Attacke ..ich habe gemäß der Anleitung weitergemacht. 1) Malwarebytes liefert folgende Dokumentation des Quickscans: Malwarebytes' Anti-Malware 1.46 Malwarebytes Datenbank Version: 4406 Windows 6.0.6000 Internet Explorer 7.0.6000.16757 08.08.2010 11:33:17 mbam-log-2010-08-08 (11-33-17).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 144646 Laufzeit: 8 Minute(n), 57 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diskacls (Trojan.Agent.U) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) 2) GMER: Ich bin Vista-Nutzer und während des Scans als Admin registriert. Wie ich mich (lt pdf-Anleitung) per Rechtsklick als Admin bei GMER anmelden kann, habe ich aber nicht rausgefunden. Leider schmiert GMER regelmäßig ab: es dauert Stunden, später ist der Computer runtergefahren (Windows meldet beim erneuten hochfsahren: es sei außerplanmäßig beendet worden). Eine Gmer-Doku habe ich während des Scans gespeichert: GMER 1.0.15.15281 - hxxp://www.gmer.net Rootkit scan 2010-08-08 13:26:05 Windows 6.0.6000 Running: gmer.exe; Driver: C:\Users\*****\AppData\Local\Temp\pgldrpod.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwAlpcConnectPort [0x8F88C706] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0x8F88C366] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0x8F889974] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0x8F894388] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0x8F88CA3E] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcess [0x8F892166] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0x8F892380] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateSection [0x8F895B9E] SSDT 8BB704E4 ZwCreateThread SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0x8F88CACE] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0x8F889E54] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0x8F894C84] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0x8F894A00] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0x8F891F08] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0x8F894E34] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0x8F889CEC] SSDT 8BB704D0 ZwOpenProcess SSDT 8BB704D5 ZwOpenThread SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0x8F895810] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0x8F895246] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0x8F88BFF0] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0x8F895650] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0x8F88C506] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0x8F88A042] SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0x8F894706] SSDT 8BB704DF ZwTerminateProcess SSDT 8BB704DA ZwWriteVirtualMemory SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateUserProcess [0x8F89259E] ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 3C4 824808D0 12 Bytes [3E, CA, 88, 8F, 66, 21, 89, ...] .text C:\Windows\system32\drivers\hardlock.sys section is writeable [0xB6358400, 0x7960C, 0xE8000020] .protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xB63FA420] C:\Windows\system32\drivers\hardlock.sys entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xB63FA420] .protectÿÿÿÿhardlockunknown last code section [0xB63FA200, 0x5049, 0xE0000020] C:\Windows\system32\drivers\hardlock.sys unknown last code section [0xB63FA200, 0x5049, 0xE0000020] ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\explorer.exe[5628] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [741DFD78] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[5628] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [741ABBF1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[5628] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [7419A31F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[5628] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [7419CBFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[5628] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [74198AB2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[5628] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream] [741AD168] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[5628] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [74197D98] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[5628] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [74197CFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[5628] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [74196A54] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[5628] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM] [7422C1BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[5628] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFile] [741B80FE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[5628] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [741990CD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[5628] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [741A223C] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[5628] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [741A2267] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[5628] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [741A771C] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[5628] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [741A753E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[5628] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM] [741D8585] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation) AttachedDevice \FileSystem\fastfat \Fat psdfilter.sys (PSD Filter Driver/HiTRUST) Vieles läuft jetzt nicht mehr in gewohnter Geschwindigkeit. Eben hatte ich die Systemsteuerung aufrufen wollen, was nicht gelang. Den TAsk-Manager konnte ich dabei nicht mehr öffnen. Wie geht es weiter ; ) ? Viele Grüße, Daniel Geändert von Dan_s_deal (09.08.2010 um 08:19 Uhr) |
|
09.08.2010, 10:48
| #7 |
| /// Selecta Jahrusso | Antivir findet "TR/Spy.Browse.A" / Onelinebanking-Attacke Wer lesen kann ist klar im Vorteil CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
drivers32 /all
msconfig
%SYSTEMDRIVE%\*.*
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
09.08.2010, 17:13
| #8 |
| | Antivir findet "TR/Spy.Browse.A" / Onelinebanking-Attacke Hallo, hier zunächst die OTL.txt Datei: OTL Logfile: Code:
ATTFilter OTL logfile created on: 09.08.2010 17:12:12 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16757) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 51,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 69,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 69,77 Gb Total Space | 25,39 Gb Free Space | 36,40% Space Free | Partition Type: NTFS Drive D: | 66,27 Gb Total Space | 22,87 Gb Free Space | 34,51% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 7,14 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ASPIRE Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010.08.07 15:26:30 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\***\AppData\Local\Temp\RtkBtMnt.exe PRC - [2010.08.07 14:56:24 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2010.04.16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2010.01.22 08:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Programme\Spyware Doctor\BDT\BDTUpdateService.exe PRC - [2008.12.14 12:48:59 | 000,603,904 | ---- | M] (TuneUp Software GmbH) -- C:\Windows\System32\TUProgSt.exe PRC - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2008.10.26 20:51:34 | 000,068,865 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe PRC - [2008.10.26 20:51:31 | 000,151,297 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe PRC - [2008.06.12 14:28:40 | 000,266,497 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe PRC - [2008.03.03 15:05:04 | 000,959,976 | ---- | M] (Check Point Software Technologies LTD) -- C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe PRC - [2008.03.03 15:05:02 | 000,079,400 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe PRC - [2008.01.20 10:52:18 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.01.20 10:42:51 | 001,232,896 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2007.09.26 10:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe PRC - [2007.07.24 11:21:26 | 000,450,560 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe PRC - [2007.07.03 10:40:10 | 000,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe PRC - [2007.06.28 18:50:52 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe PRC - [2007.06.13 16:54:36 | 000,135,168 | R--- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe PRC - [2007.06.13 11:23:54 | 000,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe PRC - [2007.05.10 11:10:00 | 004,468,736 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.04.25 16:34:30 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe PRC - [2007.04.25 16:33:36 | 000,457,216 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe PRC - [2007.04.23 09:53:48 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe PRC - [2007.02.12 15:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007.02.12 15:37:58 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2007.02.09 06:35:54 | 000,397,312 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe PRC - [2007.01.26 14:24:42 | 000,050,688 | ---- | M] () -- C:\Acer\ALaunch\ALaunchSvc.exe PRC - [2006.11.24 12:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe PRC - [2006.11.02 14:36:04 | 000,895,488 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2006.11.02 14:36:04 | 000,201,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe ========== Modules (SafeList) ========== MOD - [2010.08.07 14:56:24 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe MOD - [2006.11.02 11:44:49 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx MOD - [2006.11.02 11:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService) SRV - [2010.04.16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010.03.15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Programme\Spyware Doctor\pctsSvc.exe -- (sdCoreService) SRV - [2010.03.11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Programme\Spyware Doctor\pctsAuxs.exe -- (sdAuxService) SRV - [2010.01.22 08:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service) SRV - [2008.12.14 12:48:59 | 000,603,904 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\Windows\System32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc) SRV - [2008.12.14 12:48:46 | 000,362,752 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2008.11.07 12:37:38 | 000,027,904 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2008.10.26 20:51:34 | 000,068,865 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler) SRV - [2008.10.26 20:51:31 | 000,151,297 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService) SRV - [2008.03.03 15:05:02 | 000,079,400 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon) SRV - [2007.09.26 10:53:56 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate) SRV - [2007.09.26 10:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler) SRV - [2007.08.14 06:33:55 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.07.03 10:40:10 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService) SRV - [2007.06.28 18:50:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService) SRV - [2007.06.13 16:54:36 | 000,135,168 | R--- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service) SRV - [2007.06.13 11:23:54 | 000,167,936 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService) SRV - [2007.04.25 16:34:30 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service) SRV - [2007.04.23 09:53:48 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService) SRV - [2007.02.12 15:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2007.01.26 14:24:42 | 000,050,688 | ---- | M] () [Auto | Running] -- C:\Acer\ALaunch\ALaunchSvc.exe -- (ALaunchService) SRV - [2006.11.24 12:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive) DRV - [2010.03.29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore) DRV - [2009.10.31 10:16:27 | 000,075,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009.10.31 10:03:10 | 000,052,056 | ---- | M] (Avira GmbH) [File_System | On_Demand | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt) DRV - [2009.10.31 10:02:48 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio) DRV - [2008.03.03 15:06:04 | 000,279,440 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant) DRV - [2008.01.02 17:48:28 | 002,016,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx) DRV - [2007.11.08 19:03:26 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2007.08.14 06:59:58 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr) DRV - [2007.07.31 03:36:00 | 000,021,264 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr) DRV - [2007.06.26 09:33:00 | 007,120,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2007.06.26 09:33:00 | 000,984,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV) DRV - [2007.06.26 09:33:00 | 000,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf) DRV - [2007.06.26 09:33:00 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL) DRV - [2007.06.26 09:33:00 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007.06.12 10:38:26 | 001,729,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV - [2007.05.10 12:25:00 | 001,775,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007.05.09 07:28:28 | 000,185,392 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP) DRV - [2007.04.25 16:34:44 | 000,016,680 | ---- | M] (HiTRUST) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PSDNServ.sys -- (PSDNServ) DRV - [2007.04.25 16:34:40 | 000,060,712 | ---- | M] (HiTRUST) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\psdvdisk.sys -- (psdvdisk) DRV - [2007.04.25 16:34:38 | 000,020,776 | ---- | M] (HiTRUST) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\psdfilter.sys -- (PSDFilter) DRV - [2007.04.19 09:09:00 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir) DRV - [2007.03.21 22:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007.02.25 00:14:00 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R) DRV - [2007.02.24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007.02.12 07:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor) DRV - [2007.02.08 09:03:20 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x) DRV - [2007.01.23 16:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2006.12.07 18:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15) DRV - [2006.11.02 16:51:58 | 000,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\Play Movie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) DRV - [2006.11.02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2006.11.02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2006.11.02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2006.11.02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2006.11.02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2006.11.02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2006.11.02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2006.11.02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006.11.02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006.11.02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2006.11.02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2006.11.02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2) DRV - [2006.11.02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2006.11.02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006.11.02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006.11.02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006.11.02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2006.11.02 11:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2006.11.02 11:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2006.11.02 11:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006.11.02 09:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL) DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006.11.02 09:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2005.07.28 09:18:40 | 000,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock) DRV - [2005.07.20 19:08:28 | 000,100,096 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aksusb.sys -- (aksusb) DRV - [2005.07.20 19:08:26 | 000,327,808 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\akshasp.sys -- (akshasp) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1351351 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2 IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "Softonic Deutsch Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.startup.homepage: "hxxp://www.faz.de/" FF - prefs.js..extensions.enabledItems: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c}:2.7.1.3 FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:4.5.2.0 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655 FF - prefs.js..extensions.enabledItems: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.1.0 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.05 18:12:05 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.05 18:12:05 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.05.13 01:03:12 | 000,000,000 | ---D | M] [2008.09.14 15:55:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.08.09 16:52:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\axex7f1h.default\extensions [2010.08.05 23:23:55 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\axex7f1h.