| |
| |||||||
Log-Analyse und Auswertung: Nach Trojaner-Angriff lahmer Systemstart, häufige Abstürze.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
24.10.2010, 12:44
| #1 | |
 |  Nach Trojaner-Angriff lahmer Systemstart, häufige Abstürze. //edit: Sorry, ich hab glaub ich das falsche Forum erwischt, ich bitte zu verschieben! Danke!! Hallo liebe Community! Ich habe mir gestern "Anti Malware Doctor" eingefangen und nach der Anleitung aus eurem Board wieder entfernt. Malwarebytes Anti Malware hatte ich bereits installiert, ging somit einwandfrei. Malewarebytes hat 10 Infizierungen gefunden: Zitat:
Leider läuft der Systemstart seit der Infizierung aber extrem langsam, IExplore stürzt ständig ab, auch andere Programme frieren gerne ein und alles in allem läuft alles sehr schleppend. Darum bitte ich euch die OTL logfiles anzusehen und mir zu sagen was ich noch machen kann. Vielen Dank!! OTL.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 24.10.2010 13:32:03 - Run 1 OTL by OldTimer - Version 3.2.16.0 Folder = C:\Users\SilverSurger\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 58,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 226,48 Gb Total Space | 90,45 Gb Free Space | 39,94% Space Free | Partition Type: NTFS Drive D: | 226,51 Gb Total Space | 185,60 Gb Free Space | 81,94% Space Free | Partition Type: NTFS Drive E: | 114,06 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: ACER-PC | User Name: SilverSurger | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\SilverSurger\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe (Kaspersky Lab ZAO) PRC - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) PRC - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 7\DfSdkS.exe (mst software GmbH, Germany) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () PRC - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe () PRC - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) PRC - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated) PRC - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) PRC - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) PRC - C:\Acer\Mobility Center\MobilityService.exe () ========== Modules (SafeList) ========== MOD - C:\Users\SilverSurger\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\System32\SysHook.dll (Acer Inc.) ========== Win32 Services (SafeList) ========== SRV - (mysql) -- d:\xampp\mysql\bin\mysqld.exe File not found SRV - (FileZilla Server) -- d:\xampp\FileZillaFTP\FileZillaServer.exe File not found SRV - (Apache2.2) -- d:\xampp\apache\bin\httpd.exe File not found SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) Intel(R) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (DfSdkS) -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 7\Dfsdks.exe (mst software GmbH, Germany) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (OMSI download service) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () SRV - (ETService) -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe () SRV - (eDataSecurity Service) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe () ========== Driver Services (SafeList) ========== DRV - (WPRO_40_1123) WinPcap Packet Driver (WPRO_40_1123) -- C:\Windows\System32\drivers\WPRO_40_1123.sys File not found DRV - (VMnetAdapter) -- C:\Windows\System32\DRIVERS\vmnetadapter.sys File not found DRV - (vmkbd) -- File not found DRV - (VBoxNetFlt) -- C:\Windows\System32\DRIVERS\VBoxNetFlt.sys File not found DRV - (pccsmcfd) -- C:\Windows\System32\DRIVERS\pccsmcfd.sys File not found DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab) DRV - (dc3d) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation) DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO) DRV - (KL1) -- C:\Windows\system32\DRIVERS\kl1.sys (Kaspersky Lab ZAO) DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO) DRV - (leafnets) -- C:\Windows\System32\drivers\leafnets.sys (Leaf Networks) DRV - (vpcvmm) -- C:\Windows\System32\drivers\vpcvmm.sys (Microsoft Corporation) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (VBoxNetAdp) -- C:\Windows\System32\drivers\VBoxNetAdp.sys (Sun Microsystems, Inc.) DRV - (vpcnfltr) -- C:\Windows\System32\drivers\vpcnfltr.sys (Microsoft Corporation) DRV - (vpcusb) -- C:\Windows\System32\drivers\vpcusb.sys (Microsoft Corporation) DRV - (vpcbus) -- C:\Windows\System32\drivers\vpchbus.sys (Microsoft Corporation) DRV - (NETw5s32) Intel(R) -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation) DRV - (rdpbus) -- C:\Windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\System32\drivers\umpass.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (hidshim) -- C:\Windows\System32\drivers\hidshim.sys (Windows (R) Codename Longhorn DDK provider) DRV - (nuvotonhidgeneric) -- C:\Windows\System32\drivers\nuvotonhidgeneric.sys (Nuvoton Technology Corporation) DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (adfs) -- C:\Windows\System32\drivers\adfs.sys (Adobe Systems, Inc.) DRV - (psdvdisk) -- C:\Windows\System32\drivers\PSDVdisk.sys (Egis Incorporated) DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (Egis Incorporated) DRV - (PSDNServ) -- C:\Windows\System32\drivers\PSDNServ.sys (Egis Incorporated) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.) DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=1208&m=aspire_8730 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=1208&m=aspire_8730 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=1208&m=aspire_8730 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://chameleontom.iamwired.net/search.php?src=tops&q=" FF - prefs.js..browser.search.selectedEngine: "Search" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/" FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.0.232 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.0.232 FF - prefs.js..keyword.URL: "hxxp://chameleontom.iamwired.net/search.php?src=tops&q=" FF - user.js..browser.search.openintab: false FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009.12.01 22:27:55 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.21 15:47:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.21 15:47:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.10.21 15:46:10 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.10.16 18:50:28 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdtbext\ FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\THBExt [2010.07.15 19:21:33 | 000,000,000 | ---D | M] [2010.09.16 19:57:17 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\mozilla\Extensions [2010.09.16 19:57:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SilverSurger\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.09.06 20:32:57 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\mozilla\Extensions\IMVUClientXUL@imvu.com [2010.10.23 17:42:21 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\mozilla\Firefox\Profiles\suj645lk.default\extensions [2010.10.19 06:12:23 | 000,000,950 | ---- | M] () -- C:\Users\SilverSurger\AppData\Roaming\Mozilla\FireFox\Profiles\suj645lk.default\searchplugins\icqplugin-1.xml [2010.03.23 20:10:10 | 000,000,950 | ---- | M] () -- C:\Users\SilverSurger\AppData\Roaming\Mozilla\FireFox\Profiles\suj645lk.default\searchplugins\icqplugin-2.xml [2010.04.03 13:39:44 | 000,000,950 | ---- | M] () -- C:\Users\SilverSurger\AppData\Roaming\Mozilla\FireFox\Profiles\suj645lk.default\searchplugins\icqplugin-3.xml [2010.02.03 14:37:50 | 000,000,947 | ---- | M] () -- C:\Users\SilverSurger\AppData\Roaming\Mozilla\FireFox\Profiles\suj645lk.default\searchplugins\icqplugin.xml [2010.02.09 19:15:18 | 000,005,395 | ---- | M] () -- C:\Users\SilverSurger\AppData\Roaming\Mozilla\FireFox\Profiles\suj645lk.default\searchplugins\Search.xml [2010.08.22 14:59:56 | 000,001,379 | ---- | M] () -- C:\Users\SilverSurger\AppData\Roaming\Mozilla\FireFox\Profiles\suj645lk.default\searchplugins\winamp-search.xml [2010.10.23 21:42:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010.07.18 09:57:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru [2010.07.18 09:57:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2009.09.13 23:10:06 | 000,047,104 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\Mozilla Firefox\components\FFComm.dll [2009.07.17 10:40:12 | 000,704,512 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll [2010.08.01 09:33:51 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.08.01 09:33:51 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.08.01 09:33:52 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.08.01 09:33:52 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.08.01 09:33:52 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.02.13 19:30:36 | 000,000,968 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 im.adtech.de O1 - Hosts: 127.0.0.1 adserver.adtech.de O1 - Hosts: 127.0.0.1 adtech.de O1 - Hosts: 127.0.0.1 atwola.com O1 - Hosts: 127.0.0.1 adserver.71i.de O1 - Hosts: 127.0.0.1 adicqserver.71i.de O1 - Hosts: 127.0.0.1 71i.de O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKCU..\Run: [Miranda Fusion] C:\Program Files\MirandaFusion\mfstart.exe (Miranda Fusion Team) O4 - HKCU..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer) O4 - HKLM..\RunOnce: [Remove Uninstaller for VMware Player] File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0 O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm () O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\SilverSurger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk File not found O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.173.72.3 213.173.72.1 O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~2\AVP11\mzvkbd3.dll) - C:\ProgramData\AVP11\mzvkbd3.dll (Kaspersky Lab ZAO) O20 - AppInit_DLLs: (C:\PROGRA~2\AVP11\kloehk.dll) - C:\ProgramData\AVP11\kloehk.dll (Kaspersky Lab ZAO) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O24 - Desktop WallPaper: C:\Windows\web\wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\web\wallpaper\img24.jpg O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.01.03 21:06:53 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2007.12.27 22:09:18 | 000,358,872 | R--- | M] (NETGEAR Inc.) - E:\Autorun.exe -- [ CDFS ] O32 - AutoRun File - [2006.03.27 12:25:00 | 000,000,045 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{4c58d481-d202-11dd-b912-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{4c58d481-d202-11dd-b912-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2007.12.27 22:09:18 | 000,358,872 | R--- | M] (NETGEAR Inc.) O33 - MountPoints2\{711b610b-6a7d-11df-b60e-001d72ee7740}\Shell - "" = AutoRun O33 - MountPoints2\{711b610b-6a7d-11df-b60e-001d72ee7740}\Shell\AutoRun\command - "" = G:\RunGame.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.10.24 13:30:19 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\SilverSurger\Desktop\OTL.exe [2010.10.23 17:31:16 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan [2010.10.23 13:17:02 | 000,000,000 | ---D | C] -- C:\Users\SilverSurger\AppData\Roaming\E1F6215D8513C313F473294815976EC4 [2010.10.18 19:56:27 | 000,000,000 | ---D | C] -- C:\Users\SilverSurger\Documents\Bewerbungen [2010.10.17 12:19:31 | 000,000,000 | ---D | C] -- C:\Users\SilverSurger\NTI-Shadow [2010.10.17 12:19:00 | 000,000,000 | ---D | C] -- C:\Users\SilverSurger\AppData\Roaming\NewTech Infosystems [2010.10.17 12:19:00 | 000,000,000 | ---D | C] -- C:\Users\SilverSurger\AppData\Roaming\InstallShield Installation Information [2010.10.17 12:18:01 | 000,000,000 | ---D | C] -- C:\Users\SilverSurger\AppData\Roaming\InstallShield [2010.10.16 20:19:26 | 000,000,000 | ---D | C] -- C:\Program Files\AntiTwin [2010.10.15 20:05:54 | 000,000,000 | R-SD | C] -- C:\Users\SilverSurger\Documents\My Stationery [2010.10.14 01:27:44 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.10.14 01:27:44 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.10.14 01:27:44 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.10.14 01:27:44 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.10.14 01:27:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.10.14 01:27:44 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.10.14 01:27:44 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.10.14 01:27:44 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2010.10.14 01:27:44 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010.10.14 01:27:43 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.10.14 01:27:43 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2010.10.14 01:27:43 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll [2010.10.14 01:27:37 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll [2010.10.14 01:27:37 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll [2010.10.14 01:27:35 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2010.10.14 01:27:34 | 002,327,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.10.14 01:27:33 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll [2010.10.14 01:27:32 | 000,363,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\StructuredQuery.dll [2010.10.02 22:03:09 | 000,000,000 | ---D | C] -- C:\Users\SilverSurger\Documents\Virtual Machines [2010.10.02 21:57:45 | 000,000,000 | ---D | C] -- C:\Users\SilverSurger\AppData\Local\VMware [2010.10.02 21:57:38 | 000,000,000 | ---D | C] -- C:\Users\SilverSurger\AppData\Roaming\VMware [2010.10.02 21:52:02 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware [2010.10.02 20:43:03 | 000,295,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vpcvmm.sys [2010.10.02 20:43:02 | 003,330,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vpc.exe [2010.10.02 20:43:02 | 002,171,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VPCWizard.exe [2010.10.02 20:43:02 | 001,003,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VMWindow.exe [2010.10.02 20:35:58 | 000,000,000 | R--D | C] -- C:\Users\SilverSurger\Virtual Machines [2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\zh-TW [2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\zh-CN [2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Virtual PC [2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\tr-TR [2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\th-TH [2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\sv-SE [2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\ru-RU [2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\ro-RO [2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\pt-PT [2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\pt-BR [2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\pl-PL [2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nl-NL [2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nb-NO [2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\ko-KR [2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\ja-JP [2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\it-IT [2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\hu-HU [2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\he-IL [2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\fr-FR [2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\fi-FI [2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\es-ES [2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\en-US [2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\el-GR [2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\da-DK [2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\cs-CZ [2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\ar-SA [2010.10.02 20:25:20 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pl-PL\vpchbus.sys.mui [2010.10.02 20:25:20 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\el-GR\vpchbus.sys.mui [2010.10.02 20:25:20 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\vpchbus.sys.mui [2010.10.02 20:25:20 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\th-TH\vpchbus.sys.mui [2010.10.02 20:25:20 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\he-IL\vpchbus.sys.mui [2010.10.02 20:25:20 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ar-SA\vpchbus.sys.mui [2010.10.02 20:25:20 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\vpchbus.sys.mui [2010.10.02 20:25:20 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-CN\vpchbus.sys.mui [2010.10.02 20:25:19 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vpchbuspipe.dll [2010.10.02 20:25:19 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tr-TR\vpchbus.sys.mui [2010.10.02 20:25:19 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\sv-SE\vpchbus.sys.mui [2010.10.02 20:25:19 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ru-RU\vpchbus.sys.mui [2010.10.02 20:25:19 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ro-RO\vpchbus.sys.mui [2010.10.02 20:25:19 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-PT\vpchbus.sys.mui [2010.10.02 20:25:19 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\vpchbus.sys.mui [2010.10.02 20:25:19 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nl-NL\vpchbus.sys.mui [2010.10.02 20:25:19 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nb-NO\vpchbus.sys.mui [2010.10.02 20:25:19 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\vpchbus.sys.mui [2010.10.02 20:25:19 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hu-HU\vpchbus.sys.mui [2010.10.02 20:25:19 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\vpchbus.sys.mui [2010.10.02 20:25:19 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fi-FI\vpchbus.sys.mui [2010.10.02 20:25:19 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\es-ES\vpchbus.sys.mui [2010.10.02 20:25:19 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\vpchbus.sys.mui [2010.10.02 20:25:19 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\da-DK\vpchbus.sys.mui [2010.10.02 20:25:19 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ko-KR\vpchbus.sys.mui [2010.10.02 20:25:19 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\vpchbus.sys.mui [2010.10.02 20:25:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-CN\vpcuxd.sys.mui [2010.10.02 20:25:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\th-TH\vpcuxd.sys.mui [2010.10.02 20:25:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\sv-SE\vpcuxd.sys.mui [2010.10.02 20:25:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ru-RU\vpcuxd.sys.mui [2010.10.02 20:25:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nb-NO\vpcuxd.sys.mui [2010.10.02 20:25:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ko-KR\vpcuxd.sys.mui [2010.10.02 20:25:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\vpcuxd.sys.mui [2010.10.02 20:25:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\he-IL\vpcuxd.sys.mui [2010.10.02 20:25:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\da-DK\vpcuxd.sys.mui [2010.10.02 20:25:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\vpcuxd.sys.mui [2010.10.02 20:25:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\vpcusb.sys.mui [2010.10.02 20:25:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-CN\vpcusb.sys.mui [2010.10.02 20:25:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tr-TR\vpcusb.sys.mui [2010.10.02 20:25:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\th-TH\vpcusb.sys.mui [2010.10.02 20:25:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\sv-SE\vpcusb.sys.mui [2010.10.02 20:25:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ru-RU\vpcusb.sys.mui [2010.10.02 20:25:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nb-NO\vpcusb.sys.mui [2010.10.02 20:25:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ko-KR\vpcusb.sys.mui [2010.10.02 20:25:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\vpcusb.sys.mui [2010.10.02 20:25:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\he-IL\vpcusb.sys.mui [2010.10.02 20:25:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fi-FI\vpcusb.sys.mui [2010.10.02 20:25:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\vpcusb.sys.mui [2010.10.02 20:25:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\vpcusb.sys.mui [2010.10.02 20:25:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ar-SA\vpcusb.sys.mui [2010.10.02 20:25:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nl-NL\vpcnfltr.sys.mui [2010.10.02 20:25:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\el-GR\vpcnfltr.sys.mui [2010.10.02 20:25:18 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\el-GR\vpcvmm.sys.mui [2010.10.02 20:25:18 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tr-TR\vpcvmm.sys.mui [2010.10.02 20:25:18 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\th-TH\vpcvmm.sys.mui [2010.10.02 20:25:18 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ru-RU\vpcvmm.sys.mui [2010.10.02 20:25:18 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ro-RO\vpcvmm.sys.mui [2010.10.02 20:25:18 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-PT\vpcvmm.sys.mui [2010.10.02 20:25:18 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\vpcvmm.sys.mui [2010.10.02 20:25:18 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pl-PL\vpcvmm.sys.mui [2010.10.02 20:25:18 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nl-NL\vpcvmm.sys.mui [2010.10.02 20:25:18 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nb-NO\vpcvmm.sys.mui [2010.10.02 20:25:18 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\vpcvmm.sys.mui [2010.10.02 20:25:18 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hu-HU\vpcvmm.sys.mui [2010.10.02 20:25:18 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\vpcvmm.sys.mui [2010.10.02 20:25:18 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fi-FI\vpcvmm.sys.mui [2010.10.02 20:25:18 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\es-ES\vpcvmm.sys.mui [2010.10.02 20:25:18 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\da-DK\vpcvmm.sys.mui [2010.10.02 20:25:18 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\vpcvmm.sys.mui [2010.10.02 20:25:18 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ar-SA\vpcvmm.sys.mui [2010.10.02 20:25:18 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\vpcvmm.sys.mui [2010.10.02 20:25:18 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-CN\vpcvmm.sys.mui [2010.10.02 20:25:18 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\sv-SE\vpcvmm.sys.mui [2010.10.02 20:25:18 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ko-KR\vpcvmm.sys.mui [2010.10.02 20:25:18 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\vpcvmm.sys.mui [2010.10.02 20:25:18 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\he-IL\vpcvmm.sys.mui [2010.10.02 20:25:18 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\vpcvmm.sys.mui [2010.10.02 20:25:18 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pl-PL\vpcuxd.sys.mui [2010.10.02 20:25:18 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hu-HU\vpcuxd.sys.mui [2010.10.02 20:25:18 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fi-FI\vpcuxd.sys.mui [2010.10.02 20:25:18 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\el-GR\vpcuxd.sys.mui [2010.10.02 20:25:18 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pl-PL\vpcusb.sys.mui [2010.10.02 20:25:18 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nl-NL\vpcusb.sys.mui [2010.10.02 20:25:18 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hu-HU\vpcusb.sys.mui [2010.10.02 20:25:18 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\el-GR\vpcusb.sys.mui [2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\vpcuxd.sys.mui [2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tr-TR\vpcuxd.sys.mui [2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ro-RO\vpcuxd.sys.mui [2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-PT\vpcuxd.sys.mui [2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\vpcuxd.sys.mui [2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nl-NL\vpcuxd.sys.mui [2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\vpcuxd.sys.mui [2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\vpcuxd.sys.mui [2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\es-ES\vpcuxd.sys.mui [2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\vpcuxd.sys.mui [2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ar-SA\vpcuxd.sys.mui [2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ro-RO\vpcusb.sys.mui [2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-PT\vpcusb.sys.mui [2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\vpcusb.sys.mui [2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\vpcusb.sys.mui [2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\vpcusb.sys.mui [2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\es-ES\vpcusb.sys.mui [2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\da-DK\vpcusb.sys.mui [2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\vpcnfltr.sys.mui [2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-CN\vpcnfltr.sys.mui [2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tr-TR\vpcnfltr.sys.mui [2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\th-TH\vpcnfltr.sys.mui [2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\sv-SE\vpcnfltr.sys.mui [2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ru-RU\vpcnfltr.sys.mui [2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ro-RO\vpcnfltr.sys.mui [2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-PT\vpcnfltr.sys.mui [2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\vpcnfltr.sys.mui [2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pl-PL\vpcnfltr.sys.mui [2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nb-NO\vpcnfltr.sys.mui [2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ko-KR\vpcnfltr.sys.mui [2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\vpcnfltr.sys.mui [2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\vpcnfltr.sys.mui [2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hu-HU\vpcnfltr.sys.mui [2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\he-IL\vpcnfltr.sys.mui [2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\vpcnfltr.sys.mui [2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fi-FI\vpcnfltr.sys.mui [2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\es-ES\vpcnfltr.sys.mui [2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\vpcnfltr.sys.mui [2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\da-DK\vpcnfltr.sys.mui [2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\vpcnfltr.sys.mui [2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ar-SA\vpcnfltr.sys.mui [2010.10.02 20:25:17 | 000,165,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vpchbus.sys [2010.10.02 20:25:17 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vpcusb.sys [2010.10.02 20:25:17 | 000,055,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vpcnfltr.sys [2010.10.02 20:25:16 | 001,260,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VPCSettings.exe [2010.10.02 20:25:16 | 000,559,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VMCPropertyHandler.dll [2010.10.02 20:25:15 | 000,793,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmsal.exe [2010.10.02 20:22:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage [2010.09.29 03:00:36 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys [2010.09.29 01:18:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010.09.26 20:33:18 | 000,000,000 | ---D | C] -- C:\Program Files\copy trans manager [2010.09.26 19:40:23 | 000,000,000 | ---D | C] -- C:\Program Files\RAM Idle LE [2010.09.26 19:35:32 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer_edit_w7sbc.exe [2010.09.26 19:35:32 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer_backup_w7sbc.exe [2010.09.26 19:35:32 | 000,000,000 | ---D | C] -- C:\Windows\W7SBC [2010.09.26 19:35:07 | 000,000,000 | ---D | C] -- C:\Program Files\orb [2010.09.26 18:26:05 | 000,000,000 | ---D | C] -- C:\Users\SilverSurger\Taskbar [2010.09.26 17:34:35 | 000,028,160 | ---- | C] (mst software GmbH, Germany) -- C:\Windows\System32\DfSdkBt.exe [2010.09.26 12:26:21 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2010.09.26 12:05:52 