| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: 20 Tan-Abfrage beim Online-Banking der SparkasseWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
30.11.2010, 17:46
| #1 |
 |  20 Tan-Abfrage beim Online-Banking der Sparkasse Hallo zusammen seit einiger Zeit öffnet sich bei jeder Online-Anmeldung ein Pop-Up mit der Aufforderung das ich 20 Tans eingeben soll damit ich den Service nutzen kann. Zusätzliche Autorisierung steht dadrüber. Jetzt hab ich mal gegooglet und festgestellt das ich nicht der einzige mit diesem Problem bin und das es sich voraussichtlich um einen Trojaner handelt. Jetzt wollt ich fragen, da ich auch nicht so viel Ahnung von Virenbekämpfung habe, ob mir jem. bei meinem Problem helfen kann. Danke schonmal im vorraus. lopl |
|
30.11.2010, 17:48
| #2 |
| /// Malware-holic   | 20 Tan-Abfrage beim Online-Banking der Sparkasse ootl:
__________________Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt beide posten.
__________________ |
|
30.11.2010, 21:04
| #3 |
| | 20 Tan-Abfrage beim Online-Banking der Sparkasse OTL EXTRAS Logfile:
__________________Code:
ATTFilter OTL Extras logfile created on: 30.11.2010 17:54:03 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = c:\Users\Pascal\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 143,29 Gb Total Space | 50,47 Gb Free Space | 35,22% Space Free | Partition Type: NTFS
Drive D: | 143,08 Gb Total Space | 116,68 Gb Free Space | 81,55% Space Free | Partition Type: NTFS
Computer Name: PASCAL-PC | User Name: Pascal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3621993508-448967032-2305503300-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [scan_with_SPYWAREfighter] -- C:\Program Files\Fighters\SPYWAREfighter\SWPROTray.exe /scan "%1" (SPAMfighter)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption -- ( Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption -- ( Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr -- File not found
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption -- File not found
"C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption -- File not found
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr -- File not found
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
"C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe" = C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2 -- File not found
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe" = C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate -- File not found
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe" = C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx -- File not found
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1B29140E-6A5F-49E4-BAC8-901AC42DB120}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4D2B2BF7-E46F-42ED-8332-6CE1B6EEA156}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5144FFFF-F82E-40E3-AB63-4B092583FD9D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{874244B7-F4D7-471A-A976-D6117D82B0AF}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{AEC6341C-1483-41FC-9712-2BB343A22C63}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B6273888-81DE-4B52-BF90-F575D3B149AA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C2B4E986-8ECD-48DD-84A5-348AF2FDFECA}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{DF85FEFB-24C6-41F5-A072-12A7584A5E4A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E9BA0EBD-2A4B-40F6-A607-CC9A37E12B79}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{FA27A086-F7A8-497A-B20E-A6D4A38D20C3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14ED3F32-FFFD-4567-AD35-51F20F324504}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{17B54208-643C-41F9-AFFD-5E6C7735FA9D}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{17D8FDF1-98B6-47FB-8725-F5B7A564C580}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{1B2AF734-3D91-4FE7-BEFF-C05F5DFC0F3E}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{2359B77B-EEB9-4CA2-9067-A7BA9BF13D07}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2D84A6CC-5F22-4202-A819-BF266A84AD60}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{2F2CBC97-442A-4293-A97A-498A74C6452B}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{3533AFC3-80DA-460B-A49A-4BEB6A1A33F4}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{40521FB5-9B66-45B4-A386-CBBE777D4856}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{6069EA72-C4B0-4F80-93B7-FB5580D845B8}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{6DACBAEA-A15D-4BEC-A85F-CECEC0D579EE}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{73ADA5E1-D52A-4E96-B4A8-2810B2FF1BE9}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\playmovie.exe |
"{7974B2B8-C8C0-4A4B-859E-2B1C648B3533}" = dir=in | app=c:\program files\acer arcade deluxe\videomagician\videomagician.exe |
"{7EA16722-AB47-415B-ADCF-8015F052CE24}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{832E833B-F665-48CB-BDE6-F0749B8F8920}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{8AD7C6B7-27C1-4D1A-975B-EE83F35FC06B}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{96FB3669-089F-4424-A704-8065087E959B}" = dir=in | app=c:\program files\acer arcade deluxe\dv wizard\dv wizard.exe |
"{9766363A-20B5-467E-A428-2C4C136FDAD0}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{9F4F6987-3170-4500-9BAC-2131BAF5532D}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{AD2304B2-EA6F-4221-8F0E-5F5D9B5DFB7C}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{B7741D06-17B1-4DB5-8FB6-B376816761E3}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{B7C72588-554F-4849-A09B-5617405040F2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C19F929C-DE60-49D1-895B-0B5EC8306F35}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C59E83B6-9178-4754-B1FA-649C6B524B31}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{CAF230A4-FC50-464F-89DF-6A54405C3822}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\pmvservice.exe |
"{CCD0ACC8-745E-476B-A935-055E9CB1F70B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CEAC33B2-D90F-4611-8090-813B9E5C4E24}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{CFC43FE4-994A-4025-8297-E952871691C2}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{D17B1DA6-2AD9-4D29-9512-1D559152E586}" = dir=in | app=c:\program files\acer arcade deluxe\dvdivine\dvdivine.exe |
"{D3E36FCF-BC4F-4A32-923B-0DF52D76F13B}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{D7D2D1A8-DBB8-4875-B485-C0A1CBF1F625}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{DA4C97A7-06B7-41A9-97F9-7D4C1FF7DC7E}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{DB72B48F-D19A-4F15-8600-17FD0C91B8DC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E9830772-95F7-431F-BD3D-322FE16BB09B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F6212EE3-B4D0-4930-BF65-B92465E22F61}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{F8EAB419-A120-4D7B-806D-377D197DEFF5}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{F9E5D39D-294E-42CF-BB84-018AAA4592D3}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"TCP Query User{13A5AD48-6960-4C6E-81AF-051B8F0B99FF}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{1561C494-294A-4EE6-84FA-9AA52632C2F5}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{1D4131D6-A8ED-49DB-8E26-59263253F227}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{1DF86E19-119E-4FA1-AEA5-A37C14FB1EC8}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe |
"TCP Query User{30F33EE4-7736-4722-8BE4-D2E663D5E418}C:\program files\sony ericsson\update service\update service.exe" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"TCP Query User{3F0B1368-1A05-4F48-8F09-BC8789A08755}C:\program files\steam\steamapps\_lopl_\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\_lopl_\counter-strike source\hl2.exe |