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010.07.20 10:22:20 | 000,000,000 | ---D | M] (Softonic Deutsch Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\axex7f1h.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} [2010.07.21 14:12:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\axex7f1h.default\extensions\2020Player@2020Technologies.com [2010.06.14 14:16:56 | 000,000,935 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\axex7f1h.default\searchplugins\conduit.xml [2010.08.06 08:25:05 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2009.10.11 12:46:24 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE} [2008.09.14 15:55:49 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\talkback@mozilla.org [2010.08.05 18:11:59 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.08.05 18:11:59 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.08.05 18:11:59 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.08.05 18:11:59 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.08.05 18:11:59 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (PriceGongBHO Class) - {1631550F-191D-4826-B069-D9439253D926} - C:\Programme\PriceGong\2.1.0\PriceGongIE.dll (PriceGong) O2 - BHO: (PCCBHO.CPCCBHO) - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - C:\Programme\Winferno\PC Confidential\PCCBHO.dll (Capital Intellect Inc) O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [PLFSet] C:\Windows\PLFSet.DLL ( ) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Programme\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Programme\ERUNT\AUTOBACK.EXE () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = [binary data] O8 - Extra context menu item: &Citavi Picker... - C:\Program Files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Programme\Winferno\PC Confidential\PCConfidential.exe (Capital Intellect, Inc) O9 - Extra Button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Programme\Winferno\PC Confidential\PCConfidential.exe (Capital Intellect, Inc) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: google.de ([www] https in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\haufereader - No CLSID value found O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{0ddd98fb-5b28-11dd-8d0f-b219bb007dd3}\Shell\AutoRun\command - "" = E:\SJELO\\smrcebelo.exe -- File not found O33 - MountPoints2\{0ddd98fb-5b28-11dd-8d0f-b219bb007dd3}\Shell\open\command - "" = E:\SJELO\\smrcebelo.exe -- File not found O33 - MountPoints2\{ae82bbf4-6350-11df-a0fc-f6c5c4869bfb}\Shell - "" = AutoRun O33 - MountPoints2\{ae82bbf4-6350-11df-a0fc-f6c5c4869bfb}\Shell\AutoRun\command - "" = E:\LapNetWizard.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation) Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation) Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation) Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation) Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation) Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation) Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation) Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation) Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 90 Days ========== [2010.08.08 11:37:39 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Gmer [2010.08.07 15:47:49 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010.08.07 15:26:49 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT [2010.08.07 14:58:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2010.08.07 14:58:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.08.07 14:58:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.08.07 14:58:05 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.08.07 14:58:05 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.08.07 14:56:19 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2010.08.07 14:54:24 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\MFTools [2010.08.05 23:24:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\FinalMediaPlayer [2010.08.05 23:24:10 | 000,000,000 | ---D | C] -- C:\Programme\FinalMediaPlayer [2010.08.05 23:24:06 | 000,000,000 | ---D | C] -- C:\Programme\Free Offers from Freeze.com [2010.08.05 23:24:04 | 000,835,584 | ---- | C] (Capital Intellect Inc) -- C:\Windows\System32\WINCTL4.OCX [2010.08.05 23:24:04 | 000,495,616 | ---- | C] (Capital Intellect Inc) -- C:\Windows\System32\WINUTIL5.DLL [2010.08.05 23:24:04 | 000,393,216 | ---- | C] (Capital Intellect Inc) -- C:\Windows\System32\WINLCTL5.DLL [2010.08.05 23:24:04 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Winferno [2010.08.05 23:24:01 | 000,000,000 | ---D | C] -- C:\Programme\Winferno [2010.08.05 23:23:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! [2010.08.05 23:23:35 | 000,000,000 | ---D | C] -- C:\Programme\PriceGong [2010.08.05 23:23:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Yahoo! [2010.08.03 23:23:17 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Bilder Opp55 [2010.08.03 18:03:56 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll [2010.08.03 18:03:55 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll [2010.08.03 18:03:55 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll [2010.08.03 17:54:51 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys [2010.08.03 17:54:51 | 000,100,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys [2010.08.03 17:54:45 | 000,218,592 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys [2010.08.03 17:54:45 | 000,088,040 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys [2010.08.03 17:54:35 | 000,063,360 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys [2010.08.03 17:54:20 | 000,000,000 | ---D | C] -- C:\Programme\Spyware Doctor [2010.08.03 17:54:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\PC Tools [2010.08.03 17:54:20 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PC Tools [2010.08.03 17:54:20 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2010.07.21 12:41:33 | 000,000,000 | ---D | C] -- C:\Programme\Sweet Home 3D [2010.07.20 10:22:22 | 000,000,000 | ---D | C] -- C:\Programme\Conduit [2010.07.20 10:22:21 | 000,000,000 | ---D | C] -- C:\Programme\Softonic_Deutsch [2010.05.14 05:13:07 | 000,000,000 | ---D | C] -- C:\Programme\MSECache [2010.05.13 01:05:40 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2010.05.13 01:05:38 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2010.05.13 01:05:38 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010.05.13 01:02:34 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime [2010.05.13 01:00:59 | 000,000,000 | ---D | C] -- C:\Programme\Apple Software Update [2010.05.13 00:57:40 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour [2007.09.15 10:14:24 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll [2007.09.15 10:14:24 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll [2007.08.14 14:51:31 | 000,045,056 | ---- | C] ( ) -- C:\Windows\PLFSet.dll [2007.08.14 07:11:40 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll ========== Files - Modified Within 90 Days ========== [2010.08.09 17:12:16 | 003,407,872 | ---- | M] () -- C:\Users\***\NTUSER.DAT [2010.08.09 17:00:00 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job [2010.08.09 16:44:51 | 000,651,350 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.08.09 16:44:51 | 000,618,470 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.08.09 16:44:51 | 000,121,308 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.08.09 16:44:51 | 000,107,614 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.08.09 16:44:50 | 001,489,104 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.08.09 16:41:14 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\PCConfidential.job [2010.08.09 16:39:42 | 008,405,015 | ---- | M] () -- C:\Windows\TempFile [2010.08.09 16:39:03 | 000,352,615 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig.xml [2010.08.09 16:39:02 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.08.09 16:38:57 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.08.09 16:38:57 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.08.09 16:38:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.08.09 16:38:48 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys [2010.08.09 09:47:57 | 407,669,089 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010.08.09 00:03:48 | 003,851,764 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db [2010.08.08 23:32:45 | 000,012,618 | ---- | M] () -- C:\Users\***\Desktop\Ehe aus Schwamm.docx [2010.08.08 11:35:01 | 000,010,749 | ---- | M] () -- C:\Users\***\Desktop\Malwarebytes.docx [2010.08.07 15:39:25 | 000,513,722 | ---- | M] () -- C:\Users\***\Desktop\Fehlermeldung.bmp [2010.08.07 15:27:05 | 000,000,917 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2010.08.07 15:26:49 | 000,000,737 | ---- | M] () -- C:\Users\***\Desktop\NTREGOPT.lnk [2010.08.07 15:26:49 | 000,000,718 | ---- | M] () -- C:\Users\***\Desktop\ERUNT.lnk [2010.08.07 14:58:10 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.07 14:56:24 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2010.08.07 14:56:12 | 000,284,915 | ---- | M] () -- C:\Users\***\Desktop\Gmer.zip [2010.08.07 14:52:28 | 000,411,356 | ---- | M] () -- C:\Users\***\Desktop\Load.exe [2010.08.05 23:20:21 | 000,020,992 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.03 18:39:12 | 000,001,749 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk [2010.08.02 23:09:51 | 000,000,662 | ---- | M] () -- C:\Users\***\Desktop\tools.lnk [2010.08.02 11:20:25 | 001,132,614 | ---- | M] () -- C:\Users\***\Desktop\Trojaner.bmp [2010.07.22 12:31:07 | 000,022,528 | ---- | M] () -- C:\Users\***\Desktop\Kalender.xls [2010.07.21 13:35:23 | 001,036,040 | ---- | M] () -- C:\Users\***\Documents\Küche.sh3d [2010.07.14 23:12:20 | 000,704,224 | ---- | M] () -- C:\Users\***\Desktop\Eine Ehe aus Schwamm.pdf [2010.06.15 20:38:14 | 000,018,944 | ---- | M] () -- C:\Users\***\Desktop\2DO.xls [2010.05.27 19:28:57 | 000,080,229 | ---- | M] () -- C:\Users\***\Documents\Präsentation1.pptx ========== Files Created - No Company Name ========== [2010.08.08 22:56:20 | 000,012,618 | ---- | C] () -- C:\Users\***\Desktop\Ehe aus Schwamm.docx [2010.08.08 11:37:39 | 000,293,376 | ---- | C] () -- C:\Users\***\Desktop\gmer.exe [2010.08.08 11:35:00 | 000,010,749 | ---- | C] () -- C:\Users\***\Desktop\Malwarebytes.docx [2010.08.07 15:39:25 | 000,513,722 | ---- | C] () -- C:\Users\***\Desktop\Fehlermeldung.bmp [2010.08.07 15:27:05 | 000,000,917 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2010.08.07 15:26:49 | 000,000,737 | ---- | C] () -- C:\Users\***\Desktop\NTREGOPT.lnk [2010.08.07 15:26:49 | 000,000,718 | ---- | C] () -- C:\Users\***\Desktop\ERUNT.lnk [2010.08.07 14:58:10 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.07 14:56:07 | 000,284,915 | ---- | C] () -- C:\Users\***\Desktop\Gmer.zip [2010.08.07 14:52:27 | 000,411,356 | ---- | C] () -- C:\Users\***\Desktop\Load.exe [2010.08.05 23:24:08 | 000,000,416 | ---- | C] () -- C:\Windows\tasks\PCConfidential.job [2010.08.03 18:39:12 | 000,001,749 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk [2010.08.03 18:03:56 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip [2010.08.03 18:03:56 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll [2010.08.03 18:03:56 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml [2010.08.03 18:03:56 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml [2010.08.03 18:03:56 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip [2010.08.03 17:54:51 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat [2010.08.03 17:54:45 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat [2010.08.03 17:54:45 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat [2010.08.03 17:54:35 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat [2010.08.02 23:09:59 | 000,000,662 | ---- | C] () -- C:\Users\***\Desktop\tools.lnk [2010.08.02 11:20:25 | 001,132,614 | ---- | C] () -- C:\Users\***\Desktop\Trojaner.bmp [2010.07.21 13:35:23 | 001,036,040 | ---- | C] () -- C:\Users\***\Documents\Küche.sh3d [2010.07.21 12:50:44 | 000,022,528 | ---- | C] () -- C:\Users\***\Desktop\Kalender.xls [2010.07.14 23:12:20 | 000,704,224 | ---- | C] () -- C:\Users\***\Desktop\Eine Ehe aus Schwamm.pdf [2010.06.15 20:38:14 | 000,018,944 | ---- | C] () -- C:\Users\***\Desktop\2DO.xls [2010.05.27 19:28:56 | 000,080,229 | ---- | C] () -- C:\Users\***\Documents\Präsentation1.pptx [2009.03.31 18:59:52 | 000,000,055 | ---- | C] () -- C:\Windows\videotoaudio.ini [2008.08.06 19:26:48 | 000,208,896 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll [2008.08.06 19:26:48 | 000,090,112 | ---- | C] () -- C:\Windows\System32\LxUtl10.dll [2008.08.06 19:26:47 | 000,131,072 | ---- | C] () -- C:\Windows\System32\BH_DATA100VC7.dll [2008.01.02 17:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll [2008.01.02 17:47:22 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll [2008.01.02 17:47:22 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll [2008.01.02 17:47:22 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll [2007.09.15 20:09:46 | 000,000,030 | ---- | C] () -- C:\Windows\SetPanel.ini [2007.09.15 20:09:28 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI [2007.09.15 10:13:45 | 000,001,132 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2007.08.14 17:19:28 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll [2007.08.14 14:51:39 | 000,910,720 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll [2007.08.14 14:51:39 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1280.dll [2007.08.14 14:51:31 | 001,729,152 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2007.08.14 14:49:11 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2007.08.14 07:17:30 | 000,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys [2007.08.14 07:17:30 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys [2007.08.14 07:16:50 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll [2007.08.14 07:11:35 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll [2007.08.14 06:19:33 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2007.04.25 16:33:22 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll [2007.04.25 16:32:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll [2007.04.25 16:32:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll [2007.04.25 16:31:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll [2007.04.25 16:30:52 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll [2007.04.25 16:30:44 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll [2006.12.25 15:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll [2006.12.10 15:52:04 | 000,397,312 | ---- | C] () -- C:\Windows\System32\BH_DATA100VC8.dll [2006.11.04 03:58:02 | 000,057,344 | ---- | C] () -- C:\Windows\System32\FKStampPainter20.