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themeservice.dll.backup [2010.09.24 19:51:03 | 000,000,000 | ---D | C] -- C:\Users\SilverSurger\AppData\Roaming\EurekaLog [2010.06.26 19:58:54 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeFF7.dll [2008.12.25 08:31:08 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll [2 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.10.24 13:14:24 | 000,656,040 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.10.24 13:14:24 | 000,616,546 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.10.24 13:14:24 | 000,130,640 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.10.24 13:14:24 | 000,106,926 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.10.24 13:00:27 | 000,015,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.10.24 13:00:27 | 000,015,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.10.24 12:52:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.10.24 12:52:40 | 2411,876,352 | -HS- | M] () -- C:\hiberfil.sys [2010.10.24 11:07:03 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2470086164-179386694-4040076334-1001UA.job [2010.10.23 17:38:25 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2010.10.23 17:38:22 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2010.10.23 13:36:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\SilverSurger\Desktop\OTL.exe [2010.10.23 10:07:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2470086164-179386694-4040076334-1001Core.job [2010.10.19 11:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2010.10.17 12:19:03 | 000,002,268 | ---- | M] () -- C:\Users\SilverSurger\Desktop\NTI Shadow for ReadyNAS.lnk [2010.10.17 12:18:06 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTSHDW3.dll [2010.10.16 20:19:26 | 000,000,931 | ---- | M] () -- C:\Users\Public\Desktop\Anti-Twin.lnk [2010.10.16 18:50:29 | 000,001,948 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.10.14 03:22:04 | 002,530,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.10.02 21:52:37 | 000,001,024 | ---- | M] () -- C:\.rnd [2010.10.02 20:08:04 | 000,000,035 | ---- | M] () -- C:\Windows\lg.ini [2010.10.02 19:36:38 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2010.10.02 19:36:38 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2010.10.01 19:41:49 | 000,001,204 | ---- | M] () -- C:\Windows\System32\mapisvc.inf [2010.09.26 12:05:52 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\themeservice.dll [2010.09.26 12:05:39 | 000,758,040 | ---- | M] () -- C:\Windows\UTP.exe [2010.09.24 20:05:05 | 000,000,210 | ---- | M] () -- C:\Users\SilverSurger\Documents\autotyper.scar [2010.09.24 19:25:01 | 000,002,306 | ---- | M] () -- C:\Users\SilverSurger\Documents\fischen.scar [2 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.10.17 12:19:03 | 000,002,268 | ---- | C] () -- C:\Users\SilverSurger\Desktop\NTI Shadow for ReadyNAS.lnk [2010.10.17 12:18:06 | 000,001,024 | RH-- | C] () -- C:\Users\Public\Documents\NTSHDW3.dll [2010.10.16 20:19:26 | 000,000,931 | ---- | C] () -- C:\Users\Public\Desktop\Anti-Twin.lnk [2010.10.16 18:50:29 | 000,001,948 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.10.02 21:52:37 | 000,001,024 | ---- | C] () -- C:\.rnd [2010.10.02 20:08:04 | 000,000,035 | ---- | C] () -- C:\Windows\lg.ini [2010.10.02 19:36:38 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS [2010.10.02 19:36:38 | 000,000,000 | RHS- | C] () -- C:\IO.SYS [2010.09.26 19:40:24 | 000,017,408 | ---- | C] () -- C:\Windows\Shortcut.exe [2010.09.26 12:05:39 | 000,758,040 | ---- | C] () -- C:\Windows\UTP.exe [2010.09.24 20:05:04 | 000,000,210 | ---- | C] () -- C:\Users\SilverSurger\Documents\autotyper.scar [2010.05.28 19:18:52 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2010.04.22 17:23:25 | 000,003,584 | ---- | C] () -- C:\Users\SilverSurger\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.04.07 18:19:50 | 000,688,128 | ---- | C] () -- C:\Windows\System32\libeay32.dll [2010.04.07 18:19:50 | 000,155,648 | ---- | C] () -- C:\Windows\System32\ssleay32.dll [2009.11.14 12:29:01 | 000,004,140 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2009.10.26 08:38:41 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009.09.12 01:11:18 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll [2009.09.06 12:26:46 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2009.09.06 12:26:46 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.07 18:01:47 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.05.03 12:48:07 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2009.04.13 17:20:26 | 000,058,792 | ---- | C] () -- C:\Windows\System32\wbload.dll [2009.02.16 22:21:31 | 000,000,632 | ---- | C] () -- C:\Windows\CoDUO.INI [2008.12.24 23:42:13 | 000,000,057 | ---- | C] () -- C:\Windows\PidList.ini [2008.12.24 23:41:05 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2008.11.20 06:06:51 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll [2008.11.20 05:52:53 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll [2008.11.20 05:52:53 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll [2008.11.11 05:27:31 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.11.11 05:27:24 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll [2008.11.11 05:27:24 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll [2008.11.11 05:26:52 | 000,000,041 | ---- | C] () -- C:\Windows\Prelaunch.ini [2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2001.12.26 17:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.04 00:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 17:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 23:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll [1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys ========== LOP Check ========== [2009.04.13 14:32:42 | 000,000,000 | -HSD | M] -- C:\Users\SilverSurger\AppData\Roaming\.# [2009.10.26 07:26:29 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Acer GameZone Console [2009.10.26 07:26:31 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Artisteer [2009.10.26 07:26:31 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Ashampoo [2010.01.03 21:20:33 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Autodesk [2009.10.28 22:53:37 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\BitDefender [2010.09.17 20:13:50 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\CometPlayer [2010.06.18 19:47:26 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\DAEMON Tools Lite [2010.05.28 19:11:33 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\DAEMON Tools Pro [2009.11.24 20:02:33 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\DAZ 3D [2010.10.23 13:30:30 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\E1F6215D8513C313F473294815976EC4 [2010.01.09 17:19:16 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Easy Thumbnails [2009.10.26 07:26:31 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\eSobi [2010.09.24 19:51:03 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\EurekaLog [2010.10.12 15:59:58 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\FileZilla [2010.02.13 18:22:15 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\GrabPro [2009.12.09 19:04:03 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\HartlauerFotoService3 [2010.08.27 19:11:28 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\ICQ [2010.08.27 19:02:18 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Miranda Fusion [2010.10.17 12:19:00 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\NewTech Infosystems [2010.02.13 20:01:55 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\OCS [2010.02.13 20:01:59 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Opera [2010.08.08 14:20:32 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Orbit [2009.10.26 07:26:45 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\PC Suite [2010.06.26 19:44:02 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Samsung [2010.03.17 20:01:55 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\ScummVM [2009.10.26 07:26:45 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\SoftDMA [2010.06.26 20:00:06 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Sony [2009.10.26 07:26:45 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Stardock [2009.10.26 07:26:45 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\TeamViewer [2010.09.16 19:56:57 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Thunderbird [2010.01.09 22:12:48 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\TigerPlayer [2010.09.06 20:42:36 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Vivox [2010.09.10 18:33:33 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\WindSolutions [2010.10.24 13:30:12 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Extras.txt: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 24.10.2010 13:32:03 - Run 1
OTL by OldTimer - Version 3.2.16.0 Folder = C:\Users\SilverSurger\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 58,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 226,48 Gb Total Space | 90,45 Gb Free Space | 39,94% Space Free | Partition Type: NTFS
Drive D: | 226,51 Gb Total Space | 185,60 Gb Free Space | 81,94% Space Free | Partition Type: NTFS
Drive E: | 114,06 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: ACER-PC | User Name: SilverSurger | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- File not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- File not found
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption -- ( Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption -- ( Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr -- File not found
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption -- File not found
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption -- File not found
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr -- File not found
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 15
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{302E9B7B-2B6A-4C29-9A02-9F2110649779}" = Nuvoton EC Generic HID Driver
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{5783F2D7-8001-0407-0002-0060B0CE6BBA}" = AutoCAD 2010 - Deutsch
"{5783F2D7-8001-0407-1002-0060B0CE6BBA}" = AutoCAD 2010 Language Pack - Deutsch
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{70E1E357-E57C-4284-B04E-58196DC27BC1}" = PanoStandAlone
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C17AC9-80CF-4E9D-AFCA-336A1CB7B5ED}" = USB/DVD-Downloadtool für Windows 7
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91120407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DC11D9A-6DCD-4064-8363-63914A0122AB}" = C4500
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{AA6F009F-0CCD-4DD6-A462-28419C101D54}" = HP Photosmart C4500 All-In-One Driver Software 13.0 Rel. 4
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AEBBFC67-7A03-4DF3-9E71-BA5C9EB4FBEF}" = MobileMe Control Panel
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel(R) PROSet/Wireless WiFi-Software
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CF408B76-8698-4298-B549-5E6A94931B64}" = PS_AIO_04_C4500_Software_Min
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.57.409
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 1.60.13
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F722E488-A5B5-47ff-AA9B-4DE6CE7914CA}" = Windows 7 Upgrade Advisor
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F870B987-18BC-45FC-9BE8-35C02DCDA10F}" = Broadcom Gigabit Integrated Controller
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm
"{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}" = Media Go
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Anti-Twin 2010-10-16 20.19.26" = Anti-Twin (Installation 16.10.2010)
"Artisteer 2" = Artisteer 2
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE
"Ashampoo WinOptimizer 7_is1" = Ashampoo WinOptimizer 7.17
"AutoCAD 2010 - Deutsch" = AutoCAD 2010 - Deutsch
"BitComet" = BitComet 1.15
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"Direktfotosystem2_is1" = Direkt Foto System 3.x
"DivX Setup.divx.com" = DivX-Setup
"FileZilla Client" = FileZilla Client 3.3.3
"FLV Player" = FLV Player 2.0 (build 25)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"GridVista" = Acer GridVista
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 11.0
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.1.0 (Basic)
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MirandaFusion" = Miranda Fusion 2.1.1
"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
"Mozilla Thunderbird (3.1.5)" = Mozilla Thunderbird (3.1.5)
"MpcStar" = MpcStar 4.8
"NVIDIA Drivers" = NVIDIA Drivers
"PokerStars" = PokerStars
"ProInst" = Intel PROSet Wireless
"RAIDar 4.01c1-p1" = RAIDar 4.01c1-p1
"RAM Idle LE_is1" = RAM Idle LE
"SCAR Divi 3.22_is1" = SCAR Divi CDE 3.22
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"TeamViewer 5" = TeamViewer 5
"Uninstall_is1" = Uninstall 1.0.0.1
"Update Service" = Update Service
"VLC media player" = VLC media player 1.0.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR Archivierer
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{019D7B6B-1123-40E5-AD82-73DC6FE78B30}" = NTI Shadow for ReadyNAS
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
|
|
24.10.2010, 15:04
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Nach Trojaner-Angriff lahmer Systemstart, häufige Abstürze. Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
__________________Code:
ATTFilter :OTL
DRV - (vmkbd) -- File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.01.03 21:06:53 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007.12.27 22:09:18 | 000,358,872 | R--- | M] (NETGEAR Inc.) - E:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2006.03.27 12:25:00 | 000,000,045 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{4c58d481-d202-11dd-b912-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4c58d481-d202-11dd-b912-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2007.12.27 22:09:18 | 000,358,872 | R--- | M] (NETGEAR Inc.)