"TCP Query User{6E709B6D-08BB-4046-B563-9CA9BB3CE3F8}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{762BE342-55B9-43ED-96CA-8385F6E91252}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"TCP Query User{822573EA-664E-4314-BD20-718E395098DA}C:\program files\phonostar-player\phonostar.exe" = protocol=6 | dir=in | app=c:\program files\phonostar-player\phonostar.exe |
"TCP Query User{8FF7FA4B-A923-4E6C-AA2F-8189872A3A18}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{91CAD905-363A-4E16-8430-B5885F6D907D}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{95632BA9-9975-4139-8C37-FD3DBD6BD59E}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{97B60079-D9B8-42E5-A3AB-F33BC32F62BB}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{D74C425F-F1DB-419F-AB97-4C0EFB8864E4}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{DCBA66C2-978F-4B2B-96CB-ED853943FD65}C:\program files\steam\steamapps\_lopl_\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\_lopl_\day of defeat source\hl2.exe |
"UDP Query User{0D9B2DF2-870E-4573-9881-FD76DB0FBE9A}C:\program files\steam\steamapps\_lopl_\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\_lopl_\day of defeat source\hl2.exe |
"UDP Query User{153023E7-F9FB-44CA-A9A7-74B360083C0F}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{375B6787-96FF-4BBF-BCF3-921C5BF5600B}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{52AB9D26-176B-471E-85E6-B986B836D7B5}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{5E9D4592-5047-48AC-8E45-145328ACE346}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"UDP Query User{751A7A81-43DC-4325-AD9A-DABD8ED03695}C:\program files\sony ericsson\update service\update service.exe" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"UDP Query User{7BC44A02-00A2-4037-8A21-34069E42847E}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{8D9277E8-D421-4D57-934D-AD835B047980}C:\program files\phonostar-player\phonostar.exe" = protocol=17 | dir=in | app=c:\program files\phonostar-player\phonostar.exe |
"UDP Query User{B1BF787F-35AD-4EB9-BA63-D7F2C0E24285}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{B921EA91-9A13-4EE2-8564-55353D69C37B}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{CC052714-274E-4EA4-9618-A795EF091F1F}C:\program files\steam\steamapps\_lopl_\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\_lopl_\counter-strike source\hl2.exe |
"UDP Query User{D2CECED4-AAC6-4E5C-9E62-52CC94706479}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{DF13C834-7BD6-4CE9-A752-377C1FB1EAB7}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{F3161CB2-9764-44AF-89A9-A8CF5267C1F5}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{FB03368A-88BC-4EB9-8FCA-1152C1F07D17}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware
"{0BF78E88-A7C9-4406-89CF-0BA473BA7821}" = Orion
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2315B23D-3E21-4920-837D-AE6460934ECB}" = FIFA 09
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 20
"{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini
"{2A8E4833-F483-4074-B4DB-F295F7901A8D}" = MobileMe Control Panel
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{398E8625-6F3A-4C54-B54C-28F0ABB89774}" = BPD_HPSU
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye Webcam Video Class Camera
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{42C39E85-D86C-494E-B159-4C0E37C248AC}" = Crocodile Physics 605
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D23837D-18FD-43AE-81E0-B329A7F75898}" = Acer Crystal Eye Webcam 2.0.7
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{5A7D2B13-9522-48A9-A06F-A9C4AA33D8AD}" = SPYWAREfighter
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{73C0DA51-DB32-4F66-970B-7298F3CAF37F}" = Nokia Software Updater
"{73DD6B69-02CB-4DA8-A0E0-FC56EE13EB18}" = SweetIM for Messenger 2.6
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110422467}" = Tiks Texas Hold em
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{870F1750-BA89-11DA-A94D-0800200C9A66}_is1" = VSO CopyToDVD 4
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{901C0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Access 2003 Runtime
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9C450606-ED24-4958-92BA-B8940C99D441}" = PixiePack Codec Pack
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.7
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.2 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BDBA9828-200B-43A0-AB4F-82DABEE64F94}_is1" = LPS 2009v 3.0 USB
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD0773D5-C18E-495c-B39B-21A96415EDD5}" = HP Officejet J4500 Series
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DA18FD01-4830-45D6-8408-8F20A9D89D95}" = PC Connectivity Solution
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DCFF9230-22DC-40ED-BBCC-0F260B85734C}" = Tsunami-Filter-Pack
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}" = Need for Speed™ Undercover
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm
"{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Any Video Converter_is1" = Any Video Converter 2.6.7
"Ashampoo Burning Studio 2009_is1" = Ashampoo Burning Studio 2009
"Ashampoo WinOptimizer 6_is1" = Ashampoo WinOptimizer 6.24
"Ask Toolbar_is1" = Ask Toolbar
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.9 (Unicode)
"AVI DVD Burner_is1" = AVI DVD Burner 2008 ver 4.20
"AviSynth" = AviSynth 2.5
"CloneCD" = CloneCD
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EADM" = EA Download Manager
"eMule" = eMule
"Finale 2009" = Finale 2009
"FotoWorks XL_is1" = FotoWorks XL
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.1
"Free Audio Converter_is1" = Free Audio Converter version 1.1
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.8.0
"Free Studio_is1" = Free Studio version 4.3
"Free YouTube Download_is1" = Free YouTube Download 2.2
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1
"Free YouTube Uploader_is1" = Free YouTube Uploader version 2.2
"Garritan-Instrumente für Finale 2009_is1" = Garritan-Instrumente für Finale 2009
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Document Manager" = HP Document Manager 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"ICQToolbar" = ICQ Toolbar
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"InstallWIX_{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"IrfanView" = IrfanView (remove only)
"LManager" = Launch Manager
"MAGIX music maker 2006 demo D" = MAGIX music maker 2006 demo (D)
"MAGIX Online Druck Service" = MAGIX Online Druck Service
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Mozilla Thunderbird (3.1.6)" = Mozilla Thunderbird (3.1.6)
"NVIDIA Drivers" = NVIDIA Drivers
"OpenTTD" = OpenTTD 1.0.0
"Orb" = Winamp Remote
"Picasa 3" = Picasa 3
"Prism" = Prism Video Converter
"Shop for HP Supplies" = Shop for HP Supplies
"SPYWAREfighter" = SPYWAREfighter
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TmNationsForever_is1" = TmNationsForever
"Uninstall_is1" = Uninstall 1.0.0.1
"Unlocker" = Unlocker 1.8.7
"Update Service" = Update Service
"Verbindungsassistent" = Verbindungsassistent
"VideoPad" = VideoPad Video Editor
"VSO DivxToDVD_is1" = DivxToDVD 0.5.2
"WinGimp-2.0_is1" = GIMP 2.4.4
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR Archivierer
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 09.01.2010 07:46:35 | Computer Name = Pascal-PC | Source = WinMgmt | ID = 10
Description =
Error - 10.01.2010 06:53:22 | Computer Name = Pascal-PC | Source = WinMgmt | ID = 10
Description =
Error - 10.01.2010 08:25:46 | Computer Name = Pascal-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung ICQ.exe, Version 6.5.0.2024, Zeitstempel 0x4b010ef1,
fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
0xc0000096, Fehleroffset 0x00740083, Prozess-ID 0x128c, Anwendungsstartzeit 01ca91e389c73499.