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.09.29 15:12:12 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll [2006.09.24 21:04:42 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll [2006.09.24 21:03:32 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll [2006.09.21 13:53:28 | 000,282,679 | ---- | C] () -- C:\Windows\System32\dnt27.dll [2006.09.21 13:52:24 | 000,077,882 | ---- | C] () -- C:\Windows\System32\dntvmc27.dll [2006.09.21 13:52:14 | 000,077,881 | ---- | C] () -- C:\Windows\System32\dntvm27.dll [2006.04.21 11:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\System32\HtmlHelp.dll [2005.11.09 12:13:48 | 000,282,624 | ---- | C] () -- C:\Windows\System32\dnt27VC7.dll [2005.11.09 12:11:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvmc27VC7.dll [2005.11.09 12:11:30 | 000,077,824 | ---- | C] () -- C:\Windows\System32\dntvm27VC7.dll [2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.10.10 08:57:58 | 000,073,786 | ---- | C] () -- C:\Windows\System32\dntvmc23.dll [2001.10.10 08:57:58 | 000,061,497 | ---- | C] () -- C:\Windows\System32\dntvm23.dll [2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll [2001.03.07 08:02:30 | 000,229,431 | ---- | C] () -- C:\Windows\System32\dnt23.dll ========== LOP Check ========== [2009.10.11 14:15:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Academic Software Zurich [2008.01.18 20:02:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Acer [2010.08.06 08:23:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FinalMediaPlayer [2008.07.24 16:07:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GHISLER [2008.08.09 15:17:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Haufe [2010.01.08 14:26:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JGsoft [2008.08.06 19:24:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Lexware [2008.09.16 21:06:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera [2008.01.20 16:59:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template [2008.01.18 19:40:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2008.12.14 12:48:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software [2008.02.17 16:14:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Wizards of the Coast [2010.08.09 17:00:00 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job [2010.08.09 16:41:14 | 000,000,416 | ---- | M] () -- C:\Windows\Tasks\PCConfidential.job [2010.08.09 10:27:43 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2007.08.14 07:12:50 | 000,003,380 | ---- | M] () -- C:\-20070814.log [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2006.11.02 11:53:57 | 000,438,840 | RHS- | M] () -- C:\bootmgr [2007.08.14 14:52:46 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK [2006.09.18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys [2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt [2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt [2007.11.07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt [2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt [2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt [2007.11.07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt [2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt [2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt [2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt [2007.11.07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini [2010.08.09 16:38:48 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys [2007.11.07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe [2007.11.07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini [2007.11.07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll [2007.11.07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll [2007.11.07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll [2007.11.07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll [2007.11.07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll [2007.11.07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll [2007.11.07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll [2007.11.07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll [2007.11.07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll [2005.08.16 08:49:12 | 000,040,960 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\junction.exe [2008.08.06 19:37:24 | 000,000,015 | ---- | M] () -- C:\mandant.ini [2006.11.29 17:35:22 | 000,000,512 | ---- | M] () -- C:\MDR.iss [2007.09.15 10:26:05 | 000,000,020 | ---- | M] () -- C:\Medion.ini [2010.08.09 16:38:47 | 2451,374,080 | -HS- | M] () -- C:\pagefile.sys [2007.09.15 10:22:12 | 000,000,060 | ---- | M] () -- C:\Partition.txt [2007.09.15 10:14:03 | 000,000,420 | ---- | M] () -- C:\RHDSetup.log [2007.08.14 07:00:57 | 000,000,178 | ---- | M] () -- C:\setup.log [2007.11.07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp [2007.08.14 07:18:14 | 001,691,186 | ---- | M] () -- C:\vcredist_x86.log [2007.11.07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab [2007.11.07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI < %systemroot%\system32\*.wt > < %systemroot%\system32\*.ruy > < %systemroot%\Fonts\*.com > [2006.11.02 14:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont [2006.11.02 14:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont [2006.11.02 14:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont [2006.11.02 14:37:12 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont < %systemroot%\Fonts\*.dll > < %systemroot%\Fonts\*.ini > [2006.09.18 23:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini < %systemroot%\Fonts\*.ini2 > < %systemroot%\system32\spool\prtprocs\w32x86\*.* > [2006.11.02 14:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll [2006.11.02 11:46:11 | 000,089,600 | ---- | M] (Lexmark International Inc.) -- C:\Windows\System32\spool\prtprocs\w32x86\LMPRTPRC.DLL [2006.10.26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll < %systemroot%\REPAIR\*.bak1 > < %systemroot%\REPAIR\*.ini > < %systemroot%\system32\*.jpg > < %systemroot%\*.scr > < %systemroot%\*._sy > < %APPDATA%\Adobe\Update\*.* > < %ALLUSERSPROFILE%\Favorites\*.* > < %APPDATA%\Microsoft\*.* > < %PROGRAMFILES%\*.* > [2008.07.13 10:54:30 | 000,000,174 | -HS- | M] () -- C:\Programme\desktop.ini < %APPDATA%\Update\*.* > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2008.10.02 05:49:02 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll [2008.10.02 05:49:02 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll [2006.11.02 11:47:18 | 000,228,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll [2007.08.14 06:43:29 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\System32\config\*.sav > [2007.08.14 14:52:33 | 006,664,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2007.08.14 14:52:31 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2007.08.14 14:52:33 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2007.08.14 14:52:42 | 015,720,448 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2007.08.14 14:52:44 | 006,012,928 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\user32.dll /md5 > [2007.08.14 06:32:37 | 000,633,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll < %systemroot%\system32\ws2_32.dll /md5 > [2006.11.02 11:46:14 | 000,178,688 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll < %systemroot%\system32\ws2help.dll /md5 > [2006.11.02 11:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > "NoAutoUpdate" = 0 < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2008-10-22 13:18:10 ========== Alternate Data Streams ========== @Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:5711EF65 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8 < End of report > |
|
09.08.2010, 17:14
| #9 |
| | Antivir findet "TR/Spy.Browse.A" / Onelinebanking-Attacke ...und die Extras.txt-Datei. Viele Grüße, Daniel OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 09.08.2010 17:12:12 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16757)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 51,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,77 Gb Total Space | 25,39 Gb Free Space | 36,40% Space Free | Partition Type: NTFS
Drive D: | 66,27 Gb Total Space | 22,87 Gb Free Space | 34,51% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 7,14 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ASPIRE
Current User Name: ***
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.txt [@ = txtfile] -- C:\Program Files\JGsoft\EditPadPro6\EditPadPro.exe (Just Great Software)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"AntiSpyWareDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{40F2F0E8-DBA8-4AE5-AA65-61F3D782D49C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{4FA869F1-10DE-46F3-BA61-D8ADA878F515}" = lport=2799 | protocol=17 | dir=in | name=altova license metering port (udp) |
"{EFFE8F53-44E1-4E3E-9683-77DFACC1D16F}" = lport=2799 | protocol=6 | dir=in | name=altova license metering port (tcp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{074B3EAA-A8E7-4957-B9DB-9C24CB806BEA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{09FE0124-7A2F-45D5-94DD-A0294E9D6BA2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{0C104093-CD60-420A-BC6D-0CADE28F140C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{0D67F139-56C4-45F4-AFE5-97FB47C652D2}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{0D97D1E5-76E4-4E88-92AC-A8AE10B3473B}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\playmovie.exe |
"{1C7E5409-06F0-411D-BFF0-85FE53FA23E1}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{4C580168-126C-42B2-8A8D-044236F383EC}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{6CF05F3A-04FE-4DDE-B03F-7DE340E2392E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7FE414B1-C085-40F9-B1EE-0579BA95EEB7}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{885A97B1-D579-4E72-8CBF-3302B48BD66F}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{88DAE356-9D65-41EF-8C83-2C6F42AC3524}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{89201A40-4333-43DC-AD08-09AA909B217F}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{922D38DC-713A-4018-9360-1990E9B2540F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{96DA5C04-FDF0-4EE9-B8AB-5BC6085B6B30}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\pmvservice.exe |
"{A775F5F0-8007-46CC-8234-52BFF02340E7}" = dir=in | app=c:\program files\acer arcade deluxe\dvdivine\dvdivine.exe |
"{AE0EBDCB-FE25-44EA-9135-8E43A383D3B1}" = dir=in | app=c:\program files\acer arcade deluxe\dv wizard\dv wizard.exe |
"{C483E1D1-B50B-40D5-8D86-603043A0D998}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CC8249BE-6FB8-4F31-95AD-E9E81BAE84F5}" = dir=in | app=c:\program files\acer arcade deluxe\videomagician\videomagician.exe |
"{CE5F9770-C2A4-49C0-8384-54BF08405D66}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D5FB34B8-45F5-4DB5-8A59-DCEE8A9FACC4}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"TCP Query User{793E1B92-F947-4266-92FE-544D289C1945}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{B9C55069-EE88-4C25-A5DC-86B55CBDE6CB}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{0C9BACAC-BA35-407E-83EE-483BAA8D4770}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{7041753B-9DDB-4831-8860-AFD4584DB812}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1716D952-F601-4A07-8988-7FCFAEDE6FDC}" = TAXMAN Bibliothek 2008
"{17CB4D2C-109D-4141-8ABE-81734B6EE2A6}" = Lexware reisekosten 2007
"{1A19B4A3-6CE7-4388-B21F-679803C6C76B}" = TAXMAN 2009
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye webcam
"{3A7E8601-F0C9-49A0-855A-EEDEEFE11F7E}" = Lexware buchhalter 2007
"{3EAE4683-E5EE-4835-AAAF-9F2A3014E04B}" = Lexware reisekosten 2007
"{427967BF-09F8-46D5-9275-37001CCBBA5D}" = Winbond CIR Drivers
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{666EC086-3794-4E3D-BD9E-600A5FF82A5E}" = Orion
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{69496452-FAF3-43BC-9907-BA9CEC65FC10}" = Lexware Info Service
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{700C61BE-9424-4B20-9153-7A0C59722AF4}" = TAXMAN Bibliothek 2009
"{70788C1F-9CFB-41A8-807F-E79AE0F9C6FD}" = Lexware reisekosten 2007
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7E81E513-27E6-4EC2-BA25-ECF1023A070D}" = Lexware reisekosten 2007
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8E697545-D138-4E74-B0E3-D7F2A00080B0}" = BrainVoyager QX
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{90AC08E7-FC26-463D-868F-A199143B32F6}" = Altova StyleVision® 2010 Enterprise Edition
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{AA047D7C-5E7C-4878-B75C-77589151B563}" = Acer Crystal Eye webcam
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}" = Magic Online III
"{B26CEFDF-DD0A-4145-ADE6-EE3440DB6711}" = Lexware reisekosten 2007
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer 3.72
"{B877EB7B-DE53-46F7-AF2A-AF5E3677B625}" = Lexware buchhalter 2007
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CBC544C4-EBFC-4471-8FE3-BF3DDCEE3840}" = Lexware buchhalter 2007
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D5C8E140-6E6F-11DD-9AA9-0050560400B1}" = Haufe iDesk-Service
"{E2500C71-5D43-4BA0-B044-9BA9A3A11CAD}" = Lexware buchhalter 2007
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EC4D5610-F99A-41C8-BA00-9801F81A46CD}" = Lexware buchhalter 2007
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
"{EFE38CC6-2592-4F93-B59B-CE4B69600890}" = TAXMAN 2009
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F331FBDC-7DCF-4598-9E7C-E11865677AB4}" = TAXMAN 2008
"{F48AAE0F-52F4-11DD-B1F7-0050560400B1}" = Haufe iDesk-Browser
"{F55CA27A-8C3C-4E7D-891B-D29FD3259A94}" = TAXMAN 2008
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"Browser Defender_is1" = Browser Defender 2.0.6.15
"Citavi" = Citavi 2.5
"Citavi Picker für Adobe Reader und Adobe Acrobat" = Citavi Picker 2008.08.06 für Adobe Reader und Adobe Acrobat
"Citavi Picker für Word" = Citavi Picker 2008.09.29 für Word
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"EditPad Pro 6" = Just Great Software EditPad Pro 6 v.6.6.1
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"GridVista" = Acer GridVista
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"IsoBuster_is1" = IsoBuster 2.3
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"LManager" = Launch Manager
"Magic Online" = Magic Online
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"MPEG To MP3 Converter_is1" = MPEG To MP3 Converter 1.00
"PCConfidential_is1" = PC Confidential 2008
"Picasa 3" = Picasa 3
"PriceGong" = PriceGong 2.1.0
"RealPlayer 12.0" = RealPlayer
"Replace-Manager_is1" = Replace-Manager
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SnagIt5" = SnagIt 5
"Softonic_Deutsch Toolbar" = Softonic Deutsch Toolbar
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.2
"Spyware Doctor" = Spyware Doctor 7.0
"Sweet Home 3D_is1" = Sweet Home 3D version 2.5
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Totalcmd" = Total Commander (Remove or Repair)
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
"ZoneAlarm" = ZoneAlarm
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 07.08.2010 08:26:05 | Computer Name = Aspire | Source = WerSvc | ID = 5007
Description =
Error - 07.08.2010 09:20:40 | Computer Name = Aspire | Source = WerSvc | ID = 5007
Description =
Error - 07.08.2010 09:31:10 | Computer Name = Aspire | Source = WerSvc | ID = 5007
Description =
Error - 08.08.2010 05:43:21 | Computer Name = Aspire | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.0.6000.16549 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 6b0 Anfangszeit: 01cb363408314726 Zeitpunkt
der Beendigung: 32
Error - 08.08.2010 09:42:36 | Computer Name = Aspire | Source = WerSvc | ID = 5007
Description =
Error - 08.08.2010 12:42:33 | Computer Name = Aspire | Source = WerSvc | ID = 5007
Description =
Error - 09.08.2010 02:55:17 | Computer Name = Aspire | Source = WerSvc | ID = 5007
Description =
Error - 09.08.2010 03:06:54 | Computer Name = Aspire | Source = WerSvc | ID = 5007
Description =
Error - 09.08.2010 03:53:07 | Computer Name = Aspire | Source = WerSvc | ID = 5007
Description =
Error - 09.08.2010 10:44:49 | Computer Name = Aspire | Source = WerSvc | ID = 5007
Description =
[ OSession Events ]
Error - 31.03.2008 13:24:53 | Computer Name = Aspire | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3187
seconds with 1920 seconds of active time. This session ended with a crash.
Error - 01.05.2010 14:52:49 | Computer Name = Aspire | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 79 seconds with 60 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 08.08.2010 09:36:56 | Computer Name = Aspire | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 08.08.2010 um 15:35:34 unerwartet heruntergefahren.
Error - 08.08.2010 09:37:51 | Computer Name = Aspire | Source = Service Control Manager | ID = 7000
Description =
Error - 08.08.2010 09:48:09 | Computer Name = Aspire | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
Error - 08.08.2010 12:37:21 | Computer Name = Aspire | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 08.08.2010 um 18:34:58 unerwartet heruntergefahren.
Error - 08.08.2010 12:38:14 | Computer Name = Aspire | Source = Service Control Manager | ID = 7000
Description =
Error - 09.08.2010 03:01:22 | Computer Name = Aspire | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 09.08.2010 um 08:59:54 unerwartet heruntergefahren.
Error - 09.08.2010 03:02:15 | Computer Name = Aspire | Source = Service Control Manager | ID = 7000
Description =
Error - 09.08.2010 03:48:05 | Computer Name = Aspire | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 09.08.2010 um 09:46:23 unerwartet heruntergefahren.
Error - 09.08.2010 03:48:58 | Computer Name = Aspire | Source = Service Control Manager | ID = 7000
Description =
Error - 09.08.2010 10:39:47 | Computer Name = Aspire | Source = Service Control Manager | ID = 7000
Description =
[ TuneUp Events ]
Error - 07.08.2010 08:58:45 | Computer Name = Aspire | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-07 14:58:45', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\mbam.exe','3864',0)
Error - 08.08.2010 05:19:56 | Computer Name = Aspire | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-08 11:19:56', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\mbam.exe','3936',0)
Error - 08.08.2010 05:20:11 | Computer Name = Aspire | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-08 11:20:11', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\mbam.exe','4148',0)
< End of report >
|
|
09.08.2010, 17:37
| #10 |
| /// Selecta Jahrusso | Antivir findet "TR/Spy.Browse.A" / Onelinebanking-Attacke Zu TuneUP. Ich rate davon vollkommen ab. Es hat schon mehr Rechner zu Ende "getunded" als sonst was gutes getan. Ich rate dir an es zu deinstallieren. Deine Entscheidung. Genauso ZoneAlarm. Wenn schon ne Software Firewall dann nimm eine richtige wie Outpost oder Ashampoo Auf jedenfall ZoneAlarm entfernen. Bremst nur das System aus. Schritt 2 Software mit Revo Uninstaller deinstallieren Downloade Dir bitte den Revo Uninstaller
Bebilderte Anleitung Starte den Rechner neu auf. Schritt 3 Java aktualisieren Deine Javaversion ist veraltet. Da einige Schädlinge (z. B. Vundo) über Java-Exploits in das System eindringen, muss Java aktualisiert werden und alte Versionen müssen vom System entfernt werden, da die alten Versionen ein Sicherheitsrisiko darstellen. Lade JavaRa von prm753 herunter und entpacke es auf den Desktop. JavaRA ist geeignet für Windows 9x, 2k, XP und Vista (mit deaktivierter Benuterkontensteuerung).