O33 - MountPoints2\{711b610b-6a7d-11df-b60e-001d72ee7740}\Shell - "" = AutoRun
O33 - MountPoints2\{711b610b-6a7d-11df-b60e-001d72ee7740}\Shell\AutoRun\command - "" = G:\RunGame.exe -- File not found
[2010.10.23 13:17:02 | 000,000,000 | ---D | C] -- C:\Users\SilverSurger\AppData\Roaming\E1F6215D8513C313F473294815976EC4
[2010.10.02 21:52:37 | 000,001,024 | ---- | M] () -- C:\.rnd
[2009.04.13 14:32:42 | 000,000,000 | -HSD | M] -- C:\Users\SilverSurger\AppData\Roaming\.#
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ |
|
24.10.2010, 16:35
| #3 | ||
| | Nach Trojaner-Angriff lahmer Systemstart, häufige Abstürze. Hallo!
__________________Erstmal vielen Dank für die schnelle Antwort! Ich hab den Custom Scan Code reinkopiert und FIX geklickt. Danach startet der Scan, einige Prozesse werden gekillt (darunter auc hder explorer) und bei der Zeile Zitat:
Danach kommt dann die Fehlermeldung Zitat:
Geändert von SilverSurger (24.10.2010 um 16:40 Uhr) |
|
24.10.2010, 19:40
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach Trojaner-Angriff lahmer Systemstart, häufige Abstürze. Dann lassen wir die beiden Zeilen mal weg, mach es nochmal mit diesem Text: Code:
ATTFilter :OTL
DRV - (vmkbd) -- File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.01.03 21:06:53 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007.12.27 22:09:18 | 000,358,872 | R--- | M] (NETGEAR Inc.) - E:\Autorun.exe -- [ CDFS ]
O33 - MountPoints2\{4c58d481-d202-11dd-b912-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4c58d481-d202-11dd-b912-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2007.12.27 22:09:18 | 000,358,872 | R--- | M] (NETGEAR Inc.)
O33 - MountPoints2\{711b610b-6a7d-11df-b60e-001d72ee7740}\Shell - "" = AutoRun
O33 - MountPoints2\{711b610b-6a7d-11df-b60e-001d72ee7740}\Shell\AutoRun\command - "" = G:\RunGame.exe -- File not found
[2010.10.23 13:17:02 | 000,000,000 | ---D | C] -- C:\Users\SilverSurger\AppData\Roaming\E1F6215D8513C313F473294815976EC4
[2010.10.02 21:52:37 | 000,001,024 | ---- | M] () -- C:\.rnd
[2009.04.13 14:32:42 | 000,000,000 | -HSD | M] -- C:\Users\SilverSurger\AppData\Roaming\.#
:Commands
[purity]
[emptytemp]
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
24.10.2010, 20:05
| #5 | |
| | Nach Trojaner-Angriff lahmer Systemstart, häufige Abstürze. So nach dem Reboot hab ich diese Logdatei erhalten: Zitat:
Ich bin gerade am Daten sichern - ich denke ich werd mal die Windows 7 Installation neu machen *würg* trotzdem vielen Dank für die Hilfe! |
|
24.10.2010, 20:30
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach Trojaner-Angriff lahmer Systemstart, häufige Abstürze. Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ --> Nach Trojaner-Angriff lahmer Systemstart, häufige Abstürze. |
|
24.10.2010, 21:07
| #7 |
| | Nach Trojaner-Angriff lahmer Systemstart, häufige Abstürze. Ich habe jetzt CCleaner wie in der Anleitung beschrieben ausgeführt, danach Combofix ebenso wie beschrieben. Nach der Installation und einem von Combofix ausgeführten Neustart, kam wie es wohl sein sollte die ComboFix Konsole in der der Wiederherstellungspunkt gesetzt wurde und nach infizierungen gesucht wurde. Die Suche nach Infizierungen dauerte in etwa 2 Minuten, dann startete Windows ganz normal. Seitdem funktioniert allerdings die Internet Verbindung nicht mehr. Der Zugriff zum Router per IP funktioniert, ein anderer PC (dieser) kommt einwandfrei ins Internet. Die vergebene IP Adresse per DHCP an den infizierten PC stimmt allerdings auch. Seit dem Neustart Melde KIS2011 "MBR.cfxee" würde eine potenziell gefährdende Veränderung aufweisen. edit:/ Nach einer Trennung und erneuten Verbindung zum Netzwerk funktioniert die internetverbindung wieder Die Datei c:\ComboFix.txt wurde nicht erstellt (zumindest nicht in c:\ ), auch die Windows Suche konnte die Datei nicht finden. edit:// Bei ComboFix wurde keine "Fertiggestellt" Meldung wie in den Screenshots der Anleitung gebracht, das Fenster hat sich nach der Meldung "Dies dauert nicht länger als 10 Minuten...." geschlossen und dann wurde der windows explorer usw gestartet - erst war der Hintergrund nur schwarz. Geändert von SilverSurger (24.10.2010 um 21:18 Uhr) |
|
24.10.2010, 21:23
| #8 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach Trojaner-Angriff lahmer Systemstart, häufige Abstürze.Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.10.2010, 21:26
| #9 |
| | Nach Trojaner-Angriff lahmer Systemstart, häufige Abstürze. Ja der Ordner ist da. edit: Ich hatte vor einiger Zeit mit einem "Windows 7 Start button Changer" die explorer.exe gepatcht - kann es sein dass deswegen der explorer eventuell zu spät gestartet wird und die Datei nicht erstellt wird? Ich habe jetzt die original explorer.exe wieder eingesetzt und gestartet, vielleicht funktioniert es jetzt so wie es sollte? Geändert von SilverSurger (24.10.2010 um 21:46 Uhr) |
|
25.10.2010, 07:57
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach Trojaner-Angriff lahmer Systemstart, häufige Abstürze. Ja das mit der explorer.exe kann daran liegen. ich brauch den Quarantäneordner von Combofix. Bitte folgendes machen: 1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf da nicht rummurksen! 2.) Ordner C:\Qoobox in eine Datei zippen 3.) die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html 4.) Wenns erfolgreich war Bescheid sagen 5.) Erst dann wieder den Virenscanner einschalten
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.10.2010, 14:02
| #11 |
| | Nach Trojaner-Angriff lahmer Systemstart, häufige Abstürze. Ich hab den Ornder heute gezippt und hochgeladen, jetzt hab ich mich gerade etwas über den schwarzen Bildschirm informiert den ich beim hochladen habe und der soll in Kombination mit dem Trojanerbefall und Windows update entstehen. Das ist auch nicht weit hergeholt, weil nämlich seit dem Befall die automatische Installation & Download von Updates geblockt wird. Gehe ich manuell auf die Updatesuche kommt ein Fehler und gehe ich auf die windows update Internetseite von Microsoft steht dass die Verbindung zum Server zurückgesetzt wurde... |
|
25.10.2010, 14:56
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach Trojaner-Angriff lahmer Systemstart, häufige Abstürze. CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.10.2010, 15:23
| #13 |
| | Nach Trojaner-Angriff lahmer Systemstart, häufige Abstürze. Neue informationen: Ich habe mir vorher von eurer Seite die tdsskiller.exe runtergeladen und damit festgestellt dass ich eine rootkit.tdss infizierung hatte (die aber anscheinend bereinigt wurde) Eine Logfile wurde aber nicht erstellt, nach dem Neustart war auch im Report der im Programm enthalten ist nichts zu finden. Danach habe ich noch Norman TDSS Cleaner rüberlaufen lassen - kein Fund. Windows Update funktioniert nach dem Scan mit tdsskiller wieder einwandfrei, auch die Website lässt sich wieder normal aufrufen. Das ist jetzt das Ergebnis von OTL: OTL Logfile: Code:
ATTFilter OTL logfile created on: 25.10.2010 16:04:38 - Run 2 OTL by OldTimer - Version 3.2.16.0 Folder = C:\Users\SilverSurger\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 226,48 Gb Total Space | 130,53 Gb Free Space | 57,63% Space Free | Partition Type: NTFS Drive D: | 226,51 Gb Total Space | 185,60 Gb Free Space | 81,94% Space Free | Partition Type: NTFS Computer Name: ACER-PC | User Name: SilverSurger | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days ========== Processes (SafeList) ========== PRC - C:\Users\SILVER~1\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.) PRC - C:\Users\SilverSurger\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging) PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) PRC - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) PRC - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 7\DfSdkS.exe (mst software GmbH, Germany) PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE () PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\sppsvc.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () PRC - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated) PRC - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) PRC - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) PRC - C:\Acer\Mobility Center\MobilityService.exe () ========== Modules (SafeList) ========== MOD - C:\Users\SilverSurger\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\winsta.dll (Microsoft Corporation) MOD - C:\Windows\System32\wkscli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\ntlanman.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\drprov.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\davclnt.dll (Microsoft Corporation) MOD - C:\Windows\System32\davhlpr.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cscapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Program Files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll (Adobe Systems Incorporated) ========== Win32 Services (SafeList) ========== SRV - (mysql) -- d:\xampp\mysql\bin\mysqld.exe File not found SRV - (FileZilla Server) -- d:\xampp\FileZillaFTP\FileZillaServer.exe File not found SRV - (Apache2.2) -- d:\xampp\apache\bin\httpd.exe File not found SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) Intel(R) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (DfSdkS) -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 7\Dfsdks.exe (mst software GmbH, Germany) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (OMSI download service) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () SRV - (ETService) -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe () SRV - (eDataSecurity Service) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe () ========== Driver Services (SafeList) ========== DRV - (WPRO_40_1123) WinPcap Packet Driver (WPRO_40_1123) -- C:\Windows\System32\drivers\WPRO_40_1123.sys File not found DRV - (VMnetAdapter) -- C:\Windows\System32\DRIVERS\vmnetadapter.sys File not found DRV - (VBoxNetFlt) -- C:\Windows\System32\DRIVERS\VBoxNetFlt.sys File not found DRV - (pccsmcfd) -- C:\Windows\System32\DRIVERS\pccsmcfd.sys File not found DRV - (catchme) -- C:\Users\SILVER~1\AppData\Local\Temp\catchme.sys File not found DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab) DRV - (dc3d) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation) DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.) DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO) DRV - (KL1) -- C:\Windows\system32\DRIVERS\kl1.sys (Kaspersky Lab ZAO) DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO) DRV - (leafnets) -- C:\Windows\System32\drivers\leafnets.sys (Leaf Networks) DRV - (vpcvmm) -- C:\Windows\System32\drivers\vpcvmm.sys (Microsoft Corporation) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (VBoxNetAdp) -- C:\Windows\System32\drivers\VBoxNetAdp.sys (Sun Microsystems, Inc.) DRV - (vpcnfltr) -- C:\Windows\System32\drivers\vpcnfltr.sys (Microsoft Corporation) DRV - (vpcusb) -- C:\Windows\System32\drivers\vpcusb.sys (Microsoft Corporation) DRV - (vpcbus) -- C:\Windows\System32\drivers\vpchbus.sys (Microsoft Corporation) DRV - (NETw5s32) Intel(R) -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation) DRV - (rdpbus) -- C:\Windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\System32\drivers\umpass.