Error - 10.01.2010 16:28:15 | Computer Name = Pascal-PC | Source = WinMgmt | ID = 10
Description =
Error - 11.01.2010 11:03:25 | Computer Name = Pascal-PC | Source = WinMgmt | ID = 10
Description =
Error - 11.01.2010 15:35:00 | Computer Name = Pascal-PC | Source = WinMgmt | ID = 10
Description =
Error - 12.01.2010 09:08:08 | Computer Name = Pascal-PC | Source = WinMgmt | ID = 10
Description =
Error - 13.01.2010 08:36:08 | Computer Name = Pascal-PC | Source = WinMgmt | ID = 10
Description =
Error - 13.01.2010 10:30:43 | Computer Name = Pascal-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung msnmsgr.exe, Version 14.0.8089.726, Zeitstempel
0x4a6ce533, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x68000008, Prozess-ID 0x106c, Anwendungsstartzeit
01ca944d35b75303.
Error - 13.01.2010 11:35:52 | Computer Name = Pascal-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ System Events ]
Error - 18.10.2008 14:58:08 | Computer Name = Pascal-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 18.10.2008 14:58:08 | Computer Name = Pascal-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 18.10.2008 14:58:38 | Computer Name = Pascal-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 18.10.2008 14:58:38 | Computer Name = Pascal-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 18.10.2008 14:58:39 | Computer Name = Pascal-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 18.10.2008 14:58:39 | Computer Name = Pascal-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 18.10.2008 15:13:48 | Computer Name = Pascal-PC | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
Error - 18.10.2008 15:14:00 | Computer Name = Pascal-PC | Source = HTTP | ID = 15016
Description =
Error - 18.10.2008 15:14:42 | Computer Name = Pascal-PC | Source = DCOM | ID = 10000
Description =
Error - 19.10.2008 05:15:04 | Computer Name = Pascal-PC | Source = HTTP | ID = 15016
Description =
< End of report >
========== Processes (SafeList) ========== PRC - c:\Users\Pascal\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) PRC - C:\Programme\Fighters\FighterSuiteService.exe (SPAMfighter ApS) PRC - C:\Programme\Fighters\FighterLauncher.exe (SPAMfighter ApS) PRC - C:\Programme\Fighters\SPYWAREfighter\swproTray.exe (SPAMfighter) PRC - C:\Programme\Common Files\Common Toolkit Suite\AVEngine\AVScanningService.exe (Preventon Technologies Limited) PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) PRC - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe (Kaspersky Lab) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Verbindungsassistent\WTGService.exe () PRC - C:\Programme\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation) PRC - C:\Users\Pascal\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.) PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - c:\Programme\Windows Defender\MpCmdRun.exe (Microsoft Corporation) PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe () PRC - C:\Acer\Mobility Center\MobilityService.exe () PRC - C:\Windows\PLFSetI.exe () PRC - C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink) PRC - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer) PRC - C:\Acer\ALaunch\ALaunchSvc.exe () PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Programme\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) ========== Modules (SafeList) ========== MOD - c:\Users\Pascal\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Suite Service) -- C:\Programme\Fighters\FighterSuiteService.exe (SPAMfighter ApS) SRV - (AV Engine Scanning Service) -- C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe () SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe () SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation) SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab) SRV - (WTGService) -- C:\Programme\Verbindungsassistent\WTGService.exe () SRV - (DfSdkS) -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe (mst software GmbH, Germany) SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.) SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe () SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe () SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.) SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer) SRV - (ALaunchService) -- C:\Acer\ALaunch\ALaunchSvc.exe () SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (AVFSFilter) -- C:\Windows\System32\drivers\avfsfilter.sys () DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation) DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab) DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab) DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.) DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab) DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV - (klbg) -- C:\Windows\system32\drivers\klbg.sys (Kaspersky Lab) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\Play Movie\000.fcl (Cyberlink Corp.) DRV - (psdvdisk) -- C:\Windows\System32\drivers\PSDVdisk.sys (Egis Incorporated) DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (Egis Incorporated) DRV - (PSDNServ) -- C:\Windows\System32\drivers\PSDNServ.sys (Egis Incorporated) DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (WSVD) -- C:\Windows\System32\drivers\WSVD.sys (Wasay) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys (Acer, Inc.) DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.) DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.) DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.) DRV - (DritekPortIO) -- C:\Programme\Launch Manager\DPortIO.sys (Dritek System Inc.) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (ElbyCDFL) -- C:\Windows\System32\drivers\ElbyCDFL.sys (SlySoft, Inc.) DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV - (ASPI32) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3621993508-448967032-2305503300-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKU\S-1-5-21-3621993508-448967032-2305503300-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-3621993508-448967032-2305503300-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKU\S-1-5-21-3621993508-448967032-2305503300-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3621993508-448967032-2305503300-1000\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKU\S-1-5-21-3621993508-448967032-2305503300-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKU\S-1-5-21-3621993508-448967032-2305503300-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3621993508-448967032-2305503300-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.order.1: "Ask" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.fc-koeln.de/index.php?id=10" FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.459 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.6 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.6&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.03.07 01:32:03 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.30 12:09:40 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.30 12:09:40 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.10.31 10:04:36 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.02.18 22:49:46 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\mozilla\Extensions [2010.02.18 22:49:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pascal\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.11.30 16:50:39 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\mozilla\Firefox\Profiles\otymm4xy.default\extensions [2010.06.26 13:48:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Pascal\AppData\Roaming\mozilla\Firefox\Profiles\otymm4xy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.07.02 14:48:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pascal\AppData\Roaming\mozilla\Firefox\Profiles\otymm4xy.