Schritt 4 ESET Online Scanner Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
Wenn der Scan beendet wurde
Schritt 5 Downloade Dir bitte SecurityCheck
Poste den Inhalt bitte hier. Schritt 6 Starte bitte OTL.exe und klicke auf den Quick Scan Button. Bitte poste in Deiner nächsten Antwort ESET Log checkup.txt OTL.txt
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
12.08.2010, 14:07
| #11 | |
| | Antivir findet "TR/Spy.Browse.A" / Onelinebanking-Attacke Hi, hier erstmal der ESET-Bericht, der Rest folgt in den nächsten Stunden: Zitat:
Daniel |
|
12.08.2010, 14:52
| #12 |
| | Antivir findet "TR/Spy.Browse.A" / Onelinebanking-Attacke Hallo Larusso, ZoneAlarm habe ich von meinem Computer entfernt und durch outpost ersetzt. Die freeware konnte ich aber nicht installieren, so dass ich erstmal mit einer Demo-Version von outpost pro weitermache. Von Tune up Utl. habe ich mich noch nicht trennen können, vielleicht später... Den Bericht von checkup findest Du im Anhang. OTL zitiere ich hier, da die Datei zum Hochladen zu groß war. Viele Grüße und - danke! Daniel OTL: OTL Logfile: Code:
ATTFilter OTL logfile created on: 12.08.2010 15:26:47 - Run 3 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16757) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 49,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 65,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 69,77 Gb Total Space | 25,05 Gb Free Space | 35,90% Space Free | Partition Type: NTFS Drive D: | 66,27 Gb Total Space | 22,85 Gb Free Space | 34,47% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 7,14 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ASPIRE Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010.08.07 15:26:30 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\***\AppData\Local\Temp\RtkBtMnt.exe PRC - [2010.08.07 14:56:24 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2010.04.16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2010.04.01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2010.03.02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.02.24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2010.01.14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.12.16 07:06:00 | 004,382,976 | ---- | M] (Just Great Software) -- C:\Programme\JGsoft\EditPadPro6\EditPadPro.exe PRC - [2008.12.14 12:48:59 | 000,603,904 | ---- | M] (TuneUp Software GmbH) -- C:\Windows\System32\TUProgSt.exe PRC - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.01.20 10:42:51 | 001,232,896 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2007.09.26 10:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe PRC - [2007.08.29 11:35:38 | 000,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe PRC - [2007.07.24 11:21:26 | 000,450,560 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe PRC - [2007.07.03 10:40:10 | 000,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe PRC - [2007.06.28 18:50:52 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe PRC - [2007.06.13 16:54:36 | 000,135,168 | R--- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe PRC - [2007.06.13 11:23:54 | 000,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe PRC - [2007.06.11 14:54:58 | 001,286,144 | ---- | M] (CyberLink) -- C:\Acer\Empowering Technology\eAudio\eAudio.exe PRC - [2007.05.10 11:10:00 | 004,468,736 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.04.25 16:34:30 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe PRC - [2007.04.25 16:33:36 | 000,457,216 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe PRC - [2007.04.23 09:53:48 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe PRC - [2007.02.12 15:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007.02.12 15:37:58 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2007.02.09 06:35:54 | 000,397,312 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe PRC - [2007.01.26 14:24:42 | 000,050,688 | ---- | M] () -- C:\Acer\ALaunch\ALaunchSvc.exe PRC - [2006.11.24 12:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe PRC - [2006.11.02 14:36:04 | 000,895,488 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2006.11.02 14:36:04 | 000,201,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2006.11.02 11:44:59 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe ========== Modules (SafeList) ========== MOD - [2010.08.07 14:56:24 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe MOD - [2010.07.22 12:39:52 | 000,701,440 | ---- | M] (Agnitum Ltd.) -- c:\Programme\Agnitum\Outpost Firewall Pro\wl_hook.dll MOD - [2006.11.02 11:44:49 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx MOD - [2006.11.02 11:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService) SRV - [2010.07.23 12:28:50 | 002,023,128 | ---- | M] (Agnitum Ltd.) [Auto | Stopped] -- C:\Programme\Agnitum\Outpost Firewall Pro\acs.exe -- (acssrv) SRV - [2010.04.16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010.04.01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.02.24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2008.12.14 12:48:59 | 000,603,904 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\Windows\System32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc) SRV - [2008.12.14 12:48:46 | 000,362,752 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2008.11.07 12:37:38 | 000,027,904 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2007.09.26 10:53:56 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate) SRV - [2007.09.26 10:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler) SRV - [2007.08.14 06:33:55 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.07.03 10:40:10 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService) SRV - [2007.06.28 18:50:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService) SRV - [2007.06.13 16:54:36 | 000,135,168 | R--- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service) SRV - [2007.06.13 11:23:54 | 000,167,936 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService) SRV - [2007.04.25 16:34:30 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service) SRV - [2007.04.23 09:53:48 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService) SRV - [2007.02.12 15:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2007.01.26 14:24:42 | 000,050,688 | ---- | M] () [Auto | Running] -- C:\Acer\ALaunch\ALaunchSvc.exe -- (ALaunchService) SRV - [2006.11.24 12:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive) DRV - [2010.07.23 10:56:04 | 000,713,672 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\SandBox.sys -- (SandBox) DRV - [2010.07.23 10:55:24 | 000,072,232 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Filt\ASWFilt.dll -- (ASWFilt) DRV - [2010.05.20 17:33:12 | 000,328,296 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afwcore.sys -- (afwcore) DRV - [2010.04.20 16:01:46 | 000,034,920 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\afw.sys -- (afw) DRV - [2010.03.01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010.02.16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.01.02 17:48:28 | 002,016,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx) DRV - [2007.08.14 06:59:58 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr) DRV - [2007.07.31 03:36:00 | 000,021,264 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr) DRV - [2007.06.26 09:33:00 | 007,120,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2007.06.26 09:33:00 | 000,984,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV) DRV - [2007.06.26 09:33:00 | 000,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf) DRV - [2007.06.26 09:33:00 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL) DRV - [2007.06.26 09:33:00 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007.06.12 10:38:26 | 001,729,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV - [2007.05.10 12:25:00 | 001,775,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007.05.09 07:28:28 | 000,185,392 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP) DRV - [2007.04.25 16:34:44 | 000,016,680 | ---- | M] (HiTRUST) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PSDNServ.sys -- (PSDNServ) DRV - [2007.04.25 16:34:40 | 000,060,712 | ---- | M] (HiTRUST) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\psdvdisk.sys -- (psdvdisk) DRV - [2007.04.25 16:34:38 | 000,020,776 | ---- | M] (HiTRUST) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\psdfilter.sys -- (PSDFilter) DRV - [2007.04.19 09:09:00 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir) DRV - [2007.03.21 22:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007.02.25 00:14:00 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R) DRV - [2007.02.24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007.02.12 07:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor) DRV - [2007.02.08 09:03:20 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x) DRV - [2007.01.23 16:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2006.12.07 18:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15) DRV - [2006.11.02 16:51:58 | 000,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\Play Movie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) DRV - [2006.11.02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2006.11.02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2006.11.02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2006.11.02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2006.11.02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2006.11.02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2006.11.02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2006.11.02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006.11.02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006.11.02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2006.11.02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2006.11.02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2) DRV - [2006.11.02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2006.11.02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006.11.02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006.11.02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006.11.02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2006.11.02 11:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2006.11.02 11:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2006.11.02 11:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006.11.02 09:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL) DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006.11.02 09:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2005.07.28 09:18:40 | 000,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock) DRV - [2005.07.20 19:08:28 | 000,100,096 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aksusb.sys -- (aksusb) DRV - [2005.07.20 19:08:26 | 000,327,808 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\akshasp.sys -- (akshasp) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1351351 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2 IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "Softonic Deutsch Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.startup.homepage: "hxxp://www.faz.de/" FF - prefs.js..extensions.enabledItems: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c}:2.7.1.3 FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:4.5.2.0 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.05 18:12:05 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.12 12:44:23 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.05.13 01:03:12 | 000,000,000 | ---D | M] [2008.09.14 15:55:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.08.12 12:46:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\axex7f1h.default\extensions [2010.08.05 23:23:55 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\axex7f1h.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010.07.20 10:22:20 | 000,000,000 | ---D | M] (Softonic Deutsch Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\axex7f1h.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} [2010.07.21 14:12:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\axex7f1h.default\extensions\2020Player@2020Technologies.com [2010.06.14 14:16:56 | 000,000,935 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\axex7f1h.default\searchplugins\conduit.xml [2010.08.12 12:44:31 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2009.10.11 12:46:24 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE} [2010.08.12 12:44:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2008.09.14 15:55:49 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\talkback@mozilla.org [2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.08.05 18:11:59 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.08.05 18:11:59 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.08.05 18:11:59 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.08.05 18:11:59 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.08.05 18:11:59 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (PCCBHO.CPCCBHO) - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - C:\Programme\Winferno\PC Confidential\PCCBHO.dll (Capital Intellect Inc) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe (Agnitum Ltd.) O4 - HKLM..\Run: [OutpostMonitor] C:\Programme\Agnitum\Outpost Firewall Pro\op_mon.exe (Agnitum Ltd.) O4 - HKLM..\Run: [PLFSet] C:\Windows\PLFSet.DLL ( ) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Programme\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Programme\ERUNT\AUTOBACK.EXE () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = [binary data] O8 - Extra context menu item: &Citavi Picker... - C:\Program Files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Programme\Winferno\PC Confidential\PCConfidential.exe (Capital Intellect, Inc) O9 - Extra Button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Programme\Winferno\PC Confidential\PCConfidential.exe (Capital Intellect, Inc) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: google.de ([www] https in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\haufereader - No CLSID value found O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~1\agnitum\outpos~1\wl_hook.dll) - c:\Programme\Agnitum\Outpost Firewall Pro\wl_hook.dll (Agnitum Ltd.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{0ddd98fb-5b28-11dd-8d0f-b219bb007dd3}\Shell\AutoRun\command - "" = E:\SJELO\\smrcebelo.exe -- File not found O33 - MountPoints2\{0ddd98fb-5b28-11dd-8d0f-b219bb007dd3}\Shell\open\command - "" = E:\SJELO\\smrcebelo.exe -- File not found O33 - MountPoints2\{ae82bbf4-6350-11df-a0fc-f6c5c4869bfb}\Shell - "" = AutoRun O33 - MountPoints2\{ae82bbf4-6350-11df-a0fc-f6c5c4869bfb}\Shell\AutoRun\command - "" = E:\LapNetWizard.