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (hidshim) -- C:\Windows\System32\drivers\hidshim.sys (Windows (R) Codename Longhorn DDK provider) DRV - (nuvotonhidgeneric) -- C:\Windows\System32\drivers\nuvotonhidgeneric.sys (Nuvoton Technology Corporation) DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (adfs) -- C:\Windows\System32\drivers\adfs.sys (Adobe Systems, Inc.) DRV - (psdvdisk) -- C:\Windows\System32\drivers\PSDVdisk.sys (Egis Incorporated) DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (Egis Incorporated) DRV - (PSDNServ) -- C:\Windows\System32\drivers\PSDNServ.sys (Egis Incorporated) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.) DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=1208&m=aspire_8730 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=1208&m=aspire_8730 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=1208&m=aspire_8730 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://chameleontom.iamwired.net/search.php?src=tops&q=" FF - prefs.js..browser.search.selectedEngine: "Search" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/" FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.0.232 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.0.232 FF - prefs.js..keyword.URL: "hxxp://chameleontom.iamwired.net/search.php?src=tops&q=" FF - user.js..browser.search.openintab: false FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009.12.01 22:27:55 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.24 20:13:57 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.21 15:47:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.10.21 15:46:10 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.10.16 18:50:28 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdtbext\ FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\THBExt [2010.07.15 19:21:33 | 000,000,000 | ---D | M] [2010.09.16 19:57:17 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\mozilla\Extensions [2010.09.16 19:57:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SilverSurger\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.09.06 20:32:57 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\mozilla\Extensions\IMVUClientXUL@imvu.com [2010.10.24 20:00:07 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\mozilla\Firefox\Profiles\suj645lk.default\extensions [2010.10.19 06:12:23 | 000,000,950 | ---- | M] () -- C:\Users\SilverSurger\AppData\Roaming\Mozilla\FireFox\Profiles\suj645lk.default\searchplugins\icqplugin-1.xml [2010.03.23 20:10:10 | 000,000,950 | ---- | M] () -- C:\Users\SilverSurger\AppData\Roaming\Mozilla\FireFox\Profiles\suj645lk.default\searchplugins\icqplugin-2.xml [2010.04.03 13:39:44 | 000,000,950 | ---- | M] () -- C:\Users\SilverSurger\AppData\Roaming\Mozilla\FireFox\Profiles\suj645lk.default\searchplugins\icqplugin-3.xml [2010.02.03 14:37:50 | 000,000,947 | ---- | M] () -- C:\Users\SilverSurger\AppData\Roaming\Mozilla\FireFox\Profiles\suj645lk.default\searchplugins\icqplugin.xml [2010.02.09 19:15:18 | 000,005,395 | ---- | M] () -- C:\Users\SilverSurger\AppData\Roaming\Mozilla\FireFox\Profiles\suj645lk.default\searchplugins\Search.xml [2010.08.22 14:59:56 | 000,001,379 | ---- | M] () -- C:\Users\SilverSurger\AppData\Roaming\Mozilla\FireFox\Profiles\suj645lk.default\searchplugins\winamp-search.xml [2010.10.24 22:19:18 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010.07.18 09:57:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru [2010.07.18 09:57:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2009.09.13 23:10:06 | 000,047,104 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\Mozilla Firefox\components\FFComm.dll [2009.07.17 10:40:12 | 000,704,512 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll [2010.08.01 09:33:51 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.08.01 09:33:51 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.08.01 09:33:52 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.08.01 09:33:52 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.08.01 09:33:52 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml Hosts file not found O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll (kikin) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKCU..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0 O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm () O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll (kikin) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\SilverSurger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk File not found O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.173.72.3 213.173.72.1 O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O24 - Desktop WallPaper: C:\Windows\web\wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\web\wallpaper\img24.jpg O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.01.03 21:06:53 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation) NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SafeBootMin: AppMgmt - C:\Windows\System32\appmgmts.dll File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PEVSystemStart - Service SafeBootMin: PNP Filter - Driver Group SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation) SafeBootMin: Primary disk - Driver Group SafeBootMin: procexp90.Sys - Driver SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - C:\Windows\System32\appmgmts.dll File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PEVSystemStart - Service SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation) SafeBootNet: Primary disk - Driver Group SafeBootNet: procexp90.Sys - Driver SafeBootNet: rdsessmgr - Service SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {1966CAF0-DEE0-B244-B08D-5303F93CBBA2} - Browser Customizations ActiveX: {1D476059-756E-EC06-03D6-77A39788F969} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6EE84F6C-C803-83D8-EFFE-DB298867C315} - .NET Framework ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {7E43D666-A4C3-F1BB-902D-95AEA2B0C1C7} - Internet Explorer ActiveX: {88DD3A09-0DE8-AED3-9B12-252F32865220} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {9F1DA068-8B0D-8416-A5DC-1E6F62DAE3A4} - Microsoft Windows Media Player 12.0 ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E564FBBC-8184-9A62-C0A9-F23170364DBB} - Internet Explorer ActiveX: {E8CF53D9-A695-E6CD-D18D-2F54DA348BCF} - Browser Customizations ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {FB15F807-B62E-1BBE-3854-0F2C13541026} - Microsoft Windows Media Player 12.0 ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: VIDC.FFDS - ff_vfw.dll File not found Drivers32: vidc.tscc - C:\Program Files\MpcStar\Codecs\tscc\tsccvid.dll (TechSmith Corporation) Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) ========== Files/Folders - Created Within 90 Days ========== [2010.10.25 15:59:51 | 002,661,704 | ---- | C] (Norman ASA) -- C:\Users\SilverSurger\Desktop\Norman_TDSS_Cleaner.exe [2010.10.25 15:51:23 | 001,317,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\SilverSurger\Desktop\TDSSKiller.exe [2010.10.25 15:26:21 | 000,049,504 | ---- | C] (Prevx) -- C:\Users\SilverSurger\Desktop\fixshell.exe [2010.10.24 21:51:19 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2010.10.24 21:51:19 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2010.10.24 21:51:19 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2010.10.24 21:50:58 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010.10.24 21:48:14 | 000,000,000 | --SD | C] -- C:\cofi [2010.10.24 21:47:51 | 000,000,000 | ---D | C] -- C:\Qoobox [2010.10.24 21:47:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2010.10.24 21:39:58 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2010.10.24 21:37:41 | 001,187,896 | ---- | C] (Piriform Ltd) -- C:\Users\SilverSurger\Desktop\ccsetup236.exe [2010.10.24 20:34:20 | 000,000,000 | ---D | C] -- C:\Program Files\Magical Jelly Bean [2010.10.24 17:28:31 | 000,000,000 | ---D | C] -- C:\_OTL [2010.10.24 16:22:58 | 000,000,000 | ---D | C] -- C:\JDownloader [2010.10.24 16:12:49 | 000,000,000 | ---D | C] -- C:\Users\SilverSurger\AppData\Roaming\kikin [2010.10.24 16:12:43 | 000,000,000 | ---D | C] -- C:\Program Files\kikin [2010.10.24 16:12:36 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader [2010.10.24 13:30:19 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\SilverSurger\Desktop\OTL.exe [2010.10.23 17:31:16 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan [2010.10.18 19:56:27 | 000,000,000 | ---D | C] -- C:\Users\SilverSurger\Documents\Bewerbungen [2010.10.17 12:19:31 | 000,000,000 | ---D | C] -- C:\Users\SilverSurger\NTI-Shadow [2010.10.17 12:19:00 | 000,000,000 | ---D | C] -- C:\Users\SilverSurger\AppData\Roaming\NewTech Infosystems [2010.10.17 12:19:00 | 000,000,000 | ---D | C] -- C:\Users\SilverSurger\AppData\Roaming\InstallShield Installation Information [2010.10.17 12:18:01 | 000,000,000 | ---D | C] -- C:\Users\SilverSurger\AppData\Roaming\InstallShield [2010.10.16 20:19:26 | 000,000,000 | ---D | C] -- C:\Program Files\AntiTwin [2010.10.15 20:05:54 | 000,000,000 | R-SD | C] -- C:\Users\SilverSurger\Documents\My Stationery [2010.10.02 22:03:09 | 000,000,000 | ---D | C] -- C:\Users\SilverSurger\Documents\Virtual Machines [2010.10.02 21:57:45 | 000,000,000 | ---D | C] -- C:\Users\SilverSurger\AppData\Local\VMware [2010.10.02 21:57:38 | 000,000,000 | ---D | C] -- C:\Users\SilverSurger\AppData\Roaming\VMware [2010.10.02 21:52:02 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware [2010.10.02 20:35:58 | 000,000,000 | R--D | C] -- C:\Users\SilverSurger\Virtual Machines [2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\zh-TW [2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\zh-CN [2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Virtual PC [2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\tr-TR [2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\th-TH [2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\sv-SE [2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\ru-RU [2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\ro-RO [2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\pt-PT [2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\pt-BR [2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\pl-PL [2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nl-NL [2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nb-NO [2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\ko-KR [2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\ja-JP [2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\it-IT [2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\hu-HU [2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\he-IL [2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\fr-FR [2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\fi-FI [2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\es-ES [2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\en-US [2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\el-GR [2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\da-DK [2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\cs-CZ [2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\ar-SA [2010.10.02 20:22:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage [2010.09.26 20:33:18 | 000,000,000 | ---D | C] -- C:\Program Files\copy trans manager [2010.09.26 19:40:23 | 000,000,000 | ---D | C] -- C:\Program Files\RAM Idle LE [2010.09.26 19:35:32 | 000,000,000 | ---D | C] -- C:\Windows\W7SBC [2010.09.26 19:35:07 | 000,000,000 | ---D | C] -- C:\Program Files\orb [2010.09.26 18:26:05 | 000,000,000 | ---D | C] -- C:\Users\SilverSurger\Taskbar [2010.09.26 17:34:35 | 000,028,160 | ---- | C] (mst software GmbH, Germany) -- C:\Windows\System32\DfSdkBt.exe [2010.09.26 12:26:21 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2010.09.24 19:51:03 | 000,000,000 | ---D | C] -- C:\Users\SilverSurger\AppData\Roaming\EurekaLog [2010.09.10 18:33:33 | 000,000,000 | ---D | C] -- C:\Users\SilverSurger\AppData\Roaming\WindSolutions [2010.09.10 18:32:51 | 000,000,000 | ---D | C] -- C:\ProgramData\WindSolutions [2010.09.06 20:42:36 | 000,000,000 | ---D | C] -- C:\Users\SilverSurger\AppData\Roaming\Vivox [2010.09.05 16:18:49 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess [2010.09.05 15:05:41 | 000,000,000 | ---D | C] -- C:\Users\SilverSurger\AppData\Roaming\CometPlayer [2010.09.02 19:47:23 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\Windows\System32\ssubtmr6.dll [2010.09.02 19:47:22 | 000,000,000 | ---D | C] -- C:\Program Files\Smarty Uninstaller Pro [2010.08.27 19:02:17 | 000,000,000 | ---D | C] -- C:\Users\SilverSurger\AppData\Roaming\Miranda Fusion [2010.08.27 19:02:07 | 000,000,000 | ---D | C] -- C:\Program Files\MirandaFusion [2010.08.27 17:35:04 | 000,000,000 | ---D | C] -- C:\Users\SilverSurger\AppData\Roaming\Malwarebytes [2010.08.27 17:34:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.08.27 17:34:40 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.08.27 17:34:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.08.27 17:34:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.08.22 20:29:05 | 000,000,000 | ---D | C] -- C:\Users\SilverSurger\AppData\Local\Cooliris [2010.08.22 14:59:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\IO [2010.06.26 19:58:54 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeFF7.dll [2008.12.25 08:31:08 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll ========== Files - Modified Within 90 Days ========== [2010.10.25 16:07:00 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2470086164-179386694-4040076334-1001UA.job [2010.10.25 16:05:38 | 000,656,040 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.10.25 16:05:38 | 000,616,546 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.10.25 16:05:38 | 000,130,640 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.10.25 16:05:38 | 000,106,926 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.10.25 16:04:50 | 000,015,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.10.25 16:04:50 | 000,015,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.10.25 16:00:04 | 002,661,704 | ---- | M] (Norman ASA) -- C:\Users\SilverSurger\Desktop\Norman_TDSS_Cleaner.exe [2010.10.25 15:57:48 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2010.10.25 15:57:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.10.25 15:56:54 | 2411,888,640 | -HS- | M] () -- C:\hiberfil.sys [2010.10.25 15:26:22 | 000,049,504 | ---- | M] (Prevx) -- C:\Users\SilverSurger\Desktop\fixshell.exe [2010.10.25 10:08:51 | 000,008,065 | ---- | M] () -- C:\Qoobox.zip [2010.10.25 09:50:38 | 001,317,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\SilverSurger\Desktop\TDSSKiller.exe [2010.10.24 21:43:27 | 000,093,274 | ---- | M] () -- C:\Users\SilverSurger\Documents\cc_20101024_214305.reg [2010.10.24 21:40:00 | 000,000,929 | ---- | M] () -- C:\Users\SilverSurger\Desktop\CCleaner.lnk [2010.10.24 21:38:42 | 001,187,896 | ---- | M] (Piriform Ltd) -- C:\Users\SilverSurger\Desktop\ccsetup236.exe [2010.10.24 21:38:31 | 003,883,109 | R--- | M] () -- C:\Users\SilverSurger\Desktop\cofi.exe [2010.10.24 20:36:51 | 000,000,000 | ---- | M] () -- C:\Windows\System32\HP_169.254.138.143_CN8B4F21TN057K [2010.10.24 20:34:20 | 000,000,942 | ---- | M] () -- C:\Users\Public\Desktop\KeyFinder.lnk [2010.10.24 16:23:04 | 000,000,668 | ---- | M] () -- C:\Users\Public\Desktop\JDownloader.lnk [2010.10.23 17:38:25 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2010.10.23 13:36:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\SilverSurger\Desktop\OTL.exe [2010.10.23 10:07:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2470086164-179386694-4040076334-1001Core.job [2010.10.17 12:19:03 | 000,002,268 | ---- | M] () -- C:\Users\SilverSurger\Desktop\NTI Shadow for ReadyNAS.lnk [2010.10.17 12:18:06 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTSHDW3.dll [2010.10.16 20:19:26 | 000,000,931 | ---- | M] () -- C:\Users\Public\Desktop\Anti-Twin.lnk [2010.10.16 18:50:29 | 000,001,948 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.10.14 03:22:04 | 002,530,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.10.02 20:08:04 | 000,000,035 | ---- | M] () -- C:\Windows\lg.ini [2010.10.02 19:36:38 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2010.10.02 19:36:38 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2010.10.01 19:41:49 | 000,001,204 | ---- | M] () -- C:\Windows\System32\mapisvc.inf [2010.09.26 12:05:39 | 000,758,040 | ---- | M] () -- C:\Windows\UTP.exe [2010.09.24 20:05:05 | 000,000,210 | ---- | M] () -- C:\Users\SilverSurger\Documents\autotyper.scar [2010.09.24 19:25:01 | 000,002,306 | ---- | M] () -- C:\Users\SilverSurger\Documents\fischen.scar [2010.09.19 15:47:32 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_dc3d_01009.Wdf [2010.09.18 20:58:04 | 000,000,276 | ---- | M] () -- C:\Users\SilverSurger\SciTE.session [2010.09.10 18:35:45 | 000,003,584 | ---- | M] () -- C:\Users\SilverSurger\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.04 22:54:19 | 000,025,088 | ---- | M] () -- C:\Users\SilverSurger\Documents\Verkauf Spiele + Konsolen.doc [2010.08.04 17:10:03 | 000,028,160 | ---- | M] () -- C:\Users\SilverSurger\Documents\Filme.doc [2010.07.29 19:00:46 | 000,113,933 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat [2010.07.29 19:00:46 | 000,097,549 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat ========== Files Created - No Company Name ========== [2010.10.25 10:08:51 | 000,008,065 | ---- | C] () -- C:\Qoobox.zip [2010.10.24 22:24:41 | 002,413,056 | ---- | C] () -- C:\Users\SilverSurger\Desktop\UxStyle_Core_Jul13_x86.msi [2010.10.24 21:51:20 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe [2010.10.24 21:51:19 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2010.10.24 21:51:19 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2010.10.24 21:51:19 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2010.10.24 21:51:19 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2010.10.24 21:43:09 | 000,093,274 | ---- | C] () -- C:\Users\SilverSurger\Documents\cc_20101024_214305.reg [2010.10.24 21:40:00 | 000,000,929 | ---- | C] () -- C:\Users\SilverSurger\Desktop\CCleaner.lnk [2010.10.24 21:35:06 | 003,883,109 | R--- | C] () -- C:\Users\SilverSurger\Desktop\cofi.exe [2010.10.24 20:36:51 | 000,000,000 | ---- | C] () -- C:\Windows\System32\HP_169.254.138.143_CN8B4F21TN057K [2010.10.24 20:34:20 | 000,000,942 | ---- | C] () -- C:\Users\Public\Desktop\KeyFinder.lnk [2010.10.24 16:23:04 | 000,000,668 | ---- | C] () -- C:\Users\Public\Desktop\JDownloader.lnk [2010.10.17 12:19:03 | 000,002,268 | ---- | C] () -- C:\Users\SilverSurger\Desktop\NTI Shadow for ReadyNAS.lnk [2010.10.17 12:18:06 | 000,001,024 | RH-- | C] () -- C:\Users\Public\Documents\NTSHDW3.dll [2010.10.16 20:19:26 | 000,000,931 | ---- | C] () -- C:\Users\Public\Desktop\Anti-Twin.lnk [2010.10.16 18:50:29 | 000,001,948 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.10.02 20:08:04 | 000,000,035 | ---- | C] () -- C:\Windows\lg.ini [2010.10.02 19:36:38 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS [2010.10.02 19:36:38 | 000,000,000 | RHS- | C] () -- C:\IO.SYS [2010.09.26 19:40:24 | 000,017,408 | ---- | C] () -- C:\Windows\Shortcut.exe [2010.09.26 12:05:39 | 000,758,040 | ---- | C] () -- C:\Windows\UTP.exe [2010.09.24 20:05:04 | 000,000,210 | ---- | C] () -- C:\Users\SilverSurger\Documents\autotyper.scar [2010.09.19 17:42:43 | 000,002,306 | ---- | C] () -- C:\Users\SilverSurger\Documents\fischen.scar [2010.09.19 15:47:32 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_dc3d_01009.Wdf [2010.09.18 20:46:07 | 000,000,276 | ---- | C] () -- C:\Users\SilverSurger\SciTE.session [2010.08.04 17:06:26 | 000,028,160 | ---- | C] () -- C:\Users\SilverSurger\Documents\Filme.doc [2010.08.04 16:49:34 | 000,025,088 | ---- | C] () -- C:\Users\SilverSurger\Documents\Verkauf Spiele + Konsolen.doc [2010.04.22 17:23:25 | 000,003,584 | ---- | C] () -- C:\Users\SilverSurger\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.04.07 18:19:50 | 000,688,128 | ---- | C] () -- C:\Windows\System32\libeay32.dll [2010.04.07 18:19:50 | 000,155,648 | ---- | C] () -- C:\Windows\System32\ssleay32.dll [2009.11.14 12:29:01 | 000,004,140 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2009.10.26 08:38:41 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009.09.12 01:11:18 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll [2009.09.06 12:26:46 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2009.09.06 12:26:46 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.07.13 01:07:46 | 000,025,448 | ---- | C] () -- C:\Windows\System32\drivers\uxpatch.sys [2009.06.07 18:01:47 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.05.03 12:48:07 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2009.04.13 17:20:26 | 000,058,792 | ---- | C] () -- C:\Windows\System32\wbload.dll [2009.02.16 22:21:31 | 000,000,632 | ---- | C] () -- C:\Windows\CoDUO.INI [2008.12.24 23:42:13 | 000,000,057 | ---- | C] () -- C:\Windows\PidList.ini [2008.12.24 23:41:05 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2008.11.20 06:06:51 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll [2008.11.20 05:52:53 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll [2008.11.20 05:52:53 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll [2008.11.11 05:27:31 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.11.11 05:27:24 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll [2008.11.11 05:27:24 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll [2008.11.11 05:26:52 | 000,000,041 | ---- | C] () -- C:\Windows\Prelaunch.ini [2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2001.12.26 17:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.04 00:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 17:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 23:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll [1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys ========== LOP Check ========== [2009.10.26 07:26:29 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Acer GameZone Console [2009.10.26 07:26:31 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Artisteer [2009.10.26 07:26:31 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Ashampoo [2010.01.03 21:20:33 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Autodesk [2009.10.28 22:53:37 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\BitDefender [2010.09.17 20:13:50 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\CometPlayer [2010.06.18 19:47:26 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\DAEMON Tools Lite [2010.05.28 19:11:33 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\DAEMON Tools Pro [2009.11.24 20:02:33 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\DAZ 3D [2010.01.09 17:19:16 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Easy Thumbnails [2009.10.26 07:26:31 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\eSobi [2010.09.24 19:51:03 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\EurekaLog [2010.10.12 15:59:58 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\FileZilla [2010.02.13 18:22:15 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\GrabPro [2009.12.09 19:04:03 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\HartlauerFotoService3 [2010.08.27 19:11:28 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\ICQ [2010.10.24 20:00:02 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\kikin [2010.08.27 19:02:18 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Miranda Fusion [2010.10.17 12:19:00 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\NewTech Infosystems [2010.02.13 20:01:55 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\OCS [2010.02.13 20:01:59 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Opera [2010.08.08 14:20:32 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Orbit [2009.10.26 07:26:45 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\PC Suite [2010.06.26 19:44:02 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Samsung [2010.03.17 20:01:55 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\ScummVM [2009.10.26 07:26:45 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\SoftDMA [2010.06.26 20:00:06 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Sony [2009.10.26 07:26:45 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Stardock [2009.10.26 07:26:45 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\TeamViewer [2010.09.16 19:56:57 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Thunderbird [2010.01.09 22:12:48 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\TigerPlayer [2010.09.06 20:42:36 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Vivox [2010.09.10 18:33:33 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\WindSolutions [2010.10.25 15:43:08 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2009.10.26 07:26:29 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Acer GameZone Console [2009.10.28 23:02:15 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Adobe [2010.07.23 19:24:01 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Apple Computer [2009.10.26 07:26:31 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Artisteer [2009.10.26 07:26:31 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Ashampoo [2010.01.03 21:20:33 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Autodesk [2009.10.28 22:53:37 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\BitDefender [2010.09.17 20:13:50 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\CometPlayer [2009.10.26 07:26:31 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\CyberLink [2010.06.18 19:47:26 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\DAEMON Tools Lite [2010.05.28 19:11:33 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\DAEMON Tools Pro [2009.11.24 20:02:33 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\DAZ 3D [2010.06.26 20:00:48 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\DivX [2009.10.26 07:26:31 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Download Manager [2010.01.09 17:19:16 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Easy Thumbnails [2009.10.26 07:26:31 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\eSobi [2010.09.24 19:51:03 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\EurekaLog [2010.10.12 15:59:58 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\FileZilla [2009.10.26 07:26:31 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Google [2010.02.13 18:22:15 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\GrabPro [2009.12.09 19:04:03 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\HartlauerFotoService3 [2009.12.01 22:32:31 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\HP [2009.12.12 22:03:47 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\HpUpdate [2010.08.27 19:11:28 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\ICQ [2010.10.15 20:05:48 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Identities [2009.10.26 07:26:32 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\IDMComp [2010.10.17 12:18:01 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\InstallShield [2010.10.17 12:19:00 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\InstallShield Installation Information [2009.10.26 08:44:53 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Intel [2010.10.24 20:00:02 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\kikin [2009.11.29 18:03:59 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Macromedia [2010.08.27 17:35:04 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Malwarebytes [2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Media Center Programs [2009.10.28 22:00:22 | 000,000,000 | --SD | M] -- C:\Users\SilverSurger\AppData\Roaming\Microsoft [2010.08.27 19:02:18 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Miranda Fusion [2009.10.26 07:26:44 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Mozilla [2010.10.17 12:19:00 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\NewTech Infosystems [2010.02.13 20:01:55 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\OCS [2010.02.13 20:01:59 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Opera [2010.08.08 14:20:32 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Orbit [2009.10.26 07:26:45 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\PC Suite [2010.03.22 10:19:57 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Real [2010.06.26 19:44:02 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Samsung [2010.03.17 20:01:55 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\ScummVM [2009.10.26 07:26:45 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\SoftDMA [2010.06.26 20:00:06 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Sony [2009.10.26 07:26:45 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Stardock [2009.10.26 07:26:45 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Talkback [2009.10.26 07:26:45 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\TeamViewer [2010.09.16 19:56:57 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Thunderbird [2010.01.09 22:12:48 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\TigerPlayer [2010.09.06 20:42:36 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Vivox [2010.10.09 19:00:24 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\vlc [2010.10.24 13:00:26 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\VMware [2010.09.10 18:33:33 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\WindSolutions < %APPDATA%\*.exe /s > [2009.12.07 17:50:11 | 002,056,658 | ---- | M] ( ) -- C:\Users\SilverSurger\AppData\Roaming\HartlauerFotoService3\update\dfs.exe [2010.10.17 12:18:00 | 000,455,600 | ---- | M] (Macrovision Corporation) -- C:\Users\SilverSurger\AppData\Roaming\InstallShield Installation Information\{019D7B6B-1123-40E5-AD82-73DC6FE78B30}\setup.exe [2009.10.25 21:37:23 | 000,098,304 | R--- | M] (Microsoft Corp.) -- C:\Users\SilverSurger\AppData\Roaming\Microsoft\Installer\{78C17AC9-80CF-4E9D-AFCA-336A1CB7B5ED}\icons.exe [2008.01.18 09:15:42 | 000,652,536 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Users\SilverSurger\AppData\Roaming\NewTech Infosystems\NTI Shadow for ReadyNAS\Shadow.exe [2010.02.13 20:01:55 | 000,106,496 | ---- | M] (OCS) -- C:\Users\SilverSurger\AppData\Roaming\OCS\SM\SearchAnonymizer.exe [2010.02.13 20:01:55 | 000,040,960 | ---- | M] () -- C:\Users\SilverSurger\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTORV.SYS > [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll < MD5 for: USERINIT.EXE > [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2010.05.07 00:19:02 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\System32\drivers\kl1.sys [2010.05.07 00:19:06 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\System32\drivers\kl2.sys [2010.07.15 19:20:59 | 000,475,224 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\System32\drivers\klif.sys [2010.04.22 19:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\System32\drivers\klim6.sys [2009.11.02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\System32\drivers\klmouflt.sys < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2010.05.07 12:37:58 | 000,228,024 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\System32\klogon.dll [2009.07.14 03:15:50 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\msvbvm60.dll < End of report > |
|
25.10.2010, 17:52
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach Trojaner-Angriff lahmer Systemstart, häufige Abstürze. tdsskiller kann manchmal helfen, CF löscht den aber auch aber das lief ja bei Dir nicht  Probier CF bitte nach Anleitung nochmal aus
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.10.2010, 20:09
| #15 |
| | Nach Trojaner-Angriff lahmer Systemstart, häufige Abstürze. So hier die Logdatei von ComboFix. Ich habe das Gefühl dass alles wieder recht okay ist - natürlich weiß ich nicht was die Logdatei sagt, weil ich davon keinen Plan habe, aber Abstürze, schwarzer Bildschirm und das Lahmen haben anscheinend ein Ende gefunden. Combofix Logfile: Code:
ATTFilter ComboFix 10-10-24.06 - SilverSurger 25.10.2010 20:58:30.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.43.1031.18.3067.1821 [GMT 2:00]
ausgeführt von:: c:\users\SilverSurger\Desktop\cofi.exe
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\hpeFF7.dll
c:\users\SilverSurger\AppData\Roaming\EurekaLog
.
((((((((((((((((((((((( Dateien erstellt von 2010-09-25 bis 2010-10-25 ))))))))))))))))))))))))))))))
.