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2008.10.21 20:34:05 | 000,000,681 | ---- | M] () -- C:\Users\Pascal\AppData\Roaming\Mozilla\FireFox\Profiles\otymm4xy.default\searchplugins\ask.xml [2010.11.28 13:20:26 | 000,000,950 | ---- | M] () -- C:\Users\Pascal\AppData\Roaming\Mozilla\FireFox\Profiles\otymm4xy.default\searchplugins\icqplugin-1.xml [2010.09.12 18:56:37 | 000,000,950 | ---- | M] () -- C:\Users\Pascal\AppData\Roaming\Mozilla\FireFox\Profiles\otymm4xy.default\searchplugins\icqplugin-2.xml [2010.09.19 00:40:36 | 000,000,950 | ---- | M] () -- C:\Users\Pascal\AppData\Roaming\Mozilla\FireFox\Profiles\otymm4xy.default\searchplugins\icqplugin-3.xml [2010.10.20 20:28:00 | 000,000,950 | ---- | M] () -- C:\Users\Pascal\AppData\Roaming\Mozilla\FireFox\Profiles\otymm4xy.default\searchplugins\icqplugin-4.xml [2010.10.30 12:10:12 | 000,000,950 | ---- | M] () -- C:\Users\Pascal\AppData\Roaming\Mozilla\FireFox\Profiles\otymm4xy.default\searchplugins\icqplugin-5.xml [2010.07.02 14:48:19 | 000,000,168 | ---- | M] () -- C:\Users\Pascal\AppData\Roaming\Mozilla\FireFox\Profiles\otymm4xy.default\searchplugins\icqplugin.gif [2010.07.02 14:48:19 | 000,000,618 | ---- | M] () -- C:\Users\Pascal\AppData\Roaming\Mozilla\FireFox\Profiles\otymm4xy.default\searchplugins\icqplugin.src [2010.07.24 12:30:16 | 000,001,056 | ---- | M] () -- C:\Users\Pascal\AppData\Roaming\Mozilla\FireFox\Profiles\otymm4xy.default\searchplugins\icqplugin.xml [2009.01.13 15:06:46 | 000,003,915 | ---- | M] () -- C:\Users\Pascal\AppData\Roaming\Mozilla\FireFox\Profiles\otymm4xy.default\searchplugins\sweetim.xml [2010.08.08 14:22:31 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.08.08 14:22:24 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.06.23 16:41:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2009.07.24 17:28:02 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2010.04.12 16:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.10.30 12:09:36 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.10.30 12:09:36 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.10.30 12:09:37 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.10.30 12:09:37 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.10.30 12:09:37 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.) O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKU\S-1-5-21-3621993508-448967032-2305503300-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKU\S-1-5-21-3621993508-448967032-2305503300-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-3621993508-448967032-2305503300-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe File not found O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab) O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [PLFSetL] C:\Windows\\PLFSetL.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SWPROguard] C:\Programme\Fighters\SPYWAREfighter\swproTray.exe (SPAMfighter) O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-3621993508-448967032-2305503300-1000..\Run: [{2675DCF5-6739-5E4D-EFAD-42E7CBAD6BB7}] C:\Users\Pascal\AppData\Roaming\Leikf\xidel.exe File not found O4 - HKU\S-1-5-21-3621993508-448967032-2305503300-1000..\Run: [Beat] C:\Users\Pascal\AppData\Roaming\Adobe\Update\blticm.exe () O4 - HKU\S-1-5-21-3621993508-448967032-2305503300-1000..\Run: [Helper] C:\Users\Pascal\AppData\Roaming\Helper\bin\liveu.exe () O4 - HKU\S-1-5-21-3621993508-448967032-2305503300-1000..\Run: [iscsmsdt] C:\Users\Pascal\AppData\Local\Temp\chkdepad.DLL () O4 - HKU\S-1-5-21-3621993508-448967032-2305503300-1000..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 24 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: HP Intelligente Auswahl - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll (Kaspersky Lab) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img31.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img31.jpg O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{17a01bc7-9f20-11de-bf8d-001b38dd19c7}\Shell - "" = AutoRun O33 - MountPoints2\{17a01bc7-9f20-11de-bf8d-001b38dd19c7}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{17a01bc8-9f20-11de-bf8d-001b38dd19c7}\Shell - "" = AutoRun O33 - MountPoints2\{17a01bc8-9f20-11de-bf8d-001b38dd19c7}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{17a01be1-9f20-11de-bf8d-001b38dd19c7}\Shell - "" = AutoRun O33 - MountPoints2\{17a01be1-9f20-11de-bf8d-001b38dd19c7}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe - (Acer Inc.) MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.) MsConfig - StartUpFolder: C:^Users^Pascal^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk - C:\Programme\OpenOffice.org 3\program\quickstart.exe - () MsConfig - StartUpReg: Acer Tour Reminder - hkey= - key= - C:\Acer\AcerTour\Reminder.exe File not found MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe File not found MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Programme\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) MsConfig - StartUpReg: CloneCDTray - hkey= - key= - C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.) MsConfig - StartUpReg: EA Core - hkey= - key= - C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts) MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Programme\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard) MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: mcagent_exe - hkey= - key= - C:\Program Files\McAfee.com\Agent\mcagent.exe File not found MsConfig - StartUpReg: MsnMsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) MsConfig - StartUpReg: Picasa Media Detector - hkey= - key= - C:\Program Files\Picasa2\PicasaMediaDetector.exe File not found MsConfig - StartUpReg: PlayMovie - hkey= - key= - C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: SweetIM - hkey= - key= - C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) MsConfig - StartUpReg: UnlockerAssistant - hkey= - key= - C:\Program Files\Unlocker\UnlockerAssistant.exe () MsConfig - State: "startup" - 2 SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\Microsoft ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\Microsoft ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {9C450606-ED24-4958-92BA-B8940C99D441} - C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: aux - wdmaud.drv (Microsoft Corporation) Drivers32: midi - wdmaud.drv (Microsoft Corporation) Drivers32: midimapper - midimap.dll (Microsoft Corporation) Drivers32: mixer - wdmaud.drv (Microsoft Corporation) Drivers32: msacm.ac3filter - ac3filter.acm File not found Drivers32: msacm.avis - ff_acm.acm () Drivers32: msacm.divxa32 - divxa32.acm (Hacked With Joy !) Drivers32: msacm.iac2 - Iac25_32.ax (Intel Corporation) Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation) Drivers32: msacm.l3acm - l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lameacm - LameACM.acm (hxxp://www.mp3dev.org/) Drivers32: msacm.lhacm - lhacm.acm (Microsoft Corporation) Drivers32: msacm.mkdmp3enc - C:\PROGRA~1\ACERAR~1\DVWIZA~1\Kernel\Burner\MKDMP3Enc.ACM File not found Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation) Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation) Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation) Drivers32: msacm.siren - sirenacm.dll (Microsoft Corporation) Drivers32: msacm.wrpr - aviwrap.dll () Drivers32: MSVideo8 - VfWWDM32.dll (Microsoft Corporation) Drivers32: vidc.cvid - iccvid.dll (Radius Inc.) Drivers32: vidc.div2 - divxc32.dll (Hacked with Joy !) Drivers32: vidc.div3 - divxc32.dll (Hacked with Joy !) Drivers32: vidc.div4 - divxc32f.dll (Hacked with Joy ! ) Drivers32: vidc.DIVX - divx.dll (DivXNetworks, Inc.) Drivers32: VIDC.FFDS - ff_vfw.dll () Drivers32: vidc.hfyu - huffyuv.dll (Disappearing Inc.) Drivers32: vidc.i420 - iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.ir21 - IR21_R.DLL () Drivers32: vidc.iv31 - Ir32_32.dll (Intel(R) Corporation) Drivers32: vidc.iv32 - Ir32_32.dll (Intel(R) Corporation) Drivers32: vidc.iv40 - Ir41_32.ax (Intel Corporation) Drivers32: vidc.iv41 - Ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\Programme\Tsunami-Filter-Pack\Ir50_32.dll (Intel Corporation) Drivers32: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.mjpg - pvmjpg21.dll (Pegasus Imaging Corporation) Drivers32: vidc.mp42 - mpg4c32.dll (Microsoft Corporation) Drivers32: vidc.mp43 - mpg4c32.dll (Microsoft Corporation) Drivers32: vidc.mpg4 - mpg4c32.dll (Microsoft Corporation) Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation) Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation) Drivers32: vidc.rt21 - IR21_R.DLL () Drivers32: VIDC.UYVY - msyuv.dll (Microsoft Corporation) Drivers32: vidc.vifp - vfcodec.dll () Drivers32: vidc.wrpr - aviwrap.dll () Drivers32: vidc.XVID - xvidvfw.dll File not found Drivers32: VIDC.YUY2 - msyuv.dll (Microsoft Corporation) Drivers32: vidc.yv12 - DivX.dll (DivXNetworks, Inc.) Drivers32: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation) Drivers32: VIDC.YVYU - msyuv.dll (Microsoft Corporation) Drivers32: wave - wdmaud.drv (Microsoft Corporation) Drivers32: wavemapper - msacm32.drv (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2010.11.28 14:55:00 | 000,000,000 | ---D | C] -- C:\ProgramData\clp [2010.11.28 14:54:24 | 000,000,000 | ---D | C] -- C:\Programme\Fighters [2010.11.28 14:54:24 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Common Toolkit Suite [2010.11.28 14:54:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Common Toolkit Suite [2010.11.28 14:54:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Fighters [2010.11.28 14:53:08 | 000,000,000 | -H-D | C] -- C:\ProgramData\{E9013728-77C5-40D4-BA65-50C8C2556E15} [2010.11.28 14:52:09 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Fighters [2010.11.28 14:52:06 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\PackageAware [2009.02.14 10:55:08 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Pascal\AppData\Roaming\pcouffin.sys [2008.08.10 06:49:09 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll [2008.08.10 06:49:09 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.11.30 17:50:03 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.11.30 17:20:28 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2010.11.30 16:58:08 | 000,158,270 | ---- | M] () -- C:\ProgramData\nvModes.dat [2010.11.30 16:58:07 | 000,158,270 | ---- | M] () -- C:\ProgramData\nvModes.001 [2010.11.30 16:50:03 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.11.30 16:42:42 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.11.30 16:42:42 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.11.30 16:42:42 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.11.30 16:42:42 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.11.30 16:35:29 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.11.30 16:35:29 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.11.30 16:35:22 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat [2010.11.30 16:35:19 | 3219,111,936 | -HS- | M] () -- C:\hiberfil.sys [2010.11.29 16:19:30 | 000,007,592 | ---- | M] () -- C:\Users\Pascal\AppData\Local\d3d9caps.dat [2010.11.28 14:54:32 | 000,001,775 | ---- | M] () -- C:\Users\Public\Desktop\SPYWAREfighter.lnk [2010.11.15 23:00:16 | 000,074,978 | ---- | M] () -- C:\Users\Pascal\Desktop\Itsmylife.mid [2010.11.07 13:43:53 | 038,103,086 | ---- | M] () -- C:\Users\Pascal\Desktop\It`sMyLife.wav [2010.11.07 10:42:23 | 000,060,416 | ---- | M] () -- C:\Users\Pascal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.11.28 14:54:32 | 000,001,775 | ---- | C] () -- C:\Users\Public\Desktop\SPYWAREfighter.lnk [2010.11.15 23:00:05 | 000,074,978 | ---- | C] () -- C:\Users\Pascal\Desktop\Itsmylife.mid [2010.11.01 19:52:42 | 038,103,086 | ---- | C] () -- C:\Users\Pascal\Desktop\It`sMyLife.wav [2010.10.13 15:09:35 | 000,010,264 | ---- | C] () -- C:\Windows\System32\drivers\avfsfilter.sys [2010.07.21 20:54:00 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.01.25 18:54:30 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.06.19 20:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2009.05.08 22:32:49 | 000,037,888 | ---- | C] () -- C:\Windows\System32\AVIwrap.dll [2009.05.08 22:32:42 | 000,105,472 | ---- | C] () -- C:\Windows\System32\OggDS.dll [2009.05.08 22:32:42 | 000,092,672 | ---- | C] () -- C:\Windows\System32\vorbis.dll [2009.05.08 22:32:42 | 000,021,504 | ---- | C] () -- C:\Windows\System32\ogg.dll [2009.05.08 22:32:41 | 000,090,624 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll [2009.05.08 22:32:37 | 000,132,096 | ---- | C] () -- C:\Windows\System32\libavcodec.dll [2009.05.08 22:32:37 | 000,028,672 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll [2009.05.08 22:32:37 | 000,008,704 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll [2009.05.08 22:32:35 | 000,077,664 | ---- | C] () -- C:\Windows\System32\IR21_R.DLL [2009.05.08 22:32:34 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll [2009.05.08 22:32:32 | 000,180,736 | ---- | C] () -- C:\Windows\System32\vfcodec.dll [2009.05.08 22:32:31 | 000,202,240 | ---- | C] () -- C:\Windows\System32\XviD.dll [2009.05.08 22:32:30 | 000,039,936 | ---- | C] () -- C:\Windows\System32\mp4fil32.dll [2009.04.21 17:24:22 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2009.03.28 17:38:10 | 000,001,739 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2009.03.27 21:28:50 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2009.03.02 11:33:32 | 000,067,584 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009.02.14 10:55:55 | 000,000,034 | ---- | C] () -- C:\Users\Pascal\AppData\Roaming\pcouffin.log [2009.02.14 10:55:08 | 000,087,608 | ---- | C] () -- C:\Users\Pascal\AppData\Roaming\inst.exe [2009.02.14 10:55:08 | 000,007,887 | ---- | C] () -- C:\Users\Pascal\AppData\Roaming\pcouffin.cat [2009.02.14 10:55:08 | 000,001,144 | ---- | C] () -- C:\Users\Pascal\AppData\Roaming\pcouffin.inf [2008.12.12 23:49:32 | 000,000,087 | ---- | C] () -- C:\Windows\CROCCLIP.INI [2008.12.12 23:38:59 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI [2008.11.23 16:45:21 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib [2008.11.06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.11.06 17:33:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll [2008.10.25 16:23:30 | 000,007,592 | ---- | C] () -- C:\Users\Pascal\AppData\Local\d3d9caps.dat [2008.10.21 13:52:11 | 000,027,043 | ---- | C] () -- C:\Users\Pascal\AppData\Roaming\UserTile.png [2008.10.20 22:37:55 | 000,000,000 | ---- | C] () -- C:\Windows\musicmaker.INI [2008.10.20 22:34:52 | 000,038,912 | ---- | C] () -- C:\Windows\System32\mgxasio.dll [2008.10.20 22:26:30 | 000,002,856 | ---- | C] () -- C:\Windows\mgxoschk.ini [2008.10.19 13:54:56 | 000,060,416 | ---- | C] () -- C:\Users\Pascal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.08.10 15:14:16 | 000,000,030 | ---- | C] () -- C:\Windows\SETPANEL.INI [2008.08.10 15:14:11 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI [2008.08.10 06:52:16 | 000,158,270 | ---- | C] () -- C:\ProgramData\nvModes.001 [2008.08.10 06:52:07 | 000,158,270 | ---- | C] () -- C:\ProgramData\nvModes.dat [2008.08.10 06:49:09 | 001,749,376 | ---- | C] () -- C:\Windows\System32\snp2uvc.sys [2008.08.10 06:49:09 | 001,749,376 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2008.08.10 06:49:09 | 000,028,032 | ---- | C] () -- C:\Windows\System32\sncduvc.sys [2008.08.10 06:49:09 | 000,028,032 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2008.08.10 06:49:09 | 000,000,131 | ---- | C] () -- C:\Windows\System32\PidList.ini [2008.08.10 06:48:50 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll [2008.08.10 06:48:50 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini [2008.03.25 22:41:09 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll [2008.03.25 12:18:36 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll [2008.03.25 12:12:07 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys [2008.03.25 11:50:03 | 000,000,775 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2007.09.04 11:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll [2007.02.05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== LOP Check ========== [2008.03.25 12:42:22 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console [2008.03.25 12:42:22 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console [2010.05.04 09:14:47 | 000,000,000 | -HSD | M] -- C:\Users\Pascal\AppData\Roaming\.