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 90 Days ========== [2010.08.12 12:48:40 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2010.08.12 12:24:28 | 000,378,880 | ---- | C] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Users\***\Desktop\JavaRa.exe [2010.08.12 12:24:28 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\JavaRa [2010.08.10 15:07:55 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2010.08.10 15:07:49 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010.08.10 15:07:49 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2010.08.10 15:07:49 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys [2010.08.10 15:07:49 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys [2010.08.10 15:07:44 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2010.08.10 15:07:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2010.08.10 01:29:09 | 000,713,672 | ---- | C] (Agnitum Ltd.) -- C:\Windows\System32\drivers\SandBox.sys [2010.08.10 01:26:47 | 000,328,296 | ---- | C] (Agnitum Ltd.) -- C:\Windows\System32\drivers\afwcore.sys [2010.08.10 01:26:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\Filt [2010.08.10 01:26:21 | 000,034,920 | ---- | C] (Agnitum Ltd.) -- C:\Windows\System32\drivers\afw.sys [2010.08.10 01:26:04 | 000,000,000 | ---D | C] -- C:\Programme\Agnitum [2010.08.10 00:29:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Agnitum [2010.08.09 23:56:54 | 000,000,000 | ---D | C] -- C:\Programme\VS Revo Group [2010.08.08 11:37:39 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Gmer [2010.08.07 15:47:49 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010.08.07 15:26:49 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT [2010.08.07 14:58:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2010.08.07 14:58:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.08.07 14:58:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.08.07 14:58:05 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.08.07 14:58:05 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.08.07 14:56:19 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2010.08.07 14:54:24 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\MFTools [2010.08.05 23:24:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\FinalMediaPlayer [2010.08.05 23:24:10 | 000,000,000 | ---D | C] -- C:\Programme\FinalMediaPlayer [2010.08.05 23:24:06 | 000,000,000 | ---D | C] -- C:\Programme\Free Offers from Freeze.com [2010.08.05 23:24:04 | 000,835,584 | ---- | C] (Capital Intellect Inc) -- C:\Windows\System32\WINCTL4.OCX [2010.08.05 23:24:04 | 000,495,616 | ---- | C] (Capital Intellect Inc) -- C:\Windows\System32\WINUTIL5.DLL [2010.08.05 23:24:04 | 000,393,216 | ---- | C] (Capital Intellect Inc) -- C:\Windows\System32\WINLCTL5.DLL [2010.08.05 23:24:04 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Winferno [2010.08.05 23:24:01 | 000,000,000 | ---D | C] -- C:\Programme\Winferno [2010.08.05 23:23:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! [2010.08.05 23:23:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Yahoo! [2010.08.03 23:23:17 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Bilder Opp55 [2010.08.03 17:54:20 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PC Tools [2010.07.21 12:41:33 | 000,000,000 | ---D | C] -- C:\Programme\Sweet Home 3D [2010.07.20 10:22:22 | 000,000,000 | ---D | C] -- C:\Programme\Conduit [2010.07.20 10:22:21 | 000,000,000 | ---D | C] -- C:\Programme\Softonic_Deutsch [2007.09.15 10:14:24 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll [2007.09.15 10:14:24 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll [2007.08.14 14:51:31 | 000,045,056 | ---- | C] ( ) -- C:\Windows\PLFSet.dll [2007.08.14 07:11:40 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll ========== Files - Modified Within 90 Days ========== [2010.08.12 15:26:46 | 003,407,872 | ---- | M] () -- C:\Users\***\NTUSER.DAT [2010.08.12 15:08:23 | 000,869,051 | ---- | M] () -- C:\Users\***\Desktop\SecurityCheck.exe [2010.08.12 15:00:05 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job [2010.08.12 14:34:42 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.08.12 14:34:42 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.08.12 12:47:45 | 002,672,312 | ---- | M] () -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe [2010.08.12 12:45:28 | 000,000,104 | ---- | M] () -- C:\Users\***\Desktop\Internet - Verknüpfung.lnk [2010.08.12 12:42:23 | 001,489,104 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.08.12 12:42:23 | 000,651,350 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.08.12 12:42:23 | 000,618,470 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.08.12 12:42:23 | 000,121,308 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.08.12 12:42:23 | 000,107,614 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.08.12 12:35:27 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\PCConfidential.job [2010.08.12 12:35:10 | 000,000,749 | RH-- | M] () -- C:\Windows\WindowsShell.Manifest [2010.08.12 12:34:47 | 008,405,015 | ---- | M] () -- C:\Windows\TempFile [2010.08.12 12:34:43 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.08.12 12:34:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.08.12 12:33:39 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys [2010.08.12 12:31:41 | 002,133,297 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db [2010.08.12 12:24:28 | 000,378,880 | ---- | M] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Users\***\Desktop\JavaRa.exe [2010.08.12 12:24:28 | 000,322,351 | ---- | M] () -- C:\Users\***\Desktop\JavaRa.def [2010.08.12 12:24:28 | 000,003,127 | ---- | M] () -- C:\Users\***\Desktop\Nederlands.lng [2010.08.12 12:24:28 | 000,003,027 | ---- | M] () -- C:\Users\***\Desktop\Français.lng [2010.08.12 12:24:28 | 000,002,946 | ---- | M] () -- C:\Users\***\Desktop\Español.lng [2010.08.12 12:24:28 | 000,002,920 | ---- | M] () -- C:\Users\***\Desktop\Italiano.lng [2010.08.12 12:24:28 | 000,002,758 | ---- | M] () -- C:\Users\***\Desktop\Deutsch.lng [2010.08.12 12:24:28 | 000,002,553 | ---- | M] () -- C:\Users\***\Desktop\Suomi.lng [2010.08.12 12:23:01 | 000,156,329 | ---- | M] () -- C:\Users\***\Desktop\JavaRa.zip [2010.08.10 15:24:53 | 000,020,992 | ---- | M] () -- C:\Users\***\Desktop\Kalender.xls [2010.08.10 15:08:15 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.08.09 09:47:57 | 407,669,089 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010.08.08 23:32:45 | 000,012,618 | ---- | M] () -- C:\Users\***\Desktop\Ehe aus Schwamm.docx [2010.08.08 11:35:01 | 000,010,749 | ---- | M] () -- C:\Users\***\Desktop\Malwarebytes.docx [2010.08.07 15:39:25 | 000,513,722 | ---- | M] () -- C:\Users\***\Desktop\Fehlermeldung.bmp [2010.08.07 15:27:05 | 000,000,917 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2010.08.07 15:26:49 | 000,000,737 | ---- | M] () -- C:\Users\***\Desktop\NTREGOPT.lnk [2010.08.07 15:26:49 | 000,000,718 | ---- | M] () -- C:\Users\***\Desktop\ERUNT.lnk [2010.08.07 14:58:10 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.07 14:56:24 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2010.08.07 14:56:12 | 000,284,915 | ---- | M] () -- C:\Users\***\Desktop\Gmer.zip [2010.08.07 14:52:28 | 000,411,356 | ---- | M] () -- C:\Users\***\Desktop\Load.exe [2010.08.05 23:20:21 | 000,020,992 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.02 23:09:51 | 000,000,662 | ---- | M] () -- C:\Users\***\Desktop\tools.lnk [2010.08.02 11:20:25 | 001,132,614 | ---- | M] () -- C:\Users\***\Desktop\Trojaner.bmp [2010.07.23 10:56:04 | 000,713,672 | ---- | M] (Agnitum Ltd.) -- C:\Windows\System32\drivers\SandBox.sys [2010.07.21 14:52:40 | 000,000,049 | ---- | M] () -- C:\Windows\transp.gif [2010.07.21 13:35:23 | 001,036,040 | ---- | M] () -- C:\Users\***\Documents\Küche.sh3d [2010.07.14 23:12:20 | 000,704,224 | ---- | M] () -- C:\Users\***\Desktop\Eine Ehe aus Schwamm.pdf [2010.06.15 20:38:14 | 000,018,944 | ---- | M] () -- C:\Users\***\Desktop\2DO.xls [2010.05.27 19:28:57 | 000,080,229 | ---- | M] () -- C:\Users\***\Documents\Präsentation1.pptx [2010.05.20 17:33:12 | 000,328,296 | ---- | M] (Agnitum Ltd.) -- C:\Windows\System32\drivers\afwcore.sys ========== Files Created - No Company Name ========== [2010.08.12 15:08:18 | 000,869,051 | ---- | C] () -- C:\Users\***\Desktop\SecurityCheck.exe [2010.08.12 12:47:40 | 002,672,312 | ---- | C] () -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe [2010.08.12 12:45:28 | 000,000,104 | ---- | C] () -- C:\Users\***\Desktop\Internet - Verknüpfung.lnk [2010.08.12 12:24:28 | 000,322,351 | ---- | C] () -- C:\Users\***\Desktop\JavaRa.def [2010.08.12 12:24:28 | 000,003,127 | ---- | C] () -- C:\Users\***\Desktop\Nederlands.lng [2010.08.12 12:24:28 | 000,003,027 | ---- | C] () -- C:\Users\***\Desktop\Français.lng [2010.08.12 12:24:28 | 000,002,946 | ---- | C] () -- C:\Users\***\Desktop\Español.lng [2010.08.12 12:24:28 | 000,002,920 | ---- | C] () -- C:\Users\***\Desktop\Italiano.lng [2010.08.12 12:24:28 | 000,002,758 | ---- | C] () -- C:\Users\***\Desktop\Deutsch.lng [2010.08.12 12:24:28 | 000,002,553 | ---- | C] () -- C:\Users\***\Desktop\Suomi.lng [2010.08.12 12:23:00 | 000,156,329 | ---- | C] () -- C:\Users\***\Desktop\JavaRa.zip [2010.08.10 15:08:15 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.08.10 01:26:25 | 000,000,049 | ---- | C] () -- C:\Windows\transp.gif [2010.08.08 22:56:20 | 000,012,618 | ---- | C] () -- C:\Users\***\Desktop\Ehe aus Schwamm.docx [2010.08.08 11:37:39 | 000,293,376 | ---- | C] () -- C:\Users\***\Desktop\gmer.exe [2010.08.08 11:35:00 | 000,010,749 | ---- | C] () -- C:\Users\***\Desktop\Malwarebytes.docx [2010.08.07 15:39:25 | 000,513,722 | ---- | C] () -- C:\Users\***\Desktop\Fehlermeldung.bmp [2010.08.07 15:27:05 | 000,000,917 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2010.08.07 15:26:49 | 000,000,737 | ---- | C] () -- C:\Users\***\Desktop\NTREGOPT.lnk [2010.08.07 15:26:49 | 000,000,718 | ---- | C] () -- C:\Users\***\Desktop\ERUNT.lnk [2010.08.07 14:58:10 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.07 14:56:07 | 000,284,915 | ---- | C] () -- C:\Users\***\Desktop\Gmer.zip [2010.08.07 14:52:27 | 000,411,356 | ---- | C] () -- C:\Users\***\Desktop\Load.exe [2010.08.05 23:24:08 | 000,000,416 | ---- | C] () -- C:\Windows\tasks\PCConfidential.job [2010.08.02 23:09:59 | 000,000,662 | ---- | C] () -- C:\Users\***\Desktop\tools.lnk [2010.08.02 11:20:25 | 001,132,614 | ---- | C] () -- C:\Users\***\Desktop\Trojaner.bmp [2010.07.21 13:35:23 | 001,036,040 | ---- | C] () -- C:\Users\***\Documents\Küche.sh3d [2010.07.21 12:50:44 | 000,020,992 | ---- | C] () -- C:\Users\***\Desktop\Kalender.xls [2010.07.14 23:12:20 | 000,704,224 | ---- | C] () -- C:\Users\***\Desktop\Eine Ehe aus Schwamm.pdf [2010.06.15 20:38:14 | 000,018,944 | ---- | C] () -- C:\Users\***\Desktop\2DO.xls [2010.05.27 19:28:56 | 000,080,229 | ---- | C] () -- C:\Users\***\Documents\Präsentation1.pptx [2009.03.31 18:59:52 | 000,000,055 | ---- | C] () -- C:\Windows\videotoaudio.ini [2008.08.06 19:26:48 | 000,208,896 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll [2008.08.06 19:26:48 | 000,090,112 | ---- | C] () -- C:\Windows\System32\LxUtl10.dll [2008.08.06 19:26:47 | 000,131,072 | ---- | C] () -- C:\Windows\System32\BH_DATA100VC7.dll [2008.01.02 17:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll [2008.01.02 17:47:22 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll [2008.01.02 17:47:22 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll [2008.01.02 17:47:22 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll [2007.09.15 20:09:46 | 000,000,030 | ---- | C] () -- C:\Windows\SetPanel.ini [2007.09.15 20:09:28 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI [2007.09.15 10:13:45 | 000,001,132 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2007.08.14 17:19:28 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll [2007.08.14 14:51:39 | 000,910,720 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll [2007.08.14 14:51:39 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1280.dll [2007.08.14 14:51:31 | 001,729,152 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2007.08.14 14:49:11 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2007.08.14 07:17:30 | 000,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys [2007.08.14 07:17:30 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys [2007.08.14 07:16:50 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll [2007.08.14 07:11:35 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll [2007.08.14 06:19:33 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2007.04.25 16:33:22 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll [2007.04.25 16:32:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll [2007.04.25 16:32:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll [2007.04.25 16:31:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll [2007.04.25 16:30:52 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll [2007.04.25 16:30:44 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll [2006.12.25 15:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll [2006.12.10 15:52:04 | 000,397,312 | ---- | C] () -- C:\Windows\System32\BH_DATA100VC8.dll [2006.11.04 03:58:02 | 000,057,344 | ---- | C] () -- C:\Windows\System32\FKStampPainter20.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.09.29 15:12:12 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll [2006.09.24 21:04:42 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll [2006.09.24 21:03:32 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll [2006.09.21 13:53:28 | 000,282,679 | ---- | C] () -- C:\Windows\System32\dnt27.dll [2006.09.21 13:52:24 | 000,077,882 | ---- | C] () -- C:\Windows\System32\dntvmc27.dll [2006.09.21 13:52:14 | 000,077,881 | ---- | C] () -- C:\Windows\System32\dntvm27.dll [2006.04.21 11:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\System32\HtmlHelp.dll [2005.11.09 12:13:48 | 000,282,624 | ---- | C] () -- C:\Windows\System32\dnt27VC7.dll [2005.11.09 12:11:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvmc27VC7.dll [2005.11.09 12:11:30 | 000,077,824 | ---- | C] () -- C:\Windows\System32\dntvm27VC7.dll [2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.10.10 08:57:58 | 000,073,786 | ---- | C] () -- C:\Windows\System32\dntvmc23.dll [2001.10.10 08:57:58 | 000,061,497 | ---- | C] () -- C:\Windows\System32\dntvm23.dll [2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll [2001.03.07 08:02:30 | 000,229,431 | ---- | C] () -- C:\Windows\System32\dnt23.dll ========== LOP Check ========== [2009.10.11 14:15:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Academic Software Zurich [2008.01.18 20:02:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Acer [2010.08.06 08:23:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FinalMediaPlayer [2008.07.24 16:07:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GHISLER [2008.08.09 15:17:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Haufe [2010.01.08 14:26:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JGsoft [2008.08.06 19:24:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Lexware [2008.09.16 21:06:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera [2008.01.20 16:59:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template [2008.01.18 19:40:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2008.12.14 12:48:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software [2008.02.17 16:14:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Wizards of the Coast [2010.08.12 15:00:05 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job [2010.08.12 12:35:27 | 000,000,416 | ---- | M] () -- C:\Windows\Tasks\PCConfidential.job [2010.08.12 12:32:35 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:5711EF65 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8 @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2 < End of report > |
|
12.08.2010, 21:17
| #13 |
| /// Selecta Jahrusso | Antivir findet "TR/Spy.Browse.A" / Onelinebanking-Attacke Allergie gegen Updates ? Schritt 1 Besuche bitte die Microsoft-Update-Seite und lade Dir alle Updates unter Benutzerdefiniert herunter Mache das so lange bis du nichts mehr angeboten bekommst Du musst dafür mit den Internet Explorer ins Netz gehen Wenn du dies mit FireFox durchführen willst musst Du vorher das Addon IE View installieren Schritt 2 Downloade Dir bitte den Internet Explorer 8 von hier und installiere diesen. Auch wenn dieser nicht dein Standard-Browser ist, sollte sich die aktuelle Version am Rechner befinden. Es gibt noch genug Software die diesen zum Updaten verwendet. Schritt 3 Deine Javaversion ist veraltet. Da einige Schädlinge (z. B. Vundo) über Java-Exploits in das System eindringen, muss Java aktualisiert werden und alte Versionen müssen vom System entfernt werden, da die alten Versionen ein Sicherheitsrisiko darstellen. Lade JavaRa von prm753 herunter und entpacke es auf den Desktop. JavaRA ist geeignet für Windows 9x, 2k, XP und Vista (mit deaktivierter Benuterkontensteuerung).