2010-10-25 19:04 . 2010-10-25 19:04 -------- d-----w- c:\users\Mcx1-ACER-PC\AppData\Local\temp
2010-10-25 19:04 . 2010-10-25 19:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-25 19:04 . 2010-10-25 19:04 -------- d-----w- c:\users\acer\AppData\Local\temp
2010-10-24 19:39 . 2010-10-24 19:40 -------- d-----w- c:\program files\CCleaner
2010-10-24 18:34 . 2010-10-24 18:34 -------- d-----w- c:\program files\Magical Jelly Bean
2010-10-24 18:12 . 2010-10-24 18:13 -------- d-----w- c:\users\SilverSurger360
2010-10-24 15:28 . 2010-10-24 15:28 -------- d-----w- C:\_OTL
2010-10-24 14:22 . 2010-10-25 15:36 -------- d-----w- C:\JDownloader
2010-10-24 14:12 . 2010-10-24 18:00 -------- d-----w- c:\users\SilverSurger\AppData\Roaming\kikin
2010-10-24 14:12 . 2010-10-24 14:12 -------- d-----w- c:\program files\kikin
2010-10-24 14:12 . 2010-10-24 18:07 -------- d-----w- c:\program files\JDownloader
2010-10-23 15:31 . 2010-10-23 15:31 -------- d-----w- c:\program files\McAfee Security Scan
2010-10-22 11:23 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7E67CDB9-A1FC-42A8-8342-0FD272A9E365}\mpengine.dll
2010-10-17 10:19 . 2010-10-17 22:24 -------- d-----w- c:\users\SilverSurger\NTI-Shadow
2010-10-17 10:19 . 2010-10-17 10:19 -------- d-----w- c:\users\SilverSurger\AppData\Roaming\NewTech Infosystems
2010-10-17 10:19 . 2010-10-17 10:19 -------- d-----w- c:\users\SilverSurger\AppData\Roaming\InstallShield Installation Information
2010-10-17 10:18 . 2010-10-17 10:18 -------- d-----w- c:\users\SilverSurger\AppData\Roaming\InstallShield
2010-10-16 18:19 . 2010-10-16 18:19 -------- d-----w- c:\program files\AntiTwin
2010-10-02 19:57 . 2010-10-03 10:23 -------- d-----w- c:\users\SilverSurger\AppData\Local\VMware
2010-10-02 19:57 . 2010-10-24 11:00 -------- d-----w- c:\users\SilverSurger\AppData\Roaming\VMware
2010-10-02 19:52 . 2010-10-24 11:02 -------- d-----w- c:\programdata\VMware
2010-10-02 18:43 . 2009-12-31 09:22 295936 ----a-w- c:\windows\system32\drivers\vpcvmm.sys
2010-10-02 18:43 . 2009-12-31 09:05 2171392 ----a-w- c:\windows\system32\VPCWizard.exe
2010-10-02 18:43 . 2009-12-31 09:05 3330560 ----a-w- c:\windows\system32\vpc.exe
2010-10-02 18:43 . 2009-12-31 06:48 1003008 ----a-w- c:\windows\system32\VMWindow.exe
2010-10-02 18:35 . 2010-10-02 19:58 -------- d-----r- c:\users\SilverSurger\Virtual Machines
2010-10-02 18:25 . 2009-09-23 01:18 14848 ----a-w- c:\windows\system32\vpchbuspipe.dll
2010-10-02 18:25 . 2009-09-23 01:19 55040 ----a-w- c:\windows\system32\drivers\vpcnfltr.sys
2010-10-02 18:25 . 2009-09-23 01:18 78336 ----a-w- c:\windows\system32\drivers\vpcusb.sys
2010-10-02 18:25 . 2009-09-23 01:18 165376 ----a-w- c:\windows\system32\drivers\vpchbus.sys
2010-10-02 18:25 . 2009-09-23 01:18 1260032 ----a-w- c:\windows\system32\VPCSettings.exe
2010-10-02 18:25 . 2009-09-23 01:18 559616 ----a-w- c:\windows\system32\VMCPropertyHandler.dll
2010-10-02 18:25 . 2009-09-23 01:18 793600 ----a-w- c:\windows\system32\vmsal.exe
2010-10-02 18:20 . 2009-06-25 11:20 1446264 ----a-w- c:\program files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
2010-10-02 17:36 . 1996-12-03 11:35 18862131 ----a-w- c:\program files\Mozilla Firefox\F95_DEMO.EXE
2010-09-29 01:00 . 2010-03-04 04:04 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2010-09-29 01:00 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-09-28 23:18 . 2010-06-19 06:15 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-28 23:18 . 2010-08-27 05:30 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-09-26 18:33 . 2010-09-26 18:33 -------- d-----w- c:\program files\copy trans manager
2010-09-26 17:40 . 2002-09-22 10:42 17408 ----a-w- c:\windows\Shortcut.exe
2010-09-26 17:40 . 2010-09-26 17:40 -------- d-----w- c:\program files\RAM Idle LE
2010-09-26 17:35 . 2010-09-26 17:35 -------- d-----w- c:\windows\W7SBC
2010-09-26 17:35 . 2009-10-31 05:45 2614272 ----a-w- c:\windows\explorer_edit_w7sbc.exe
2010-09-26 17:35 . 2010-09-26 17:35 -------- d-----w- c:\program files\orb
2010-09-26 16:26 . 2010-09-26 16:26 -------- d-----w- c:\users\SilverSurger\Taskbar
2010-09-26 15:34 . 2009-08-24 20:08 28160 ----a-w- c:\windows\system32\DfSdkBt.exe
2010-09-26 10:26 . 2010-09-26 10:26 -------- d-----w- c:\program files\7-Zip
2010-09-26 10:05 . 2009-07-14 01:16 2755072 ----a-w- c:\windows\system32\themeui.dll.backup
2010-09-26 10:05 . 2009-07-14 01:16 37376 ----a-w- c:\windows\system32\themeservice.dll.backup
2010-09-26 10:05 . 2009-07-14 01:16 249856 ----a-w- c:\windows\system32\uxtheme.dll.backup
2010-09-26 10:05 . 2010-09-26 10:05 758040 ----a-w- c:\windows\UTP.exe
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-25 08:08 . 2010-10-25 08:08 8065 ----a-w- C:\Qoobox.zip
2010-10-19 09:41 . 2009-10-26 06:04 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-08 09:17 . 2010-09-08 09:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 09:17 . 2010-09-08 09:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-08-21 05:32 . 2010-09-14 22:55 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-29 06:30 . 2010-08-11 11:06 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-11 11:06 82944 ----a-w- c:\windows\system32\iccvid.dll
2009-09-13 21:10 . 2009-10-28 20:58 47104 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
2010-06-24 00:17 782568 ----a-w- c:\program files\kikin\ie_kikin.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-29 16:52 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-09-19 6294048]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-22 13601312]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-22 92704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-09-11 544768]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-07-29 526896]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-11-28 417792]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-25 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"LManager"="c:\progra~1\Launch Manager\LManager.exe" [2008-11-21 858632]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-05-07 344736]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-08-20 1164584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFileAssociate"= 0 (0x0)
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
R1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-05-06 132184]
R2 Apache2.2;Apache2.2;d:\xampp\apache\bin\httpd.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-11-28 24576]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R3 dc3d;Microsoft-Hardware – Geräteerkennungstreiber;c:\windows\system32\DRIVERS\dc3d.sys [2010-07-01 44432]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2010-06-26 13224]
R3 leafnets;Leaf Networks Adapter;c:\windows\system32\DRIVERS\leafnets.sys [2010-01-12 55296]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2009-10-29 95376]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-09 1343400]
R3 WPRO_40_1123;WinPcap Packet Driver (WPRO_40_1123);c:\windows\system32\drivers\WPRO_40_1123.sys [x]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-05-28 691696]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-22 22104]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 7\Dfsdks.exe [2009-08-24 406016]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-01-12 185640]
S3 hidshim;Service for HID-KMDF Shim layer;c:\windows\system32\DRIVERS\hidshim.sys [2008-10-08 5632]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984]
S3 NETw5s32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
S3 nuvotonhidgeneric;Nuvoton EC Generic HID;c:\windows\system32\DRIVERS\nuvotonhidgeneric.sys [2008-10-08 22528]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-09-25 45600]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
--- Andere Dienste/Treiber im Speicher ---
*NewlyCreated* - NDISKIO
*NewlyCreated* - NSAK
*Deregistered* - klmd25
*Deregistered* - NDISKIO
*Deregistered* - nsak
*Deregistered* - UBHelper
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
.
Inhalt des "geplante Tasks" Ordners
2010-10-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2470086164-179386694-4040076334-1001Core.job
- c:\users\SilverSurger\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-23 14:57]
2010-10-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2470086164-179386694-4040076334-1001UA.job
- c:\users\SilverSurger\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-23 14:57]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.at/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=1208&m=aspire_8730
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft &Excel exportieren - c:\progra~1\Microsoft Office\Office10\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\SilverSurger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
FF - ProfilePath - c:\users\SilverSurger\AppData\Roaming\Mozilla\Firefox\Profiles\suj645lk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://chameleontom.iamwired.net/search.php?src=tops&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/
FF - prefs.js: keyword.URL - hxxp://chameleontom.iamwired.net/search.php?src=tops&q=
FF - component: c:\program files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru\components\abhelperxpcom.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\MpcStar\Codecs\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\MpcStar\Codecs\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Sony\Media Go\npmediago.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\SilverSurger\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
FF - user.js: layout.spellcheckDefault - 2
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 250
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'winlogon.exe'(1064)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Zeit der Fertigstellung: 2010-10-25 21:06:33
ComboFix-quarantined-files.txt 2010-10-25 19:06
Vor Suchlauf: 17 Verzeichnis(se), 140.209.500.160 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 139.888.488.448 Bytes frei
- - End Of File - - 2A529D9AA84D371050B523F0A9A3D2FB
|
|
| Themen zu Nach Trojaner-Angriff lahmer Systemstart, häufige Abstürze. |
| 32 bit, avp.exe, bho, bonjour, components, conhost.exe, converter, corp./icp, desktop, error, firefox, firefox.exe, flash player, fontcache, google chrome, helper, home, home premium, iexplore, install.exe, installation, internet security 2011, kaspersky, kis, langsam, launch, location, malware, mozilla, mozilla thunderbird, mp3, nvlddmkm.sys, nvstor.sys, oldtimer, otl.exe, plug-in, popup, programdata, realtek, registry, rogue.antimalwaredoctor, saver, scan, searchplugins, security, server, shell32.dll, software, sptd.sys, start menu, studio, taskhost.exe, tastatur, vlc media player, webcheck, winpcap packet driver |
Textbox.
.
Linear-Darstellung