# [2008.03.25 12:42:22 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Acer GameZone Console [2009.01.31 14:59:16 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Any Video Converter [2009.04.12 19:31:43 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\ASCON Installer [2009.01.31 22:26:22 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Ashampoo [2010.07.21 19:46:37 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Audacity [2009.02.14 00:26:48 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\AviDvdBurner [2010.07.21 19:47:48 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Azureus [2009.01.31 22:39:25 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\DeepBurner [2010.11.28 14:52:34 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Fighters [2009.12.03 21:41:22 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Garritan [2009.10.10 17:11:55 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\gtk-2.0 [2010.11.30 16:27:52 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\ICQ [2010.05.26 14:27:32 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\IN-MEDIAKG [2008.11.25 20:17:19 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Leadertech [2010.11.28 14:59:39 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Leikf [2010.05.26 14:27:46 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\mresreg [2010.07.27 20:00:15 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Naruc [2009.03.19 17:09:11 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\OpenOffice.org [2008.10.21 13:52:11 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\PeerNetworking [2010.01.19 22:38:52 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\phonostar GmbH [2009.11.16 17:48:41 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Pirateville [2009.08.05 00:05:24 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\PlayFirst [2009.12.03 22:02:30 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Plogue [2010.07.31 15:04:22 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\ScreeNet iSaver [2009.01.31 22:12:15 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\SlySoft [2009.10.10 16:23:05 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\TeamViewer [2009.02.08 19:12:24 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\temp [2010.02.18 22:49:44 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Thunderbird [2009.09.12 12:16:32 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Verbindungsassistent [2009.12.16 22:55:09 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\VistaCodecs [2009.02.14 10:55:55 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Vso [2009.06.21 14:25:06 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\XnView [2010.11.29 23:20:19 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.05.04 09:14:47 | 000,000,000 | -HSD | M] -- C:\Users\Pascal\AppData\Roaming\.# [2008.03.25 12:42:22 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Acer GameZone Console [2010.10.18 16:28:50 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Adobe [2009.01.31 14:59:16 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Any Video Converter [2009.09.15 20:11:36 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Apple Computer [2009.04.12 19:31:43 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\ASCON Installer [2009.01.31 22:26:22 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Ashampoo [2010.07.21 19:46:37 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Audacity [2009.02.14 00:26:48 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\AviDvdBurner [2010.07.21 19:47:48 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Azureus [2009.01.25 16:19:11 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\CyberLink [2009.01.31 22:39:25 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\DeepBurner [2008.10.30 23:43:04 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\DivX [2010.11.28 14:52:34 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Fighters [2009.12.03 21:41:22 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Garritan [2010.01.03 15:58:05 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Google [2009.10.10 17:11:55 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\gtk-2.0 [2010.10.18 16:45:32 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Helper [2009.03.30 21:17:41 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\HP [2010.11.30 16:27:52 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\ICQ [2008.10.18 11:13:38 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Identities [2010.05.26 14:27:32 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\IN-MEDIAKG [2008.11.25 20:17:19 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Leadertech [2010.11.28 14:59:39 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Leikf [2010.11.12 16:31:23 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Macromedia [2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Media Center Programs [2009.10.25 21:40:30 | 000,000,000 | --SD | M] -- C:\Users\Pascal\AppData\Roaming\Microsoft [2008.10.18 17:33:34 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Mozilla [2010.05.26 14:27:46 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\mresreg [2010.07.27 20:00:15 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Naruc [2009.12.21 16:42:29 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\NCH Software [2009.03.19 17:09:11 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\OpenOffice.org [2008.10.21 13:52:11 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\PeerNetworking [2010.01.19 22:38:52 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\phonostar GmbH [2009.11.16 17:48:41 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Pirateville [2009.08.05 00:05:24 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\PlayFirst [2009.12.03 22:02:30 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Plogue [2010.07.31 15:04:22 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\ScreeNet iSaver [2008.11.25 20:21:29 | 000,000,000 | RH-D | M] -- C:\Users\Pascal\AppData\Roaming\SecuROM [2010.11.21 14:21:46 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Skype [2010.11.21 14:15:33 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\skypePM [2009.01.31 22:12:15 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\SlySoft [2009.07.31 16:59:38 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\teamspeak2 [2009.10.10 16:23:05 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\TeamViewer [2009.02.08 19:12:24 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\temp [2010.02.18 22:49:44 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Thunderbird [2009.09.12 12:16:32 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Verbindungsassistent [2009.12.16 22:55:09 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\VistaCodecs [2009.02.14 10:55:55 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Vso [2008.10.20 16:19:11 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\WinRAR [2009.06.21 14:25:06 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\XnView [2008.10.30 