Schritt 4 Starte bitte Thunderbird --> Extras --> Einstellungen ---> Erweitert. Wechsle in den Reiter Update und gehe sicher das Thunderbird nach Updates sucht und installiere diese auch Schritt 5 Deinstalliere bitte deine aktuelle Version von Adobe Reader Start--> Systemsteuerung--> Software--> Adobe Reader und lade dir die neue Version von Hier herunter Als alternative würde ich dir den schlankeren Foxit Reader empfehlen  Schritt 6 Deinstalliere dem Flashplayer 9 Schritt 7 Starte bitte OTL.exe. Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button. Bitte poste in deiner nächsten Antwort OTL.txt Extras.txt
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
18.08.2010, 16:49
| #14 |
| | Antivir findet "TR/Spy.Browse.A" / Onelinebanking-Attacke Hallo, update-erinerungen poppen immer zur falschen Zeit auf ; ) hier OTL: OTL Logfile: Code:
ATTFilter OTL logfile created on: 18.08.2010 17:26:57 - Run 4 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18882) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 43,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 65,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 69,77 Gb Total Space | 22,34 Gb Free Space | 32,02% Space Free | Partition Type: NTFS Drive D: | 66,27 Gb Total Space | 22,84 Gb Free Space | 34,47% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 7,14 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ASPIRE Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\***\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.) PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Windows\System32\TUProgSt.exe (TuneUp Software GmbH) PRC - C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation) PRC - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe () PRC - C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer) PRC - C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT) PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST) PRC - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.) PRC - C:\Acer\ALaunch\ALaunchSvc.exe () PRC - C:\Acer\Mobility Center\MobilityService.exe () PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) MOD - c:\Programme\Agnitum\Outpost Firewall Pro\wl_hook.dll (Agnitum Ltd.) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe File not found SRV - (acssrv) -- C:\Programme\Agnitum\Outpost Firewall Pro\acs.exe (Agnitum Ltd.) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software GmbH) SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software GmbH) SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH) SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation) SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe () SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.) SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer) SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT) SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.) SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (ALaunchService) -- C:\Acer\ALaunch\ALaunchSvc.exe () SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe () ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found DRV - (SandBox) -- C:\Windows\System32\drivers\SandBox.sys (Agnitum Ltd.) DRV - (ASWFilt) -- C:\Windows\System32\Filt\ASWFilt.dll (Agnitum Ltd.) DRV - (afwcore) -- C:\Windows\System32\drivers\afwcore.sys (Agnitum Ltd.) DRV - (afw) -- C:\Windows\System32\drivers\afw.sys (Agnitum Ltd.) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.) DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (PSDNServ) -- C:\Windows\system32\drivers\PSDNServ.sys (HiTRUST) DRV - (psdvdisk) -- C:\Windows\system32\drivers\psdvdisk.sys (HiTRUST) DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (HiTRUST) DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys () DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\Play Movie\000.fcl (Cyberlink Corp.) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (Hardlock) -- C:\Windows\System32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.) DRV - (aksusb) -- C:\Windows\System32\drivers\aksusb.sys (Aladdin Knowledge Systems Ltd.) DRV - (akshasp) -- C:\Windows\System32\drivers\akshasp.sys (Aladdin Knowledge Systems Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1351351 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2 IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "Softonic Deutsch Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.startup.homepage: "hxxp://www.faz.de/" FF - prefs.js..extensions.enabledItems: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c}:2.7.1.3 FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:4.5.2.0 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.05 18:12:05 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.18 17:19:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.05.13 01:03:12 | 000,000,000 | ---D | M] [2008.09.14 15:55:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.08.18 15:33:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\axex7f1h.default\extensions [2010.08.05 23:23:55 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\axex7f1h.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010.07.20 10:22:20 | 000,000,000 | ---D | M] (Softonic Deutsch Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\axex7f1h.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} [2010.07.21 14:12:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\axex7f1h.default\extensions\2020Player@2020Technologies.com [2010.06.14 14:16:56 | 000,000,935 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\axex7f1h.default\searchplugins\conduit.xml [2010.08.18 16:54:55 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2009.10.11 12:46:24 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE} [2010.08.18 16:54:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2008.09.14 15:55:49 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\talkback@mozilla.org [2010.08.18 16:54:33 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.08.05 18:11:59 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.08.05 18:11:59 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.08.05 18:11:59 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.08.05 18:11:59 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.08.05 18:11:59 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O2 - BHO: (PCCBHO.CPCCBHO) - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - C:\Programme\Winferno\PC Confidential\PCCBHO.dll (Capital Intellect Inc) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe (Agnitum Ltd.) O4 - HKLM..\Run: [OutpostMonitor] C:\Programme\Agnitum\Outpost Firewall Pro\op_mon.exe (Agnitum Ltd.) O4 - HKLM..\Run: [PLFSet] C:\Windows\PLFSet.DLL ( ) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKCU..\Run: [BrowserChoice] C:\Windows\System32\browserchoice.exe (Microsoft Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Programme\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Programme\ERUNT\AUTOBACK.EXE () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = [binary data] O8 - Extra context menu item: &Citavi Picker... - C:\Program Files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Programme\Winferno\PC Confidential\PCConfidential.exe (Capital Intellect, Inc) O9 - Extra Button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Programme\Winferno\PC Confidential\PCConfidential.exe (Capital Intellect, Inc) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: google.de ([www] https in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\haufereader - No CLSID value found O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~1\agnitum\outpos~1\wl_hook.dll) - c:\Programme\Agnitum\Outpost Firewall Pro\wl_hook.dll (Agnitum Ltd.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{0ddd98fb-5b28-11dd-8d0f-b219bb007dd3}\Shell\AutoRun\command - "" = E:\SJELO\\smrcebelo.exe -- File not found O33 - MountPoints2\{0ddd98fb-5b28-11dd-8d0f-b219bb007dd3}\Shell\open\command - "" = E:\SJELO\\smrcebelo.exe -- File not found O33 - MountPoints2\{ae82bbf4-6350-11df-a0fc-f6c5c4869bfb}\Shell - "" = AutoRun O33 - MountPoints2\{ae82bbf4-6350-11df-a0fc-f6c5c4869bfb}\Shell\AutoRun\command - "" = E:\LapNetWizard.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.08.18 17:10:18 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.08.18 17:08:15 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java [2010.08.18 16:54:51 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.08.18 16:54:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.08.18 16:54:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010.08.18 11:10:48 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe [2010.08.18 10:50:58 | 000,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll [2010.08.18 10:50:57 | 000,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll [2010.08.18 10:50:54 | 000,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl [2010.08.18 10:50:53 | 000,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe [2010.08.18 10:50:53 | 000,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll [2010.08.18 10:50:53 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll [2010.08.18 10:50:50 | 000,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll [2010.08.18 10:50:47 | 000,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe [2010.08.18 10:43:49 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll [2010.08.18 10:43:32 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll [2010.08.18 10:43:26 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll [2010.08.18 10:41:02 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll [2010.08.18 10:40:56 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll [2010.08.18 10:36:17 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2010.08.18 10:36:17 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.08.18 10:36:17 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.08.18 10:36:16 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.08.18 10:36:16 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.08.18 10:36:16 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010.08.18 10:36:15 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2010.08.18 10:36:15 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2010.08.18 10:36:15 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2010.08.18 10:36:15 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2010.08.18 10:36:15 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.08.18 10:36:15 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.08.18 10:36:15 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010.08.18 10:36:14 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.08.18 10:36:10 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll [2010.08.18 10:36:10 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll [2010.08.18 10:36:09 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2010.08.18 10:36:09 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2010.08.18 10:36:09 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll [2010.08.18 10:36:07 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2010.08.18 10:35:34 | 000,473,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll [2010.08.18 10:35:34 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll [2010.08.18 10:35:34 | 000,435,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe [2010.08.18 10:35:33 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe [2010.08.18 10:35:33 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe [2010.08.18 10:35:33 | 000,431,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe [2010.08.18 10:35:33 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll [2010.08.18 10:35:33 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll [2010.08.18 10:35:33 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll [2010.08.18 10:35:25 | 001,686,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll [2010.08.18 10:35:24 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll [2010.08.18 10:35:22 | 004,247,552 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2010.08.18 10:35:12 | 002,433,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL [2010.08.18 10:35:10 | 002,855,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2010.08.18 10:35:09 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll [2010.08.18 10:35:09 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe [2010.08.18 10:35:09 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe [2010.08.18 10:35:09 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll [2010.08.18 10:34:56 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2010.08.18 10:34:56 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax [2010.08.18 10:34:54 | 000,292,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll [2010.08.18 10:34:53 | 001,244,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll [2010.08.18 10:34:49 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2010.08.18 10:34:49 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax [2010.08.18 10:34:49 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax [2010.08.18 10:34:48 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax [2010.08.18 10:34:41 | 001,233,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll [2010.08.18 10:34:22 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb [2010.08.18 10:34:22 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb [2010.08.18 10:34:16 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll [2010.08.18 10:34:16 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll [2010.08.18 10:33:59 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll [2010.08.18 10:33:57 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE [2010.08.18 10:33:57 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE [2010.08.18 10:33:57 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE [2010.08.18 10:33:57 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll [2010.08.18 10:33:57 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE [2010.08.18 10:33:57 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe [2010.08.18 10:33:57 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TCPSVCS.EXE [2010.08.18 10:33:57 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE [2010.08.18 10:33:05 | 000,654,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2010.08.18 10:33:05 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll [2010.08.18 10:33:05 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll [2010.08.18 10:33:05 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2010.08.18 10:33:04 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll [2010.08.18 10:33:04 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll [2010.08.18 10:32:57 | 000,543,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL [2010.08.18 10:32:57 | 000,213,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys [2010.08.18 10:32:57 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll [2010.08.18 10:32:57 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS [2010.08.18 10:32:57 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe [2010.08.18 10:32:51 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll [2010.08.18 10:32:51 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll [2010.08.18 10:32:41 | 003,502,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010.08.18 10:32:40 | 003,468,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2010.08.18 10:32:36 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll [2010.08.18 