21:49:35 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Yahoo! < %APPDATA%\*.exe /s > [2009.02.14 10:55:08 | 000,087,608 | ---- | M] () -- C:\Users\Pascal\AppData\Roaming\inst.exe [2010.10.26 21:40:12 | 000,000,004 | ---- | M] () -- C:\Users\Pascal\AppData\Roaming\Adobe\Update\blticm.exe [2010.10.18 16:45:33 | 000,069,632 | ---- | M] () -- C:\Users\Pascal\AppData\Roaming\Helper\bin\liveu.exe [2009.03.19 17:08:19 | 007,424,000 | R--- | M] (OpenOffice.org) -- C:\Users\Pascal\AppData\Roaming\Microsoft\Installer\{04B45310-A5FE-4425-BFCA-1A6D8920DE74}\soffice.exe [2008.12.12 23:32:27 | 000,005,390 | R--- | M] () -- C:\Users\Pascal\AppData\Roaming\Microsoft\Installer\{42C39E85-D86C-494E-B159-4C0E37C248AC}\ARPPRODUCTICON.exe [2008.12.12 23:32:27 | 000,005,390 | R--- | M] () -- C:\Users\Pascal\AppData\Roaming\Microsoft\Installer\{42C39E85-D86C-494E-B159-4C0E37C248AC}\NewShortcut1_32BD379178974E29B72DBCF093C36812.exe [2008.12.12 23:32:27 | 000,005,390 | R--- | M] () -- C:\Users\Pascal\AppData\Roaming\Microsoft\Installer\{42C39E85-D86C-494E-B159-4C0E37C248AC}\NewShortcut5_32BD379178974E29B72DBCF093C36812.exe < %SYSTEMDRIVE%\*.exe > [2005.08.16 07:49:12 | 000,040,960 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\junction.exe < MD5 for: AGP440.SYS > [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sy s [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTOR.SYS > [2007.07.12 15:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Programme\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys [2007.07.12 15:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\drivers\iaStor.sys [2007.07.12 15:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_cfa1dde4\iaStor.sys [2007.07.12 15:35:44 | 000,381,976 | ---- | M] (Intel Corporation) MD5=CEB53BB804B41C52AB0782505C8E2994 -- C:\Programme\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys < MD5 for: IASTORV.SYS > [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll [2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.03.08 12:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll [2009.03.08 12:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll [2008.01.21 03:24:11 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\msvbvm60.dll [2009.04.11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll [2009.04.11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:FEBEC560 @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:2B99FE60 @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:9F683177 @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:C95B63DA @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:73933431 @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:4F636E25 @Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:B623B5B8 @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:793F316E < End of report > |
|
01.12.2010, 12:37
| #4 |
| /// Malware-holic | 20 Tan-Abfrage beim Online-Banking der Sparkasse • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. :OTL O4 - HKU\S-1-5-21-3621993508-448967032-2305503300-1000..\Run: [Beat] C:\Users\Pascal\AppData\Roaming\Adobe\Update\blticm.exe () O4 - HKU\S-1-5-21-3621993508-448967032-2305503300-1000..\Run: [Helper] C:\Users\Pascal\AppData\Roaming\Helper\bin\liveu.exe () O4 - HKU\S-1-5-21-3621993508-448967032-2305503300-1000..\Run: [iscsmsdt] C:\Users\Pascal\AppData\Local\Temp\chkdepad.DLL () [2010.10.18 16:45:32 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Helper :Files :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort posten. öffne mein computer, c: dann _OTL dort rechtsklick auf moved files wähle zu moved files.rar oder zip hinzufügen. lade das archiv in unserem upload channel hoch. http://www.trojaner-board.de/54791-a...ner-board.html
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
01.12.2010, 17:08
| #5 |
| | 20 Tan-Abfrage beim Online-Banking der Sparkasse All processes killed ========== OTL ========== Registry value HKEY_USERS\S-1-5-21-3621993508-448967032-2305503300-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Beat deleted successfully. C:\Users\Pascal\AppData\Roaming\Adobe\Update\blticm.exe moved successfully. Registry value HKEY_USERS\S-1-5-21-3621993508-448967032-2305503300-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Helper deleted successfully. C:\Users\Pascal\AppData\Roaming\Helper\bin\liveu.exe moved successfully. Registry value HKEY_USERS\S-1-5-21-3621993508-448967032-2305503300-1000\Software\Microsoft\Windows\CurrentVersion\Run\\iscsmsdt deleted successfully. C:\Users\Pascal\AppData\Local\Temp\chkdepad.DLL moved successfully. C:\Users\Pascal\AppData\Roaming\Helper\bin folder moved successfully. C:\Users\Pascal\AppData\Roaming\Helper folder moved successfully. ========== FILES ========== ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 41 bytes User: Default User ->Flash cache emptied: 0 bytes User: Pascal ->Flash cache emptied: 10933 bytes User: Public Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Pascal ->Temp folder emptied: 1991483041 bytes ->Temporary Internet Files folder emptied: 4512199 bytes ->Java cache emptied: 106683097 bytes ->FireFox cache emptied: 12423864 bytes ->Google Chrome cache emptied: 6370261 bytes ->Apple Safari cache emptied: 8423424 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 24 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1203622169 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 3.179,00 mb OTL by OldTimer - Version 3.2.17.3 log created on 12012010_164520 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
|
01.12.2010, 17:39
| #6 |
| /// Malware-holic | 20 Tan-Abfrage beim Online-Banking der Sparkasse ok, du solltest nun daten sichern. und dann müssen wir neu aufsetzen, und den pc absichern,dazu bekommst du ne anleitung.
__________________ --> 20 Tan-Abfrage beim Online-Banking der Sparkasse |
|
01.12.2010, 19:31
| #7 |
| | 20 Tan-Abfrage beim Online-Banking der Sparkasse was brauch ich zum neu aufsetzen? |
|
01.12.2010, 19:39
| #8 |
| /// Malware-holic | 20 Tan-Abfrage beim Online-Banking der Sparkasse hi, warscheinlich hast du eine cd für treiber, eine mit windows vista, musst mal schauen was drauf steht, bzw auch mal im handbuch nachschlagen, da ist das ebenfalls beschrieben. wenn nicht musst du mal testen welche die richtige ist. lege die cd ein, starte dein gerät neu. er sollte jetzt von der cd starten, falls nicht, musst du beim pc start entweder f12 f11 oder f9 drücken und dort im bootmenü das cd laufwerk auswählen, oder im bios, meist durch entf taste zu erreichen, unter first boot device, das cd laufwerk bzw dvd laufwerk einstellen. je nach cd musst du selbst zum formatieren, bzw neu instalieren anweisen, oder es passiert automatisch. wenn du beim formatieren aus mehreren methoden wählen kannst, nimm nicht die schnelle formatierung. dann instaliere windows. wenn auf der zweiten cd treiber sind, lege diese nach der win instalation ein und instaliere diese. danach gehts weiter hiermit, in reihenfolge bitte: servicepack2 für vista: http://www.microsoft.com/downloads/d...displaylang=DE internet explorer 8: Mit Sicherheit ins Internet. windows update: Microsoft Windows Update hier instalierst du so lange updates, bis es keine neuen mehr gibt. windows updates automatisch laden/instalieren: Aktivieren oder Deaktivieren von automatischen Updates damit dein system ab sofort immer aktuell bleibt. du solltest nur noch als eingeschrenkter nutzer arbeiten , das admin konto ist nur für instalationen gedacht. klicke start, tippe unter suchen (ausführen) systemsteuerung. wähle dort Benutzerkonten hinzufügen/entfernen. wähle "neues konto erstellen" Wähle standard benutzer. die konten sollten mit einem passwort geschützt werden. dazu auf konto endern klicken und passwörter vergeben. die folgenden konfigurationen als administrator durchführen dep für alle prozesse: Datenausführungsverhinderung (DEP) • "Datenausführungsverhinderung für alle Programme und Dienste mit Ausnahme der ausgewählten einschalten:". wenn es zu problemen kommen sollte, kann man die betroffenen prozesse aus der Überwachung entfernen. SEHOP aktivieren: Aktivieren von SEHOP (Structured Exception Handling Overwrite Protection) in Windows-Betriebssystemen klicke auf "Feature automatisch aktivieren" und folge den anweisungen instaliere kaspersky 2011 als browser solltest du den opera nutzen, er ist sicherer und schneller. wenn er dir nicht gefällt passe ich meine anleitung für den ff an. Opera Webbrowser | Schneller & sicherer | Die neuen Internet-Browser kostenlos herunterladen mit diesem tool lässt sich ein werbeblocker laden mit diesem tool lässt sich ein werbeblocker laden Opera URLFilter Downloader ? OperaWiki dies sollte 1x pro woche durchgeführt werden. zusätzlich kannst du das auch manuell erledigen, falls mal etwas nicht geblockt wird: Computerbase - Werbung blockieren auch diese tutorial seite mal ansehen. Opera Tutorial- Übersicht hier besonders die abschnitte sicherheit (kookies) und passwort durchlesen um das surfen sicherer zu machen, würde ich Sandboxie empfehlen. Download: drop.io (als pdf) hier noch ein paar zusatzeinstellungen, nicht verunsichern lassen, wenn du das programm instaliert hast, werden sie klar. den direkten datei zugriff bitte auf opera beschrenken, bei Internetzugriff: opera.exe öffne dann sandboxie, dann oben im menü auf sandbox klickem, wähle deine sandbox aus und klicke dann auf sandboxeinstellung. dort auf anwendung, webbrowser, andere dort auf direkten zugriff auf opera bookmarks erlauben. dann auf hinzufügen und ok. somit kannst du deine lesezeichen auch in der sandbox dauerhaft abspeichern. wenn du mit dem programm gut auskommst, ist ne lizenz zu empfehlen. 1. es gibt dann noch ein paar mehr funktionen. 2. kommt nach nem monat die anzeige, dass das programm freeware ist, die verschwindet erst nach ner zeit, find ich n bissel nerfig. 3. ist die lizenz lebenslang gültig, kostenpunkt rund 30 €, und du kannst sie auf allen pcs in deinem haushalt einsetzen. autorun deaktivieren: über diesen weg werden sehr häufig schaddateien verbreitet, schalte die funktion also ab. Tipparchiv - Autorun/Autoplay gezielt für Laufwerkstypen oder -buchstaben abschalten - WinTotal.de usb sticks, festplatten etc, sollte man mit panda vaccine impfen: ANTIMALWARE: Panda USB Vaccine - Download FREE - PANDA SECURITY so holt man sich keine infektionen ins haus, wenn man mal die festplatte etc verleit. hake an: hake an: run panda usb vaccine automatically when computer boots automatically vaccine any new insert usb key enable ntfs file suport Updates sind für dein system genauso wichtig, wie ein antivirenscanner. Sehr häufig gelangen schädlinge nur aufs system, weil der user veraltete software nutzt. instaliere die folgenden update checker. Secunia: http://www.trojaner-board.de/83959-s...ector-psi.html und file hippo update checker: FileHippo.com Update Checker - FileHippo.com das file Hippo Symbol wird im infobereich neben der uhr auftauchen, mache bitte nen rechtsklick darauf, wähle settings, results, setze einen haken bei "hide beta updates" klicke ok. dann doppelklicke file hippo, eine Internetseite wird geöffnet, auf der dier die aktuellsten updates gezeigt werden, diese downloaden und instalieren. Beide programme sollten im autostart bleiben, und sobald eines der programme updates anzeigt sollten diese umgehend instaliert werden. achtung: bei einigen programmen werden englische setups angeboten. das sollte man ersehen können, die setupdateien sollten ein .en oder .us enthalten. wenn dem so ist, sollte man beim hersteller schauen, dort gibts die deutschen setups zu laden. Falls du die hersteller seite nicht kennst, google wird bestimmt behilflich sein :-) regelmäßige Backups des systems sind sehr wichtig, du weist nie, ob deine festplatte mal kaputt geht. Paragon Backup & Recovery Free Edition - Das Produkt außerdem kannst du, bei neuerlichem malware befall das system zurücksetzen. Das Backup sollte möglichst auf eine externe festplatte etc emacht werden, nicht auf die selbe, wo sich die zu sichernden daten befinden. Von sehr wichtigen Daten könnte man noch eine zusätzliche Sicherung auf dvds/cds erstellen, dazu könnte man auch wiederbeschreibbare verwenden (rws) falls die sammlung mal erneuert werden soll. allgemeines. - verzichte auf tuning programme, sie bringen nichts. - keine illegalen downloads. 90 % bringen malware mit sich! - keine streaming seiten wie kino.to sie verbreiten malware. - wenn möglich, instalationen immer benutzerdefiniert ausführen, dann kannst du unnötiges zeug abwählen. online banking: ich würde zu online banking mit chipcard raten, dazu benötigst du, ein lesegerät, lasse dich von deiner bank beraten, es sollte aber mindestens ein klasse2 lesegerät sein, besser sogar ein klasse3 leser, das sind die besten für den privat kunden. Kartenlesegerät ? Wikipedia instaliere jetzt die von dir benötigten programme. endere alle passwörter. danach, bitte nur noch im standard nutzer konto einloggen, und dort in der sandbox surfen, mit klick auf "sandboxed web browser". diese einstellungen, sollten dich nun rund um schützen. online banking: ich würde zu online banking mit chipcard raten, dazu benötigst du, ein lesegerät, lasse dich von deiner bank beraten, es sollte aber mindestens ein klasse2 lesegerät sein, besser sogar ein klasse3 leser, das sind die besten für den privat kunden. Kartenlesegerät ? Wikipedia
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
01.12.2010, 20:15
| #9 |
| | 20 Tan-Abfrage beim Online-Banking der Sparkasse ich habe leider keine CD mit Vista mitbekommen und ich habe es versäumt mir eine zu erstellen. Deshalb würde ich gerne Windows 7 installieren. Ich hab die möglichkeit da billiger dran zu kommen (orginal versteht sich  ) leider hab ich auch keine CD mit treibern und eine externe Festplatte müsste ich mir auch erst anschaffen. |
|
01.12.2010, 20:30
| #10 |
| /// Malware-holic | 20 Tan-Abfrage beim Online-Banking der Sparkasse treiber können wir zur not aus dem netz laden, anleitung gilt auch für windows 7. zusätzlich folgendes: die uac sollte auf maximum stehen. klicke auf start, ausführen (suchen) tippe uac enter nachfrage bestätigen, regler auf höchste stufe. so ist es schwiriger heimlich etwas auf dem pc zu instalieren. bei deinem festplatten problem kann ich dir net helfen :-)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
01.12.2010, 20:40
| #11 |
| | 20 Tan-Abfrage beim Online-Banking der Sparkasse uac findet der irgendwie nicht die festplatte lege ich mir jetzt zu dann spiel ich windows 7 auf und mache das was du geschrieben hast und dann melde ich mich wieder. Bis hierhin schonmal danke für alles |
|
01.12.2010, 20:45
| #12 |
| /// Malware-holic | 20 Tan-Abfrage beim Online-Banking der Sparkasse du sollst die konfiguration ja auch unter windows 7 machen. die uac ist nur noch ein zusätzlicher punkt, der zur anleitung hinzu kommt
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
01.12.2010, 20:47
| #13 |
| | 20 Tan-Abfrage beim Online-Banking der Sparkasse achso alles kla |
|
01.12.2010, 21:00
| #14 |
| /// Malware-holic | 20 Tan-Abfrage beim Online-Banking der Sparkasse bei rückfragen oder erfolg, meld dich :-)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
01.12.2010, 21:01
| #15 |
| | 20 Tan-Abfrage beim Online-Banking der Sparkasse alles kla |
|
| Themen zu 20 Tan-Abfrage beim Online-Banking der Sparkasse |
| 20 tans, ahnung, aufforderung, bekämpfung, e-banking, eingebe, einiger, einzige, festgestellt, frage, fragen, gestellt, hallo zusammen, meldung, nutze, nutzen, online-banking, pop-up, problem, schonmal, service, sparkasse, tans, troja, trojaner, virenbekämpfung, zusammen, öffnet |
Linear-Darstellung