10:32:36 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll [2010.08.18 10:32:33 | 000,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll [2010.08.18 10:32:29 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2010.08.18 10:32:24 | 000,297,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll [2010.08.18 10:32:24 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll [2010.08.18 10:32:24 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll [2010.08.18 10:32:23 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll [2010.08.18 10:32:23 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll [2010.08.18 10:32:18 | 000,696,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll [2010.08.18 10:32:11 | 001,327,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll [2010.08.18 10:32:10 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll [2010.08.18 10:32:10 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll [2010.08.18 10:32:10 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll [2010.08.18 10:32:10 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll [2010.08.18 10:32:05 | 002,031,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.08.18 10:31:59 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll [2010.08.18 10:31:59 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll [2010.08.18 10:31:38 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010.08.18 10:30:49 | 000,500,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll [2010.08.18 10:30:48 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll [2010.08.18 10:30:33 | 000,713,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl [2010.08.18 10:30:29 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm [2010.08.18 10:30:29 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm [2010.08.18 10:30:05 | 000,311,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe [2010.08.18 10:30:03 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll [2010.08.18 10:30:02 | 008,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2010.08.18 10:30:02 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx [2010.08.18 10:30:02 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll [2010.08.18 10:28:51 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL [2010.08.18 10:05:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Yahoo [2010.08.12 22:26:32 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2010.08.12 22:26:32 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2010.08.12 22:26:31 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2010.08.12 22:26:31 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2010.08.12 22:26:31 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll [2010.08.12 22:26:30 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2010.08.12 22:26:30 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2010.08.12 22:26:30 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2010.08.12 22:26:29 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2010.08.12 22:26:29 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2010.08.12 22:26:29 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2010.08.12 22:26:29 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2010.08.12 22:26:28 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe [2010.08.12 22:26:28 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2010.08.12 22:26:28 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2010.08.12 22:26:27 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.08.12 22:26:27 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2010.08.12 22:26:26 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2010.08.12 22:26:25 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2010.08.12 22:26:24 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2010.08.12 22:26:24 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2010.08.12 22:26:23 | 003,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2010.08.12 22:26:23 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe [2010.08.12 22:26:23 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2010.08.12 22:26:23 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2010.08.12 12:44:23 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2010.08.12 12:24:28 | 000,378,880 | ---- | C] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Users\***\Desktop\JavaRa.exe [2010.08.12 12:24:28 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\JavaRa [2010.08.10 15:07:55 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2010.08.10 15:07:49 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010.08.10 15:07:49 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2010.08.10 15:07:49 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys [2010.08.10 15:07:49 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys [2010.08.10 15:07:44 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2010.08.10 15:07:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2010.08.10 01:29:09 | 000,713,672 | ---- | C] (Agnitum Ltd.) -- C:\Windows\System32\drivers\SandBox.sys [2010.08.10 01:26:47 | 000,328,296 | ---- | C] (Agnitum Ltd.) -- C:\Windows\System32\drivers\afwcore.sys [2010.08.10 01:26:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\Filt [2010.08.10 01:26:21 | 000,034,920 | ---- | C] (Agnitum Ltd.) -- C:\Windows\System32\drivers\afw.sys [2010.08.10 01:26:04 | 000,000,000 | ---D | C] -- C:\Programme\Agnitum [2010.08.10 00:29:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Agnitum [2010.08.09 23:56:54 | 000,000,000 | ---D | C] -- C:\Programme\VS Revo Group [2010.08.08 11:37:39 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Gmer [2010.08.07 15:47:49 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010.08.07 15:26:49 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT [2010.08.07 14:58:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2010.08.07 14:58:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.08.07 14:58:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.08.07 14:58:05 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.08.07 14:58:05 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.08.07 14:56:19 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2010.08.07 14:54:24 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\MFTools [2010.08.05 23:24:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\FinalMediaPlayer [2010.08.05 23:24:10 | 000,000,000 | ---D | C] -- C:\Programme\FinalMediaPlayer [2010.08.05 23:24:06 | 000,000,000 | ---D | C] -- C:\Programme\Free Offers from Freeze.com [2010.08.05 23:24:04 | 000,835,584 | ---- | C] (Capital Intellect Inc) -- C:\Windows\System32\WINCTL4.OCX [2010.08.05 23:24:04 | 000,495,616 | ---- | C] (Capital Intellect Inc) -- C:\Windows\System32\WINUTIL5.DLL [2010.08.05 23:24:04 | 000,393,216 | ---- | C] (Capital Intellect Inc) -- C:\Windows\System32\WINLCTL5.DLL [2010.08.05 23:24:04 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Winferno [2010.08.05 23:24:01 | 000,212,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Richtx32.ocx [2010.08.05 23:24:01 | 000,000,000 | ---D | C] -- C:\Programme\Winferno [2010.08.05 23:23:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! [2010.08.05 23:23:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Yahoo! [2010.08.03 23:23:17 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Bilder Opp55 [2010.08.03 17:54:20 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PC Tools [2010.07.21 12:41:33 | 000,000,000 | ---D | C] -- C:\Programme\Sweet Home 3D [2010.07.20 10:22:22 | 000,000,000 | ---D | C] -- C:\Programme\Conduit [2010.07.20 10:22:21 | 000,000,000 | ---D | C] -- C:\Programme\Softonic_Deutsch [2007.09.15 10:14:24 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll [2007.09.15 10:14:24 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll [2007.08.14 14:51:31 | 000,045,056 | ---- | C] ( ) -- C:\Windows\PLFSet.dll [2007.08.14 07:11:40 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll ========== Files - Modified Within 30 Days ========== [2010.08.18 17:26:42 | 003,407,872 | ---- | M] () -- C:\Users\***\NTUSER.DAT [2010.08.18 17:19:22 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.08.18 17:00:04 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job [2010.08.18 16:59:34 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.08.18 16:59:34 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.08.18 16:54:31 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.08.18 16:54:31 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.08.18 16:54:31 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010.08.18 16:54:30 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2010.08.18 16:46:28 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\PCConfidential.job [2010.08.18 16:46:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.08.18 16:07:36 | 000,651,276 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.08.18 16:07:36 | 000,618,470 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.08.18 16:07:36 | 000,121,296 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.08.18 16:07:36 | 000,107,614 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.08.18 16:07:35 | 001,489,018 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.08.18 15:59:59 | 008,405,015 | ---- | M] () -- C:\Windows\TempFile [2010.08.18 15:59:35 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.08.18 15:58:56 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys [2010.08.18 15:57:14 | 002,387,329 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db [2010.08.18 15:48:37 | 000,003,127 | ---- | M] () -- C:\Users\***\Desktop\Nederlands.lng [2010.08.18 15:48:37 | 000,002,553 | ---- | M] () -- C:\Users\***\Desktop\Suomi.lng [2010.08.18 15:48:36 | 000,378,880 | ---- | M] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Users\***\Desktop\JavaRa.exe [2010.08.18 15:48:35 | 000,322,351 | ---- | M] () -- C:\Users\***\Desktop\JavaRa.def [2010.08.18 15:48:34 | 000,003,027 | ---- | M] () -- C:\Users\***\Desktop\Français.lng [2010.08.18 15:48:34 | 000,002,920 | ---- | M] () -- C:\Users\***\Desktop\Italiano.lng [2010.08.18 15:48:33 | 000,002,946 | ---- | M] () -- C:\Users\***\Desktop\Español.lng [2010.08.18 15:48:30 | 000,002,758 | ---- | M] () -- C:\Users\***\Desktop\Deutsch.lng [2010.08.18 15:47:31 | 000,156,329 | ---- | M] () -- C:\Users\***\Desktop\JavaRa.zip [2010.08.18 15:27:11 | 000,102,864 | ---- | M] () -- C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT [2010.08.18 15:26:08 | 000,001,593 | ---- | M] () -- C:\Users\Public\Desktop\Browserwahl.lnk [2010.08.18 12:57:23 | 000,382,264 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.08.13 12:47:18 | 000,013,362 | ---- | M] () -- C:\Users\***\Desktop\Ehe aus Schwamm.docx [2010.08.12 16:28:21 | 000,020,992 | ---- | M] () -- C:\Users\***\Desktop\Kalender.xls [2010.08.12 15:08:23 | 000,869,051 | ---- | M] () -- C:\Users\***\Desktop\SecurityCheck.exe [2010.08.12 12:47:45 | 002,672,312 | ---- | M] () -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe [2010.08.12 12:35:10 | 000,000,749 | RH-- | M] () -- C:\Windows\WindowsShell.Manifest [2010.08.10 15:08:15 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.08.09 09:47:57 | 407,669,089 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010.08.08 11:35:01 | 000,010,749 | ---- | M] () -- C:\Users\***\Desktop\Malwarebytes.docx [2010.08.07 15:39:25 | 000,513,722 | ---- | M] () -- C:\Users\***\Desktop\Fehlermeldung.bmp [2010.08.07 15:27:05 | 000,000,917 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2010.08.07 15:26:49 | 000,000,737 | ---- | M] () -- C:\Users\***\Desktop\NTREGOPT.lnk [2010.08.07 15:26:49 | 000,000,718 | ---- | M] () -- C:\Users\***\Desktop\ERUNT.lnk [2010.08.07 14:58:10 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.07 14:56:24 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2010.08.07 14:56:12 | 000,284,915 | ---- | M] () -- C:\Users\***\Desktop\Gmer.zip [2010.08.07 14:52:28 | 000,411,356 | ---- | M] () -- C:\Users\***\Desktop\Load.exe [2010.08.05 23:20:21 | 000,020,992 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.02 23:09:51 | 000,000,662 | ---- | M] () -- C:\Users\***\Desktop\tools.lnk [2010.08.02 11:20:25 | 001,132,614 | ---- | M] () -- C:\Users\***\Desktop\Trojaner.bmp [2010.07.23 10:56:04 | 000,713,672 | ---- | M] (Agnitum Ltd.) -- C:\Windows\System32\drivers\SandBox.sys [2010.07.21 14:52:40 | 000,000,049 | ---- | M] () -- C:\Windows\transp.gif [2010.07.21 13:35:23 | 001,036,040 | ---- | M] () -- C:\Users\***\Documents\Küche.sh3d ========== Files Created - No Company Name ========== [2010.08.18 17:19:22 | 000,001,891 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.08.18 15:47:30 | 000,156,329 | ---- | C] () -- C:\Users\***\Desktop\JavaRa.zip [2010.08.18 15:26:08 | 000,001,593 | ---- | C] () -- C:\Users\Public\Desktop\Browserwahl.lnk [2010.08.18 12:47:40 | 000,030,208 | ---- | C] () -- C:\Users\***\Desktop\LebenslaufBewerb09_V2.0.doc [2010.08.18 12:47:37 | 000,021,504 | ---- | C] () -- C:\Users\***\Desktop\AnschreibenBewerbung_D_V1.doc [2010.08.18 10:36:14 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2010.08.18 10:32:24 | 001,657,350 | ---- | C] () -- C:\Windows\System32\wlan.tmf [2010.08.12 15:08:18 | 000,869,051 | ---- | C] () -- C:\Users\***\Desktop\SecurityCheck.exe [2010.08.12 12:47:40 | 002,672,312 | ---- | C] () -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe [2010.08.12 12:24:28 | 000,322,351 | ---- | C] () -- C:\Users\***\Desktop\JavaRa.def [2010.08.12 12:24:28 | 000,003,127 | ---- | C] () -- C:\Users\***\Desktop\Nederlands.lng [2010.08.12 12:24:28 | 000,003,027 | ---- | C] () -- C:\Users\***\Desktop\Français.lng [2010.08.12 12:24:28 | 000,002,946 | ---- | C] () -- C:\Users\***\Desktop\Español.lng [2010.08.12 12:24:28 | 000,002,920 | ---- | C] () -- C:\Users\***\Desktop\Italiano.lng [2010.08.12 12:24:28 | 000,002,758 | ---- | C] () -- C:\Users\***\Desktop\Deutsch.lng [2010.08.12 12:24:28 | 000,002,553 | ---- | C] () -- C:\Users\***\Desktop\Suomi.lng [2010.08.10 15:08:15 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.08.10 01:26:25 | 000,000,049 | ---- | C] () -- C:\Windows\transp.gif [2010.08.08 22:56:20 | 000,013,362 | ---- | C] () -- C:\Users\radeloff\Desktop\Ehe aus Schwamm.docx [2010.08.08 11:37:39 | 000,293,376 | ---- | C] () -- C:\Users\radeloff\Desktop\gmer.exe [2010.08.08 11:35:00 | 000,010,749 | ---- | C] () -- C:\Users\radeloff\Desktop\Malwarebytes.docx [2010.08.07 15:39:25 | 000,513,722 | ---- | C] () -- C:\Users\radeloff\Desktop\Fehlermeldung.bmp [2010.08.07 15:27:05 | 000,000,917 | ---- | C] () -- C:\Users\radeloff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2010.08.07 15:26:49 | 000,000,737 | ---- | C] () -- C:\Users\radeloff\Desktop\NTREGOPT.lnk [2010.08.07 15:26:49 | 000,000,718 | ---- | C] () -- C:\Users\radeloff\Desktop\ERUNT.lnk [2010.08.07 14:58:10 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.07 14:56:07 | 000,284,915 | ---- | C] () -- C:\Users\radeloff\Desktop\Gmer.zip [2010.08.07 14:52:27 | 000,411,356 | ---- | C] () -- C:\Users\radeloff\Desktop\Load.exe [2010.08.05 23:24:08 | 000,000,416 | ---- | C] () -- C:\Windows\tasks\PCConfidential.job [2010.08.02 23:09:59 | 000,000,662 | ---- | C] () -- C:\Users\radeloff\Desktop\tools.lnk [2010.08.02 11:20:25 | 001,132,614 | ---- | C] () -- C:\Users\radeloff\Desktop\Trojaner.bmp [2010.07.21 13:35:23 | 001,036,040 | ---- | C] () -- C:\Users\radeloff\Documents\Küche.sh3d [2010.07.21 12:50:44 | 000,020,992 | ---- | C] () -- C:\Users\radeloff\Desktop\Kalender.xls [2009.03.31 18:59:52 | 000,000,055 | ---- | C] () -- C:\Windows\videotoaudio.ini [2008.08.06 19:26:48 | 000,208,896 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll [2008.08.06 19:26:48 | 000,090,112 | ---- | C] () -- C:\Windows\System32\LxUtl10.dll [2008.08.06 19:26:47 | 000,131,072 | ---- | C] () -- C:\Windows\System32\BH_DATA100VC7.dll [2008.01.02 17:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll [2008.01.02 17:47:22 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll [2008.01.02 17:47:22 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll [2008.01.02 17:47:22 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll [2007.09.15 20:09:46 | 000,000,030 | ---- | C] () -- C:\Windows\SetPanel.ini [2007.09.15 20:09:28 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI [2007.09.15 10:13:45 | 000,001,132 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2007.08.14 17:19:28 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll [2007.08.14 14:51:39 | 000,910,720 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll [2007.08.14 14:51:39 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1280.dll [2007.08.14 14:51:31 | 001,729,152 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2007.08.14 14:49:11 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2007.08.14 07:17:30 | 000,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys [2007.08.14 07:17:30 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys [2007.08.14 07:16:50 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll [2007.08.14 07:11:35 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll [2007.08.14 06:19:33 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2007.04.25 16:33:22 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll [2007.04.25 16:32:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll [2007.04.25 16:32:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll [2007.04.25 16:31:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll [2007.04.25 16:30:52 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll [2007.04.25 16:30:44 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll [2006.12.25 15:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll [2006.12.10 15:52:04 | 000,397,312 | ---- | C] () -- C:\Windows\System32\BH_DATA100VC8.dll [2006.11.04 03:58:02 | 000,057,344 | ---- | C] () -- C:\Windows\System32\FKStampPainter20.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.09.29 15:12:12 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll [2006.09.24 21:04:42 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll [2006.09.24 21:03:32 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll [2006.09.21 13:53:28 | 000,282,679 | ---- | C] () -- C:\Windows\System32\dnt27.dll [2006.09.21 13:52:24 | 000,077,882 | ---- | C] () -- C:\Windows\System32\dntvmc27.dll [2006.09.21 13:52:14 | 000,077,881 | ---- | C] () -- C:\Windows\System32\dntvm27.dll [2006.04.21 11:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\System32\HtmlHelp.dll [2005.11.09 12:13:48 | 000,282,624 | ---- | C] () -- C:\Windows\System32\dnt27VC7.dll [2005.11.09 12:11:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvmc27VC7.dll [2005.11.09 12:11:30 | 000,077,824 | ---- | C] () -- C:\Windows\System32\dntvm27VC7.dll [2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.10.10 08:57:58 | 000,073,786 | ---- | C] () -- C:\Windows\System32\dntvmc23.dll [2001.10.10 08:57:58 | 000,061,497 | ---- | C] () -- C:\Windows\System32\dntvm23.dll [2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll [2001.03.07 08:02:30 | 000,229,431 | ---- | C] () -- C:\Windows\System32\dnt23.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:5711EF65 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8 @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2 < End of report > ...und EXTRAS:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 18.08.2010 17:26:57 - Run 4
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 43,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 65,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,77 Gb Total Space | 22,34 Gb Free Space | 32,02% Space Free | Partition Type: NTFS
Drive D: | 66,27 Gb Total Space | 22,84 Gb Free Space | 34,47% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 7,14 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ASPIRE
Current User Name: ***
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.txt [@ = txtfile] -- C:\Program Files\JGsoft\EditPadPro6\EditPadPro.exe (Just Great Software)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"AntiSpyWareDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{40F2F0E8-DBA8-4AE5-AA65-61F3D782D49C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{4FA869F1-10DE-46F3-BA61-D8ADA878F515}" = lport=2799 | protocol=17 | dir=in | name=altova license metering port (udp) |
"{EFFE8F53-44E1-4E3E-9683-77DFACC1D16F}" = lport=2799 | protocol=6 | dir=in | name=altova license metering port (tcp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{074B3EAA-A8E7-4957-B9DB-9C24CB806BEA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{09FE0124-7A2F-45D5-94DD-A0294E9D6BA2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{0C104093-CD60-420A-BC6D-0CADE28F140C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{0D67F139-56C4-45F4-AFE5-97FB47C652D2}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{0D97D1E5-76E4-4E88-92AC-A8AE10B3473B}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\playmovie.exe |
"{1C7E5409-06F0-411D-BFF0-85FE53FA23E1}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{4C580168-126C-42B2-8A8D-044236F383EC}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{6CF05F3A-04FE-4DDE-B03F-7DE340E2392E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7FE414B1-C085-40F9-B1EE-0579BA95EEB7}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{885A97B1-D579-4E72-8CBF-3302B48BD66F}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{88DAE356-9D65-41EF-8C83-2C6F42AC3524}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{89201A40-4333-43DC-AD08-09AA909B217F}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{922D38DC-713A-4018-9360-1990E9B2540F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{96DA5C04-FDF0-4EE9-B8AB-5BC6085B6B30}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\pmvservice.exe |
"{A775F5F0-8007-46CC-8234-52BFF02340E7}" = dir=in | app=c:\program files\acer arcade deluxe\dvdivine\dvdivine.exe |
"{AE0EBDCB-FE25-44EA-9135-8E43A383D3B1}" = dir=in | app=c:\program files\acer arcade deluxe\dv wizard\dv wizard.exe |
"{C483E1D1-B50B-40D5-8D86-603043A0D998}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CC8249BE-6FB8-4F31-95AD-E9E81BAE84F5}" = dir=in | app=c:\program files\acer arcade deluxe\videomagician\videomagician.exe |
"{CE5F9770-C2A4-49C0-8384-54BF08405D66}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D5FB34B8-45F5-4DB5-8A59-DCEE8A9FACC4}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"TCP Query User{793E1B92-F947-4266-92FE-544D289C1945}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{B9C55069-EE88-4C25-A5DC-86B55CBDE6CB}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{0C9BACAC-BA35-407E-83EE-483BAA8D4770}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{7041753B-9DDB-4831-8860-AFD4584DB812}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1716D952-F601-4A07-8988-7FCFAEDE6FDC}" = TAXMAN Bibliothek 2008
"{17CB4D2C-109D-4141-8ABE-81734B6EE2A6}" = Lexware reisekosten 2007
"{1A19B4A3-6CE7-4388-B21F-679803C6C76B}" = TAXMAN 2009
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye webcam
"{3A7E8601-F0C9-49A0-855A-EEDEEFE11F7E}" = Lexware buchhalter 2007
"{3EAE4683-E5EE-4835-AAAF-9F2A3014E04B}" = Lexware reisekosten 2007
"{427967BF-09F8-46D5-9275-37001CCBBA5D}" = Winbond CIR Drivers
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{666EC086-3794-4E3D-BD9E-600A5FF82A5E}" = Orion
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{69496452-FAF3-43BC-9907-BA9CEC65FC10}" = Lexware Info Service
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{700C61BE-9424-4B20-9153-7A0C59722AF4}" = TAXMAN Bibliothek 2009
"{70788C1F-9CFB-41A8-807F-E79AE0F9C6FD}" = Lexware reisekosten 2007
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7E81E513-27E6-4EC2-BA25-ECF1023A070D}" = Lexware reisekosten 2007
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8E697545-D138-4E74-B0E3-D7F2A00080B0}" = BrainVoyager QX
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{90AC08E7-FC26-463D-868F-A199143B32F6}" = Altova StyleVision® 2010 Enterprise Edition
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{AA047D7C-5E7C-4878-B75C-77589151B563}" = Acer Crystal Eye webcam
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}" = Magic Online III
"{B26CEFDF-DD0A-4145-ADE6-EE3440DB6711}" = Lexware reisekosten 2007
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer 3.72
"{B877EB7B-DE53-46F7-AF2A-AF5E3677B625}" = Lexware buchhalter 2007
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CBC544C4-EBFC-4471-8FE3-BF3DDCEE3840}" = Lexware buchhalter 2007
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D5C8E140-6E6F-11DD-9AA9-0050560400B1}" = Haufe iDesk-Service
"{E2500C71-5D43-4BA0-B044-9BA9A3A11CAD}" = Lexware buchhalter 2007
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EC4D5610-F99A-41C8-BA00-9801F81A46CD}" = Lexware buchhalter 2007
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
"{EFE38CC6-2592-4F93-B59B-CE4B69600890}" = TAXMAN 2009
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F331FBDC-7DCF-4598-9E7C-E11865677AB4}" = TAXMAN 2008
"{F48AAE0F-52F4-11DD-B1F7-0050560400B1}" = Haufe iDesk-Browser
"{F55CA27A-8C3C-4E7D-891B-D29FD3259A94}" = TAXMAN 2008
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Agnitum Outpost Firewall Pro_is1" = Outpost Firewall Pro 7.0.2
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Citavi" = Citavi 2.5
"Citavi Picker für Adobe Reader und Adobe Acrobat" = Citavi Picker 2008.08.06 für Adobe Reader und Adobe Acrobat
"Citavi Picker für Word" = Citavi Picker 2008.09.29 für Word
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"EditPad Pro 6" = Just Great Software EditPad Pro 6 v.6.6.1
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"GridVista" = Acer GridVista
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"IsoBuster_is1" = IsoBuster 2.3
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"LManager" = Launch Manager
"Magic Online" = Magic Online
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"MPEG To MP3 Converter_is1" = MPEG To MP3 Converter 1.00
"PCConfidential_is1" = PC Confidential 2008
"Picasa 3" = Picasa 3
"RealPlayer 12.0" = RealPlayer
"Replace-Manager_is1" = Replace-Manager
"Revo Uninstaller" = Revo Uninstaller 1.89
"SnagIt5" = SnagIt 5
"Softonic_Deutsch Toolbar" = Softonic Deutsch Toolbar
"Sweet Home 3D_is1" = Sweet Home 3D version 2.5
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Totalcmd" = Total Commander (Remove or Repair)
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 16.08.2010 13:04:38 | Computer Name = Aspire | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10811
Error - 16.08.2010 14:43:22 | Computer Name = Aspire | Source = WerSvc | ID = 5007
Description =
Error - 17.08.2010 03:39:06 | Computer Name = Aspire | Source = WerSvc | ID = 5007
Description =
Error - 17.08.2010 09:55:00 | Computer Name = Aspire | Source = WerSvc | ID = 5007
Description =
Error - 17.08.2010 15:32:30 | Computer Name = Aspire | Source = WerSvc | ID = 5007
Description =
Error - 18.08.2010 04:01:52 | Computer Name = Aspire | Source = WerSvc | ID = 5007
Description =
Error - 18.08.2010 04:07:28 | Computer Name = Aspire | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung extexport.exe, Version 8.0.6001.18702, Zeitstempel
0x49b3ad67, fehlerhaftes Modul sqlite3.dll, Version 3.6.22.0, Zeitstempel 0x4c48c4ae,
Ausnahmecode 0xc0000005, Fehleroffset 0x0001072b, Prozess-ID 0x1660, Anwendungsstartzeit
01cb3eac661ddf84.
Error - 18.08.2010 06:47:00 | Computer Name = Aspire | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18702, Zeitstempel
0x49b3ad2e, fehlerhaftes Modul Alert.dll, Version 1.0.19.1, Zeitstempel 0x4c03770e,
Ausnahmecode 0xc0000005, Fehleroffset 0x0002fd0b, Prozess-ID 0x1738, Anwendungsstartzeit
01cb3eac2c2cf4f4.
Error - 18.08.2010 06:58:15 | Computer Name = Aspire | Source = WerSvc | ID = 5007
Description =
Error - 18.08.2010 10:07:35 | Computer Name = Aspire | Source = WerSvc | ID = 5007
Description =
[ OSession Events ]
Error - 31.03.2008 13:24:53 | Computer Name = Aspire | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3187
seconds with 1920 seconds of active time. This session ended with a crash.
Error - 01.05.2010 14:52:49 | Computer Name = Aspire | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 79 seconds with 60 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 16.08.2010 14:37:08 | Computer Name = Aspire | Source = Service Control Manager | ID = 7000
Description =
Error - 16.08.2010 16:02:26 | Computer Name = Aspire | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
Error - 17.08.2010 03:32:48 | Computer Name = Aspire | Source = Service Control Manager | ID = 7000
Description =
Error - 17.08.2010 09:48:03 | Computer Name = Aspire | Source = Service Control Manager | ID = 7000
Description =
Error - 17.08.2010 15:26:17 | Computer Name = Aspire | Source = Service Control Manager | ID = 7000
Description =
Error - 18.08.2010 03:55:35 | Computer Name = Aspire | Source = Service Control Manager | ID = 7000
Description =
Error - 18.08.2010 06:50:57 | Computer Name = Aspire | Source = DCOM | ID = 10010
Description =
Error - 18.08.2010 06:51:09 | Computer Name = Aspire | Source = Service Control Manager | ID = 7023
Description =
Error - 18.08.2010 06:57:50 | Computer Name = Aspire | Source = Service Control Manager | ID = 7000
Description =
Error - 18.08.2010 10:00:05 | Computer Name = Aspire | Source = Service Control Manager | ID = 7000
Description =
[ TuneUp Events ]
Error - 07.08.2010 08:58:45 | Computer Name = Aspire | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-07 14:58:45', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\mbam.exe','3864',0)
Error - 08.08.2010 05:19:56 | Computer Name = Aspire | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-08 11:19:56', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\mbam.exe','3936',0)
Error - 08.08.2010 05:20:11 | Computer Name = Aspire | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-08 11:20:11', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\mbam.exe','4148',0)
< End of report >
Viele Grüße und danek für Deine Mühe, Daniel |
|
18.08.2010, 20:03
| #15 |
| /// Selecta Jahrusso | Antivir findet "TR/Spy.Browse.A" / Onelinebanking-Attacke So und jetzt brauchen wir noch Service Pack 1 und 2 für Vista. Besuche bitte die Microsoft-Update-Seite und lade Dir alle Updates unter Benutzerdefiniert herunter Mache das so lange bis du nichts mehr angeboten bekommst Du musst dafür mit den Internet Explorer ins Netz gehen Wenn du dies mit FireFox durchführen willst musst Du vorher das Addon IE View installieren. Wenn nicht dabei, bitte manuell installieren. Berichte bitte
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
| Themen zu Antivir findet "TR/Spy.Browse.A" / Onelinebanking-Attacke |
| aktion, antivir, avira, beiträge, besuch, besucht, browser, bundesamt, datenschutz, filepony, funktionieren, installiert, interne, internetseite, löschen, malwarebytes, natürlich, onlinebanking, problem, rechner, schonmal, schutz, seite, tan-nummer, tr/spy.browse.a, trojaner, update, warnung, zugreifen, zusätzliche |
Textbox.
.
Button.
Linear-Darstellung
